Internal Audit

Strategic Internal Audit Planning and Annual Planning

The Strategic Internal Audit Plan (SIAP/Plan) provides the foundation which links the internal audit activity to a client’s risks. The Plan determines the most efficient and effective use of available audit resources based on a longer term view of the organisation’s objectives, strategies and risks. An effective Plan would include contextual information about the organisation, the keys risks faced by the organisation, appropriate internal audit strategies for the identified risk areas, the overall internal audit framework for the delivery of the audit function, a recommended schedule of prioritised audits/reviews and the resource requirements for the conduct of the internal audit function.

The development of the Annual Audit Program follows on from the formalisation of an SIAP. Annual Audit Programs are prepared annually for each year covered by the SIAP. The development of the Annual Audit Program will take into account current risks faced by the organisation, often resulting in a revised program of priority audits for a given year.

The Annual Audit Program also outlines broad preliminary specifications for each audit, including the type of audit, auditable unit/function to be audited, objective, scope, expected outcomes for the organisation, resource requirements and proposed timing for the conduct of the audit.

Compliance Audit Services

Compliance audit is focussed on forming an assessment of the effectiveness of existing controls in place to manage the organisational risks pertaining to a subject matter (a system, activity or function). Compliance audit involves the assessment of a subject matter against pre-defined mandated criteria such as an organisation’s framework, legislation, policies and procedures together with better practice.

Performance Audit Services

Performance audit is the examination of a program, function, operation or management system to assess whether it is efficient and effective in the utilisation of available resources. The examination provides an objective and systematic analysis using structured methodologies that focus on the delivery of integrated risk management and corporate governance practices to optimise the achievement of organisation objectives.

Information Technology Audit Services

Organisations rely on efficient, effective and reliable information systems to meet their strategic goals to deliver services. While IT presents considerable opportunities, it also brings significant risks that need to be identified, actively controlled and strategically managed. WalterTurnbull's IT Internal Audit Service explores and assesses IT-related risks and their business consequences, delivers assurance to management, and provides answers to questions like:

  • Are my existing information systems reliable?
  • How can I improve current systems with my limited resources?
  • Are my current IT projects under control?
  • Are our IT processes consistent with better practice?
  • Does my IT help me achieve my business objectives?
  • Do my systems comply with privacy requirements?
  • Do we have the right IT platforms to meet our future needs?
  • Are my IT systems unnecessarily exposed to fraud?
  • What are the IT-related risks that I face?
  • How can I better manage the IT risks?

Control Self Assessment Services

Control self assessment (CSA) is designed to assist management in assessing the controls of systems, functions or activities for which they are responsible and determining the level of compliance with those controls. It is a key governance tool and assists in promoting a culture of control within an organisation. Typically, a CSA involves gathering information from operational staff and business area managers through questionnaires, checklists or facilitated workshops.

WalterTurnbull will assist management in establishing the appropriate CSA framework for their organisation. For example, CSA's can be utilised to:

  • Compliment specific internal audit activity by expanding audit coverage. This could result in gaining efficiencies in the conduct of future audits;
  • Improve focus on particular areas of control;
  • Enforce self reliance and responsibility by operational units; and
  • Facilitate change management.

Control Framework Assessment Services

A control framework review is an assessment of an organisation's ability to:

  • Provide the right environment for the efficient running of their operations;
  • Comply with applicable laws and regulations; and
  • Reduce the risk of financial statements being materially misstated.

An organisation's internal control framework is made up of the policies, procedures, monitoring and communication activities, standards of behaviour and other initiatives that, combined:

  • Meet strategic objectives;
  • Allow the organisation to respond appropriately to significant business, operational, financial and compliance risks;
  • Safeguard assets from inappropriate use and loss from fraud or error;
  • Help ensure the quality of internal and external reporting, through the maintenance of proper records and information flows; and
  • Facilitate compliance with applicable laws, regulations and internal policies.

Probity Audit Services

In today's commercial world there is a great deal of emphasis on the process adopted for the procurement of goods and services, the provision of financial assistance or the disposal of assets using a confidential, competitive process such as open tendering. In this environment a concept has arisen referred to as Probity Auditing.

Although loosely connected to the traditional understanding of probity, having to do with integrity, it is in reality the application of procedural and ethical fairness in decision-making within the particular, applicable legal and ethical framework.

The framework will differ according to the parties involved but the underlying principles are those found in 2 Federal Court cases in 1997 (Hughes and McMillan), an ACT Supreme Court case of September 2001 (Gungahlin Development Authority) and a NSW Supreme Court decision last year (Cubic Transportation).

Between them, these cases lay down a high level of expectation in terms of procedural fairness on the part of governments when dealing with the Public.

Management or elimination of conflict is but one element of procedural fairness, albeit significant. We take a very broad definition of what constitutes conflict of interest and do not distinguish between apparent and real conflict. Our objective is to achieve disclosure of any possible conflict in order that the client, with our advice, may formulate an appropriate management strategy.

It is a commonly held and incorrect belief that probity is about the application of rules. In fact, it requires an understanding of the principles discussed in the cases referred to above and their application to process issues as they arise.