Docstoc

IMPLEMENTATION STEERING COMMITTEE

Document Sample
IMPLEMENTATION STEERING COMMITTEE Powered By Docstoc
					    INTERNAL AUDIT IMPLEMENTATION STEERING COMMITTEE

                     RECORD OF MEETING – 28 MAY 2008

Attendance: Philip Mussared (Chair), Mark Pellowe, Peter Connelly, Martina
Nightingale, Charlie Sherlock, Stephen Horne, Peter Whitehead, Bill Middleton, Ross
Tyler, Noel Kean, John Holmes, Greg Byrne

Other attendees: Kent Broadhead (Performance Review Unit), Nadia Theore
(NSW Treasury), Yasmin Parekh (Treasury-minute taker)

Apologies: Heather Watson (NSW Audit Office)

1. Record of Meeting – 17 April 2008

The record of the inaugural meeting of the Internal Audit Implementation Steering
Committee (ISC) held on the 17th April 2008 was approved.

2. Feedback on seminars

Members agreed that the two seminars were well received. More generally, it was
agreed that further communication opportunities should be pursued, including the
June meeting of the CEO’s Network.

ACTIONS TO BE TAKEN:
   The Performance Review Unit of the Department of Premier and Cabinet and
     NSW Treasury to address the June CEO’s Network on the Performance
     Review of the Internal Audit Capacity of the NSW Public Sector and the role
     of the Implementation Steering Committee.
   The address is to include an explanatory narrative on the clustering
     arrangements initiative including the various options available to forming
     clusters.

3. Membership of Implementation Steering Committee

Heather Watson, Director, Financial Audit Services, NSW Audit Office, was added to
the membership list (Attachment 1).

The members were reminded that the role of the ISC is both to provide a forum for
open discussion and review, and also to monitor progress with the key implementation
actions.

4. Status Report - Update of policy and guidance

Mark Pellowe advised that the NSW Treasury proposes to contract the Internal Audit
Bureau to assist in updating internal audit policy and better practice guidance
documents. The first stage of this project is to scope the policy update by identifying
needs and processes that are to be implemented, and deciding on whether to
implement it at an agency level using a step-by-step approach or as an overall whole-
of-State-sector approach. NSW Treasury also will consult with the Victorian Treasury
on the approach adopted in Victoria.
                                           2


Members discussed the implication of the current Suncorp project that is assessing
NSW Treasury’s internal audit and risk management issues.

ACTIONS TO BE TAKEN:
   Mark Pellowe to report to the next meeting (18 July 2008) on project planning
     for policy and guidance update.
   NSW Treasury to assess the appropriate relationship between internal audit
     and risk management and include this as part of the project planning.
   NSW Treasury to focus on establishing a standard risk management
     framework, incorporating the 4360 standard issued by Standards Australia.

5. Status Report - Establishment of pre-qualification scheme

Peter Connelly reported progress with the establishment of the pre-qualification
scheme. Focus points were the proposed selection criteria for assessing candidates for
appointment to the panels for independent Chairs and members of internal audit and
risk management committees, as well as the terms of reference for their engagement
and remuneration.

Peter Connelly distributed to members the draft selection criteria for independent
Chairs and members of Internal Audit and Risk Management Committee (see
Attachment 2).

ACTION TO BE TAKEN:
   The Performance Review Unit of the Department of Premier and Cabinet to
     make the following changes to the selection criteria:
        1. Include the criterion that the Chair and members should have sound
            understanding of ethical requirements
        2. Include the criterion for the Chair and members to have understanding
            of public sector corporate governance and accountability
        3. Include a point within both the Chair and Committee member criteria
            that states that the applicant should be a member of an appropriate
            professional body such as CPA, AICD etc.

Peter Connelly distributed a paper on the engagement and remuneration requirements
for Chairs and members of Internal Audit and Risk Committee (see Attachment 3). It
was highlighted that the remuneration will require Cabinet approval.

ACTION TO BE TAKEN:
   The Performance Review Unit is to make the following changes:
        1. Address sizing of committees and cost implications
        2. Include guidelines for resolving conflict of interest, for instance where
           members sit on multiple committees. For help in preparing these
           guidelines, the Performance Review Unit will seek the advice of the
           Statutory and Other Offices Remuneration Tribunal (SOORT).

6. Status Report - Ensuring internal audit compliance

Apologies from Heather Watson. This item refers to the Audit Office’s support of the
NSW State internal audit initiative. This item is to be carried over to the next meeting.
                                            3


7. Status Report – Establishment of pilot agency cluster

Peter Connelly stressed that the establishment of pilot agency clusters is still in the
early stage of its development. Peter Connelly distributed a handout with various
clustering options (Attachment 4).

ACTION TO BE TAKEN:
   As part of establishing the pilot agency cluster scheme, the Performance
     Review Unit is to address the management structure of internal audit providers
     as well as governance issues.

8. Status Report - Improved better practice guidelines

This relates to the update of policy and guidance on internal audit and was covered as
part of Item 4.

9. Status Report - Internal audit and risk management practitioners’ network

Stephen Horne reported that the Audit and Risk Management Practitioners’ Network
website – www.auditrisk.net.au – is now online. The website also provides access to
other similar networks.

ACTIONS TO BE TAKEN:
   Internal Audit Bureau to establish a governance group to oversee the
     management of this network, both through online activities as well as potential
     formal/informal gatherings for members.
   Internal Audit Bureau to verify the aims of this network and whether it will
     organise events or meetings, and if so what will be included as part of these
     gatherings.
   ISC members to promote the Practitioners’ Network to colleagues and
     associates (current membership is 18, membership potential is 500).

10. Status Report - Strategy for access and use of internal audit technology

Charlie Sherlock distributed a paper on progress with the development of a strategy
for better use of technology (Attachment 5). It was indicated that sourcing specific
internal audit technology will require greater awareness of existing technologies and
their capabilities. The Department of Commerce will coordinate with CCSU IT
Services in order to communicate the information available to date.

ACTIONS TO BE TAKEN:
   Department of Commerce is to determine its capacity to build internal audit
     technology. This is also to include a potential management approach that will
     link internal audit technology to the pilot agency cluster scheme (see Item 7).
   After consulting with NSW Procurement, Department of Commerce is to
     establish a timetable for completing this project.
   ISC members to provide ongoing feedback on review and potential use of
     existing internal audit technology.
                                            4


11. Status Report - Internal audit and risk management human resource
    development

Martina Nightingale provided a report on the first meeting of the Human Resource
sub-committee which covered demographic and survey results, elements of desirable
candidates, capability and training requirements for different staff (specialists, those
from other disciplines, those preferring flexible and part-time hours, graduates) and
various internal audit tasks.

ACTIONS TO BE TAKEN:
   Department of Premier and Cabinet to communicate to ISC members the
     Internal Audit Human Resource Strategy Sub-Committee outcomes and terms
     of reference from their inaugural meeting.
   DPC to prepare capability and training requirements in time for the Fast Track
     Graduate intake for 2009.

12. Other business

Bill Middleton informed the ISC about the international Instituted of Internal Auditors
which allows organisations to benchmark against peers with respect to costs, services
and capabilities. Cost is estimated to be at US$225 per annum:
http://www.theiia.org/guidance/benchmarking/gain

Peter Connelly indicated interest from Local Government in the Internal Audit
Capacity in the NSW Public Sector report. He pointed out that the Department of
Local Government is also interested in establishing guidance for Councils on sound
internal audit practices and is waiting for the lead from the outcomes of the NSW
State Sector exercise.

The need for amendment of existing financial legislation was discussed.

ACTION TO BE TAKEN:
   Mark Pellowe is to advise at the next meeting on likely implications of the
     implementation of the Internal Audit Review recommendations for financial
     legislation.

13. Date and time of the next meeting

18 July 2008, 3:00-4:30pm at the Conference Room B, Level 26, Governor
Macquarie Tower, 1 Farrer Place, Sydney.
                                              5


ACTIONS OUTSTANDING – ARISING FROM IMPLEMENTATION STEERING
COMMITTEE MEETINGS AS AT 28 MAY 08

ACTION                          Date        Target Date    Responsibility    STATUS
                                Initiated                                    COMMENT
   Address June CEO’s          28-05-08    June 2008      Performance
    Network – on the                                       Review Unit,
    Performance Review and                                 Department of
    role of the ISC, and                                   Premier and
    explanation on clustering                              Cabinet
    arrangements.
   Complete project            28-05-08    18-07-08       Mark Pellowe,
    planning for internal                                  NSW Treasury
    audit policy and better
    practice guidance
    update. It will include
    an assessment of the
    relationship between
    internal audit and risk
    management.
   Establish standard risk     28-05-08    18-07-08       NSW Treasury
    management
    framework. It is to
    include the 4360
    standard.
   Alter the selection         28-05-08    18-07-08       Performance
    criteria for independent                               Review Unit,
    Chairs and members of                                  Department of
    Internal Audit and                                     Premier and
    Risk Management                                        Cabinet
    Committee.
   Alter the selection         28-05-08    18-07-08       Performance
    criteria for engagement                                Review Unit,
    and remuneration                                       Department of
    requirements for                                       Premier and
    Chairs and members of                                  Cabinet
    Internal Audit and
    Risk Committee.
   Establish a pilot agency    28-05-08                   Performance
    cluster scheme. Include                                Review Unit,
    management structure of                                Department of
    internal audit providers                               Premier and
    and governance issues.                                 Cabinet
   Establish a governance      28-05-08                   Internal Audit
    group for the Internal                                 Bureau
    Audit and Risk
    Management
    Practitioners’ Network.
    Also need to verify aims
    and discuss the
    possibility of organizing
    events for members.
   ISC members to              28-05-08    Ongoing        All ISC members
    promote the Network.
   Determine internal          28-05-08    TBA after      Department of     Requires ongoing
    capacity to build                       consultation   Commerce          feedback from
    internal audit                          with NSW                         ISC members
    technology. Also                        Procurement
    consider linking internal
    audit technology with the
                                           6

    pilot agency cluster
    scheme.
   Inform ISC members        28-05-08   18-07-08   Martina
    on the outcomes and                             Nightingale,
    terms of reference from                         Department of
    the inaugural meeting                           Premier and
    of the Internal Audit                           Cabinet
    Human Resources
    Strategy Sub-
    Committee.
   Prepare capability and    28-05-08   TBA        Martina
    training requirements                           Nightingale,
    for Fast Track                                  Department of
    Graduate 2009 intake.                           Premier and
                                                    Cabinet
   Advise on implications    28-05-08   18-07-08   Mark Pellowe,
    of the implementation                           NSW Treasury
    of the Internal Audit
    Review
    recommendations for
    financial legislation.
                                        7


Attachment 1

List of members for the Implementation Steering Committee (ISC):


NAME                        TITLE                       ORGANISATION

Philip Mussared (Chair)     Deputy Secretary            NSW Treasury
                            Operations
Mark Pellowe                Senior Director,            NSW Treasury
                            Financial, Management
                            and Reporting
Peter Connelly              Executive Director,         Dept of Premier and
                            Performance Review          Cabinet
                            Unit
Martina Nightingale         Director,                   Dept of Premier and
                            Workforce Strategy          Cabinet
Charlie Sherlock            Chief Auditor,              Dept of Commerce
                            Audit Branch
Stephen Horne               Chief Executive             Internal Audit Bureau

Peter Whitehead             Public Trustee              Attorney General’s
                                                        Department
Bill Middleton              Director,                   Dept. of Education and
                            Audit & Risk                Training
                            Management
Ross Tyler                  Director, Internal Audit    Department of Health

Noel Kean                   Chief Internal Auditor      Energy Australia

John Holmes                 General Manager             RailCorp

Greg Byrne                  Director,                 WorkCover Authority
                            Internal Audit and
                            Corruption Prevention
Heather Watson              Director, Financial Audit NSW Audit Office
                            Services
                                           8


Attachment 2

Item 5A

Issue: Selection criteria for Internal Audit and Risk Management Committee
Independent Chairs and Members panel contract

1. Strengthening the whole-of-government policy and regulatory framework for
   governance of internal audit and risk management as outlined in Better Practice
   Framework for Internal Audit by requesting Treasury to update Treasurer’s
   Direction 720 mandating minimum standards on a “comply or explain” basis (with
   exceptions to be approved by the portfolio Minister):
b) Audit & Risk Committee Chair and independent members selected from a central pre-
   qualified panel. (Department of Commerce [Commerce] to facilitate and oversee the
   central panel process)

Lead Agency: Commerce         Implementation: Process finalised by end March 2008

Comment: Draft selection criteria have been developed to support the pre-
qualification panel contract for Internal Audit and Risk Management Committee
Independent Chairs and Members (Tab A).

The draft limits the number of criteria whilst still allowing informed decision making.
It includes additional criteria for chairs over members, recognising the additional
responsibilities of chairs over ordinary members, such as leadership, communication
between the committee and the agency(ies)/Minister and performance review for
CAEs.

Once agreed, the criteria will be included for advertising and selection of the pre-
qualification panel. As this scheme amounts to an accreditation of suitability rather
than simply pre-qualification, it is proposed that a content expert (either from the
Institute of Internal Auditors or the Auditor-General) be included on the assessment
panel.

Recommendation: That the Steering Committee supports:
   1. the attached selection criteria for Internal Audit and Risk Management
      Committee Independent Chairs and Members (Tab A); and
   2. The inclusion of a content expert on the assessment panel.



Prepared By

Performance Review Unit, Department of Premier and Cabinet
                                                   9



Internal Audit and Risk Management Committee Independent Chairs and Members –
selection criteria

Applicants for the role of Audit and Risk Committee chair, as well as meeting the requirements for
selection as an audit and risk committee member outlined below, must demonstrate:
o leadership qualities and the ability to promote effective working relationships in
  complex organisations.
o an ability to communicate complex and sensitive assessments in a tactful manner to
  chief audit executives, senior management, board members and Ministers.
o a sound understanding of:
    o the principles of good organisational governance;
    o    internal audit operations, including selection and review of chief audit executives;
        and
    o risk management principles.
Applicants for the role of Audit and Risk Committee member must demonstrate:
o Extensive senior level experience in governance and management of complex
  organisations.
o Functional knowledge in areas such as: enterprise risk management; performance
  management; human resources management; management control frameworks;
  financial internal controls; governance (including planning, reporting and oversight);
  or business operations.
o a capacity to form independent judgements and willingness to constructively
  challenge/question management practices and information.
o a professional approach to the exercise of their duties and the capacity to devote the
  necessary time and effort to the responsibilities of a member of an Internal Audit and
  Risk Management Committee.
o Possession of a relevant professional qualification (e.g. Certified Internal Auditor,
  Certified Practising Accountant) is desirable.




                                                                                                     9
                                            10


Attachment 3

Item 5B

Issue: Engagement and Remuneration of Chairs and Members of Audit and Risk
Committees

2. Strengthening the whole-of-government policy and regulatory framework for
   governance of internal audit and risk management as outlined in Better Practice
   Framework for Internal Audit by requesting Treasury to update Treasurer’s
   Direction 720 mandating minimum standards on a “comply or explain” basis (with
   exceptions to be approved by the portfolio Minister):
c) Audit & Risk Committee Chair and independent members selected from a central pre-
   qualified panel. (Department of Commerce [Commerce] to facilitate and oversee the
   central panel process)

Lead Agency: Commerce          Implementation: Process finalised by end March 2008

Background: Commerce and DPC are currently working jointly to establish a pre-
qualification panel for chairs and members of Audit and Risk Committees. Agencies
will be able to select from this panel, and the panel will also be accessed for the pilot
cluster arrangements for internal audit governance and delivery.

There is currently no coordination of engagement or remuneration of Audit and Risk
Committee chairs and members in the NSW public sector. They may be employed in
a similar manner to members of boards and committees, or engaged as consultants.
Remuneration varies from nil (for current public servants serving on committees) to
approximately $27,000 per annum for the chairs of Audit Committees for the largest
agencies.

Other jurisdictions do not coordinate engagement or remuneration of Audit and Risk
Committee chairs and members, nor track remuneration. A sample of current
arrangements is outlined at Tab A.

Comment: There are currently guidelines for the engagement and remuneration of
members of NSW Public sector Boards and Committees, with centralised monitoring
of appointments. Under these guidelines, appointments require Cabinet approval.
Whilst they establish daily rates to be used in a range of circumstances, remuneration
for more significant appointments can be determined by the Statutory and Other
Offices Remuneration Tribunal (SOORT).

It is understood that revised guidelines are currently awaiting Cabinet approval.

Given the new focus on governance emphasised by the Internal Audit Review, it is
considered appropriate that the appointment of independent Audit and Risk
Committee chairs and members be included within the broader government Board and
Committee Guidelines, whether or not the pre-qualification panel is accessed. Some
details are attached at Tab B.

Recommendations: That




                                                                                        10
                                      11


   1. appointment and remuneration of independent Audit and Risk Committee
      chairs and members be included in the Government’s Guidelines for NSW
      Board and Committee Members;
   2. That independent chairs and members be employed by agencies (as per the
      Guidelines);and
   3. the advice of SOORT be sought regarding remuneration of independent chairs
      and members of Audit and Risk Committees


Prepared By

                     Performance Review Unit, Department of Premier and Cabinet




                                                                              11
                                        12


                                                                              Tab B

Selection

   o From pre-qualification panel administered by Commerce

   o Selected by other means by CEO

Engagement

   o Audit committee chairs and members included under Boards and Committees
     guidelines and “employed” by agencies, following approval by Cabinet

       NB. These arrangements could be implemented from the expiration of current
       contract terms for current chairs/members

Remuneration

   o SOORT to recommend a rate to CEOs. Requests could be referred to SOORT
     via DG, DPC

       NB. For SOORT to determine, rather than recommend, rates for audit and risk
       committees, legislative amendment would be required – either for a new
       category, or listing of individual positions in the relevant schedules to the
       SOORT Act.

   o Within an established range based on factors including:
        o Agency(ies) total staffing (FTE)
        o Agency(ies) budget (expenditure)
        o Complexity/risk profile of agency/group of agencies
        o Market rates

   o Remuneration/term/etc. to be reported centrally for Boards and Committees
     database




                                                                                  12
                                        13


                                                                             Tab A
Organisation     Engagement                     Fee -         Fee -         Attendance
                                                Chair         member
Large SOC        Board member                   $7,200        $5,200
                                                (approx.)     (approx.)
                                                in addition   in addition
                                                to Board      to Board
                                                fees          fees
Smaller SOC      Board member                   $6,200        $4,200
                                                (approx.)     (approx.)
                                                in addition   in addition
                                                to Board      to Board
                                                fees          fees
Commerce         Consultant                     $20,000 pa    No non-       5 committee
                                                              public        meetings per
                                                              sector        annum, plus ad
                                                              members       hoc meeting s
                                                                            with DG and
                                                                            CAE (chair)
DET              Consultant                     $20,000 pa    No non-       5 committee
                                                (approx.)     public        meetings per
                                                              sector        annum, plus ad
                                                              members       hoc meeting s
                                                                            with DG and
                                                                            CAE (chair)
NSW Treasury     Consultant                     $1,400 ex     $1,000 ex     Normally 8
                                                GST per       GST per       meetings per
                                                meeting       meeting       year
                                                ($11,200      ($8,000 pa)
                                                pa)
Premier and      Agreement (current NSW         No fee
Cabinet          public servant (non-DPC))
Commonwealth     ANAO - there is not a
Public Sector    consistent remuneration
                 approach across the Cwlth
                 PS and no central tracking
                 of membership
Australian                                                    $27,000 pa    Normally 4
Securities and                                                (approx.)     meetings per
Investments                                                                 year
Commission
Victoria         General selection principles
                 published for audit
                 committees, but no
                 centralised remuneration
                 approach or tracking of
                 membership
Queensland       General selection principles
                 published for audit
                 committees, but no


                                                                                 13
                     14


centralised remuneration
approach or tracking of
membership. Agencies may
choose to use detailed B&C
remuneration rates as a
guide.




                             14
                                          15


Attachment 4

           Review of Internal Audit Capacity in the NSW Public Sector

Item 7

Issue: Establishment of Internal Audit pilot agency clusters


3. Department of Premier and Cabinet (DPC), Treasury and Commerce to
   facilitate a pilot cluster for the governance, management and delivery of
   internal audit to maximise the efficiency and effectiveness of existing
   internal audit resources utilising either a shared service or policy cluster…

Lead Agency: DPC       Implementation: Pilot cluster implemented by June 2008

Background:

The Review explored the concept of cluster arrangements for the governance,
management and delivery of internal audit after the example of a number of large
private sector organisations, the Canadian public sector and, to a lesser extent, some
NSW portfolios with multiple sub-agencies. The Chief Executives Committee
supported a pilot cluster for internal audit.

Comment:

There are a number of options for clusters as outlined below.

Arrangement                   Pros                        Cons
Portfolio grouping            o Commonality of            o Significant variation in
                                 interest across agencies    size of portfolios
                                                          o Should regulators be
                                                             grouped with operators
                                                             for IA purposes?
Common shared service         o Common business           o Large number of
provider e.g. CCSU,              systems across              agencies (esp. CCSU)
BizLink                          providers                   with varied business
                                                             objectives. Some sub-
                                                             grouping may be more
                                                             suitable
CEO cluster grouping          o Similarity of policy      o Multiple large agencies
                                 and programs                in some clusters may
                              o Some experience of           be unwieldy for pilot
                                 cross agency initiatives o Significant variation
                                                             across some clusters
Central/coordinating          o Agencies committed to o Significant variation in
agency grouping e.g.             cluster process             nature of businesses
DPC/Treasury/                                                esp. Commerce
Commerce                                                     operations




                                                                                     15
                                         16


Proposed process

It is proposed the DPC convene a forum of interested parties during June/July 2008 to
discuss implementation issues and determine actions. The Audit Office would be
invited as observers.

Recommendation: That the Steering Committee note the proposed approach.


Prepared By

Performance Review Unit, Department of Premier and Cabinet




                                                                                   16
                                   17


Attachment 5

6. Development of a Strategy for Better Use of Technology
Across the NSW Public Sector

The NSW Government through the Department of Commerce recently
signed major whole-of government contracts for Enterprise Resource
Planning (ERP) applications. These contracts cover a suite of corporate
applications such as human resources and payroll, finance, real estate as
well as governance, risk and compliance, and associated applications and
tools.

a) Centralised access to enterprise information to reduce the need for
internal audit resource time in site visits
The Government Chief Information Officer continues to work with the
Chief Information Officer’s Council to standardise Enterprise Resource
Planning (ERP) systems. GCIO has developed potential strategies for
corporate systems productivity improvements. Such initiatives include
arrangements under GSAS for the procurement of applications and
support services for integrated ERP systems (SAP, Oracle, Mincom) and
cross enterprise automated solutions for managing governance, risk and
compliance (SAP GRC).

The People First strategy supports the establishment of centres of
excellence where knowledge and skills can be shared across agencies. It
is proposed that a centre of excellence for audit related technologies and
practices will be established. The establishment of a whole of government
SAP related Knowledge Resource Centre is being established by GCIO.
The SAP Knowledge Centre is planned to be operational in early October
2008. The SAP Knowledge Resource Centre will provide a central
knowledge management capability for all NSW government IP pertaining
to SAP.

The SAP GRC audit related module is being implemented by Commerce.
Commerce has agreed to become the Lead Agency for the SAP Audit
Module in the SAP Knowledge Resource Centre. As Lead Agency in this
area Commerce will be responsible for developing, in a collaborative
manner, best government processes around audit as well as SAP technical
and operational aspects.




                                                                       17
                                   18


b) Audit Management to improve the administrative and
performance reporting of audit activities
Opportunities to streamline and automate audit management related
activities will be progressed by Commerce through GCIO and NSW
Procurement as part of the Back Office Application Consolidation
(BOAC) program. Scope exists to make related services and software
solutions available under the existing Audit & Related Services Contract
– 7174, which is due for renewal in August 2008.

c) & d) Continuous Process Monitoring to provide tools for
management to identify high risk or exceptional transactions and
Computer Assisted Audit Techniques (CAAT) for data mining and
matching of audit checks
Commerce has recently agreed a whole of government license agreement
with SAP that provides NSW agencies with free access to the SAP GRC
(Governance, Risk and Compliance) suite of software. The suite includes
the following products:
•      Risk management – provides the ability to measure and monitor
risk exposure for processes managed through SAP;
•      Access Control – provides real-time segregation of duties
       monitoring with the ability to detect and resolve overlapping roles
       and enforce access and authentication controls; and
•      Process Control – provides control management for compliance
       with a range of better practice control frameworks such as
       Sarbanes-Oxley, Committee of Sponsoring Organisations of the
       Treadway Commission (COSO) and Control Objectives for
       Information & Related Technologies (COBiT) and enables
       configurable custom-automated control tests to enforce
       compliance.

SAP GRC is a cross enterprise, cross functional solution that can be used
to manage and control governance, risk and compliance across a range of
enterprise applications including SAP, Oracle, PeopleSoft and other
compatible systems.

Other continuous process monitoring tools such as ACL, Idea, SAS, etc.
will be considered under the BOAC program and possibly made available
under the Audit & Related Services Contract – 7174.

Data mining and analysis tools including SAP Master Data Management
(MDM) and SAP Business Warehouse (BW) Extract Transform & Load


                                                                       18
                                  19


(ETL) are also available under the recently agreed a whole of government
license agreement with SAP.

e) Making Control Self Assessment available for use by management
The NSW Treasury Tool Kit on Risk Management and Internal Control
outlines the importance and benefits to an organisation of control self
assessment and provides an implementation methodology to undertake
the self assessment process. The newly created electronic network “Audit
& Risk Management Practitioners Network" hosted by IAB Services may
provide the perfect forum to advance information and documentation on
control self assessment across the sector. This will be further explored
with the head of IAB Services. The network is located at
http://www.auditrisk.net.au.


f) Enterprise Risk Management to record, quantify, assess, control,
communicate and monitor risks
Commerce has offered to assist Treasury and DPC to facilitate the
establishment of audit practitioner and risk management networks.

Commerce’s Audit Branch and Corporate Risk Services can assist in the
facilitation of audit practitioner and risk management networks to
exchange knowledge and expertise on internal audit and risk
management, including the use of electronic forums. This can be
advanced using the aforementioned "Audit & Risk Management
Practitioners Network"

Commerce has already established an informal network for sharing risk
management practices and knowledge. Commerce also participates in the
NSW Risk Management Leadership Group through SunCorp Risk
Services on behalf of the TMF.

Automated Risk Management tools such as Methodware, 80/20, Tickit,
etc. will be considered under the BOAC program and possibly made
available under the Audit & Related Services Contract – 7174.

The SAP GRC solution contains a risk management module that provides
the ability to measure and monitor risk exposure for processes managed
through SAP.




                                                                     19