Internal audit functions

Internal audit provides independent assurance over internal controls. It helps senior public officials assess the effectiveness of operational controls, assists in identifying processes needing improvement and suggests possibilities for optimising the design of processes.

Section 11 of the Public Finance and Audit Act 1983 requires all government departments and statutory bodies to establish and maintain an effective system of internal control. Where practicable, this should include an internal audit function. NSW Treasury has produced the Internal Audit and Risk Management Policy for the NSW Public Sector (2020) to assist agencies in meeting their legislative obligations (it incorporates many of the provisions of the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing (Standards) (2016)).

The policy outlines three core principles, namely, that agencies should:

  • have a risk management framework in place (see risk management)
  • have an internal audit function that provides timely and useful information to management about the adequacy of, and compliance with, the system of internal control, whether agency results are consistent with established objectives and whether operations or programs are being carried out as planned
  • receive timely and independent advice about their governance, risk and control framework from an independent audit and risk committee.

The NSW Office of Local Government has produced Guidelines for Risk Management and Internal Audit for Local Government in NSW (2023) for local councils under s 23A of the Local Government Act 1993 (“the LGA”). Councils are required to take guidelines issued under this section of the LGA into consideration before exercising any of their functions. The guidelines describe internal audit as a key mechanism to assist councils manage risk and improve efficiency and effectiveness. They also state that an audit committee is “a crucial component of corporate governance [and] is fundamental to assisting the General Manager and council with their oversight function to: ensure all key controls are operating effectively...”.[1]

On 30 August 2016, the Local Government Amendment (Governance and Planning) Act 2016 was assented to and requires councils to establish an audit, risk and improvement committee to review operations such as compliance and risk management.[2]

The effectiveness of internal audit in detecting corruption is enhanced by:

  • including risks specifically related to corruption in audit plans
  • preparing a list of red flags based on previous incidents (including known previous breaches of internal controls) to inform future audits
  • ensuring there is a process in place to follow up on the implementation of recommendations arising from internal audit reports.
Updated October 2024

[1] Premier and Cabinet Division of Local Government, Internal Audit Guidelines, September 2010, p 30.

[2] At the time of writing, this provision had not yet commenced.