Internal Audit and Risk Management Policy for the NSW Public Sector

Mark Pellowe Senior Director, Financial Management and Reporting NSW Treasury

1

The new policy

Key policy documents

 Treasury Circular TC 09/08

Internal Audit and Risk Management Policy

(24 August 2009)  Treasury Policy & Guidelines Paper TPP 09-5

Internal Audit and Risk Management Policy for the NSW Public Sector

(August 2009)  Department of Premier and Cabinet Circular C2009-13

Prequalification Scheme: Audit and Risk Committees

(4 May 2009) 2

What the new policy will achieve

Desired Outcomes

     Strengthened assurance and accountability Consistent use of internal audit to mitigate business risk Greater focus on risk management More effective use of internal audit resources Stronger external incentives to ‘comply and explain’ 3

Core Requirements

Internal Audit Function

 Internal Audit function must be established  Chief Audit Executive (CAE) must be designated

Independent Audit and Risk Committee

 An Audit and Risk Committee must be established  ‘Independent’ Chairs and Members

Model Charter for Audit and Risk Committee

 Better practice requirements for operations  New mandated requirements 4

Core Requirements (cont.)

Enterprise Risk Management

  Risk management process ‘appropriate to the entity’ Role of ARC – ‘oversight’ of risk management framework 

Internal Audit Standards Adopted

Operation of Internal Audit function consistent with

IIA International Standards

 Additional reporting and monitoring requirements 5

Compliance and reporting

Who?

The policy DOES apply to:

   for departments: Department Heads for statutory bodies with governing boards: the Governing Board for other statutory bodies: the Chief Executive Officer

The policy does NOT apply to:

 statutory State Owned Corporations (SOCs) (covered by Treasury’s Commercial Policy guidelines)  the Universities 6

Compliance and Reporting

By When? First Year WHAT IS REQUIRED?

2009/10 TIMETABLE Exceptions sought and determinations made (if applicable) Core Requirements IN PLACE Attestation Statement to the Treasurer

End of third quarter Before the FYE Within 2 months after FYE

Annual Report Disclosure

Within 4 months after FYE

FOR A 30 JUNE 2010 FYE

31 March 2010 30 June 2010 31 August 2010 31 October 2010 (With submission of Annual Report to Minister) 7

Compliance and reporting

Monitoring

 Treasury will:  monitor submission of attestation statements  monitor conformance  periodically review the efficiency and effectiveness of the policy  The Auditor-General will:  undertake an assurance role in monitoring the sector’s compliance  review entity compliance with the policy through the compliance audit and reporting program 8