The Internal Audit and Risk Management team value add by supporting the good governance and management of the University.
Internal Audit brings an independent, systematic and disciplined approach to the evaluation of the effectiveness of risk management, control and governance processes. Unlike external assurance providers, Internal Audit provides assurance to management, the Finance, Audit and Risk Committee and the University Council that controls are operating as expected.
The Internal Audit team is responsible for the planning and conduct of internal audits and is managed by the Internal Auditor. The independence of Internal Audit is maintained primarily through the organisational structure, the Internal Auditor reports administratively to the Director, Risk and Compliance and functionally to the University Council via the Finance, Audit and Risk Committee. The Internal Auditor supervises the Internal Audit Officer and coordinates internal and some external audits. Each individual auditor is also required to conduct their work while maintaining objectivity and impartiality.
The ultimate goal for Enterprise Risk Management is that our University is able to manage our risks and opportunities in an appropriately considered manner. This is as much a part of the culture we need to build and sustain, as it is the processes that we put in place to help this occur. If we communicate and consult with stakeholders, we have the best chance of identifying, analysing and managing our risks and opportunities. This leads to better decision-making, the focus to reach our goals with the minimal amount of wasted effort and resource and, therefore, the on-going sustainability of the organisation.
The Director, Risk and Compliance manages the operation of the Risk Management Framework and reports to the University Secretary. The Director, Risk and Compliance supervises the Risk Adviser.
Everyone at Charles Sturt University has a role to play in effectively managing risk. Faculties, Schools and Divisions are the first line of defence. They are responsible for effectively managing risk inherent in their day to day decisions and the identification and assessment of risks and controls. Second line functions such as Risk Management, provide support and advice on the completeness/accuracy of risk assessments, risk reporting and the adequacy of mitigation plans. Internal Audit provides the third line of defence by providing independent and objective assurance on the robustness of the risk management framework and the appropriateness and effectiveness of internal controls. This relationship is shown in the diagram below.