Audit, Finance and Risk Management Committee
The Audit, Finance and Risk Management Committee (AFRMC) was established pursuant to the Financial Accountability Act 2009 (FPMS).
The objective of the committee is to provide independent assurance and assistance to the TIQ Board on TIQ’s:
- risk, internal control and compliance frameworks
- external accountability responsibilities as prescribed in legislation and standards.
The AFRMC Charter establishes the authority and responsibilities of the committee and was prepared with reference to:
- relevant provisions of the Financial Accountability Act 2009 (FAA) and FPMS
- Queensland Treasury Audit Committee Guidelines – Improving Accountability and Performance
- better practice guidance issued by the Australian National Audit Office.
The AFRMC met on four occasions during 2017–18.
Membership of the AFRMC and remuneration (where applicable) in 2017–18 are included below.
TIQ’s AFRMC in 2017-18
|Josie Angus||Board Representative||$3,000|
|Kate Hynes||Board Representative||$3,000|
|Michael McKee||Deputy Director-General, Department of State Development, Manufacturing, Infrastructure and Planning (from 1 April 2018)||n/a|
|Geoff Waite||Assistant Under Treasurer, Queensland Treasury (from 1 July 2017 to 12 December 2017)||n/a|
Internal auditors (PricewaterhouseCoopers) and external auditors (Queensland Audit Office) attended all AFRMC meetings.
Key activities of the AFRMC during 2017–18 included:
- reviewing and endorsing TIQ’s financial statements for the year ended 30 June 2017
- reviewing and endorsing TIQ’s Internal Audit Plan 2018–19
- reviewing and endorsing the AFRMC Charter for TIQ Board approval
- receiving regular reports on internal audit activities, including audits and reviews completed as part of the Internal Audit Plan
- reviewing and considering the Queensland Audit Office (QAO) Strategic Audit Plan
- considering the scheduling, status, findings and audit recommendations of QAO financial and performance audits
- receiving regular reports on the implementation status of internal and external audit recommendations
- receiving regular reports on TIQ’s risk status
- enhancing oversight of risk management as TIQ gains a greater awareness of the identified risks and mitigation strategies.
- receiving regular business updates from the CEO and CFO
- conducting a deep dive into a requested business unit at each quarterly meeting.
Risk management framework
TIQ has implemented a risk management framework to identify, assess and manage risks that may impact on the fulfilment of its strategic objectives, service provision ability and project delivery.
The management of risk is undertaken by staff and the Senior Executive Team member responsible for appropriate implementation of risk treatments in line with TIQ’s risk appetite.
Risk management is integrated into TIQ’s activity through incorporation in project management as well as strategic and operational business planning.
At the board planning day in November 2017, it was identified that TIQ needed to develop its risk appetite further. This led to a refreshed review of the risk landscape by the Senior Executive Team in March 2018, including assessment of progress of the T&I Strategy and IET Strategy initiatives. Machinery-of-government impacts from the November 2017 election and the appointment of new senior managers were assessed.
The Senior Executive Team continues considering and refining executive risk ownership, mitigation actions and action owners.
Pursuant to section 29 of the FPMS, TIQ has an outsourced internal audit function.
PricewaterhouseCoopers (PWC) provides an independent, objective assessment designed to improve TIQ’s operations and help TIQ achieve its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, internal controls and overarching governance processes.
As TIQ’s internal auditor, PWC operates in accordance with TIQ’s AFRMC Charter and ethical standards, liaising regularly with QAO to ensure appropriate assurance services are provided to TIQ. In 2017–18, PWC delivered a program of work as part of TIQ’s three-year internal audit plan. This plan is aligned to TIQ’s key risk areas, operations and strategic objectives, and draws on additional specialist expertise as needed.
During 2017–18, the AFRMC conducted internal audit reviews on:
- procurement design
- core finance process – accounts payable
- business continuity planning and incident response
- information security assessment
- international education and training project assurance
- recurring international office internal controls survey.
During 2017–18, the AFRMC also conducted reviews on a number of policies and plans newly developed for TIQ:
- Information Security Policy
- Procurement Policy
- Fraud and Corruption Control Prevention Plan.