Assurance Advisory

Assurance Advisory Group

Internal audit is undergoing significant change. Previously, the internal audit function was transaction-based, cost-driven and historically focussed. Today's internal auditor, however, takes a proactive role that assumes a risk-based focus. Leading organisations now look for the internal audit function to assume a leadership role in assessing and managing their strategic risks, adding value to the organisation and identifying operational improvement opportunities.

Our Assurance and Advisory Services Group provides a broad range of solutions to organisations seeking to strengthen their internal control, risk monitoring and strategic risk management capabilities. These solutions range from strategic internal audit advisory services (designed to enhance the focus and value of an existing internal audit or risk management function) to partnership with, or full or strategic outsourcing of, an existing internal audit function.

The services provided by the Assurance and Advisory Group are:

Documentation of policies and procedures

Manuals

The IAB has expert staff who can provide two different types of manuals, depending on your requirements.

The first style is predominantly a detailed manual prepared for each (or selected) accounting and administrative functions within an organisation. It gives detailed step by step descriptions of each activity performed and builds up to a comp-rehensive "how to" guide

Corruption investigation

In many cases an allegation will require a preliminary fact finding stage before the matter can proceed to a formal investigation or disciplinary inquiry. Our Assurance and Advisory Services Group regularly assist management by searching for and examining facts and evidence that determine the seriousness of an allegation before recommending further action.

Serious allegations are normally given to our Management Consultancy Group for further advice and assistance.

Corruption risk assessment

It is good management practice to regularly examine and assess your organisation's corruption risk exposures. Normally this requires that major corruption risks be identified within each functional area, that their impact be assessed, and the adequacy of the control environment determined.

Valuable outcomes that flow from the assessment include the listing and making of recommendations on those activities which have poor controls and are vulnerable to major forms of corruption. Recommendations may include additions or modifications to an organisation's operational practices, procedures, systems or controls, so that the risk of corruption occurring is reduced to a level acceptable to management.

The IAB can provide your organisation with valuable outcomes flowing from their assessment. This includes the making of recommendations on activities which have poor controls and are vulnerable to major forms of corruption.

Corruption prevention policy

For a number of years, both the Audit Office and the Independent Commission Against Corruption (ICAC) have encouraged organisations to develop their own "Corruption Prevention Policy". A clear objective of such a policy is to provide all staff with a proper understanding of their obligations and duties to prevent, deter and avoid corrupt practices. This Policy should also cover maladministration and serious and substantial waste of public money.

The "Corruption Prevention Policy" developed by IAB's Assurance and Advisory Service Group is based on exhaustive research covering the ICAC, Ombudsman's Office, Audit Office, and the Protected Disclosures Act.

The Corruption Prevention Policy comprises the following eight parts.

1. Definition of corruption, maladministration and substantial
waste of public money.

2. Management responsibility

The policy will identify and describe management's role and responsibility in implementing and administering the policy.

3. Corruption risk assessment

The Policy will describe the corruption risk assessment process and recommend how frequently it should be carried out.

4. Education and awareness

Awareness strategies that the organisation can use to inform and encourage employees to uphold ethical standards, and to advise stakeholders and the community about an organisation's pro-active stance on corruption prevention.

5. Making a disclosure and the protection available under the Protected Disclosures Act

Enhance/develop an appropriate internal reporting system, that will provide an effective and confidential means for employees to report their concerns, and to protect those making a disclosure and those implicated.

6. Receiving a disclosure and notifying the appropriate authorities

Enhance/develop procedures and processes for receiving and acting on disclosures.

7. Investigation standards

Enhance/develop current policies and procedures used for determining if an investigation is required, initiating an investigation, monitoring progress, and reporting on the results of an investigation.

8. Code of Conduct

Review/compare and where appropriate modify an organisation's existing code of conduct so that it complies with good practice guidelines issued by the Premier's Department and Ombudsman's Office.

Regulatory compliance review

Government organisations operate in an environment with a complex array of acts of parliament, regulations, government policies, tax laws, and directives and guidelines from central agencies.

Organisations must ensure they have consistent compliance policies and procedures to prevent litigation, adverse publicity and criticism from major stakeholders.

IAB's Assurance and Advisory Services Group has developed a program to measure and monitor the extent to which your organisation adheres to existing laws, regulations, government policies, directives and, where appropriate, guidelines.

Government specific audit

There are many activities and functions in the public sector that are not available in the private sector, or are managed and administered very differently. Where they are managed differently, it is normally because of the unique policies and rules within the public sector. Key areas include:

- Grants and subsidies;
- Licences, permits, royalties, taxes, levies and other regulation based fees;
- Regulation based inspections;
- Contracts and tenders;
- Major capital works;
- Engagement of consultants;
- Senior executive service;
- Usage of government vehicles;
- Records management; and
- Sponsorship.

Since 1985, the IAB has developed a formidable expertise in auditing these areas. We have specific audit programs that are designed to give senior management comfort and our programs are continually revised to include any policy and rule changes that may require examination for compliance.

Risk based audit

In today's competitive world, senior managers are continually being asked to determine which risks to take, which to avoid, which to manage, and which to accept. Crucial to these decisions is the allocation of scarce resources among a variety of options with different risks and potential rewards.

IAB's Risk Based Methodology is a vital management tool for addressing the risks associated with on-going business operations, systems, technology and major change initiatives.

A valuable outcome of our methodology is a risk management plan that gives management an in-depth analysis and documentation of major risks; preventative internal control measures; recommendations for improvement to managerial and operational processes; and a process for maintaining the plan into the future.

Operational systems review

Today more than ever, organisations are under increasing pressure to deliver services more efficiently, effectively and economically. Successful organisations are known to monitor their key operational areas very closely to ensure there are no surprises.

More than 60% of IAB's Assurance and Advisory Services Group's assignments include reviewing the performance of our clients' key operational areas.

We have a number of methodologies available to assess the performance of your organisation's operational areas. They include systems based audit, program evaluation, and a number of more specific methodologies utilised by our Information Technology Group. The type of methodology used will depend on the complexity of each area to be examined and the agreed scoping or terms of reference.

Financial systems audit

Internal Audit has a fundamental role to assist senior management with the establishment and maintenance of an effective internal control framework that protects the organisation's financial systems and its most valuable assets.

IAB's comprehensive audit methodology can be adapted to your particular needs. We can start with a compliance review and extend it to cover management and performance issues.

Performance review of internal audit

A Peer Review of your internal audit will ensure that your organisation receives the benefits that a modern, professional internal audit can provide.

IAB's skilled team of experts will perform a
comprehensive assessment of your internal audit
function using a methodology based on the American Institute of Internal Auditors Quality Assurance Review process.

The three primary objectives of our methodology are to:

1. Assess the efficiency and effectiveness of the internal audit function in light of:

(a) its charter,

(b) expectations of the audit committee, executive management, and the Manager of
Internal Audit, and

(c) its current needs, exposures to performing at less than an effective level, and the future direction and goals of the organisation.

2. Identify opportunities and offer ideas and counsel to the Manager of Internal Audit and staff for improving their performance and that of the function. By implementing selected "successful practices," the function will add value to management and the audit committee, and promote its image and credibility within the organisation.

3. Provide an opinion as to whether the internal audit function conforms with the Standards for the Professional Practice of Internal Auditing (Standards) and NSW Treasury's Statement of Best Practice Internal Control and Internal Audit.

Establish or assist an existing internal audit function

The IAB provides an extensive and flexible range of solutions to organisations seeking to strengthen their internal control, risk monitoring and strategic risk management capabilities.

These solutions include:

- The full design and implementation of your internal audit function;
- Outsourcing the entire function; and
- Providing specialist advice and support, designed to enhance the focus and value of, an existing internal audit or risk management function.

Audit plan development using a risk prioritisation model

Our Assurance and Advisory Group has developed a methodology that is focussed on your organisation's risks and controls.

The first step in applying our model in your organisation is to establish an inventory of the "Audit Universe". The Audit Universe should contain the organisation's main business functions, systems and activities broken down into reasonably sized "Auditable Units".

The aim of our risk model is to ensure that those "Auditable Units" that are most important to your organisation's success receive a higher priority in terms of their inclusion in audit plans and work schedules. This association allows us to focus our resources on those areas that are most likely to add value to your organisation.