The University of Queensland Homepage
Takes you back to the Assurance and Risk Management Services Homepage You are at the Assurance and Risk Management Services site
 
    

Header: On this site


 Annual Plan

 
 

 
 

 

ANNUAL WORK PLAN

    The following flowchart represents the review planning process:

 

ANNUAL WORK PLAN 2011

Basic Role and Objectives of ARMS

The major role of ARMS is to provide assurance to Executive Management and ultimately to Senate that University operations are being managed as per established policies and procedures and good management practice, that the internal control framework is effective and that identified risks are adequately managed and controlled.

The 2011 Annual Work Plan has been framed to be consistent with this role and to support ARMS’ basic objectives, which are to:

·        support good corporate governance;

·        promote the integrity of financial and operational management;

·        promote proper management of significant business risk;

·        positively influence the culture within the University;

·        encourage self-review of systems and procedures; and

·        encourage the provision of quality service.

In the conduct of its work, ARMS is committed to adding value to individual organisational units and the University as a whole. It does this by making constructive recommendations with respect to issues of corporate governance and systems and practices; facilitating ERM; being available for advice; facilitating change; and encouraging innovation, particularly in IS initiatives.

Our broad strategy involves more than just the conduct of audits – it is designed to provide awareness and advice to University management on policy, procedure, good practice and proper conduct.

Broad Strategy

It is proposed that the 2011 Annual Audit Plan include generally:

·        Audits previously deferred;

·        Audits or reviews designed to provide assurance in areas identified by UQ’s risk management process, to date, as being of significant risk;

·        Development of a program which will enable assurance to be provided with respect to the corporate governance and internal control frameworks;

·        Reviews of IS areas identified as significant risk by ARMS ;

·        Self-assessments and reviews of university-wide areas already scheduled as due to be conducted on a cyclical basis;

·        Follow-ups of previous reviews where implementation of recommendations remains outstanding; and

A selection of significant processes and functions and functional areas

Enterprise Risk Management

ARMS has promoted the establishment of a structured risk management approach at both executive and operational levels within the University. Generally-accepted risk management methodology has been shared widely. It has enhanced ARMS’ risk-based approach to work planning. It now provides a platform for executive and operational management in managing business risk effectively.

External Review

ARMS has been scheduled for an external review in 2011 in accordance with UQ policy terms of reference.  As our mandatory Institute of Internal Auditors (IIA) Quality Assessment (5 yearly check on compliance with standards) is also due, it would seem efficient to include an accredited IIA Quality Assurance reviewer on the external review panel to satisfy the needs of UQ organisationally and IIA professionally.

Relationship with Queensland Audit Office

The Plan has been designed to maximize value by:

·        focussing on areas of high risk; and

·        working in cooperation with Queensland Audit Office (QAO).

Discussions were held with QAO management – in advance of their audit planning process. All ARMS records for 2010 – including plans, progress reports, audit reports and working papers have been made available to QAO.

Further Detail

Quarterly Work Plans will be prepared during 2011.

An allowance has been made for unscheduled work (investigations and follow-ups), as this was a significant resource-consuming factor in 2010.

Human Resources

The Plan allows for usage of staff as follows:

Director, Assurance and Risk Management Services                                                     

Associate Director, Information Systems Assurance                                                      

Associate Director, Enterprise Risk Management Services                                        

Senior Assurance Officer

Senior Assurance Officer

Senior Assurance Officer (IS)         

Administration Officer

 

ARMS ANNUAL PLAN ACTIVITY

Activity

Management and Administration

General

External Review

Advice Reports

PCI DSS Co-ordination & Facilitation

Enterprise Risk Management Services

Strategic Risk Management

Operational Risk Management

Other Risk Assessment Support and reviews

Workshop Facilitation & Reporting

Education (presentations & training)

Risk Management Committee Meeting (attendance & reporting)

Resilience Planning Exercises (BCP & Crisis Management)

Continuous Improvement (process & procedures)

Administration

Assurance Reviews

Audit Management/Review

2011/01 Prentice Centre Data Centre Project

2011/02 Management of Research Accounts funds

2011/03 eRecruitment – development (UQ Jobs)

2011/04 Administrative Improvement Program

2011/05 Network Security (Phoenix Project)

2011/06 Aurion Version 10 migration

2011/07 Fraud/Corruption Questionnaire

2011/08 Aurion Payroll System Controls

2011/09 Investments

Customs House

2011/10 Payroll Verification 2011

2011/11 Engagement and Use of Consultants (Q)

2011/12 Expenditure of Research Funds (Q)

2011/13 Conflict of Interest (Q)

2011/14 Cashiering controls

2011/15 Donations process

2011/16 UniFi Accounts Payable Controls

2011/17 Credit Card Controls

2011/18 UniFi General Ledger Controls

2011/19 UniFi Revenue Controls

2011/20 Travel System Controls

2011/21 SI-net controls

2011/22 e-Business Controls

2011/23 Cloud Computing Controls

2011/24 Corporate Printer Security

2011/25 SLE Project

2011/27 SI-net Upgrade to V9

Current Investigations

School of Veterinary Science

2010/44 School of Dentistry

2010/23 Follow-up Gatton Maintenance Section

2009/61 Follow-up International Liaison Officer, Gatton

Follow-up of Completed Investigations

2010/43 Pork CRC Follow-up

Development of Programs

2011/28 Treasury/Investment Process

2011/29 Commonwealth and State Grants

Development – Management Representation Reporting

Development – Governance and Internal Control Framework Assurance

Review Public Interest Disclosure (PID) Policy and Procedures

Develop Centralised PID Co-ordination Process

Review Code of Conduct

Review UQ Fraud and Corruption Prevention Program

Review ARMS Investigation Process

Develop Fraud and Corruption Awareness Program

Staff Competency Model

ARMS Brochure

Fraud and Corruption Prevention Brochure

2011/30 ITS Annual Key Controls Program Development

Grant Certifications

Grant Certifications

Unallocated Time

New  Assurance Reviews

2011/26 CMVH

New Investigations

2011/31 Investigation Follow-up - ESSCC

2011/32 Alleged Breach of Privacy (International)

CMC Liaison

PID Liaison

QAO Liaison

Crisis Management

Miscellaneous Research

New ARMS Management

Replacement of CT (Parental Leave)

Miscellaneous

Leave

Training

Contingency

 

 

Authorised by: Director, Assurance and Risk Management Services
Maintained by: n.falconer@uq.edu.au
Last Updated - 8 April, 2011