1.Role of Internal Audit1
2.Introduction and Purpose of this Strategy1
5.Audit Working Procedures and Practices3
The Audit Toolbox3
6.Internal Audit Assistance in UWCN Risk Management5
8.Links To Institute of Internal Auditors (IIA) and Other Bodies6 9.Staffing6
10.Operational Plan 2001/027
11.Strategic Plan 2002/0510
12.Annex A Key Risks21
13.Annex B - Audit Universe29
14.Annex C Analysis of Systems and Risk35
1.Role of Internal Audit
1.1.Internal Audit (IAS) is an independent and objective appraisal service within the University College. 1.2.Internal audit's primary role is to provide an opinion to the Principal and Chief Executive, and to the Board of Governors via the Audit Committee, on risk management, control and governance, by measuring and evaluating the effectiveness of these controls and systems in achieving UWCN's agreed objectives. 1.3.In addition, internal audit provides assurance to management on systems that they are responsible for and assist management in making improvements to these systems. 1.4.Risk management, control and governance comprise the policies, procedures and operations established to ensure: the achievement of objectives;
the appropriate assessment of risk;
the reliability of internal and external reporting and accountability processes; compliance with applicable laws and regulations; and
compliance with the behavioural and ethical standards set for the organisation. 1.5.Internal audit also provides an independent and objective consultancy service specifically to help line management improve the organisation's risk management, control and governance. Such consultancy work contributes to the opinion which internal audit provides on risk management, control and governance. 1.6.Establishment and maintenance of the system of internal control remains the responsibility of management under the oversight of the Board of Governors. 2.Introduction and Purpose of this Strategy
2.1.Internal Audit are required to provide a service that complies with the Standards set out in the Government Internal Audit Manual (GIAM), the Higher Education Funding Council for Wales (HEFCW) Audit Code of Practice and the Standards, Guidelines and Code of Ethics of the Institute of Internal Auditors (IIA). 2.1.This document sets out Internal Audit's proposed strategy for the delivery of assurance to the Principal and Audit Committee on the framework of control operating in UWCN for the period 2002 to 2005.
3.1.We would like to express our thanks to the staff in UWCN for their help and co-operation in the preparation of this document.
4.1.Risk identification and assessment belongs to management. They, not internal audit, are accountable for the economy, efficiency and effectiveness of risk management, control and governance. It is therefore essential that the audit strategy is based on management's risk priorities. During 2001-02 UWCN, with the assistance of Internal Audit, has revised its approach to risk management. This approach provides UWCN with a structured methodology to identify, assess and manage risks to the achievement of their objectives. 4.2.Internal Audit will seek to rely on management's resulting risk analysis and evaluation to form the basis for this and future plans. In this way IAS will be able to provide assurance to management on the key risks facing UWCN as well as assist in reducing those risks through its recommendations. 4.3.As well as using UWCN's risk assessment as the basis for its planning, IAS will undertake additional work to inform its approach. We will take account of previous assessments of systems and processes in UWCN, the length of time since specific systems have been reviewed, our knowledge of the strengths, weaknesses, opportunities and threats...