(1) This Policy establishes a cost-effective internal control structure so that QUT Council can be reasonably assured that: (2) This Policy applies to all QUT operations as an integral and embedded part of all University activities. (3) The External Audit process provides assurances to Parliament on the stewardship (integrity, propriety, economy, efficiency and operations) of the University. The Auditor-General, as Parliament's external auditor, discharges these responsibilities principally through certification of the University's financial statements. (4) The University's accounts are audited by the Auditor-General of Queensland in accordance with Section 30 of the Auditor-General Act 2009 (Qld). Section 46 of the Auditor-General Act 2009(Qld) empowers the authorised auditor to have, at all reasonable times, full and free access to all documents and property belonging to the University. (5) There are five primary components of internal control: (6) QUT’s control environment is established by setting standards of integrity, ethical values and diligence through the Code of Conduct - Staff and other related policies. (7) QUT's Enterprise Risk Management Framework and Procedures including Risk Management Policy provide detailed guidance on the application of risk assessment and management processes to maximise efficiency while providing an adequate level of security and control over University operations. (8) Within QUT, control activities are embedded into University plans, policies, procedures, systems and business processes, and training is provided to ensure effective compliance by management and staff. (9) To facilitate proper decision making, relevant internal and external information should be identified, captured, and communicated in a timely manner and in appropriate forms, both internally and externally. This includes appropriate dissemination of strategic goals, financial and non-financial data, policies and procedures, management initiatives and responses to internal and external changes. (10) QUT has a range of ongoing mechanisms to monitor control processes, performance and risks, which aim to highlight any problem areas and allow early intervention and review to meet changing circumstances. These include monitoring and reporting by management, monitoring by Risk and Audit Committee, and Assurance and Audit, and external audits. QUT aims to have systems which are viewed as dynamic, responsive to changes and are open to improvement and refinement. (11) QUT acknowledges the inherent limitations of internal control as it is designed and operated to provide only reasonable assurance that the University’s objectives and goals will be achieved and this is managed through the Corruption and Fraud Control Policy.Internal Control Policy
Section 1 - Purpose
Top of PageSection 2 - Application
Section 3 - Roles and Responsibilities
Top of Page
Section 4 - External Audit
Section 5 - Internal Control Components
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
Section 6 - Limitations of Internal Control
Section 7 - Definitions
Term
Definition
'Control' or Control Activity
Is any action taken by QUT Council , management, and other parties or officers to protect assets and manage risk, and thus to increase the likelihood that established objectives and goals will be achieved. This includes appropriate approvals, checks on accuracy and security of data, adequate segregation of incompatible duties such that no one person has complete control over all aspects of a transaction and IT security related control activities. It also includes planning, organising and directing the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved. Controls may be preventive (to deter undesirable events from occurring), detective (to detect and correct undesirable events that have occurred), or directive (to cause or encourage a desirable event to occur). The concept of a system of control is the integrated collection of control components and activities that are used by an organisation to achieve its objectives and goals.
View Document
This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.
Positon
Responsibility
Vice-Chancellor and President
Ensures that cost-effective internal control structures for the University are established in line with the requirements of the Financial and Performance Management Standard 2009 (Qld).
Management/Heads of Divisions, Portfolios, Faculties, Schools, Departments and Sections
Develop cost-effective internal controls as an integral component of the overall process of managing the operations of the University by:
Maintain the effectiveness of the control processes that have been established and foster continuous improvement of the processes.
Risk and Audit Committee
Monitors, reviews, evaluates and oversees the following responsibilities:
Director, Assurance and Audit
Ascertains the control processes throughout the University to ensure they are operating in an effective manner.
Reports to University management and Risk and Audit Committee on the adequacy and effectiveness of the University's systems of internal control, together with recommendations to improve the control processes.
All staff
Comply with legislative requirements, internal control activities and assist with the satisfactory conduct of audits as necessary.