(1) To establish a framework for responding to internal audit reports and implementing internal audit recommendations. (2) Applies to: (3) Internal audit reports will be required to be responded to within 10 days. Implementation of audit recommendations must be completed within the prescribed timeframes (see procedures). (4) Staff that fail to meet internal audit reporting and implementation timeframes will be required to explain their inaction to the Vice-Chancellor and Corporate Governance, Audit and Risk Committee (CGARC). (5) To establish a framework for responding to internal audit reports and implementing internal audit recommendations. (6) The primary objective of reporting is to communicate the results of the internal audit work performed; thereby ensuring that it brings about changes which contribute to the achievement of the University’s objectives and improved efficiencies. (7) A report of findings will be drafted at the conclusion of each internal audit project that includes a comprehensive list of all findings as well as the potential impact of the issues and respective recommended solutions. (8) Internal Audit will meet (‘closing meeting’) with relevant area managers to discuss the issues raised in the draft report. The purpose of the meeting is to agree on the findings and recommendations, to correct any errors or misunderstandings and to agree to an action plan. (9) Audit findings will be prioritised according to their relative significance and their impact to the process or operation based on the ratings determined by the Corporate Governance, Audit and Risk Committee (extreme, high, moderate, low). The actions required on the findings are directed by the rating; the more serious the issue the higher level of management action required and the more timely the action required. (10) Following the closing meeting, the relevant area manager will be required to provide a written response to the audit report within 10 days. (11) For each issue in the report, the process owner will provide an action plan for resolving the issue. The action plan includes: (12) Audits which contain findings with an extreme or high rating will be referred to the relevant senior officer for comment or agreement with the action plan prior to finalisation of the report. (13) The Internal Audit Office will follow up the progress of implementation of action plans at least quarterly. (14) Areas will be required to provide an update on the progress of implementation. These progress reports must include brief details of action completed and/or progress made. Where agreed time frames are not likely to be met, this must be highlighted together with the reasons for the delay and proposed new implementation date. (15) Areas are required to provide progress reports within the timeframe prescribed by the Internal Audit Office. (16) The representative senior management will be provided with a copy of the audit report prior to submission to the Corporate Governance, Audit and Risk Committee. (17) All final internal audit reports are issued to the CGARC. (18) The Risk Management Division will report to the CGARC on the progress of implementation of action plans against the agreed timetable. (19) Staff that fail to meet internal audit reporting and implementation timeframes will be required to explain their inaction to the Vice-Chancellor and Corporate Governance, Audit and Risk Committee. (20) Nil. (21) Responsibility for implementation – Manager, Internal Audit; and Director, Risk Management. (22) Responsibility for monitoring implementation and compliance – Director, Risk Management; and Corporate Governance, Audit and Risk Committee.Internal Audit Reporting Response Policy
Section 1 - Background and Purpose
Section 2 - Scope
Top of PageSection 3 - Policy Statement
Section 4 - Procedure
Objective of Audit Reports
Draft Audit Reports
Rating of Internal Audit Findings
Responding to Internal Audit Reports
Follow up of Action Plans
Reporting to Corporate Governance, Audit and Risk Committee and Senior Management
Failure to Comply with Reporting Requirements
Section 5 - Definitions
Section 6 - Stakeholders
View Document
This is not a current document. It has been repealed and is no longer in force.