Skip to Content
Need Help Live Chat

Internal Audit Policy

1. Purpose

To ensure internal audit activities at Canberra Institute of Technology (CIT) are conducted in accordance with the ACT Government Framework for Internal Audit Committee and Function (February 2020), the CIT Internal Audit Charter and the International Professional Practices Framework (IPPF).

2. Scope

This policy applies to all internal audit activities conducted at CIT relating to the strategic objectives of CIT.

3. Principles

3.1 Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations (IPPF definition).

3.2 The CIT Board is responsible for establishing, maintaining and monitoring the CIT internal audit function and performance and has established the Audit and Risk Committee to oversee this function.

3.3 The internal audit function is undertaken by the Head of Internal Audit/Executive Branch Manager Audit Risk and Corporate Governance.

3.4 The Internal Audit Charter, is approved by the CIT Board and reviewed annually, outlines the roles and responsibilities of the Head of Internal Audit, internal auditors and outsourced internal audit service providers.

3.5 Internal Audit is responsible for:

  • all internal audit activity
  • assisting the Audit Committee to discharge its responsibilities
  • reviewing strategic risks
  • fraud and corruption prevention control
  • strengthening internal controls
  • monitoring the implementation of agreed recommendations from audit activities through the Audit Recommendations Register
  • disseminating better practice and lessons learnt from audit activities across CIT.

3.6 The Head of Internal Audit in consultation with the CIT Executive, Directors and Senior Managers, will develop an annual internal audit program, based on CIT strategic risks, for the endorsement of the Audit and Risk Committee in accordance with the Audit and Risk Committee Charter.

3.7 In addition to the audits on the internal audit program, the HIA will capture and monitor management-initiated compliance and regulatory audits, reviews and other assurance activities conducted across all areas of CIT. This activity will be recorded in a centralised assurance activity register to enable the Audit and Risk Committee to oversight any high-risk findings from these activities.

3.8 All audit work within the scope of the internal audit program will be outsourced to internal audit service providers (until such time as CIT engages a qualified internal auditor staff member).

3.9 Responsibility for the conduct of the management-initiated compliance and regulatory audits, reviews and other assurance activities that do not fall within the scope of the internal audit program rests with the audit sponsor.

3.10 The HIA will ensure that internal audit activities remain free of influence and interference by any organisational elements for scope and reporting.

3.11 Contracted auditors will be selected in accordance with ACT Procurement practices and guidelines. Auditors will be required to have the appropriate qualifications, be impartial and objective, and conduct audits according to the IPPF.

3.12 Contracted auditors will be required to provide a conflict-of-interest declaration and a confidentiality commitment of all documents and information accessed through the course of an audit engagement.

3.13 Auditors will adopt a consultative and advisory approach with CIT staff when undertaking audits.

3.14 All CIT staff must provide reasonable assistance to internal auditors including the timely provision of any material data or information requested.

3.15 Reports from all internal audit activities will be provided to Audit and Risk Committee for endorsement.

3.16 The Audit and Risk Committee will monitor the implementation of agreed recommendations from internal audit activities to completion through the Audit Recommendations Register.

3.17 An independent external review of the internal audit function will be undertaken at least once every five years.

4. Documentation

ACT Government Framework for Internal Audit Committee and Function (February 2020)
International Standards for the Professional Practice of Internal Auditing - Standard 2040 - Policies and Procedures of the International Standards for the Professional Practice of Internal Auditing.
CIT Audit and Risk Committee Charter 2022CIT Internal Audit Charter 2023 (CIT Staff Only)

5. Definitions

All terminology used in this policy is consistent with definitions in the CIT Definitions of Terms.

6. Policy Contact Officer

Head of Internal Audit.

Contact CIT Student Services on (02) 6207 3188 or email for further information.

7. Procedures

This policy is implemented through the associated procedures. Authority to make changes to the procedures rests with the policy owner.

Policy No: 2017/883
Approved: October 2023
Next Review: October 2026
Category: Corporate Policies
Policy Owner: Executive Director, Corporate Services
procedurepdf Internal Audit Procedure
(PDF File 270.9 KB)


Browse Policies
CIT Definition of Terms
Complaints Form
Client Service Charter
Student Code of Conduct
2023-10-31: Internal Audit Policy
2023-10-11: Debt Management Policy
2023-10-01: Policy Development Policy
2023-07-01: Fraud and Corruption Policy
2023-04-01: Asset Management Policy