<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>AUDIT AND ASSURANCE | InConsult</title>
	<atom:link href="https://inconsult.com.au/publication-category/audit-and-assurance/feed/" rel="self" type="application/rss+xml" />
	<link>https://inconsult.com.au</link>
	<description>Helping you confidently take risks</description>
	<lastBuildDate>Mon, 13 Apr 2026 02:08:24 +0000</lastBuildDate>
	<language>en-AU</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>https://inconsult.com.au/wp-content/uploads/2021/06/cropped-favicon-3-32x32.jpg</url>
	<title>AUDIT AND ASSURANCE | InConsult</title>
	<link>https://inconsult.com.au</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Restricted vs Unrestricted Funds in Local Government</title>
		<link>https://inconsult.com.au/publication/restricted-vs-unrestricted-funds-in-local-government/</link>
		
		<dc:creator><![CDATA[Tony Harb]]></dc:creator>
		<pubDate>Mon, 13 Apr 2026 01:27:37 +0000</pubDate>
				<guid isPermaLink="false">https://inconsult.com.au/?post_type=publication&#038;p=14741</guid>

					<description><![CDATA[<p>Restricted vs Unrestricted Funds in Local Government: Governance, Risks and Controls For many NSW councils, financial sustainability is a real risk and not just something in a risk register.  Managing financial expenditure i.e. public funds in accordance with legislation is critical. But the real financial question is not how much cash sits on the balance sheet, [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/restricted-vs-unrestricted-funds-in-local-government/">Restricted vs Unrestricted Funds in Local Government</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<h1>Restricted vs Unrestricted Funds in Local Government: Governance, Risks and Controls</h1>
<p>For many NSW councils, financial sustainability is a real risk and not just something in a risk register.  Managing financial expenditure i.e. public funds in accordance with legislation is critical. But the real financial question is not how much cash sits on the balance sheet, it is how much of that cash is actually available to use. That is why understanding restricted vs unrestricted funds in local government is critical.</p>
<p>In NSW local government, the restricted vs unrestricted funds distinction matters because a significant share of council cash is either legally quarantined, internally allocated for future purposes, or needed to maintain liquidity for day-to-day operations. The recent NSW Audit Office’s Local government 2025 <a href="https://www.audit.nsw.gov.au/our-work/reports/local-government-2025">report</a> identified that:</p>
<ul>
<li>19 councils did not have enough cash and investments not subject to external restrictions to cover three months of general expenses, and</li>
<li>weaknesses in internal controls and governance were identified at most councils.</li>
</ul>
<p>For this, and many other important reasons, restricted and unrestricted funds should be treated as a frontline governance issue, not just a finance note at year end.</p>
<p>The legislative and policy framework is clear. The Local Government Act 1993 (the Act) says money raised by a special rate or charge, money that legislation says can only be used for a specific purpose, and specific purpose advances or grants from government cannot be used for other purposes except in limited circumstances.</p>
<p>The Office of Local Government (OLG) Local Government Code of Accounting Practice and Financial Reporting (OLG Code) also requires councils to maintain adequate accounting records, systems and internal controls, and to disclose restricted and allocated cash, cash equivalents and investments in their financial statements.</p>
<h2>Council funds sit in 3 &#8216;buckets&#8217;</h2>
<p>In simple terms, council funds typically sit in three distinct ‘buckets’:</p>
<ul>
<li><strong>Externally restricted fund</strong>s: money that council is legally required to use for a specific purpose it was provided.</li>
<li><strong>Internally restricted funds</strong>: money that council has set aside by resolution for a specific future purpose, These funds are not &#8216;legally&#8217; restricted, but they should only be moved or repurposed through formal council resolution.</li>
<li><strong>Unrestricted funds</strong>: money that is available to support day-to-day operations, manage cash flow, respond to unexpected costs and maintain financial flexibility.</li>
</ul>
<p><img fetchpriority="high" decoding="async" class=" wp-image-14750 aligncenter" src="https://inconsult.com.au/wp-content/uploads/2026/04/three-buckets-of-council-funds-300x89.png" alt="restricted vs unrestricted funds in local government" width="860" height="255" srcset="https://inconsult.com.au/wp-content/uploads/2026/04/three-buckets-of-council-funds-300x89.png 300w, https://inconsult.com.au/wp-content/uploads/2026/04/three-buckets-of-council-funds-1224x362.png 1224w, https://inconsult.com.au/wp-content/uploads/2026/04/three-buckets-of-council-funds-768x227.png 768w, https://inconsult.com.au/wp-content/uploads/2026/04/three-buckets-of-council-funds-1536x455.png 1536w, https://inconsult.com.au/wp-content/uploads/2026/04/three-buckets-of-council-funds-2048x606.png 2048w" sizes="(max-width: 860px) 100vw, 860px" /></p>
<h2>Why externally restricted funds matter</h2>
<p>Externally restricted funds are the most tightly controlled category of council cash. These are amounts that council holds because legislation or a third-party agreement says the money can only be used for a defined purpose. The OLG Code describes them as cash, cash equivalents and investments available only for specific use because of legislation or third-party contractual agreement, and requires councils to disclose both the amount and nature of those restrictions. Common examples include water funds, sewer funds, developer contributions, domestic waste management, stormwater management and tied grants.</p>
<p>The purpose of external restriction is simple &#8211; it protects public trust and legal compliance. Developer contributions are collected to fund future infrastructure. Tied grants are provided to deliver a specified program. Special rates and charges are levied for a stated purpose. These are not general operating funds.</p>
<p>The NSW Audit Office warned that low available cash (money available as unrestricted funds) increases the risk of externally restricted cash being used for an improper purpose, and reported two high-risk findings where councils breached the Act by spending externally restricted cash and investments for an improper purpose.</p>
<h2>The strategic role of internal restricted funds</h2>
<p>Internal restricted funds, often described as internal allocations or reserves, are different. They are not imposed by legislation or grant conditions. They are set aside by council resolution or policy for a defined future purpose.</p>
<p>The OLG Code says internal allocations are cash, cash equivalents and investments allocated by council resolution or policy to identified programs of work and forward plans, and because they remain at council’s discretion they are disclosed but not deducted from total cash and investments in the same way as external restrictions.</p>
<p>This is where good financial leadership and governance becomes visible. Internal allocations are how councils plan ahead to smooth future costs instead of lurching from one budget shock to the next. Internal restricted funds can be used for plant and vehicle replacement, employee leave entitlements, asset replacement, IT renewal, carryover works, quarry remediation and bonds and deposits. That is exactly what a mature, proactive reserve framework should do &#8211; convert foreseeable liabilities, renewal needs and cyclical expenditures into transparent funding strategies.</p>
<p>The <a href="https://www.olg.nsw.gov.au/councils/policy-and-legislation/integrated-planning-and-reporting">IP&amp;R framework</a> also reinforces this discipline. NSW councils must prepare and adopt a Long-Term Financial Plan, use it to inform decision-making, and review and update its assumptions, projected income, expenditure, balance sheet and cash flow at least annually as part of the Operational Plan.</p>
<p>A Council&#8217;s Annual Report is also framed as a key point of accountability to the community and must include the council’s audited financial statements. In other words, internal allocations should never sit outside strategy; they should be linked directly to the Long-Term Financial Plan, Delivery Program and Operational Plan.</p>
<h2>Why unrestricted funds are the real test of resilience</h2>
<p>Unrestricted funds are the balances genuinely available to support day-to-day operations and liquidity, absorb shocks and fund priorities that are not already allocated elsewhere. Unrestricted funds are the cash councils rely on to pay suppliers, continue services, retain staff, manage timing differences in capital delivery and maintain financial flexibility.</p>
<p>The Audit Office’s 2025 report makes it clear why this is important. 19 councils lacked enough available cash to meet three months of general expenses, and the unrestricted current ratio remains an important indicator of short-term financial capacity. The report notes the previous OLG benchmark of 1.5, meaning $1.50 in unrestricted current assets for every $1 in current liabilities.</p>
<p>Therefore, unrestricted cash as funding available for unexpected or emergency expenses, liquidity support, short-term cash flow, operational efficiency and long-term financial sustainability. It also sets a target level of unrestricted cash at the greater of $2 million or 50% of current liabilities not otherwise funded by restrictions or allocations, and treats an unrestricted current ratio below 1.5:1 as a trigger for immediate attention.</p>
<h2>Governance arrangements for restricted vs unrestricted funds</h2>
<p>The strongest councils do not manage restricted and unrestricted funds just via council resolutions, spreadsheets and memory. They manage them through formal governance arrangements.</p>
<p>That starts with a <strong>council-adopted policy</strong> that defines external restrictions, internal allocations and unrestricted cash. The policy should set approval pathways and links reserves to the Community Strategic Plan, Delivery Program, Operational Plan and Long-Term Financial Plan. Good practice requires any future internal allocation to be established by council resolution, with a defined purpose and a basis for calculating transfers.</p>
<p>From there, the control framework needs to be operational, not symbolic.</p>
<p>The NSW Audit Office’s better-practice observations are especially useful here. It found some councils still rely on highly manual annual processes to manage and report restricted cash, which increases the risk of error and breach. By contrast, one better-practice council case study linked its quarterly cash and investment budget review statement directly to the general ledger, configured the ledger to reflect externally restricted balances, and had the statement independently reviewed within the finance team.</p>
<p>The NSW Audit Office also highlighted the importance of regular reconciliation, enhanced processes and controls, transparent reporting to decision-makers, and ARIC oversight.</p>
<p>In practical terms, councils should have a clear ownership model.  Finance owns the register and reconciliations, business units own the business purpose of each reserve, executives own challenge and reprioritisation, council owns creation and release of internal allocations by resolution, and ARIC owns oversight of control effectiveness, compliance risk and remediation actions.</p>
<h2>Rules for moving money in, out or between funds</h2>
<p>This is where councils most often get into trouble.</p>
<p>Externally restricted funds cannot simply be used to solve a general fund cash pressure. Section 409 of the Act limits the use of special rates or charges, legislatively restricted money and specific purpose advances or grants to their intended purpose. Section 410 creates only a narrow pathway for alternative use of some money raised by special rates or charges once the original purpose has been achieved or is no longer required, and only after public notice through the operational plan process.</p>
<p>Internal allocations are more flexible, but that does not mean they should be moved casually. Council&#8217;s should adopt a policy that is sensible i.e. transfers into or out of restricted cash require council resolution, whether through a specific resolution, adoption of the Quarterly Budget Review Statement, or adoption of annual financial statements containing a schedule of movements. The policy can state that councils may borrow from internally allocated cash, but not from externally restricted cash without Ministerial consent, and any such borrowing must be authorised by resolution with the full impact disclosed and interest paid.</p>
<p>That is the right principle for all councils to adopt. Legal restrictions are not optional, and internal restrictions are not informal. Even where council has discretion, reserve movements should be rule-based, transparent and documented.</p>
<h2>The biggest risks councils need to control</h2>
<p>The governance risk is not just technical non-compliance. It is a financial control drift. When councils lose sight of what cash is restricted, allocated or genuinely free, three risks will emerge quickly.</p>
<ol>
<li><strong>Councils may misstate liquidity.</strong> A healthy cash balance can hide a weak unrestricted cash position if too much of the total balance is externally restricted. The NSW Audit Office’s analysis shows that many regional and rural councils carry high proportions of externally restricted balances, especially where water and sewer charges form a large part of cash holdings.</li>
<li><strong>Councils may create “shadow budgets” through unmanaged internal reserves.</strong> If internal allocations are not tied to a documented purpose, target funding basis, forecast drawdown and annual review, they can become stale, duplicated or politically immovable. The IP&amp;R framework is designed to prevent that by requiring annual review of the Long-Term Financial Plan and alignment between planning, delivery and reporting.</li>
<li><strong>Councils may breach the Act through weak controls, errors or deliberate misconduct.</strong> The NSW Audit Office’s findings on externally restricted cash show that poor monitoring, manual processes and weak reporting are enough to create serious compliance failures.</li>
</ol>
<h2>The KPIs and reports that matter most</h2>
<p>Councils should separate compliance reporting from decision-based reporting. At a minimum, councillors, executives and ARIC should receive a reporting pack that clearly distinguishes externally restricted balances, internal allocations and unrestricted cash.</p>
<p>The core KPIs should include the unrestricted current ratio, unrestricted cash as a percentage of current liabilities, months of general expenses covered by available cash, total externally restricted balances by category, internal allocations against target and forecast drawdown, local infrastructure contribution balances and spend rates, and the number and value of approved transfers, internal borrowings, breaches or near misses.</p>
<p>The NSW Audit Office’s financial sustainability analysis specifically used available cash, unrestricted current ratio and own source revenue to assess councils with heightened risk, which makes those measures especially useful for internal monitoring.</p>
<p>The reporting cycle should also be disciplined. The OLG Code states that councils must meet multiple financial reporting requirements, including annual audited financial reports, an annual operational plan, a Long-Term Financial Plan and quarterly budget review statements. The IP&amp;R Guidelines require budget review statements to be reported to council within two months after the end of each quarter, except the fourth quarter, and the Annual Report to be prepared within five months of year end. Many councils have a monthly Investments Report for unrestricted cash oversight.</p>
<h2>Restricted vs unrestricted funds &#8211; Takeaways</h2>
<p>The strongest councils understand that reserve management is not about hoarding cash. It is about governing purpose.</p>
<p>Externally restricted funds protect legal and community obligations. Internal restricted funds protect future service capacity and planned asset renewal. Unrestricted funds protect resilience, liquidity and strategic choice.</p>
<p>When councils clearly define each category, set strict movement rules, link reserves to long-term planning, and report them transparently to council, ARIC and the community, they do more than stay compliant. They become more credible, more sustainable and strengthen the financial management and control culture.</p>
<h2>Can we help?</h2>
<p>Since 2001, we have worked with more than 115 NSW councils to strengthen risk management, resilience and internal controls through our internal audit and assurance services.  Whichever service you choose, our goal remains the same, to help you manage risk with confidence and provide practical advice that supports informed, effective decision-making.</p>
<p>Can we help? If your council is reviewing its approach to restricted and unrestricted funds, reserve governance or financial control settings, <a href="https://inconsult.com.au/contact-us/" target="_blank" rel="noopener noreferrer">contact us</a> to discuss how we can support your needs.</p>
<p>#RiskManagement #InternalAudit #Assurance #Governance #LocalGovernment #FinancialSustainability #InternalControls #RestrictedFunds #UnrestrictedFunds #CouncilGovernance</p>
<div class='printomatic pom-default ' id='id1695'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/restricted-vs-unrestricted-funds-in-local-government/">Restricted vs Unrestricted Funds in Local Government</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>New Third Party Requirements Reshaping Australia</title>
		<link>https://inconsult.com.au/publication/third-party-audits-reshaping-organisations/</link>
		
		<dc:creator><![CDATA[William Makdessi]]></dc:creator>
		<pubDate>Thu, 18 Sep 2025 05:18:22 +0000</pubDate>
				<guid isPermaLink="false">https://inconsult.com.au/?post_type=publication&#038;p=12710</guid>

					<description><![CDATA[<p>On September 15th 2025, the Institute of Internal Auditors (IIA) issued the new Topical Requirements focused on strengthening consistency and quality of auditing the high-risk area of Third Party Management. As a new mandatory element of the IIA International Professional Practices Framework (IPPF), these new requirements will reshape the way in which third party risk [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/third-party-audits-reshaping-organisations/">New Third Party Requirements Reshaping Australia</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p>On September 15<sup>th</sup> 2025, the Institute of Internal Auditors (IIA) issued the new <a href="https://www.theiia.org/en/standards/2024-standards/topical-requirements/third-party/?_cldee=KBu2L3NKbLi8FP4uHxMEPIah70AaZTmZN8PzqkD5_pOlgSZ92yQyaCVBEczJG6Kv&amp;recipientid=contact-e29ef4b95c06ee118f6e000d3ae0178a-36d2b4c7686b4f84b7678164d3a1a0c7&amp;esid=1821b916-a592-f011-b4cb-7ced8d32ddf0">Topical Requirements</a> focused on strengthening consistency and quality of auditing the high-risk area of Third Party Management. As a new mandatory element of the IIA International Professional Practices Framework (IPPF), these new requirements will reshape the way in which third party risk management and assurance auditing is facilitated in Australia.</p>
<p>The new Topical Requirements, set to be effective September 15<sup>th</sup> 2026, will raise the bar and provide a number of benefits including:</p>
<ul>
<li>Defining a consistent baseline for evaluating third party risk across all industries.</li>
<li>Increase confidence in assurance and auditing for leadership and key stakeholders with respect to third party risk profiles.</li>
<li>Inherently strengthen the resilience of organisations with respect to third party failures, ethical breaches, cyber incidents and more.</li>
</ul>
<h3><strong>Third Party Challenges Organisations Will Face</strong></h3>
<p>Despite the benefits, the introduction of the requirements also brings with it new challenges that will have to be faced uniquely by organisations of different size, complexity and industry. As they say there is more than one way to skin a cat, and it is up to organisations to determine the right way.</p>
<h4>1. Increases in documentation and evidence</h4>
<p>Auditors will be expected to document evidence of assessment of formally structured frameworks and their supporting procedures. The relationship between these frameworks and how they tie into the organisation&#8217;s risk management is an additional requirement that expects a level of maturity that is not commonly in place in typical Australian organisations. Even if these frameworks are in place, a lack of cohesion across the different methodologies means evidence collection will be a slow process. In the <a href="https://www.aicd.com.au/corporate-governance-sectors/not-for-profit/studies/not-for-profit-governance-and-performance-study-2025.html">AICD 2024-25 NFP Governance &amp; Performance Study</a>, 53% of directors said they spent more time on duties than the prior year, reflecting a rise in compliance and assurance demands typical to director roles.</p>
<p>The quality of evidence also plays a key role. ASA 530 for Attribute Testing requires auditors to document a confidence of 90-95% or higher when ensuring controls are adequate. For key controls, i.e. anything relating to key vendors and processes, any deviation from the requirements must be as low as between <strong>0-5%</strong>. This leaves very little room for exceptions and drives the outcome of any review.</p>
<h4>2. Governance gaps in oversight</h4>
<p>The new requirements mandate clear board oversight to ensure third party relationships are well managed. In reality, most organisations in Australia delegate the ownership and oversight of all third party risk activities to Procurement and/or IT. Being able to prove involvement by leadership will be difficult, and in some cases, require adjustment to the responsibilities of leadership roles.</p>
<p>Consistently, we have observed either a lack of resource to dedicate to third party management or delegation to IT roles such as a Cyber Security Lead. The latter introduces implementation concerns as Cyber Security Lead roles tend to lack the required Risk Management knowledge required to undertake third party management.</p>
<h4>3. Consistent Risk Management throughout the Third Party lifecycle</h4>
<p>To successfully apply a structured and repeatable method to assessing risk throughout the third party lifecycle, organisations must have a formal enterprise risk management that is clear, functional and communicated to all staff involved in the process. The risk assessment process must consistently address selection, onboarding, monitoring, and offboarding.</p>
<p>Private and unlisted companies such as IT service providers, SMEs, NFPs and Charities have no legal obligation to implement a risk management framework with the only exception being an ad-hoc approach for Work Health and Safety. Many third parties that would be used for IT services, marketing, legal services, etc. have no obligation to do so, increasing the risk of poor or no risk management across third party management. The Vero Insurance SME Insurance Index 2024/2025 reported that <strong data-start="1304" data-end="1312">~90%</strong> of Australian businesses lack a formal risk management process with 81–82% <strong>never or rarely</strong> conducting risk analyses when required.</p>
<h4>4. Ongoing monitoring just got harder</h4>
<p>Ongoing monitoring following onboarding is a process that is often not performed successfully or at all by that vast majority of organisations in Australia. The old habits of &#8220;set and forget&#8221; contracts are not good enough. Even multi-year contracts that address all requirements over the lifespan of the contract will require performance, compliance and cyber control assessment to ensure expectations are being met. Naturally, this will also lean on the risk management framework to determine if any such failures to meet expectations result in risks that are outside of the organisation&#8217;s appetite.</p>
<p>The <a href="https://www.mcgrathnicol.com/insight/the-changing-landscape-of-business-risk/">McGrathNicol/YouGov study</a> from August 2024 concluded that <strong>82%</strong> of Australian companies do not extend risk assessments beyond Tier-1 suppliers, and <strong>71% </strong>of companies that do assess third parties, do not include security practices in their assessment.</p>
<h4>5. Aligning to increasing regulatory pressures</h4>
<p>The requirements explicitly reference compliance with local, national, and international regulations. For Australian organisations, that could mean at minimum the Privacy Act. However, certain industries are also affected by the Australian Prudential Regulation Authority (APRA) Prudential Standards CPS 230 Operational Risk Management and CPS 234 Information Security. For larger critical providers, the Security of Critical Infrastructure (SOCI) Act and Modern Slavery are just some additional considerations. Achieving consistency across various different regulations and standards increases complexity.</p>
<p>With the delay of requirements under APRA CPS 230 relating to pre-existing contracts to July 2026 for non-Significant Financial Institutions (SFIs), we can expect a natural increase in pressure as the date approaches. If the activities of APRA CPS 234 from 2019 are also an example of what is to come, we can expect at the very least a thematic review. APRA has already committed to conducting targeted reviews of SFIs as part of their 2025-2026 Corporate Plan.</p>
<h4>6. Strain on smaller organisations and public entities</h4>
<p>Large corporations and enterprises will easily absorb these changes, especially multinationals, as these requirements are not new. For Local Government councils, NFPs, small businesses and providers, these new requirements will demand a new focus on audit and compliance. This new focus will come two-fold as it not only requires additional investment and resource, it could also expose gaps that previously avoided the spotlight.</p>
<h4>7. Cultural resistance and a lack of Third Party strategy</h4>
<p>As with any uplift of requirements and increased complexity, cultural resistance is an expected reality. Australian organisations will fail unless they can overcome the outdated concept that third party management is a procurement-only task. Overcoming this requires the understanding that third party management is not only operational but also strategic. Our dependency on third parties can be improved by better managing the entire process, resulting in cost savings, efficiencies, lower insurance premiums, greater coverage, new client opportunities and much more.</p>
<p>In May 2024, the Australian Privacy Commissioner highlighted third-party providers as a “weak spot” in privacy and security postures of organisations, reinforcing the need for enterprise-level third party management strategy beyond only procurement or IT.</p>
<h3><strong>Why These Challenges Matter</strong></h3>
<p>Ultimately, these challenges are worth facing. The requirements encourage stronger governance, better risk management discipline, and greater transparency across leadership into third party relationships. For Australian organisations, this means better preparedness for cyber incidents, supply chain disruptions, reputational crises, and regulatory scrutiny.</p>
<p>Third parties are already the bread and butter of many critical functions within Australian organisations. We cannot expect adequate operations, security and assurance without expecting a level of quality that matches that of our own internal processes.</p>
<h3><strong>Where To Start with Third Party Management</strong></h3>
<p>In Part 2 of our Third Party Management publication we will go over some key steps to consider and to help you succeed in third party management.</p>
<h3><strong>How We Can Help You Build Organisational Resilience</strong></h3>
<p>We are here to help strengthen your organisational resilience, systems and processes. Our third party risk management capabilities include:</p>
<ul>
<li>In-house developed comprehensives vulnerability scanning of third parties.</li>
<li>Comprehensive third party risk management assessments to provide independent assurance.</li>
<li>Helping organisations take their first steps towards implementing a formal and proactive third party management framework.</li>
<li>Performing an independent review or health check of your existing third party management framework to identify gaps and level of maturity.</li>
<li>Conducting third party risk and cyber risk awareness workshops covering strategic, operational and project risks.</li>
<li>Conducting third party penetration tests and comprehensive audits.</li>
<li>Supporting you across a range of third party services including governance, business continuity, crisis management, cyber risk, third party monitoring and more.</li>
</ul>
<p>Take risk management to the next level and <a title="Contact Us" href="https://inconsult.com.au/contact-us/">contact us</a> to discuss your needs.</p>
<p>&nbsp;</p>
<div class='printomatic pom-default ' id='id438'  data-print_target='body'></div>
<p>&nbsp;</p>The post <a href="https://inconsult.com.au/publication/third-party-audits-reshaping-organisations/">New Third Party Requirements Reshaping Australia</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>New 2024 Internal Audit Standards: Insights for CAEs</title>
		<link>https://inconsult.com.au/publication/new-2024-internal-audit-standards-insights-for-caes/</link>
		
		<dc:creator><![CDATA[Tony Harb]]></dc:creator>
		<pubDate>Fri, 26 Apr 2024 03:05:55 +0000</pubDate>
				<guid isPermaLink="false">https://inconsult.com.au/?post_type=publication&#038;p=11723</guid>

					<description><![CDATA[<p>The new 2024 Global Internal Audit Standards by The Institute of Internal Auditors (IIA) introduce several significant updates designed to enhance the practice and relevance of internal auditing in today&#8217;s turbulent and complex business environment.  The key changes reflect the profession’s evolution, accommodating newer challenges and ensuring the standards meet current needs effectively. The Standards [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/new-2024-internal-audit-standards-insights-for-caes/">New 2024 Internal Audit Standards: Insights for CAEs</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p>The new 2024 Global Internal Audit Standards by The Institute of Internal Auditors (IIA) introduce several significant updates designed to enhance the practice and relevance of internal auditing in today&#8217;s turbulent and complex business environment.  The key changes reflect the profession’s evolution, accommodating newer challenges and ensuring the standards meet current needs effectively. <a href="https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards/">The Standards</a> will be effective from 9 January 2025 which provides an opportunity for Internal Audit (IA) functions to reflect on their current practices.</p>
<p>The Chief Audit Executives (CAE) now has a significant opportunity to incorporate the latest developments in good practice and drive transformation to increase the value that IA can provide to stakeholders.</p>
<h2>The Key Changes</h2>
<p>The 2024 Global Internal Audit Standards mark a significant step forward in aligning internal audit practices with modern business challenges and governance expectations. By structuring the standards into 5 specific domains and emphasizing areas like cybersecurity, IT governance, and ethical conduct, the IIA aims to enhance the professionalism, efficiency, and impact of internal audit functions globally. Organisations are encouraged to transition to these updated standards ahead of their January 2025 effective date to maximize their internal audit function’s alignment with contemporary governance and risk management practices.</p>
<h3>A Restructure &#8211; One Document</h3>
<p>The 2024 Standards have been restructured for better clarity and practical application. The Standards are now combined into one document, the five mandatory components &#8211; Purpose of Internal Auditing, Ethics and Professionalism, Governing the Internal Audit Function, Managing the Internal Audit Function, and Performing Internal Audit Services, as well as one of the recommended non-mandatory elements, the Implementation Guidance. The Standards use the word “must” in the Requirements sections and the words “should” and “may” to specify common and preferred practices in the Considerations for Implementation sections</p>
<p>This new structure aims to streamline the standards for easier navigation and application in diverse auditing environments.</p>
<p>Both assurance and advising (formerly consulting) initiatives are included in the main body of the Standards and are not distinguished from one another by the Standards. With very few exceptions, the requirements for advisory and ad hoc initiatives now resemble those of risk-based assurance audits.</p>
<p>The only non-mandatory section of the International Professional Practices Framework (IPPF) is the IIA’s ‘Global Guidance’ which includes non-mandatory information, advice and best practices for performing engagements.</p>
<p style="text-align: center;"><img decoding="async" class="alignnone wp-image-11732" src="https://inconsult.com.au/wp-content/uploads/2024/04/Screenshot-2024-04-26-122204-300x169.png" alt="Internal Audit International Professional Practices Framework" width="762" height="429" srcset="https://inconsult.com.au/wp-content/uploads/2024/04/Screenshot-2024-04-26-122204-300x169.png 300w, https://inconsult.com.au/wp-content/uploads/2024/04/Screenshot-2024-04-26-122204-1224x689.png 1224w, https://inconsult.com.au/wp-content/uploads/2024/04/Screenshot-2024-04-26-122204-768x433.png 768w, https://inconsult.com.au/wp-content/uploads/2024/04/Screenshot-2024-04-26-122204.png 1408w" sizes="(max-width: 762px) 100vw, 762px" /></p>
<p style="text-align: center;"><em>The 5 Domains and 15 Principles of the new International Professional Practices Framework (IPPF)</em></p>
<h3>Refined Purpose of Internal Auditing</h3>
<p>The previous Standards focused broadly on the purpose and necessity of standards for internal auditing effectiveness. The 2024 Standards clarify that internal auditing serves to enhance and protect organisational value, guiding adherence to a systematic, disciplined approach.</p>
<h3>Stronger Emphasis on Ethics and Professionalism</h3>
<p>The 2024 revision introduces a stronger emphasis on ethics and professionalism, consolidating related standards to ensure internal auditors uphold integrity, objectivity, and confidentiality in their conduct.</p>
<h3>New Governance Framework</h3>
<p>The Governing the Internal Audit Function domain is new in 2024 and underscores the importance of proper governance structures for internal auditing, highlighting roles and responsibilities from the board and executive management in supporting the audit function.</p>
<p>According to the IIA, the new standards aims strengthen governance frameworks to help organisations be more responsive to rapidly changing conditions.</p>
<h3>Unified Approach and Leadership Involvement</h3>
<p>The standards emphasize the need for a unified approach to internal auditing that involves board or equivalent oversight. This alignment is intended to strengthen the organisation&#8217;s overall approach to risk management and optimize assurance and monitoring activities.</p>
<p>Domain III, ‘Governing the Internal Audit Function’, specifies what the CAE must do in order to support the Board and Senior Management to perform necessary oversight responsibilities for an effective IA function.</p>
<p>Each of the Standards in Domain III now define the ‘Essential Conditions’ for the Board and Senior Management that must be present for the IA function to be able to meet its mandate and fulfil the Purpose of Internal Auditing.</p>
<h3>Aligning Internal Audit Planning and Performance Evaluation</h3>
<p>There is additional focus on the internal audit’s mandate, vision, strategic planning, and performance measurement. This is aimed at ensuring that internal audits are strategically aligned with the organisation&#8217;s goals and are effectively tracking and evaluating their findings and impact.</p>
<p>In order to support the organisation&#8217;s success and strategic objectives, the CAE must now create and implement an IA strategy that meets the expectations of the Board, Senior Management, and other important stakeholders.  Creating a vision, strategic goals, and auxiliary projects for the IA function are all included in this.</p>
<h3>Building Trust and Relationships</h3>
<p>The CAE must create a strategy for the IA function to cultivate strong relationships, connections and confidence with important stakeholders. Surveys, interviews, workshops, and continuing unofficial contacts with the organisation&#8217;s staff are all recommended by guidance.</p>
<p>There&#8217;s a greater emphasis on how internal audit functions serve the public interest, alongside new requirements for quality assurance and improvement programs. This reflects a broader scope in the governance role of internal audits.</p>
<h3>Execution &#8211; Planning, Performing and Reporting</h3>
<p>The latest standards enhance the focus on the execution of internal audit engagements, detailing methodologies for risk assessment, engagement planning, and reporting. The standards also incorporate current trends such as cybersecurity and information technology governance</p>
<p>It is now a requirement to have &#8220;an engagement conclusion that summarises the engagement conclusion results relative to the engagement objectives and management&#8217;s objectives.&#8221; According to each unique level of relevance, engagement findings must be prioritised. In the section under &#8220;Consideration for Implementation,&#8221; ratings and rankings are suggested as an improved practice but are not necessary.</p>
<h3>Internal Audit Technology</h3>
<p>While the 2017 Standards focused on individual and organisational attributes for effective auditing, the 2024 Standards provide a comprehensive framework on managing audit resources, skills, and technological tools to maintain functionality and adapt to organisational changes.</p>
<p>The chief audit executive must now regularly evaluate the technology used by the internal audit function and pursue opportunities to improve effectiveness and efficiency and to engage with the organisations IT and cyber security functions.</p>
<h3>Internal Audit Performance</h3>
<p>In order to assess the effectiveness of the IA function, the CAE must set objectives and evaluate IA performance. Example Key Performance Indicators (KPIs) to be taken into account when implementing the Standard include:</p>
<ul>
<li>Percentage of the organisation’s key risks and controls reviewed,</li>
<li>Percentage of internal audit plan (as adjusted and approved) completed on time</li>
<li>The percentage of recommendations or action plans completed by management</li>
</ul>
<p>The objectives and KPIs should be a component of the CAEs performance measuring approach, which also needs to involve creating an action plan to deal with problems and areas that might use improvement.</p>
<h3>More Flexibility and Relevance</h3>
<p>The standards have been updated to be more flexible, allowing them to be more relevant across various industries and geographic regions. This includes specific guidance for public sector audits and smaller audit functions, ensuring adaptability to different global contexts.</p>
<p>Whilst the previous draft Standards were widely considered to be too prescriptive and difficult to implement, especially for smaller IA functions, Chief Audit Executives (CAEs) now have more leeway in how they execute the Standards as many of the &#8220;must&#8221; have aspects from the draft 2023 Standards have been moved to the &#8220;Considerations for Implementation&#8221; portions of the Standards.</p>
<h3>New Topical Requirements</h3>
<p>New guidance addresses contemporary risk areas like Cybersecurity, Information Technology Governance, Privacy Risk Management, Sustainability, ESG (Environmental, Social &amp; Governance), and Third-party Management. These additions aim to help internal audit functions focus on strategic risks and enhance their value to stakeholders.</p>
<h3>Emphasis on Quality Assurance and Improvement</h3>
<p>There is a renewed focus on continuous improvement and quality assurance in internal auditing, urging functions to implement regular and systematic reviews of their activities and outcomes.</p>
<h2>Implications for Key Stakeholders</h2>
<p>So what does this mean for key stakeholders like the Board, Audit and Risk Committee and the C suite?</p>
<ol>
<li>The 2024 IPPF emphasises a more strategic role for internal auditing within governance frameworks. This includes a greater emphasis on risk management and ensuring that internal audit activities are aligned with the broader strategic objectives of the organisation. This alignment is crucial for ensuring that internal audit provides value in identifying and mitigating potential risks before they impact the organisation.</li>
<li>There is a renewed focus on ethics and professionalism within the internal audit sector. The 2024 IPPF consolidates standards related to ethical behaviour, integrity, objectivity, and confidentiality. This ensures that internal auditors are held to a high standard of conduct, which is critical for maintaining stakeholder trust and the credibility of the audit function.</li>
<li>The new framework incorporates contemporary risk areas such as cybersecurity and information technology governance. This update acknowledges the increasing significance of technology in business processes and the associated risks. Ensuring that internal audits cover these areas can help protect organisations against emerging threats and enhance their resilience.</li>
</ol>
<h2>Step-by-Step Guide to Adapting to the 2024 Changes</h2>
<p>As a Chief Audit Executive, you play a critical role in transitioning your organisation to align with the new 2024 Global Internal Audit Standards. Here’s our strategic roadmap to guide your next steps:</p>
<ol>
<li>Begin by thoroughly understanding the key changes in the 2024 standards that are likely to impact your IA function and organisation. Focus on the restructured domains, new focus areas like cybersecurity, and the enhanced requirements for governance and risk management.</li>
<li>Conduct a comprehensive review of your current internal audit practices against the 2024 standards. Identify areas of compliance and gaps where enhancements are needed, particularly in the areas of IT governance, ethics, and professionalism.</li>
<li>Revise your internal audit charter and other key documents to reflect the changes in the standards. This includes updating the audit plan, risk assessment methodologies, and reporting formats. Ensure you enhance your quality assurance and improvement program to ensure continuous compliance with the new standards. Set up regular reviews and audits to monitor adherence and effectiveness.</li>
<li>Review IA resources and potential capability and training needs.</li>
<li>Engage with key stakeholders, including the board of directors, senior management, and audit committees, to discuss the implications of the new standards and the expected changes in the internal audit function.</li>
<li>Clearly communicate the changes and enhancements in your internal audit function to relevant stakeholders. Ensure transparency in how these changes improve governance, risk management, and overall organisational resilience.</li>
<li>Begin implementing the necessary changes to align with the new standards. This may involve enhancing IT systems, revising governance structures, and introducing new audit tools and technologies.</li>
<li>Continuously monitor the effectiveness of the new practices and make adjustments as necessary. Stay informed about any further updates from the IIA regarding the standards.</li>
</ol>
<h2>Ready to Transform Internal Audit?</h2>
<p>Are you ready to elevate your internal audit function, protect organisational value, and lead with confidence? Your journey towards internal audit excellence starts here.  Here is how we can help:</p>
<p><strong>Establishing a new internal audit function</strong>: We specialise in setting up comprehensive internal audit systems tailored to your specific business needs and budget. Our expert team provides end-to-end solutions—from assessing your current risk and controls and developing a strategic audit plan to implementing auditing processes that are in line with the new standards.</p>
<p><strong>Co-sourcing</strong>: We work alongside your internal audit team on specific projects, providing additional expertise or manpower where needed.</p>
<p><strong>Specialised expertise</strong>: We bring specialised knowledge that your internal team might not possess, such as IT audits, cybersecurity, regulatory compliance, insurance, reinsurance, ESG, sustainability and environmental audits.</p>
<p><strong>Technology support:</strong> With the increasing integration of technology in auditing processes, external auditors can assist in implementing new audit software, analytics tools, or other technologies that enhance the internal team&#8217;s capabilities.</p>
<p><a href="https://inconsult.com.au/contact-us/" target="_blank" rel="noopener noreferrer">Contact us</a> today to schedule a consultation and discover how our services can help your audit function rise to the challenges of the 2024 standards.</p>
<div class='printomatic pom-default ' id='id6094'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/new-2024-internal-audit-standards-insights-for-caes/">New 2024 Internal Audit Standards: Insights for CAEs</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Avoid Greenwashing by Strengthening Governance</title>
		<link>https://inconsult.com.au/publication/avoid-greenwashing-by-strengthening-governance/</link>
		
		<dc:creator><![CDATA[Tony Harb]]></dc:creator>
		<pubDate>Sun, 17 Dec 2023 19:13:54 +0000</pubDate>
				<guid isPermaLink="false">https://inconsult.com.au/?post_type=publication&#038;p=11495</guid>

					<description><![CDATA[<p>In a major move to combat misleading environmental claims, the Australian Competition and Consumer Commission (ACCC) has recently released its final guidance on greenwashing. The guidance titled &#8220;Making environmental claims: A guide for business&#8221; not only outlines the principles of good practice for environmental claims, but also emphasizes the increasing scrutiny on emissions and offsetting [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/avoid-greenwashing-by-strengthening-governance/">Avoid Greenwashing by Strengthening Governance</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p>In a major move to combat misleading environmental claims, the Australian Competition and Consumer Commission (ACCC) has recently released its final guidance on greenwashing. The guidance titled &#8220;<a href="https://www.accc.gov.au/about-us/publications/making-environmental-claims-a-guide-for-business" target="_blank" rel="noopener">Making environmental claims: A guide for business</a>&#8221; not only outlines the principles of good practice for environmental claims, but also emphasizes the increasing scrutiny on emissions and offsetting claims in the coming years.</p>
<p>The ACCC&#8217;s guidance follows concerns raised by a recent greenwashing internet sweep, revealing that 57% of reviewed businesses made potentially misleading environmental claims. The ACCC reiterated its commitment to enforcement and outlined its process, emphasizing action against representations about future environmental claims lacking reasonable grounds or intention.</p>
<h2>What is greenwashing?</h2>
<p>Greenwashing is the deceptive practice where a company falsely portrays its business or products as environmentally friendly. This marketing strategy involves companies claiming environmental consciousness without substantial efforts to reduce their environmental impact. Even well-intentioned companies can engage in greenwashing, contributing to widespread scepticism among global consumers regarding sustainability claims.</p>
<p>Essentially, greenwashing involves a company allocating more resources to marketing their eco-friendly image than genuinely addressing their environmental footprint, ultimately serving as a misleading ploy to attract environmentally conscious consumers.</p>
<p>As it can be seen from the above, most examples of greenwashing involve embellishing the product or service’s environmental benefits.</p>
<h2>A Premium for Sustainable Brands</h2>
<p>Why is greenwashing risk increasing? Marketers are increasingly driven to imbue their brands with a sense of environmental responsibility, and for good reason. According to a comprehensive report conducted by GreenPrint, a notable 64% of consumers from the Gen X demographic express a willingness to pay a premium for products associated with sustainable brands. This inclination toward sustainable choices becomes even more pronounced among millennials, with an impressive 75% of individuals within this demographic indicating a readiness to spend more on products aligned with environmentally conscious brands.</p>
<p>The findings underscore a significant shift in consumer preferences, where ethical considerations and sustainability play pivotal roles in purchasing decisions. As the market continues to evolve, businesses that embrace and communicate their commitment to sustainability are likely to resonate more strongly with consumers, especially those belonging to younger age groups. This not only highlights the growing importance of environmental consciousness in brand perception but also presents a clear opportunity for businesses to align their values with those of their environmentally aware consumer base.</p>
<h2>Key Principles of the ACCC&#8217;s Greenwashing Guidance</h2>
<p>The guidance explains the obligations under the Australian Consumer Law which businesses must comply with when making environmental and sustainability claims. It sets out what the ACCC considers to be misleading conduct and good practice when making such claims, to help businesses provide clear, accurate and trustworthy information to consumers about the environmental performance of their business.</p>
<p>The ACCC&#8217;s guidance encompasses eight key principles for businesses engaging in environmental claims:</p>
<ol>
<li>Make accurate and truthful claims.</li>
<li>Have evidence to support your claims.</li>
<li>Avoid hiding or omitting important information.</li>
<li>Clearly explain any conditions or qualifications on claims.</li>
<li>Refrain from making broad and unqualified claims.</li>
<li>Utilize clear and easy-to-understand language.</li>
<li>Ensure visual elements do not convey a misleading impression.</li>
<li>Be direct and open about your sustainability transition.</li>
</ol>
<p>The guidance sets the stage for transparent and meaningful communication, ensuring that legitimate sustainability efforts receive due recognition while mitigating the risks associated with greenwashing.</p>
<h2>Emission and Offset Claims</h2>
<p>Looking ahead, the ACCC announced plans to release further guidance in early 2024, focusing on emission and offset claims, along with the use of trust marks. The aim is to help businesses and consumers navigate the complexities of environmental claims, fostering transparency and accountability.</p>
<h2>Governance Institute&#8217;s Response</h2>
<p>In response to increasing regulatory action, the Governance Institute of Australia also launched a guide titled &#8220;<a href="http://chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.governanceinstitute.com.au/app/uploads/2023/12/Greenwashing-a-governance-perspective.pdf" target="_blank" rel="noopener">Greenwashing: a governance perspective.</a>&#8221; The guide positions greenwashing as a governance issue, emphasizing the importance of robust governance structures to mitigate reputational, legal, and financial risks.</p>
<p>The Governance Institute highlights various greenwashing risks, including selective disclosure, meaningless targets, virtue signalling, baseless claims, hidden trade-offs, and the &#8216;green-halo&#8217; effect. The guide emphasizes the nuanced distinction between genuine reporting and greenwashing.</p>
<h2>Following the United Nation&#8217;s Lead</h2>
<p>Since the inception of the Paris Agreement in 2015, an increasing number of companies committed to achieving net-zero greenhouse gas emissions. This involved reaching a point where any remaining emissions are offset by actions such as forest conservation or ocean absorption. However, many of these claims relied on dubious strategies, including emissions offsetting and &#8220;insetting,&#8221; rather than genuine emission reductions. Consequently, the transparency and integrity of such commitments are alarmingly low, posing a risk to the urgent need for effective climate action.</p>
<p>Responding to the surge in greenwashing associated with net-zero pledges, the Secretary-General has established a High-Level Expert Group. This group has been assigned the crucial task of developing more robust and transparent standards for net-zero emissions commitments across companies, financial institutions, cities, and regions, expediting their implementation.</p>
<h2>Minimising Greenwashing Risk</h2>
<p>While greenwashing may be deliberate, it can also be done inadvertently.  To avoid greenwashing, consider implementing the following strategies:</p>
<ul>
<li><strong>Clear and Specific Claims</strong>: Ensure transparency by specifying units of measurement in your sustainability claims, making them easily understandable (e.g., &#8220;20% recycled plastic&#8221; rather than vague statements).</li>
<li><strong>Provide Verifiable Data</strong>: Support your sustainability claims with accurate and current data, prominently available on your website and other communication channels. Verify all data to enhance credibility.</li>
<li><strong>Integrate Sustainability into Operations</strong>: Incorporate sustainability into your business model by adopting eco-friendly practices in manufacturing and waste disposal. Align your operations with your environmental marketing claims.</li>
<li><strong>Honesty about Sustainability Practices</strong>: Clearly communicate your brand&#8217;s sustainability practices and future plans to consumers. Be transparent about your goals and targets, building trust and accountability.</li>
<li><strong>Avoid Misleading Advertising</strong>: Ensure that advertisements and packaging accurately represent your products&#8217; eco-friendliness. Refrain from using nature-related imagery if your brand or products do not align with environmentally friendly practices.</li>
</ul>
<h2>We are here to help you</h2>
<p>As businesses increasingly recognize the importance of sustainability, the risk of greenwashing becomes a critical concern, adherence to the ACCC&#8217;s principles and robust governance structures becomes paramount.</p>
<p>To safeguard your company&#8217;s reputation and foster genuine environmental responsibility, consider partnering with InConsult. Our expert consultants can guide you through the complexities of sustainable practices, ensuring that your environmental claims align with measurable actions.  We have a range of greenwashing audit and compliance services that help reduce greenwashing risk.  We can:</p>
<ul>
<li>Evaluate your marketing materials and communications to identify potential greenwashing risks.</li>
<li>Ensure alignment with local and international regulations related to environmental claims.</li>
<li>Confirm the accuracy and reliability of data supporting your sustainability claims.</li>
<li>Assess the methodology used for measuring and reporting environmental impact.</li>
<li>Evaluate the effectiveness of existing governance structures related to sustainability.</li>
<li>Review and enhance your policies to ensure transparency and accountability.</li>
<li>Develop training sessions for internal teams on greenwashing awareness and compliance.</li>
<li>Provide detailed reports on the findings of the greenwashing audit.</li>
</ul>
<p>By taking proactive steps to integrate sustainability into your business model and leveraging the expertise of our firm, you not only mitigate the risk of greenwashing but also contribute to a more sustainable and transparent future.</p>
<p>Together, let&#8217;s build a greener and more sustainable tomorrow.</p>
<p><a href="https://inconsult.com.au/contact-us/">Contact us</a> to embark on a journey towards authentic environmental stewardship and responsible business practices.</p>
<div class='printomatic pom-default ' id='id6027'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/avoid-greenwashing-by-strengthening-governance/">Avoid Greenwashing by Strengthening Governance</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>How The Smart CEO Gets More Value From Internal Audit</title>
		<link>https://inconsult.com.au/publication/how-the-smart-ceo-gets-more-value-from-internal-audit/</link>
		
		<dc:creator><![CDATA[Tony Harb]]></dc:creator>
		<pubDate>Wed, 19 Jul 2023 20:54:05 +0000</pubDate>
				<guid isPermaLink="false">https://inconsult.com.au/?post_type=publication&#038;p=10774</guid>

					<description><![CDATA[<p>Internal audit is designed to provide assurance to the CEO, the board (governing body) and stakeholders, that the organisation&#8217;s operations are being conducted in a manner that is efficient, effective, and in compliance with laws and regulations.  In some jurisdictions and industries, internal audit is mandated. Therefore, internal audit is an important function within any [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/how-the-smart-ceo-gets-more-value-from-internal-audit/">How The Smart CEO Gets More Value From Internal Audit</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p>Internal audit is designed to provide assurance to the CEO, the board (governing body) and stakeholders, that the organisation&#8217;s operations are being conducted in a manner that is efficient, effective, and in compliance with laws and regulations.  In some jurisdictions and industries, internal audit is mandated.</p>
<p>Therefore, internal audit is an important function within any organisation. Managed well and aligned to strategic initiatives, internal audit can be one of the organisations most valuable assets. Managed poorly, it can be a waste of money, time and valuable resources.</p>
<p>Many boards and CEOs value an effective internal audit function, but we cannot always say that internal audit is valued by all stakeholders. Sometimes, the relationship between the CEO, management and internal audit can come under strain due to the competing priorities of each party.</p>
<p>Having worked closely with boards, audit committees, CEOs, senior managers and internal auditors and having collectively performed thousands of internal audits over 20 years, the internal audit team at InConsult looked at the role of the CEO in internal audit and identified a number of strategies to guide the CEO to get more value from internal audit.</p>
<h3>The Sources of Audit Tension</h3>
<p>Tensions to a positive internal audit experience can come from internal audit, CEO, management and the board and can occur for many reasons.</p>
<h4>Competing objectives and priorities</h4>
<p>Management&#8217;s focus is primarily on achieving strategic goals and financial performance.  Internal audit also interested in the organisation achieving its goal. However, if <!--StartFragment --><span class="cf0">management is so focussed on the outcome that they don&#8217;t pay proper regard to the process, skimp on</span> compliance and don&#8217;t manage risks effectively, it can lead to conflicts, disagreements and tensions between the parties.</p>
<h4>Lack of understanding</h4>
<p>Management may not fully understand or appreciate the purpose, value and importance of the internal audit function. They may view it as a compliance-driven activity rather than recognising its role in providing independent assurance and valuable insights to improve organisational processes and controls.</p>
<h4>Perception of criticism</h4>
<p>Internal audit&#8217;s role is designed to assess and evaluate the effectiveness of controls, processes, and risk management practices of management. If management perceives these assessments as personal criticisms or threats to their authority, it can strain the relationship.  When internal audit identifies control weaknesses or areas for improvement, it can be perceived by the CEO as a criticism of their leadership or decision-making. This can lead to defensiveness and strained relations between the CEO and internal audit.</p>
<h4>Ineffective communication</h4>
<p>Effective communication is essential for a strong relationship between internal audit, the board, CEO and management. If there are communication gaps, misunderstandings can occur, leading to mistrust and strained relations. Lack of clarity in explaining audit findings and recommendations can further exacerbate these issues.</p>
<h4>Gaps in internal audit capabilities</h4>
<p>Poor internal audit practices or an under resourced internal audit team will compromise the quality of internal audit work. Limited staffing, budget, or access to necessary information can impact the quality and timeliness of audit work, leading to frustrations on both sides.</p>
<h4>Lack of trust and independence</h4>
<p>Internal audit must operate with a high degree of independence to provide unbiased assessments. Internal audit must have unfettered access to information.  If management perceives internal audit as lacking independence or being influenced by external factors, it can erode trust and strain the relationship.</p>
<h4>Resistance to audit recommendations</h4>
<p>Internal audit often provides recommendations for improving controls, processes, and risk management. If management is not confident in internal audits capabilities, resists findings or fails to take recommendations seriously, it can create a perception that the internal audit function&#8217;s efforts are being disregarded or undervalued.</p>
<h3>Strategies for the CEO to Establish Solid Foundations</h3>
<p>Whilst internal audit is an independent function, the CEO is often in the drivers seat for ensuring it is effective, with some oversight from the audit committee and/or board for larger organisations.  An effective internal audit function is built on a solid foundation of key principles, practices, and structures.  The CEO should work with the Chief Audit Executive and support laying these foundations.</p>
<h4>Recruit a capable audit team</h4>
<p>Internal auditors should possess the necessary knowledge, skills, and professional qualifications/certifications. The internal audit department should also follow the standards and ethical guidelines of the profession as set out by the <a href="https://www.theiia.org/" target="_blank" rel="noopener">Institute of Internal Auditors</a>.</p>
<h4>Ensure adequate resourcing</h4>
<p>For internal audit to be effective, it needs to have the appropriate resources in terms of staffing, budget, and technology. The CEO should ensure that the internal audit department is adequately resourced and has the necessary tools and technology to do its job effectively.</p>
<h4>Use a risk-based audit approach</h4>
<p>Due to budget and time constraints, internal audit should take a risk-based approach to its work, focusing on areas where the organisation is most at risk and providing assurance that the internal controls are designed and operating effectively to mitigate these risks.</p>
<p>By engaging with key stakeholders, contextualising the organisational objectives and conducting a comprehensive risk assessment (or using risk information from the risk management department), the internal audit department can identify the areas of the company where the risk of loss or failure to achieve objectives is greatest. This helps the internal audit function to focus on the areas of the company that are most at risk and provides assurance that the company&#8217;s internal controls are designed and operating effectively to mitigate these risks.</p>
<h4>Open communication between audit and management</h4>
<p>Establish regular communication channels between internal audit and management to enhance understanding and address any concerns or misunderstandings promptly.</p>
<h4>Clear audit plans and reports</h4>
<p>The internal audit function should have plans and reports in place to communicate its intentions, approach, findings and recommendations to the CEO, the board of directors, and other stakeholders.  Key plans and reports include:</p>
<ul>
<li><strong>Strategic Audit Plan</strong> &#8211; outlines the internal audit activities and objectives for a three-year period. It serves as a roadmap for the internal audit function, guiding its efforts in evaluating and assessing the organisation&#8217;s operations, risks, controls, and governance processes over the specified timeframe.</li>
<li><strong>Audit Engagement Plan</strong> &#8211; outlines the specific details and objectives of an upcoming audit engagement. It is a roadmap for the internal audit team, providing a structured approach to conducting the audit and ensuring that all relevant areas are addressed.</li>
<li><strong>Audit Report</strong> &#8211; summarises the audit approach, methodology, findings, observations, and recommendations resulting from an internal audit engagement. The report is a communication tool between internal audit and management, providing valuable insights and recommendations for improving processes, controls, and risk management practices.</li>
<li><strong>Quarterly Audit Report</strong> &#8211; provides an update on the progress of audit engagements completed, highlights key issues, and tracks the progress of audit recommendations to completion/closure.</li>
</ul>
<h4>Be visible</h4>
<p>It&#8217;s important that the CEO is visible and promotes internal audit and encourages management take appropriate actions on the recommendations in a timely manner. This shows the importance placed on internal audit and helps to maintain the integrity of the internal control environment.  Also, it&#8217;s important that the internal audit team is seen as approachable by any member of staff, which enhances their standing within the organisation and provides an avenue to identify issues at the coalface.</p>
<h4>Continuous audit improvement</h4>
<p>The internal audit function should be continuously looking for ways to improve its processes and procedures. The department should also monitor and evaluate the effectiveness of its work and the impact of its recommendations to continually improve the control environment. Every 5 years, internal audit process should undergo an external independent review.</p>
<h3>Strategies for Optimising Internal Audit</h3>
<p>Having the foundations in place helps to ensure that the internal audit function is able to provide the assurance that the CEO and the board of directors need, but it may not relieve all the tension. The CEO and board can expect more from internal audit.  They may expect internal audit to take a more proactive approach to identifying and assessing risks, rather than just being reactive to issues that have already occurred.</p>
<h4>Monitoring and analysis of key performance indicators</h4>
<p>The internal audit department can use monitoring and analysis of key performance indicators (KPIs) to identify potential issues and risks before they become major problems. This could include monitoring the company&#8217;s financial performance, compliance with laws and regulations, and the effectiveness of key processes and systems.</p>
<h4>Data analytics</h4>
<p>Internal audit can use data analytics tools to identify patterns or anomalies in data that may indicate a potential risk or control weakness. These tools can help internal audit to uncover issues that may be hidden and would not be identified through traditional audit methods.</p>
<h4>Continuous control monitoring</h4>
<p>The internal audit function can be proactive by continuously looking for ways to improve its processes and procedures. This could include ongoing monitoring of the control environment.</p>
<h4>Predictive auditing</h4>
<p>Predictive auditing is a new way of auditing that allows internal audit to make predictions about future events, scenarios, or risks, by identifying and analysing patterns or trends, and build in assessments and controls to prevent potential events from happening.</p>
<h4>Stay current with industry/sector developments</h4>
<p>Internal audit can also be proactive by staying current with industry developments and emerging risks, such as regulatory changes and technological advancements, so they can identify potential risks to the organisation and take appropriate actions.</p>
<h3>Takeaways</h3>
<p>By addressing these &#8216;tension&#8217; factors and promoting a culture of cooperation and mutual respect, the relationship between the CEO, internal audit and management can be improved, leading to more effective risk management, a stronger control environment and governance practices within the organisation.</p>
<p>Taking a proactive approach, an internal audit department can help the company to identify and manage potential risks before they become major issues, and provide assurance that the company&#8217;s internal controls are effective in mitigating those risks.</p>
<h3>How we can help</h3>
<p>InConsult is committed to helping organisations better understand the benefits and value of internal audit.</p>
<p>We have supported small to large organisations establish a cost effective internal audit function and to refine and optimise internal audit practices.</p>
<p>We have extensive experience in internal auditing, risk management, probity, fraud and corruption prevention, cyber security, crisis management, business continuity, climate risk management and pandemic planning.</p>
<p>If you would like to know more about our internal auditing services, <a href="https://inconsult.com.au/contact-us/" target="_blank" rel="noopener noreferrer">contact us</a> to discuss your needs.</p>
<div class='printomatic pom-default ' id='id8251'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/how-the-smart-ceo-gets-more-value-from-internal-audit/">How The Smart CEO Gets More Value From Internal Audit</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>How Strategic Is Your Internal Audit?</title>
		<link>https://inconsult.com.au/publication/how-strategic-is-your-internal-audit/</link>
		
		<dc:creator><![CDATA[CreativeTeam]]></dc:creator>
		<pubDate>Wed, 02 Oct 2019 03:11:24 +0000</pubDate>
				<guid isPermaLink="false">https://ac861nz9.dreamwp.com/?post_type=publication&#038;p=3934</guid>

					<description><![CDATA[<p>During his time working for a number of councils Mitchell Morley was often (although not always) underwhelmed at the lack of value many internal audit assignments added to the achievement of the organisation’s objectives. At the time he just accepted this as an inherent limitation from an often under resourced function operating in a complex [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/how-strategic-is-your-internal-audit/">How Strategic Is Your Internal Audit?</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p><em>During his time working for a number of councils Mitchell Morley was often (although not always) underwhelmed at the lack of value many internal audit assignments added to the achievement of the organisation’s objectives. At the time he just accepted this as an inherent limitation from an often under resourced function operating in a complex environment. In this article he discusses how in his current role of providing risk management and internal audit services to a number of local government clients, his understanding of the problem is much clearer.</em></p>
<h4>The root causes of poor internal audits</h4>
<p>Poor internal audit outcomes generally stem from poor internal audit planning and a lack of alignment between internal audit functions and the strategic objectives of the organisation and its risk management framework. All too often we encounter audit plans that are not based on an understanding of the potential audit universe nor aligned with organisational objectives.  Even though the internal audit standards require a risk based approach to internal audit planning, the link between the organisation’s risk management framework and its internal audit plan is often tenuous or non-existent.</p>
<p>This situation is not always the fault of internal audit, which is often under resourced and/or misunderstood. In many cases the problem stems from management and audit committees not asking the right questions, providing the right support or direction or ensuring that a proper risk management framework is in place.</p>
<p>So what can be done to overcome these problems? We would suggest the following 9 steps:</p>
<h4>1. Document internal audit’s objectives and strategic approach in both the internal audit charter and the internal audit plan</h4>
<p>Whilst it serves as a good starting point, go beyond just regurgitating the sample internal audit charter attached to the DLG guidelines. Clearly spell out the purpose of internal audit, the resources available, the proposed approach, the linkage between internal audit and the organisation’s objectives and risk management framework</p>
<h4>2. Summarise the organisation’s key objectives and strategies</h4>
<p>You don’t need to repeat the entire Community Strategic Plan nor the Delivery and Operational Plans in your audit plan but you should summarise the key points. If your organisation is a growth council with huge increases in population projected to occur then this is a relevant point to note. This might lead you to conclude that functions such as strategic land use planning, development assessment and building certification are especially high risk areas that may need more frequent internal audit scrutiny than would be the case in a maintenance council.</p>
<h4>3. Identify and document the audit universe</h4>
<p>How can you be strategic if you don’t start by defining all of the functions of the</p>
<p>organisation that need to be considered when developing the internal audit plan? Developing the audit universe is not a difficult process, you can pull it together from looking at the Operational Plan, a functional organisation structure or form a well-developed corporate risk register.  The key is to get the right level i.e. don’t break it down so far that you end up with hundreds of specific activities and tasks. Keep it at a broad functional level e.g. procurement, investments, development assessment, library services, park maintenance etc.</p>
<h4>4. Conduct a high level risk assessment of the audit universe</h4>
<p>If your risk management framework contains some well-developed risk assessment criteria (i.e. likelihood and consequence ratings, risk categories) then use these to assess the overall level of risk involved in each of the functions listed in your audit universe. Involve managers in this process or at least get them to review the output. Make sure you assess the inherent risk level (i.e. before considering existing controls) and the residual risk level (after existing controls). This will enable you to prioritise potential audit assignments.</p>
<h4>5. Identify audit types</h4>
<p>What types of audits do you intend to undertake? Will some be comprehensive and others more of a limited assurance type? Will managers be required to undertake some level of self-assessment in between internal</p>
<p>audits? The proposed audit types and what they involve should be listed in the audit plan.</p>
<h4>6. Develop risk based audit work plan</h4>
<p>Based on the high level risk assessment, develop a draft internal audit work plan which prioritises proposed audit assignments. Circulate this to senior management and seek input and confirmation. You may have to make adjustments based on issues raised by management and/or other stakeholders.</p>
<h4>7. Align to available internal audit resources</h4>
<p>Whilst it would be nice to have the resources to audit all higher risk activities on a regular basis, this is unlikely to be the reality. At this stage you need to align the proposed work plan with available resources. Make sure you allow for other internal audit activities like special projects, attendance at audit committee meetings, investigations etc. Putting all of this together in a detailed work plan will clearly show management and the audit committee what is possible given existing resources and allow them to determine whether the proposed coverage is within their risk appetite. Again the detailed work plan should be circulated for input/ confirmation by management.</p>
<h4>8. Use risk registers to scope internal audit assignments</h4>
<p>Once the audit plan has been approved and you begin scoping specific audit assignments, use the organisational risk register to identify the key risks and auditable controls for the function in question. This will enable you to take a risk based approach to the assignment and demonstrate that the controls you have tested relate to the key risks involved in the function in question. If no risk register exists or the register is inadequate, you may need to commence the audit by conducting a more detailed risk assessment with key personnel. Ideally get your organisation’s risk manager to do this for you or at least with you.</p>
<h4>9. Use a risk based scale for prioritising recommendations</h4>
<p>Finally, when writing audit reports and making recommendations take a risk based approach. Develop some rating criteria against which you can prioritise recommendations. For example, Critical or High priorities would be those recommendations which are aimed at addressing a fundamental gap in the internal control framework that is exposing Council to significant risk and requires immediate attention. This will help managers and the audit committee prioritise audit resolutions and reduce the chances of them being overwhelmed by a large number of recommendations.</p>
<h4>Final Word</h4>
<p>Think strategically in both the internal audit charter and the internal audit plan and show how internal audit is proposing to align its processes to promote the organisation’s objectives and take account of the risk management framework.  Make sure your internal audit plan is built on sound fundamentals and clearly demonstrates the linkage with the organisation’s risk profile and available resources.</p>
<div class='printomatic pom-default ' id='id736'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/how-strategic-is-your-internal-audit/">How Strategic Is Your Internal Audit?</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Understanding the Three Lines of Defence</title>
		<link>https://inconsult.com.au/publication/understanding-the-three-lines-of-defence/</link>
		
		<dc:creator><![CDATA[CreativeTeam]]></dc:creator>
		<pubDate>Wed, 02 Oct 2019 02:59:45 +0000</pubDate>
				<guid isPermaLink="false">https://ac861nz9.dreamwp.com/?post_type=publication&#038;p=3912</guid>

					<description><![CDATA[<p>An assurance model or framework that has received some publicity in recent years is the ‘Three Lines of Defence Model”. Mitchell Morley from InConsult explores this model, its limitations and examines what organisations can learn from it? Introduction The notion of “lines of defence” no doubt has its origins in military planning and sport. However [&#8230;]</p>
The post <a href="https://inconsult.com.au/publication/understanding-the-three-lines-of-defence/">Understanding the Three Lines of Defence</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></description>
										<content:encoded><![CDATA[<p>An assurance model or framework that has received some publicity in recent years is the ‘Three Lines of Defence Model”. Mitchell Morley from InConsult explores this model, its limitations and examines what organisations can learn from it?</p>
<h4>Introduction</h4>
<p>The notion of “lines of defence” no doubt has its origins in military planning and sport. However the origin of the Three Lines of Defence Model is a little unclear. It appears to have gained prominence around a decade ago following its adoption by the former UK Financial Services Authority as the preferred model for managing operational risk in the UK financial sector.</p>
<p>Whilst there are many variations of what the model actually looks like and what each line represents it can generally be summarised as follows:</p>
<ul>
<li>The first line of defence is provided by front line staff and operational management. The systems, internal controls, the control environment and culture developed and implemented by these business units is crucial in anticipating and managing operational risks.</li>
<li>The second line of defence is provided by the risk management and compliance functions. These functions provide the oversight and the tools, systems and advice necessary to support the first line in identifying, managing and monitoring risks.</li>
<li>The third line of defence is provided by the internal audit function. This function provides a level of independent assurance that the risk management and internal control framework is working as designed.</li>
</ul>
<p><img decoding="async" class="wp-image-7827 aligncenter" src="https://inconsult.com.au/wp-content/uploads/2019/10/three-lines-model-e1631765531434.jpg" alt="three lines model" width="536" height="415" srcset="https://inconsult.com.au/wp-content/uploads/2019/10/three-lines-model-e1631765531434.jpg 707w, https://inconsult.com.au/wp-content/uploads/2019/10/three-lines-model-e1631765531434-300x232.jpg 300w" sizes="(max-width: 536px) 100vw, 536px" /></p>
<h4>Critics and limits</h4>
<p>Sounds pretty logical but it is not without its critics – especially in relation to the role of the third line with many observers questioning whether internal audit should really be regarded as a line of defence. Some critics complain that the metaphor implies three organisational functions working independently rather than together in a collaborative way. Others have commented that preventative controls are necessary to constitute a “defence” whereas risk management and internal audit functions mostly play a detective role.</p>
<p>But if we don’t get too pedantic about the weaknesses of the metaphor itself I think there are some important principles that we can take from the model.</p>
<h4>The first line – front line management</h4>
<p>Firstly, the front line is really the key to success. The international risk management standard, AS/NZS ISO 31000, introduced the term “risk owner” (the person or entity with the accountability and authority to manage a risk). Watch any training video on risk management or attend any decent risk management training session and one of the key messages is always that “managers are risk owners”. Anybody in the organisation who has a delegation, deploys resources or makes decisions is responsible and accountable for managing the associated risks. In my view this principle is reinforced by the concept of front line staff and management being the “first line of defence”. Invariably it is the quality of the people, systems and culture at the coalface that is the main determinant of success.</p>
<p>To use a sporting metaphor, it is often said in football sports such as rugby league and union that the front line forwards lay the foundation for victory. Play strong and tight in the forwards and the rest often falls into place.</p>
<h4>The second line – risk management &amp; compliance</h4>
<p>The second thing I like about the Three Lines of Defence Model is the notion that the second line i.e. the risk and compliance functions, play a support role. To be effective they need to work with and support the business. This implies the need to provide tools and advice that are practical, adaptable and effective.</p>
<p>ISO 31000 espouses eleven key principles that underpin <a title="Risk Management" href="https://inconsult.com.au/services/risk-management/">effective risk management</a>. The second of these is that risk management is an integral part of all organisational processes. It is the role of the second line to provide the systems and advice necessary to integrate risk management into key processes and allow the front line to manage for success.</p>
<p>Using our sporting metaphor, the second line of defence(in those sports that utilise one), usually plays a multi-faceted role – at times anticipating what might go wrong up front and being ready to react whilst at other times acting as another set of eyes for the front line and shouting advice and encouragement when needed. Sometimes the second line steps up to the front if reinforcements are necessary and other times it drops back in cover defence.</p>
<h4>The third line – internal audit</h4>
<p>Thirdly (and it seems appropriate when talking about the three lines of defence to make three observations), leaving aside whether internal audit is really a line of defence, referring to it as the “third” line reinforces that internal audit should never be relied upon as a primary control measure. Internal audit’s role is largely detective and corrective i.e. detect control weaknesses or breakdowns and suggest improvements or remedial action. Quite often in risk workshops managers will nominate internal audit as a key control. Whilst it might be flattering that managers see internal audit this way, it is a dangerous view. Internal audit should never be relied upon or expected to detect every control breakdown, error or deficiency. Whilst sampling should be statistically valid it is just that – sampling. Internal audit does not generally review  every single transaction.</p>
<p>Continuing our football metaphor, if a team continually relies on its fullback or goal keeper to save the day, it will lose more often than it wins. Internal audit has a key role to play but if the front line is relying on it to pick up everything that slips through the cracks, the organisation has a problem.</p>
<h4>Takeaways</h4>
<p>Models are really just tools to simplify complex functions and relationships in a way that makes them easier to explain and understand. They are rarely perfect and valid for every conceivable situation. If we bear this in mind, then the Three Lines of Model can provide a theoretical foundation for an effective risk and assurance framework. But like any model, it is only as strong as the people that work within it and it has to be tailored to the specific context in which the organisation operates. Nonetheless, if we view the three lines of defence as critical components working together rather than in independent roles, the model has much to offer. The concept of operational staff and management working in collaboration with the risk, compliance and internal audit functions to create a multi-pronged and yet integrated approach to managing risk and helping to achieve objectives has to at least be worthy of consideration.</p>
<p><em>Mitchell Morley has over 20 years experience in Local Government, governance, risk management and audit.  He can be contacted on 02 9241 1344 or via email at mitchellm@inconsult.com.au.</em></p>
<h4>More on the Three Lines of Defence&#8230;Watch One Minute Risk Manager on YouTube</h4>
<p><a href="https://www.youtube.com/watch?v=guOcPowObeQ" target="_blank" rel="noopener noreferrer"><img loading="lazy" decoding="async" class="alignnone wp-image-2344 size-full" src="https://inconsult.com.au/wp-content/uploads/2015/08/omrm.png" alt="" width="168" height="113" /></a></p>
<p>When managing enterprise-wide risks, the <strong>Three Lines of Defence</strong> is a simple way to communicate and clarify the responsibilities of various lines of management with respect to their control responsibilities.</p>
<p>NOTE: Since this article and our video first appeared, the three lines of defence model was updated by the IIA in 2020 as the <a href="https://aicd.companydirectors.com.au/membership/company-director-magazine/2020-back-editions/november/risk-and-compliance-rethinking-the-three-lines-of-defence" target="_blank" rel="noopener">Three Lines Model</a>.</p>
<div class='printomatic pom-default ' id='id8200'  data-print_target='body'></div>The post <a href="https://inconsult.com.au/publication/understanding-the-three-lines-of-defence/">Understanding the Three Lines of Defence</a> first appeared on <a href="https://inconsult.com.au">InConsult</a>.]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
