• About us

    The Risk Management & Assurance Office provides assurance support to the University through the University’s Internal Audit function and through the facilitation of Risk Management activities.

    The Risk Management & Assurance Office assists in the achievement of the University Objects and delivery of organizational strategy:

    • The Risk Management function supports the consistent and effective identification and management of key risks;
    • Internal Audit brings an independent, systematic and organized approach to evaluate and improve the University’s key control, governance and operational processes. This is through systematic evaluations of financial management, risk management, controls, governance, and the implementation of good practice process improvements.

    Assurance provides the University’s leadership, management, staff, student and other stakeholders a level of confidence that the University’s objectives will be achieved and key functions are being delivered within an acceptable level of risk.

    The University’s Risk Management & Assurance Office enables the University to meet foundational expectations including for a “framework of structures, rule, relationships, systems and processes of an entity through which… risks are identified, managed and controlled.” (TEQSA Guidance Note: Corporate Governance Version 2.3, 11 October 2017).

    Contact us

    Joshua Lu
    Director, Risk & Assurance
    joshua.lu@nd.edu.au

  • Internal Audit

    The University’s Internal Audit Charter outlines the vision, objectives, independence, and role of the Internal Audit function as conferred by the University’s Audit and Risk Committee

    The Charter recognises the Institute of Internal Auditors’ (IIA) definition of internal auditing: ‘Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process.’

    Approach

    Internal Audit activity is generally guided by annual strategic Internal Audit Plans approved by the University’s Audit and Risk Committee.  Internal Audit Plans should be consistent with the University’s strategic and business plans, risk-based methodology, and include risk or control concerns identified by management.

    Internal Audit deliver the requirements of the approved Internal Audit Plan through individual internal audits.  These may include the assessment of key controls pertaining to operational, financial, and risk management information, and control systems and activities.

    The internal audit process includes the follow up of the implementation of outstanding internal audit recommendations, reported three times a year to the Audit and Risk Committee.

    Audits

    Internal Audit Coverage

    The Internal Audit function will extend to all of the University’s operational areas and their activities, including University controlled entities.

    Internal audit activities may extend to financial, academic, management and administrative areas within the University.

    Internal Audit Independence and Access

    Internal Audit has independent status within the University and is operationally independent from the activities/functions that it audits.

    In accordance with the Internal Audit Charter, every employee of the University shall render their assistance to Internal Audit in carrying out its duties by supplying Internal Audit with information and explanations as deemed necessary.

    Internal Audit should also have full and unrestricted access at all reasonable times to all systems, information, records, data, personnel, property and assets in the performance of its functions.

  • Risk Management

    The University is committed to a strategic and structured organizational-wide approach to risk management that supports the consistent and effective identification, management and reporting of risks.  This is consistent with the Australian Standard on Risk Management, AS ISO 31000:2018.

    Approach

    The University conducts periodic risk identification and assessment exercises at both a divisional and at an organisational or University Material Risk level.  This process involves key staff and management, all members of Executive Council, and the Audit & Risk Committee.

    Divisional and organisational risks are documented in Divisional Risk Registers and the University Material Risk Register respectively.  This is utilised by management and the University’s Executive as part of business and strategic planning.

  • Business Continuity Management is a systematic and orderly approach to ensuring that critical University functions can be maintained and restored in a timely manner in the event of a Critical Incident.

    The Business Continuity Plan (BCP) provides guidance to the University’s management in the event of a Critical Incident in order to restore and/or maintain critical University functions.

    Business Continuity Plan

    The BCP scope includes business support systems and functions that have been assessed as being critical and which have to be performed regularly to meet business objectives, including statutory and contractual obligations. These are the critical University functions. The objective of the BCP is to maintain the availability of critical University functions within acceptable timeframes.

    View the Plan

  • Resources