1
Internal Audit and Risk Management Policy for the
NSW Public Sector
Mark Pellowe
Senior Director, Financial Management and Reporting
NSW Treasury
2
The new policy
Treasury Circular TC 09/08 Internal Audit and Risk Management Policy (24 August 2009)
Treasury Policy & Guidelines Paper TPP 09-5 Internal Audit and Risk Management Policy for the NSW Public Sector (August 2009)
Department of Premier and Cabinet Circular C2009-13 Prequalification Scheme: Audit and Risk Committees (4 May 2009)
Key policy documents
3
What the new policy will achieve
Strengthened assurance and accountability
Consistent use of internal audit to mitigate business risk
Greater focus on risk management
More effective use of internal audit resources
Stronger external incentives to ‘comply and explain’
Desired Outcomes
4
Core Requirements
Internal Audit Function
Internal Audit function must be established
Chief Audit Executive (CAE) must be designatedIndependent Audit and Risk Committee
An Audit and Risk Committee must be established
‘Independent’ Chairs and MembersModel Charter for Audit and Risk Committee
Better practice requirements for operations
New mandated requirements
5
Core Requirements (cont.)
Enterprise Risk Management
Risk management process ‘appropriate to the entity’
Role of ARC – ‘oversight’ of risk management framework
Internal Audit Standards Adopted
Operation of Internal Audit function consistent with IIA International Standards
Additional reporting and monitoring requirements
6
Compliance and reporting
The policy DOES apply to: for departments: Department Heads
for statutory bodies with governing boards: the Governing Board
for other statutory bodies: the Chief Executive Officer
The policy does NOT apply to: statutory State Owned Corporations (SOCs) (covered by
Treasury’s Commercial Policy guidelines)
the Universities
Who?
7
Compliance and Reporting
Exceptions sought and
determinations made
(if applicable)
End of third quarter 31 March 2010
Core Requirements
IN PLACE
Before the FYE 30 June 2010
Attestation Statement to the Treasurer
Within 2 months after FYE
31 August 2010
Annual Report Disclosure
Within 4 months after FYE
31 October 2010
(With submission of Annual Report to Minister)
WHAT IS REQUIRED? 2009/10 TIMETABLE FOR A 30 JUNE 2010 FYE
By When? First Year
8
Compliance and reporting
Treasury will: monitor submission of attestation statements
monitor conformance
periodically review the efficiency and effectiveness of the policy
The Auditor-General will: undertake an assurance role in monitoring the sector’s compliance
review entity compliance with the policy through the compliance audit and reporting program
Monitoring