Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve the University's operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
ECU operates an outsourced internal audit function, where the functions of planning, executing and reporting of audits are outsourced to an independent third party provider, who is directly accountable to the Quality, Audit and Risk Committee, with administrative support and oversight of the Chief Risk Officer within the Enterprise Risk Unit. Operations of the Internal Audit function are governed by ECU's Internal Audit and Assurance Charter.
ECU’s internal audit provider primarily delivers against a planned program of internal audit work, as is available to assist with ad hoc management requested audits. ECU’s current outsourced internal audit provider is KPMG Australia. Enquiries regarding internal audit can be directed to the Chief Risk Officer.
The Strategic Internal Audit Plan is a risk-based program of internal audits to be undertaken over the next three years. The SAIP is developed in consultation with management and endorsed by the Quality., Audit and Risk Committee for approval by Council.
The SAIP aims to ensure there is adequate audit coverage across ECU’s strategic risks within the three year period.
Internal Audit produce an audit report at the conclusion of an audit project. The purpose of the report is to provide management with the auditor’s assessment of the control environment and detailed findings and recommendations for improvements to the system of controls.
Requests for a copy of a listed audit report can be directed to enterpriserisk@ecu.edu.au
ECURTS is the system that ECU uses to track the progress on the implementation by Schools and Centres of recommendations arising from the University's review mechanisms.
As part of the Internal Audit function, recommendations for action arising from Audit Reports are followed up on a quarterly basis via ECURTS and reported to QARC, University Executive and Council.
For more information on ECURTS please contact Enterprise Risk.