This section provides a summary of the role of Internal Audit. For a full description, refer to the Internal Audit Charter which is reviewed and updated annually.

The University has adopted a “three lines of defence” assurance model as part of its governance, risk and compliance frameworks as follows:

  • UQ's operational management has ownership, responsibility and accountability for identification, assessment, and management of risk and ensuring compliance (First Line of Defence)
  • Enterprise Risk, Occupational Health and Safety, Compliance and other relevant risk-oversight functions are responsible for facilitating, monitoring and supporting effective risk management and compliance practices by operational management (Second line of Defence)
  • Internal audit, Investigations and other internal review functions are responsible for providing oversight, review and assurance on the effectiveness of controls and identifying breakdowns and systemic issues in risk and compliance  (Third Line of Defence)

What is internal audit?

Internal Auditing is defined as: “an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes”

At The University of Queensland, Assurance Officers visit all campuses to evaluate operational, financial and information systems procedures and internal controls at Faculties, Institutes, Schools, Departments and Centres, as well as Central Administration and other University activities.

We carry out audit tasks, including:

  • reviews of financial systems;
  • reviews of information technology environments and applications;
  • assessment of the compliance of procedures with policy, best practice and the law; and
  • reviews of operational efficiency and effectiveness.

We also provide a pro-active consulting activity which will furnish advice on controls, processes or governance issues and are increasingly involved in new system or process implementations.

The scope of work of Internal Audit involves determining whether the controls and governance framework are adequate to ensure that:

  • Risks are appropriately identified and managed;
  • Interaction between the various governance groups occurs as needed;
  • Significant financial, managerial, and operating information is accurate, reliable, and timely;
  • Employees act in compliance with policies, standards, procedures, and applicable laws and regulations;
  • Resources are acquired economically, used efficiently, and adequately managed; and
  • Quality and continuous improvement are fostered in the University’s control processes.

Why have an internal audit function?

The University is a statutory body which is subject to the The Financial Accountability Act 2009 and The Financial and Performance Management Standard. Under this legislation, the University has a responsibility for the establishment of an effective system of internal control and an effective internal audit function.