Todays Date: November 24, 2009
SERVICES
Subscription Service
Unsubscribe

 

QUICK LINKS
Jobs@OFM
Legislation
Info for Agencies
FIS
Total Asset Management
Working with Government
NSW State Plan Consultation
NSW State Plan
Tenders
Media Releases by Portfolio

 



Valid CSS!

Internal Audit and Risk Management Policy

In August 2009 NSW Treasury issued the Internal Audit and Risk Management Policy for the NSW Public Sector.

Background

The new policy implements Government approved actions of the 2008 Department of Premier and Cabinet performance review report Internal Audit Capacity in the NSW Public Sector. It was developed under the auspices of an Implementation Steering Committee comprising senior internal audit practitioners from across the NSW public sector. The policy will strengthen key corporate governance practices across the NSW public sector by reinforcing the existing Public Finance and Audit Act 1983 requirement for operating a system of internal control.

Application of the Policy

The new policy:

  • is issued as a direction to department heads and statutory bodies under NSW Treasury Circular TC 09/08
  • is set out in NSW Treasury Policy & Guidelines Paper TPP09-5
  • withdraws and replaces previous NSW Treasury Policy & Guidelines Papers TPP95a, TPP95b and TPP97-3
  • is not a requirement for State Owned Corporations which should refer to Treasury’s Commercial Policy Framework for corporate governance guidelines.

Summary of the Policy Arrangements

In summary the new policy arrangements require departments and statutory bodies to implement a set of ‘core requirements’ to provide greater assurance on internal audit and risk management, including:

  • an operationally independent internal audit function
  • appointment of a Chief Audit Executive
  • an Audit and Risk Committee with an independent chair and a majority of independent members appointed from the central register of ‘pre-qualified’ individuals established by DPC Circular C2009-13 Prequalification Scheme: Audit and Risk Committees
  • consistent application of a ‘model charter’ for Audit and Risk Committees
  • adoption of current standards for enterprise risk management
  • adoption of current standards for professional practice in internal audit.

Summary of the Regulatory Arrangements

In summary the new regulatory arrangements for the policy:

  • require all departments and statutory bodies to comply with the ‘core requirements’ by the end of the financial year ending on or after 30 June 2010
  • require all department heads and governing boards of statutory bodies to attest and report compliance annually, commencing with the 2009-10 Annual Report
  • provide a process for departments and statutory bodies to apply, in limited circumstances, to the relevant portfolio Minister for an exception to core requirements provided alternative measures to achieve an equivalent level of assurance are implemented
  • provides for the Auditor-General to monitor compliance through his compliance audit and reporting program.

Departments and statutory bodies must refer to TPP09-5 for the full compliance and reporting requirements of the new policy.

This web page has been developed to provide departments and statutory bodies with a quick reference guide on the new internal audit and risk management policy, including model charters and annual reporting templates. It also contains links to related NSW public sector policies, and current standards for professional practice in internal audit and risk management.

 

Frequently Asked Questions

Legislation and Policy Documents

Prequalification Scheme for Independent Chairs and Members of Audit and Risk Committees

Model Charters and Reporting Templates

These templates are extracted directly from the Policy and are made available in word format to assist agency use.

Professional Standards

Internal Audit and Risk Management Information Session Slide Show

NSW Public Sector Audit and Risk Practitioner Network

Performance Review Unit Report Internal Audit Capacity in the NSW Public Sector Final Report 2008