Internal Audit

What is internal auditing?

Internal auditing is an independent and objective assurance and consulting activity designed to improve an organisation’s operations.
It helps an organisation accomplish its goals by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control, and governance processes.

Why does UQ have an internal audit function?

As a Queensland statutory body, UQ must observe the requirements of the Financial Accountability Act 2009 (the Act), and the Financial and Performance Management Standard 2009 (the Standard).

UQ has a responsibility to adopt sound practices for the stewardship of the public monies under its control. The Financial and Performance Management Standard 2009 provides a framework for UQ, as a statutory body, to develop and implement systems, practices and controls for efficient, effective and economic financial and performance management. This includes the establishment of an internal audit function. 

Governance and management of Internal Audit

Internally, UQ’s Internal Audit function is governed by the Internal Audit Charter (PDF, 187.1 KB) which sets out the responsibilities, organisation, authority, membership and operation of UQ’s Internal Audit function. The Charter is approved by the Senate Risk and Audit Committee (SRAC) in consultation with the Vice-Chancellor’s Risk and Compliance Committee (VCRCC). 

The Internal Audit Charter (PDF, 187.1 KB) refers to the Three Lines Model which helps organisations identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management. This model illustrates the interrelationship between management, the governing body (Senate) and Internal Audit, and the roles and responsibilities of each in supporting good governance:

In managing and undertaking our internal audit activities, UQ Internal Audit conforms with the International Standards for the Professional Practice of Internal Auditing and the Institute of Internal Auditors' (IIA) Code of Ethics.

Find out more about UQ's internal auditing process.

Our role

At UQ, Internal Audit’s mission is to protect and enhance organisational value. We support management to manage risks to achieve strategic objectives and to achieve improved efficiencies.

Our key internal audit objectives are therefore to:

• assist UQ in achieving improved governance, efficiency and operational success;
• assist UQ in managing its top risks to support achievement of strategic objectives; and
• enable our key customers and stakeholders to understand the role of internal audit and to deliver value to those customers and stakeholders.

Our scope of work

Internal Audit’s scope of work is to assess and provide assurance on whether:

• UQ has an effective system of internal control, including governance, risk management and compliance frameworks;
• risks are appropriately identified and managed;
• interaction between the various governance groups occurs as needed;
• significant financial, managerial and operating information is accurate and timely;
• employees act in compliance with policies, standards, procedures, and applicable laws and regulations;
• resources are acquired economically, used efficiently, and adequately managed; and
• quality and continuous improvement are fostered in the University’s control process.

The scope of Internal Audit includes the whole of UQ including its controlled entities.   

Our independence

The Internal Audit function is unique within UQ in that it is independent of management.

While Internal Audit plans and programs of work will be developed in consultation with management, they are approved by the Senate Risk and Audit Committee. In addition, Internal Audit reports functionally to the Senate Risk and Audit Committee and administratively to the Chief Operating Officer. This allows Internal Audit to maintain an impartial, unbiased attitude and act with objectivity and independence in all that it does. Internal Audit cannot have any direct responsibilities for or authority over, any of the activities which it audits.  

Although it is necessary to support the independence of Internal Audit through the formal reporting structures, independence is a state of mind rooted in strong principles of objectivity and moral fibre. Our primary responsibility is to always act in the best interests of the University. A strong working relationship with management assists in supporting our common objectives and allow us to function effectively and add value in the best way possible. For this reason our audit plans (consisting of both assurance and advisory services) are developed in consultation with management, with input from the Vice-Chancellor’s Committee and the Vice-Chancellor’s Risk and Compliance Committee and are adequately flexible to respond to the changing needs and risks of the University and management. 

Our accountability

While Internal Audit is independent, we have an obligation to provide high-quality services to management and the Senate. Internal Audit also has a responsibility not only to justify our selection of areas to audit including audit objectives and scope, but also to ensure that our audit processes (from planning to reporting) meet professional auditing standards, our findings and conclusions are evidence-based and any recommendations are sensible and practicable.   

An External Quality Assurance Review of the Internal Audit function takes place every five years.

How are Internal and External Audit different?

The Internal Audit team performs a different function to that of the University’s external auditors.

UQ is audited externally by the Queensland Audit Office. The purpose of the External Audit is to report to the Queensland Parliament on the accuracy of the University’s annual financial statements.

Internal Audit liaises regularly with the external auditors to coordinate work and minimise duplication of effort.