The University of Queensland Homepage
Takes you back to the Assurance and Risk Management Services Homepage You are at the Assurance and Risk Management Services site
 
    

Header: On this site


 Process

This section provides a summary of our review process. For a full description, refer to the Assurance and Risk Management Services Charter.

 The following flowchart represents the review process in brief :

WHO IS REVIEWED?

  Assurance and Risk Management Services has previously developed a five-year plan of reviews to be undertaken. This plan was derived from an extensive analysis of the University’s business, financial and operational risks and the measures (or controls) put in place to minimize them.

With the introduction of Risk Management at UQ the above approach is being replaced by one that ensures that the Annual Plan is derived directly from the Corporate Operational Risk Management framework and thus provides assurance coverage more closely supporting the high risk areas of the University.

  Each year an annual work program is assembled, from which reviews are assigned to individual Assurance Officers on a quarterly basis.

 WHAT HAPPENS DURING A REVIEW?

            Notification of Management

A meeting is held with the OU Head and Assurance Officer to agree on the timing of commencement, to explain our process and to give them the opportunity of providing input to the review plan.

            Preliminary Survey

The Assurance Officer then makes the necessary contacts and gains an understanding of the nature, size and structure of the area, how the area/system operates, what governs it, what rules and policies apply and any other information which affects the system.

           Review Plan

With the information gathered to date, the Assurance Officer develops a review plan which includes the objectives, scope and program steps. This plan is subject to approval by the Director, Assurance and Risk Management Services prior to commencement of the review. 

           Examination and Evaluation

The Assurance Officer is then able to evaluate the controls and design tests to assess the degree to which the controls are operative and effective. The Assurance Officer is also able to assess whether or not the procedures in place are efficient.

           Consultation

Where the Assurance Officer identifies areas for improvement, these are discussed with the relevant staff, the accuracy of the information gathered is confirmed, and then a discussion is held with the OU Head. This consultative process forms the basis for agreement being reached as to any remedial action to be implemented. 

           Reporting

The Assurance Officer then prepares a report for review by the Director, Assurance and Risk Management Services before it is issued. The report includes a description of the review approach, conclusions on the issues identified, comments by Management, action agreed upon or otherwise and recommendations and assurances. There should be no surprises about the information included in the report as the issues will have been discussed previously with Management.

           Quality Review

Each review is subject to quality review by the Director, Assurance and Risk Management Services who ensures that review conclusions are supported by appropriate evidence, that the review working papers have been properly maintained and that the report is fair and balanced.

           Follow-up

At a later date, generally 3 - 6 months after the report has been issued, a follow-up is carried out to ensure that the agreed actions have been implemented and are workable and beneficial.

 TO WHOM DOES ASSURANCE AND RISK MANAGEMENT SERVICES REPORT?

  On completion of the review of each area, a report is addressed to the Vice-Chancellor through the Secretary and Registrar. A copy is provided to the relevant OU Head and to the Chief Financial Officer. All such reports are made available to the Audit Committee of Senate which provides a copy to Senate.

 WHY DO WE HAVE BOTH INTERNAL AND EXTERNAL AUDIT?

  The University of Queensland is audited externally by the Queensland Audit Office. The work of Assurance and Risk Management Services differs from that of the Queensland Audit Office as QAO’s main aim is to provide an opinion to the Queensland Parliament on whether the annual financial statements present fairly and accurately the University’s operating results and financial position.

 WHO AUDITS ASSURANCE AND RISK MANAGEMENT SERVICES?

  Assurance and Risk Management Services is considered to be an integral part of internal management control of the University.

  Following liaison during the review planning process and having access to Assurance and Risk Management's review work papers, the External Auditors assess the effectiveness of the Assurance and Risk Management Services annually. They assess our work in order to place reliance on our coverage. Although the respective responsibilities and scope differ, External Audit and Assurance and Risk Management Services provide a coordinated service to furnish Senate and Senior Management with advice and information on relevant aspects of the University’s performance in accordance with its objectives.

  In addition to the review by the External Auditors, the Audit Committee provides a report on Assurance and Risk Management Services annually to Senate.

 WHAT TYPES OF SERVICES CAN WE PROVIDE?

  By having systems subject to your responsibility reviewed by an independent function, areas requiring improvement or areas of non-compliance can be highlighted for remedial action, therefore helping your operations function more efficiently and effectively.

  Also, if you are considering changes to systems, Assurance and Risk Management Services can help ensure that those changes have the necessary controls built in from the start. Building a system without the necessary controls may place its security and integrity at risk, which can be very costly to fix at a later stage.

  Our services include the following types of reviews:

  •  Financial Reviews

     These generally address questions of accounting and financial reporting. They include reviews of   research grants.

  •   Compliance Reviews

     These determine the degree of adherence to laws, regulations, policies, procedures and what is considered to be best practice.

  •   Operational Reviews

     These reviews involve examination of controls, processes and systems used to manage an area’s resources, assets and information. They make comment generally on the efficiency and effectiveness of operations and on control of business risk.

  •   Information Systems Reviews

     These provide advice on and monitor new computer system development and involve internal control reviews of existing applications and computing environments.

  •   Investigations

     Investigations may result from disclosures made under the Whistleblowers Protection Act. Such disclosures may be made to the Director, Assurance and Risk Management Services. Assurance and Risk Management Services has developed a process for assessing such disclosures and, where it is warranted, investigating them, fully, objectively, sensitively and with due regard for confidentiality.

  •   Consultation and Advice

     Assurance and Risk Management Services offers a consultation service particularly in relation to security and control requirements for new systems. Assurance Officers are happy to provide (or obtain) advice on University policy, procedure, practice and related ethical issues.

  
   
Authorised by: Director, Assurance and Risk Management Services
Maintained by: n.falconer@uq.edu.au
Last Updated - 1 July, 2005