Our Major Challenges
Our Objectives, Strategies
& Targets
Our Vision
To be recognised by our clients and peers as a first class
provider of audit assurance, risk management and management consulting and
advisory services.
This vision will be achieved by:
- implementing best practice standards and
adopting continuous quality improvement initiatives
- engaging with clients to
facilitate positive changes to existing processes, practices and
systems
- creating a dynamic working environment which encourages innovation
and maximises the use of new technology
- ensuring that adequate resources are
available to support the function and that appropriate resources are
directed to areas of highest risk
Our Mission
To help the University accomplish its objectives
through the provision of high quality and value added, assurance, risk
management and consulting and advisory services.
It is considered that Monash University's Audit & Risk Management Office
holds a pre-eminent position among internal audit groups at Australian and
New Zealand Universities and has established an enviable reputation for
innovation and excellence in the provision of services to its clients.
Over the past three years the Office has introduced Risk Management based
on the Australian Standard across the University's academic and
administrative divisions and has implemented Control Self Assessment
methodology for use on compliance audits at departments and centres.
In addition, the Office has acquired a number of state-of-the-art audit
software products which update and maintain the risk database and
organisational risk profiles, generate annual risk-based audit plans,
control and allocate time spent on projects, track the status of reports
issued, enable exception reports to be produced and provide a basis for the
selection of data for review. In addition, the Office has recently acquired
the Audit Information System facility in SAP which enables audits to be
conducted on-line, as well as providing a very powerful reporting
capability.
The successful implementation of these management and audit software
tools is considered to place the Office at the forefront of University
internal audit groups both here and overseas.
An immediate challenge for the Office will be to build upon the
achievements of the last three years and to continue to provide high quality
services in a rapidly changing environment.
[back to top]
Our Major Challenges
During this period the following developments are expected to
have a major impact on the nature and scope of the activities of the Audit &
Risk Management Office:-
The challenge for this Office will be to ensure that the potential
productivity gains from the on-going implementation of SAP and Callista
systems are maximised and that appropriate security and controls are in
place to protect the integrity of data and to limit the potential for losses
from overpayments and fraud.
Due to the complexity of the SAP system it is also understood that a
minimum of 3 years training is required for staff to be trained as
proficient SAP auditors. A significant challenge for the Office then will be
to ensure that all staff are adequately trained in SAP to enable them to
conduct reviews of this system effectively.
The ongoing devolvement of responsibility to departments for
administrative functions previously performed centrally poses significant
challenges to the Office, both operationally and logistically.
Departments and centres now hold prime accounting records previously held
centrally which will mean that in order to review transactions it will be
necessary to physically attend these areas. This poses particular
difficulties in the event of confidential audits.
It also needs to be understood that there is also an increased potential
for inappropriate payments to occur particularly in an environment where
there is an over-reliance on one or two key staff to perform the bulk of the
administrative functions.
The introduction of Web based technology and the increasing dependence of
the University on computing facilities poses a significant challenge to this
Office to ensure that appropriate security and controls are in place over
these facilities to prevent unauthorised access to data and systems.
An important strategy for the University in the coming years is to become
less reliant on government funding through the identification and
development of alternative income streams.
A challenge for this Office is to ensure that these entrepreneurial
activities are appropriately controlled and that the financial returns to
the University from these activities are maximised.
A key strategy of the University over the next decade is to increase the
number of offshore campuses.
A particular challenge for this Office will be to ensure that appropriate
auditing arrangements are in place at each of these offshore sites and to
oversee those arrangements on behalf of the Audit Committee of Council.
The nature of the internal audit profession is changing from that of a
policing role to a more consultative and advisory one. Increasingly, the
services of this Office are being sought by management to effect change to
existing structures and processes and to provide advice on a wide range of
administrative matters.
As mentioned, the Office also currently undertakes risk management
projects at divisions on a workshop basis and will be increasingly using
workshops as a means to increasing the awareness of University staff in
issues relating to fraud prevention and administrative controls.
In this environment there is a need for staff to have well developed
interpersonal and facilitation skills.
A challenge for this Office will be to ensure that staff have the
appropriate skills in order to effectively operate in this radically
different environment and to ensure that the quality and delivery of
services adequately meets the increased expectations of our clients.
An outline of the major objectives of the Office based on the major
themes of the Monash Plan, management strategies and target dates are
detailed in Our Objectives, Strategies & Targets
[back to top]
Our Objectives, Strategies & Targets
| Objectives |
Strategies |
Targets |
Status |
| 1.1. To foster a risk
awareness culture within the Greater Monash in order to maximise
opportunities and to minimise risks |
Conduct facilitation of risk management
across all of the University operating divisions |
By September 2000 |
On-going |
| Extend use of risk management
methodology to review major functional processes |
By December 2001 |
On-going |
| Undertake a risk management project to
identify and manage strategic risks |
By December 2001 |
In-Progress |
| Develop a risk assessment template for
use in the evaluation of new projects and for the establishment of
new campuses |
By March 2002 |
Completed |
| Develop and maintain a current risk
profile for the Greater Monash |
From September 2000 onwards |
On-going |
| Develop a crisis management plan for
the University and complete roll-out to all campuses |
By December 2002 |
In-Progress |
| 1.2. To identify potential
alternative sources of income |
Investigate feasibility of introducing
audit fees for certain types of audits |
By March 2003 |
To extend the review to
include both internal and external clients and assess the
feasibility of extending our expertise to non-profit organizations
at no charge |
| Investigate potential market for audit
assurance and risk management services at TAFE Colleges and
secondary schools |
By March 2003 |
| 1.3. To upgrade the skills
set of existing staff in order to meet the changing role of the
Office and to reflect the changing nature of the University’s
operations |
Arrange for workshop facilitation
training to upgrade staff presentation skills |
By September 2000 |
Completed |
| Increase the use of external service
providers to undertake a minimum of two co-sourced information
technology audits per year for knowledge transfer purposes |
From January 2000 onwards |
On-going |
| Provide opportunities for all staff to
be trained as proficient SAP auditors |
By July 2003 |
On-going |
| Review basis and structure of audit
programs to ensure risk-based approach |
By June 2003 |
On-going |
| 1.4. To identify and
harness the opportunities provided by changing technology and
various computer aided audit tools to improve efficiency and
productivity |
Explore and fully develop the Audit
Information System (AIS) module in SAP and have at least two staff
trained in its use |
By September 2000 |
Postponed due to incompatibility of AIS
with current SAP version |
| Explore methodology for automating
work-papers and electronic scanning of supporting documents |
By December 2002 |
Completed |
| Evaluate audit reporting format used by
other audit groups in both the public and private sectors and revise
report format if appropriate |
By June 2001 |
Completed |
| Investigate use of the internet as a
potential medium for the issuing and completion of Control Self
Assessment (CSA) Questionnaires |
By June 2002 |
To extend this to other areas suitable
for self-assessment |
| Link the CSA Questionnaires to the web
based financial policies and procedures manual currently under
development |
By June 2002 |
|
| 1.5. To increase fraud
awareness and to introduce preventative measures |
Design a workshop program for key staff
from identified high risk/exposure areas to brainstorm and initiate
preventative fraud measures |
By December 2002 |
|
| Complete the joint project for the
implementation and release of the University Code of Ethical
Behaviour document |
By December 2000 |
Draft Code developed |
| Develop a fraud minimisation strategy
for the University |
By December 2003 |
|
| Objectives |
Strategies |
Targets |
Status |
| 2.1. To ensure adequate
audit arrangements are in place at all off-shore campuses |
Oversee audit arrangements and
activities at off-shore campuses |
From January 2001 onwards |
On-going |
| Develop and extend the use of available
technology for more comprehensive remote desk audits using relevant
computer-aided auditing tools such as AIS and CSA |
By June 2002 |
On-going |
| Objectives |
Strategies |
Targets |
Status |
| 3.1. To strive to achieve
best practice standards in all activities undertaken |
Arrange for an external peer review |
By June 2004 |
|
| Benchmark activities against other
internal audit units within the tertiary and private sectors, both
nationally and internationally |
By December 2005 |
|
| 3.2. To ensure that the
needs of major stakeholders and clients are identified and met |
Arrange one on one interviews with key
stakeholders to obtain feedback on operations and activities
undertaken and incorporate into the planning process |
By December 2002 |
|
| Review the adequacy of existing client
survey forms issued at the conclusion of each audit |
By December 2002 |
|
| 3.3. To build closer links
with other internal audit units and related professional fields from
both the public and private sectors |
Explore and develop opportunities for
strategic alliances with other Universities eg. The University of
Melbourne |
By June 2002 |
On-going |
| Increase involvement and association
with relevant professional bodies by encouraging all staff to take
out memberships of relevant professional bodies and to continue
corporate membership of the Association of Colleges and University
Auditors (U.S.) |
From January 2000 onwards |
On-going |
| Participate in the planning and
development of the Institute of Internal Auditors South Pacific and
Asia Conference to be held in Melbourne |
By March 2001 |
Completed |
| Visit next ACUA conference in the USA
to develop proposal for the establishment of a South Pacific branch
of the Association |
By September 2000 |
Membership with ACUA terminated due to
limited relevance |
| Encourage increased staff participation
and presentation of relevant topics at professional external
seminars |
On-going |
On-going |
| 3.4. To promote closer working
relationship and enhance liaison with other sections of the
University |
Increase joint reviews with specialist
sections of the University such as Information Technology Division |
On-going |
On-going |
| 3.5. To promote and extend
the awareness of services provided by the Office to the University
community |
Develop a marketing strategy to raise
the profile and awareness of services provided by the Office |
By June 2003 |
This will commence with a review of
A&RM homepage in 2002 |
| Develop a series of management training
courses in conjunction with Professional Development & Training for
Monash staff on topics such as control strategies, fraud prevention
and risk management |
From June 2001 onwards |
On-going |
| 3.6. To maintain a professional working
relationship with the University’s external auditors and the
Auditor-General’s Office |
Maintain regular contacts and open
communication with the Auditor-General’s Office and with the
external auditors appointed as agents of the Auditor-General |
On-going |
On-going |
[back to top] |
