Senate Committee Minutes

Page 1

AUDIT & RISK MANAGEMENT COMMITTEE

Minutes of the Meeting

on Tuesday, 21 August 2007

Annexures attached to the Minutes

Annexure DOperational Risk Register

Annexure EOutstanding Audit recommendations with a lapsed action date

Annexure HReport of the DVC(C) on the progress on IT Risk Management Initiatives & IT Review outstanding IT audit recommendations.

Annexure IOutstanding Occupational Safety & Health Recommendations

Annexure JVC's report on the top three strategic risks

(Commercial in Confidence) – (included within Item 4 of Senate Agenda).

Annexures to the Minutes not attached but available on request from the Director, Office of Internal Audit & Risk Management

Annexure AMinutes of the previous meeting on 8/5/2007

Annexure BProgress against the 2007 Annual Audit Plan

Annexure CExecutive Summaries & Audit reports issued since the last meeting

Annexure FOutstanding Audit recommendations with a future action date

Annexure GAudit Recommendations completed since the first meeting

Andrew Burchfield

Director, Office of Internal Audit & Risk Management

Phone :08 9360 6167

Email:

Date of meeting: / Tuesday, 21 August 2007
Present: /

Her honour Judge Kate O'Brien, BJuris UWA, LLB UWA Chair

( & 0419 969 921)

Ms Janice Bowra, BSc Murd MBA Murd

( & 9314 1125)

Mr Brian Aitken

( & 0419 919 614)

Mrs Bev Schubert, BCom MBA Murd

( 9322 1483)

Ms Lyndy Scott, BSc BVMS MBA MACVSc FAICD ( & 0419 435 916)

Secretary: / Mr Andrew Burchfield, Director – Office of Internal Audit and Risk Management
Official attendees:
Observers: / Professor John Yovich, Vice Chancellor
Mr Ian Callahan, Deputy Vice Chancellor (Corporate) – from 8.05 am
Mr Jeremy Rigg, General Counsel & University Secretary
Mr Reece Harley, Guild President
Mr Don Cunninghame OAG (until 8.45 am)
Ms Emma Tayler OAG (until 9.30 am)

GLOSSARY

AG:Auditor General

Chair:Chair of the Auditor & Risk Management Committee

Committee:Audit & Risk Management Committee

Director:Director, Office of Internal Audit & Risk Management

DVC (C):Deputy Vice Chancellor (Corporate)

GCUS:General Counsel and University Secretary

OAG:Office of Auditor General

Office:Office of Internal Audit & Risk Management

VC:Vice Chancellor

Committee Terms of Reference / 1. / To ensure on behalf of the Senate that:
1.1. / the internal audit function is operating effectively, independently and in accordance with the Standards for the Professional Practice of Internal Auditing;
1.2. / adequate attention is paid to the effectiveness, efficiency and economy of the University’s operations;
1.3. / adequate systems of internal control are in operation so as to produce accurate and meaningful management information;
1.4. / appropriate and timely action is taken by the relevant managers to rectify major areas of concern identified by internal and/or external audit;
1.5. / risk management issues (financial, legal, ethical, reputational or other risks for the University) are being adequately addressed within the University, including monitoring risks associated with legal action taken against the University and complaints lodged with the Human Rights and
Equal Opportunities Commission and similar bodies;
1.6. / the Internal Audit and Risk Management team is adequately funded to fulfil its purpose and has been given access to all necessary information;
1.7. / the University has in place sufficient policies, procedures and processes to ensure that it complies with all legal requirements.
2. / To report to the Senate:
2.1. / at least quarterly on its deliberations, by furnishing its minutes to the Senate;
2.2. / on any pressing matters, to report to the Chancellor before that time;
2.3 / once a year to provide an overview of audit and risk management matters.

The meeting commenced at: 7.40 am

1. / apologies

Mr Jamie Ogilvie, LLB.Com Melb, MBA UWA

( & 0409 788 874)
2. / DECLARATIONS OF INTEREST (Murdoch University Act s17A)
None declared
3. / Confirmation of Minutes
The Committee confirmed as accurate the minutes of the meeting held on 8 May 2007.
4. / REPORT OF ACTION ITEMS ARISING FROM the LAST MINUTES

Report of Action Items arising from the last Minutes

Meeting Date: / 8/05/2007
Item Number / Action required / Action taken since last meeting
1 / The Committee endorsed the inclusion of the opportunities for improvement in the Register of Outstanding Audit Recommendations arising from internal audits. / The register has been updated.
2 / The Committee endorsed the removal from the Register of Audit Recommendations of those items described as "Done" in the "Action Status. / The register has been updated.
3 / The Committee requested the DVC (C) to -
a) advise what action, if any, can be taken to reduce each of the 11 extreme or high operational risks in the Register ; &
b) to insert a realistic action date for those risks which can be reduced/fixed as the current dates are either 2005 or 2006 ; &
c) to provide reasons why some risks on the register may not be able to be reduced/fixed. / The details are reported in Annexure D.

Report of Action Items arising from the last Minutes

Meeting Date: / 8/05/2007
Item Number / Action required / Action taken since last meeting
4 / The Committee requested the DVC (C) to provide it with two summary exception reports a year on outstanding matters identified from Occupational Safety and Health reviews conducted internally and externally. / The initial report is at Annexure I.
5 / The Committee requested a report be provided at future meetings on outstanding actions arising from the review conducted by the OS&H area of "Emergency Planning and Responses", in line with the Australian Standard AS4801." / The report is at Annexure I.
6 / The Committee requested that an OAG representative attend the next meeting to provide them with an update on significant issues arising from their 2006 audit and in particular those matters reported in their Management Letter. / Mr. Don Cunninghame from the OAG has advised that he will provide an update at the next meeting.
7 / The Committee requested that the draft 2007 Strategic Risk Management Plan be forwarded to the Senate for their review and approval. / The Plan was included under Agenda Item 6 at the 13/6/2007 Senate meeting.
8 / The Committee requested that the final version of the reporting protocols between the OAG and the University be sent to the OAG. / The final version of the protocols was emailed to the OAG on 12/7/2007.
4.1 ACTION TAKEN - The Committee noted the action taken on item nos. 1, 2, 4, 5, 6, 7 and 8 arising from the previous minutes.
4.2 OPERATIONAL RISK REGISTER, ANNEXURE D
The University’s risk assessment methodology allows potential risks to be assessed as Extreme, High, Moderate or Low. All Extreme or High risks are recorded in the Operational Risk Register. The University aims to reduce all Extreme or High Risks to the Moderate or Low Level.
4.2.1 The Committee recommended the removal of Operational Risks numbered 2, 3, 5 and 10 from the Operational Risk Registeras they accepted the advice of the DVC (C)that these risks are no longer assessed as having a High residual risk.
4.2.2 The Committee recognised the High risk assessments for Operational Risks numbered 6, 9 and 11 in the Risk Register at Annexure D.The Committee accepted the advice of the DVC (C) that University funds would currently be better utilised on higher priority matters rather than reducing these risks to Moderate or Low levels. The Committee will continue to monitor these risks.
5. /

REVIEW OF PROGRESS AGAINST THE 2007 ANNUAL AUDIT PLAN

Annexure B outlines progress against the 2007 Annual Audit Plan. Progress to date indicates that the 2007 Plan should be completed by year end.
ACTION TAKEN - The Committee endorsed the satisfactory progress against the 2007 Annual Audit Plan detailed in Annexure B (attached).
6. / IT PROGRESS REPORT
At the meeting on 28August 2006 the Committee requested that the DVC (C) provide a report combining the IT Review recommendations and the outstanding IT audit recommendations at future Committee meetings.
The DVC (C) provided an update on progress.He advised that the University had recently won an award for the best use of flash technology.
This report is at Annexure H.

ACTION TAKEN - The Committee noted the report of the DVC(C) outlining the progress on IT Risk Management initiatives & IT Review and Audit recommendations.

The Committee requested that future IT Progress Reports by the DVC (C) also contain a dot point summary of significant outstanding IT items including action dates.
7. / DISCUSSION OF INTERNAL AUDIT REPORTS
Final reports on the following topics have been completed since the last Committee meeting and issued to Committee members –
Audit Report Name / Issue Date
Accounts Payable & Expenditure / 20/7/2007
Alumni / 4/7/2007
Anti Money Laundering/Counter Terrorism Financing Act / 26/6/2007
Audit Certificate on the Financial Statements of the University & IDP Education Pty. Ltd. for the Australian Partnership Scholarship Program / 5/6/2007
Gene Technology Processes / 23/5/2007
Centre for Comparative Genomics / 15/5/2007
Income & Expenditure Statement of the Premier's Water Foundation Research Agreement / 8/5/2007
The Executive Summaries of the above reports are at Annexure C (attached).
ACTION TAKEN - The Committee endorsed the inclusion of the opportunities for improvement contained in the above internal audit reports in the Register of Outstanding Audit Recommendations.
8. / RISK
8.1 Strategic Risk Management
8.1.1 The Committee requested at its May meeting that the draft 2007 Strategic Risk Management Plan be forwarded to the Senate for their review and approval. The Plan was included under Agenda Item 6 at the 13/6/2007 Senate meeting. The relevant minutes of the meeting stated -
“The Chair of the Audit & Risk Management Committee, Judge Kate O’Brien spoke to the Strategic Risk Plan. The Chair informed Senate that:

The Strategic Risk Plan (SRP) is a critical component of good management and good corporate culture.
The plan is generated by Senior Executive Group (SEG) and is essential for monitoring identified strategic risks that may arise over the coming financial year.
The SRP is reviewed and updated annually by SEG and then considered by ARMC.
The Vice Chancellor identifies top 3 risks and reports to ARMC at quarterly meetings.

Mr Brian Aitken, a member of the ARMC, formally acknowledged the excellent disaster recovery planning system for the University, prepared by Director of IT, Chris Foley, and his team, that had been presented to the most recent meeting of the Committee.
The Senate Resolved: S/28/2005
(i) To note the Strategic Risk Plan briefing paper and endorse the 2007
Strategic Risk Management Plan
(ii) That the Vice Chancellor report to each quarterly meeting of the Audit
& Risk Management Committee on the top three strategic risks.”
8.1.2 ACTION TAKEN - The Committee noted the quarterly report made by the Vice Chancellor on the top three strategic risks of the University.
Also Refer Item 4 of Senate Agenda: Commercial in confidence/Strictly confidential
8.2 Operational Risk ManagementThe Operational Risk Register is at Annexure D (attached). The DVC (C) has reviewed the Register and has provided comments in Annexure D.
The process to review all the University’s Operational Risk Management Plans has commenced again.
ACTION TAKEN -The Committee noted the progress made by the University in reducing the Extreme and High Risks contained in the Operational Risk Register in Annexure D.
8.3 “Other” Risk MattersNil matters
9. / REVIEW OF ACTION TAKEN ON AUDIT RECOMMENDATIONS
A summary of the internal and external audit recommendations is as follows –

Annexure G contains details of the 36 completed audit recommendations.
Action Taken - The Committee noted Annexures E, F and G.
The Committee endorsed the removal from the Register of those items described as “Done” in the “Action Status” column as detailed in Annexure G and the general progress in clearing outstanding Audit Recommendations.
10. / Management Initiated Reviews
The Office has been involved in the following management initiated reviews since the last meeting -

reviewed the Risk Management Plan for the a Capital Works project on the Animal House and Farm Workshop buildings ;
provided input/advice on the new Concur Purchasing Card system ;
co-ordinated a meeting re the proposed “Students of Sustainability 2007 – Risk Management Plan” ;
advised the Strategic Procurement Manager on procurement policy ;
reviewed the IT Systems specification for a new computerised register of hazardous substances ; &
provided advice to the Division of Research & Development on Corporate Governance.

ACTION TAKEN - The Committee noted the management initiated reviews undertaken since the last meeting.
11. / other business
11.1 OAG MANAGEMENT LETTER
On completion of their financial statement audit, the OAG issues a management letter to the University on areas where process improvements can be made.
The management letter issued by the OAG on completion of the 2006 audit was emailed to Committee members on 23/3/2007.
The OAG representatives provided the Committee with an update on the matters reported in their final management letter arising from their 2006 audit.
ACTION TAKEN – The Committee noted the matters reported in their 2006 Management Letter.
11.2 oag audit fee
At the Senate meeting on 21/2/2007, Senate resolved as follows -
“Resolution S/02/2007 - Senate to express its concern at the size of increase in the level of the audit fees for 2006 and the lack of consultation from the Office of the Auditor General, in imposing those fees on the University.”
The DVC (C) advised that he had discussed this matter with the OAG. The Committee re-iterated its concern on the size of the unsubstantiated increase in the level of the audit fees for 2006.
Mr Cunninghame, the OAG representative, advised the Committee that the increase in their 2006 audit fee from $110,000 to $170,000 was justified and was based on a more complete recovery of their costs compared to previous years. He further advised that the OAG fees, to perform financial statement audits, were 30% lower than those of providers in the private sector. The Committee Chair advised this fee differential would be expected as the private sector providers required a profit margin.
The Committee advised that the absence of a detailed substantiation of the increase in the OAG fee made it difficult for the University to determine if it was receiving a value for money service from the OAG.
The Vice Chancellor advised that representations will be made to the WA Minister for Education to see if the OAG external audit services could be provided on a no charge basis.
ACTION TAKEN – The Committee requested the DVC (C) to forward a letter to the OAG that reflects the concerns of the Senate and the Committee about the unsubstantiated and significant increase in the 2006 audit fees.
12. / NEXT MEETING
The next Audit and Risk Management Committee meeting will be held at 7.30 am in the ChancelleryBuilding room 4.1.A on7 November 2007.
13. / LEGAL ISSUES
13.1 The Committee noted a report provided by the GCUS relating to two matters under consideration by the Ombudsman's office.
13.2 The GCUS advised, to the best of his knowledge, there were no matters to report regarding -

complaints to the Equal Opportunity Commission (WA) or the Human Rights and Equal Opportunities Commission (Cth) against the University; and
the Corruption and Crime Commission Act 2003 and the Public Interest Disclosure (“whistleblower”) Act 2003 involving the University.

14. / AUDIT and RISK MANAGEMENT COMMITTEE DISCUSSION WITH THE DIRECTOR
This item allows the Committee and the Director, Office of Internal Audit and Risk Management to discuss any matters without any observers being present.
The Meeting concluded at: 10.00 am.
Signed as a true record of the meeting of the Audit and Risk Management Committee held on 21 August 2007.
Judge Kate O’Brien - Chair
Dated21 August 2007

#05-Senate agenda-12.09.07-ARMC.doc