|
MANAGEMENT
SUMMARY
Introduction,
Purpose and Scope
Under Assurance and
Risk Management Services, “A strategic plan which ensures coverage of the
University as a whole is to be maintained and reviewed annually”.
In developing the
strategic plan, the assurance register, a list of reviewable areas and
activities has been developed; the reviewable areas have been risk-assessed.
The strategic plan
excludes, at this stage, areas such as controlled entities which are subject
to a full annual audit by Queensland Audit Office (QAO).
In fulfilling the
strategic plan, Assurance and Risk Management Services (ARMS) is committed
to focusing on adding value to the individual organisational units and
activities subject to review and thus, to the University as a whole. It
does this by making constructive (workable) recommendations with respect to
systems and management practices; being available at any time for responding
to requests for advice; facilitating change; and encouraging innovation,
particularly in IT initiatives which improve the way the University conducts
its business, serves its clients and interacts with the community.
This stratgeic plan
has adopted measures to enhance the value of outcomes of the review process.
Firstly, University-wide reviews of high risk activities will receive greater attention. Positive
outcomes from these reviews are designed to be constructive across the board
rather than for individual areas only. Secondly, it is intended to review
many areas more often by the use of questionnaires which will allow for a
degree of self-assessment. Questionnaire reviews are not intended as an
alternative for independent ARMS visits, but rather to allow for:
·
more frequent promotion of awareness of proper procedures and good
management practice; and
·
self-motivated improvement.
Key
Points of the Plan
Key points of the plan
are:
·
coverage is risk based
·
review approach covers high risk University-wide areas and includes
reviews by questionnaires
·
ARMS consists of seven professional staff – including Director, Assurance
and Risk Management Services; Manager, Information Systems Assurance;
Manager, Enterprise Risk Management Services; three
Senior Assurance Officers (one IS) and one Administration Officer
·
significantly, 28% of our resources
are committed to the highly complex area of Information Systems Assurance.
Review
The annual plan incorporates any structural changes to the
University, revision of review approach where
necessary and to ensure that any new matters identified as presenting a
significant business risk to the University are included.
Reporting
Reporting on the
progress of fulfilment of the plan will be done through the regular progress
reporting schedule of ARMS to the Vice-Chancellor and the Audit Committee.
|
