Email Notification
Subscribe to ANAO feeds
Follow us on Twitter
- Foreword and Introduction
- 1. Introduction
- 2. The Audit Committee’s functions and responsibilities
- 3. Membership of the Audit Committee
- 4. Relationships with key stakeholders
- 5. Conduct of the Audit Committee
- 6. Assessment of the Audit Committee’s performance
- Appendices
- Part 2
- Part 3
PDF of Checklists And Proforma [0.5MB]
APPENDIX 3:
Example of an assurance map for Audit Committee use
Entity business risks (taken from an entity’s risk management plan) |
Source and level of assurance provided [47] |
Overall assessment of level of assurance [48] |
Is level of assurance adequate? |
||||
|---|---|---|---|---|---|---|---|
| Work Area[49] | Work Area | Management committees | Internal audit | Other assurance activities | Yes/No [50] | ||
| Failure to recruit, develop and retain sufficient skilled staff to sustain core service delivery at required levels. | low | moderate | (Human Resource Management) moderate | low | - | moderate | Yes |
| Failure to assess, monitor and appropriately manage key organisational requirements including resource and budget management in a changing business environment. | low | low | (Executive Board) moderate | (External review) low | moderate | Yes | |
| Failure to adequately manage the entity's complex contractual arrangements | low | moderate | (Executive Board) moderate | low | - | moderate | No |
| Ineffective and/or inappropriate management of information. | low | low | (Information Management) moderate | moderate | - | moderate | Yes |
| Diminished stakeholder confidence, loss of confidence by the minister or government. | moderate | low | (Executive Board) moderate | low | - | moderate | No |
| Failure to comply with legislative requirements. | moderate | low | (Executive Board) moderate | moderate | (Certificate of Compliance) high | high | Yes |
| Ineffective financial management | moderate | moderate | (Finance) moderate | moderate | (Audit Committee) High | high | Yes |
| Failure to work with or manage implementation partners. | moderate | low | (Executive Board) low | low | - | low | No |
| Unable to sustain efficient business processes and develop desired delivery solutions to meet business needs. | low | moderate | (Executive Board) moderate | low | - | moderate | No |
| Level of entity assurance and advice provided on the entity business risks —high, moderate, low. The level of assurance provided will depend on the extent to which the controls in place and other arrangements address the business risk. | |||||||
[47]. In identifying the source of an entity’s assurance activities, it is important to recognise that the activities of external audit do not form part of an entity’s control framework.
[48]. The level of assurance obtained will depend on the adequacy of management controls in place to manage particular business risks. The overall assessment of controls can range from management judgement to being supported by more formal arrangements, such as control self-assessments, or internal audits.
[49]. The term ‘work area’ is used to describe a major organisational unit such as a division or business unit.
[50]. Where the level of assurance is not considered to be adequate, it is expected that the Audit Committee will take action designed to increase the level of assurance to an acceptable level, including providing advice to the Chief Executive/Board.
Previous: Appendix 2: Audit Committee legal status and legislative
and policy requirements
Next: Model Audit Committee charter—FMA entity