Effective internal audit and risk management practices are essential to the performance, integrity and transparency of public sector organisations.

Robust internal audit and risk management processes across the NSW public sector promote integrity in allocating and managing the state’s resources, and contribute to an environment of effective governance and informed decision making.

NSW Treasury supports robust internal audit and risk management outcomes across the sector via a number of policies and guidelines.

Roles and responsibilities

  • Agency head are responsible for complying with Section 3.6 of the Government Sector Finance Act 2018 relating to their agency’s internal audit function and system of internal control. They also have ultimate responsibility for risk management within their agency.
  • The Chief Audit Executive is the most senior officer within the agency responsible for internal audit.
  • The Audit and Risk Committee is responsible for monitoring, reviewing and advising the agency head regarding the agency’s governance processes, risk management framework, internal control framework, and external accountability obligations.

Internal Audit and Risk Management Policy for the NSW Public Sector

The Internal Audit and Risk Management Policy for the NSW Public Sector (TPP 15-03) requires agencies to comply with a number of requirements relating to their risk management frameworks, internal audit functions and Audit and Risk Committees (ARCs). The current version of the policy was issued in 2015 to strengthen and promote integrity and accountability in allocating and managing the state’s resources.

The policy also requires agencies to establish and maintain a risk management framework consistent with the current standard on risk management (AS/NZS ISO 31000:2009). Agencies must also attest their compliance with the policy to Treasury each year, and publish the attestation in the agency’s annual report.

Risk Management Toolkit for NSW Public Sector Agencies

The NSW Treasury developed the Risk Management Toolkit for NSW Public Sector Agencies (TPP 12-03) to help agencies develop and implement their risk management frameworks and processes, consistent with AS/NZS ISO 31000:2009.

Risk management systems, like other management systems, should be designed to meet an agency’s specific needs. The toolkit provides detailed and practical advice on the various elements of AS/NZS ISO 31000:2009, together with useful templates and some worked hypothetical examples.

Guidance on Shared Arrangements and Subcommittees for Audit and Risk Committees

Guidance on Shared Arrangements and Subcommittees for Audit and Risk Committees (TPP 16-02) sets out  the appropriate level of internal oversight for all agencies while ensuring that the benefits of oversight are commensurate with the costs.

The guidance provides a framework allowing certain agencies to share some elements of their governance structure, including an ARC, Chief Audit Executive and internal audit function. It also sets out guidance on establishing and operating subcommittees, where appropriate.

Prequalification Scheme for Audit and Risk Committee Independent Chairs and Members

Prequalification Scheme for Audit and Risk Committee Independent Chairs and Members (TPP 15-03) requires that all ARC members be independent and appointed via the Prequalification Scheme. The scheme provides a list of prequalified, independent chairs and members who may serve on ARCs in NSW public sector agencies.

Further information