1 Internal Audit and Risk Management Policy for the NSW Public Sector Mark Pellowe Senior Director, Financial Management and Reporting NSW Treasury.

1

Internal Audit and Risk Management Policy for the

NSW Public Sector

Mark Pellowe

Senior Director, Financial Management and Reporting

NSW Treasury

2

The new policy

Treasury Circular TC 09/08 Internal Audit and Risk Management Policy (24 August 2009)

Treasury Policy & Guidelines Paper TPP 09-5 Internal Audit and Risk Management Policy for the NSW Public Sector (August 2009)

Department of Premier and Cabinet Circular C2009-13 Prequalification Scheme: Audit and Risk Committees (4 May 2009)

Key policy documents

3

What the new policy will achieve

Strengthened assurance and accountability

Consistent use of internal audit to mitigate business risk

Greater focus on risk management

More effective use of internal audit resources

Stronger external incentives to ‘comply and explain’

Desired Outcomes

4

Core Requirements

Internal Audit Function

Internal Audit function must be established

Chief Audit Executive (CAE) must be designatedIndependent Audit and Risk Committee

An Audit and Risk Committee must be established

‘Independent’ Chairs and MembersModel Charter for Audit and Risk Committee

Better practice requirements for operations

New mandated requirements

5

Core Requirements (cont.)

Enterprise Risk Management

Risk management process ‘appropriate to the entity’

Role of ARC – ‘oversight’ of risk management framework

Internal Audit Standards Adopted

Operation of Internal Audit function consistent with IIA International Standards

Additional reporting and monitoring requirements

6

Compliance and reporting

The policy DOES apply to: for departments: Department Heads

for statutory bodies with governing boards: the Governing Board

for other statutory bodies: the Chief Executive Officer

The policy does NOT apply to: statutory State Owned Corporations (SOCs) (covered by

Treasury’s Commercial Policy guidelines)

the Universities

Who?

7

Compliance and Reporting

Exceptions sought and

determinations made

(if applicable)

End of third quarter 31 March 2010

Core Requirements

IN PLACE

Before the FYE 30 June 2010

Attestation Statement to the Treasurer

Within 2 months after FYE

31 August 2010

Annual Report Disclosure

Within 4 months after FYE

31 October 2010

(With submission of Annual Report to Minister)

WHAT IS REQUIRED? 2009/10 TIMETABLE FOR A 30 JUNE 2010 FYE

By When? First Year

8

Compliance and reporting

Treasury will: monitor submission of attestation statements

monitor conformance

periodically review the efficiency and effectiveness of the policy

The Auditor-General will: undertake an assurance role in monitoring the sector’s compliance

review entity compliance with the policy through the compliance audit and reporting program

Monitoring