Objective
The Chief Executive Officer (CEO) has established an Audit and Risk Committee in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The Audit and Risk Committee will provide independent advice to the CEO on the appropriateness of the AOFM’s: financial and performance reporting; risk oversight and management; internal control environment; and governance arrangements (including code of conduct).
The Committee is directly accountable to the CEO for the performance of its functions.
Exclusions from Audit and Risk Committee Remit
The Committee has no managerial responsibilities and does not make decisions in relation to AOFM’s processes and functions. The Committee has no executive powers in relation to the operations of the entity. The Committee may only review the appropriateness of aspects of those operations, consistent with its functions, and advise the CEO accordingly.
Responsibility for approving debt management, investment and financial risk management policies rests with the Secretary to the Treasury, who is advised by the AOFM Advisory Board. The Secretary’s responsibilities include setting policy and operational limits with respect to credit, interest rate and liquidity risk. The Committee should not overlap with the policy role of the Secretary and the Advisory Board.
Authority
The CEO authorises the Committee, consistent with its Responsibilities and Functions, to obtain information from, hold discussions with, or request presentations by any official, external party or the external auditors, as it deems necessary to fulfil its objective. Any requests are to be done subject to appropriate legal and confidentiality considerations. The AOFM will meet reasonable expenditure in relation to legal or professional advice, provided the Committee first consults with the Chief Operating Officer (COO) on the level of anticipated expenditure.
The Committee Chair may directly access the Secretary to the Treasury on any audit matter judged to be of sufficient concern.
Membership
The Audit and Risk Committee will comprise three independent[1] members, appointed by the CEO.
The CEO will appoint one of the members to be the Chair of the Committee.
The members, taken collectively, will have a broad range of skills and experience relevant to the operations of the AOFM. The Audit and Risk Committee should comprise of members who collectively possess:
-
Accounting or related financial management experience;
-
Risk and performance management experience; and
-
Financial markets experience.
The Chair is authorised to appoint a Deputy Chair, who will act as chair when required.
Members shall be appointed for an initial term of up to five (5) years. Members may be re-appointed for further periods, at the discretion of the CEO.
The COO and Chief Risk and Assurance Officer (CRAO), deemed to have relevant experience to assist the business of the Committee, will attend meetings as permanent advisors.
Individual responsibilities of Audit and Risk Committee members
Members of the Committee are expected to understand and observe the legal requirements of the PGPA Act and rules. Members are also expected to:
-
Have a sound understanding of the AOFM’s functions, objectives and operational context;
-
Act in the best interests of the AOFM and the Commonwealth;
-
Apply objectivity, sound analytical skills, and sound judgment in meeting the Committee’s objective;
-
Express opinions constructively and openly, raise issues that relate to the committee’s responsibilities and pursue independent lines of enquiry; and
-
Contribute the time required to meet their responsibilities.
Responsibilities and functions
Financial reporting [PGPA Rule 17(2)(a)]
- The Committee will review the financial statements and provide written independent advice to the CEO on its view of the appropriateness of AOFM’s:
-
annual financial statements and additional information required by Department of Finance to prepare the Australian Government’s consolidated financial statements, including the supplementary reporting package, specifically that they comply with the PGPA Framework and Accounting standards.
-
financial reporting framework and associated procedures for effective internal control (including appropriate management sign-offs), management responses to audit recommendations and adjustments, and compliance with relevant accounting standards, laws or regulations; and
-
processes to ensure that financial information included in AOFM’s Annual Report is consistent with the signed financial statements.
Performance reporting [PGPA Rule 17(2)(b)]
The Committee will review the performance information, systems and framework and provide written independent advice to the CEO on its view of the appropriateness of AOFM’s:
-
systems and processes for measuring, assessing, monitoring and reporting the achievement of the AOFM’s performance, and determine that:
-
the Portfolio Budget Statements and Corporate plan contain appropriate details of how the AOFM will achieve its purposes and measure and assess its performance
-
the approach to measuring performance covers the whole performance reporting lifecycle and sufficiently addresses the AOFM’s performance measurement and assessment, and has taken into account guidance issued by the Department of Finance and the ANAO;
-
appropriate, records are maintained to enable the preparation of the Annual Performance Statement and systems and processes are in place for the inclusion of the Statement in the Annual Report; and
-
-
the processes in place ensure that the AOFM’s proposed Performance Statement is consistent with the Corporate Plan and Portfolio Budget Statements; and
-
Annual Performance Statement and performance reporting.
System of risk oversight and management [PGPA Rule 17(2)(c)]
The Committee will review the system of risk oversight and management and provide written independent advice to the CEO on its view of the appropriateness of the AOFM’s:
-
Enterprise Risk Management (ERM) framework and that this is consistent with the Committee’s understanding of the AOFM’s operating context and the Commonwealth Risk Management Policy;
-
use of the ERM in managing the AOFM’s major risks and identifying the prospect of emerging risks, including those associated with individual projects, program implementation, legal obligations and other business process activities;
-
approach to business continuity and disaster recovery management, including ongoing maintenance and testing of plans;
-
risk management capability and whether key roles, responsibilities and authorities relating to risk management are clearly articulated and adhered to; and
-
fraud and corruption control arrangements, including preventing, detecting, capturing and responding to fraud and corruption risk, in accordance with the Commonwealth Fraud and Corruption Control Framework.
System of internal control [PGPA Rule 17(2)(d)]
The Committee will review the system of internal control and provide written independent advice to the CEO on its view of the appropriateness of the AOFM’s:
Internal control framework
-
approach to maintaining an effective internal control framework;
-
including for critical business processes, contract management, business continuity, delegations, and lawful conduct;
-
assurance map and strategy and whether planned assurance activities ensure key obligations, policies and procedures are complied with, and gaps or inefficiencies in assurance activities are identified; and
-
approach to maintaining effective protective, including cyber, security arrangements, in accordance with the Protective Security Policy Framework.
Legislative and policy compliance
-
Systems for monitoring compliance and other assurance activities regarding relevant laws, regulations and associated government policies; and
-
Reports on compliance regarding breaches of legislative or policy compliance, the status of any ongoing remedial activities and any changes to risks of the AOFM.
Internal audit coverage
- Review the proposed internal audit coverage regarding its alignment with the AOFM’s key risks, and recommend approval of the Annual Work Plan by the CEO;
- Provide advice to the CEO on the allocation of internal audit resources (topics) either through review of the annual internal audit plan and/or requests for specific topics;
- Review all audit reports and provide advice to the CEO on significant issues identified in audit reports and action to be taken on issues raised;
- Monitor management’s implementation of internal audit recommendations;
- Review internal audit’s annual report on the overall state of the AOFM’s internal controls;
- Periodically review the internal audit charter to ensure appropriate authority, access and reporting arrangements are in place;
- Annually review the performance of internal audit; and
- Meet privately with Internal Audit at least once per year.
External audit coverage
-
Consider all external audit plans and reports in respect of planned or completed audits;
-
Monitor management’s implementation of audit recommendations;
-
Provide advice to the CEO on action to be taken on significant issues raised in relevant external audit reports; and
-
Meet privately with External Audit at least once per year.
Reporting
The Chair will report to the CEO after each meeting.
The Chair may also meet with the CEO from time to time to discuss any matters related to the role of the Committee.
The Committee will report to the CEO annually on its operation and activities against the responsibilities outlined in this Charter
This will be in the form of an annual written report outlining the Committee’s view of the appropriateness of the AOFM’s financial reporting, performance reporting, system of internal control and system of risk oversight and management. In providing its view the Committee should also note any areas of concern, non-remediation of significant recommendations, and/or suggestions or process improvement.
The Committee may, at any time, report to the CEO any other matter it deems of sufficient importance to do so. In addition, at any time an individual Committee member may request a meeting with the CEO.
Administrative arrangements
Meetings
The Committee will meet at least four times per year. Special meeting(s) may be convened, at the Chair’s discretion, in consultation with the CEO, to discuss any matter deemed sufficiently significant. With the approval of the Chair, the Committee can also agree items out of session by email communication.
The Chair is required to call a meeting if asked to do so by the CEO, members of the Audit and Risk Committee, the internal auditor or the external auditor.
Meeting attendance by non-members
The AOFM Chief Financial Officer (CFO), internal auditor and external auditor may also attend and participate in meetings as observers at the invitation of the Chair. The committee may, at its discretion, deal with issues or agenda items with none, some or all invitees listed in this paragraph. The Committee may also ask such invitees to absent themselves from particular discussions.
The CEO may attend as an observer at their own discretion.
Planning
The Committee will develop a forward Work Plan that includes the dates, and proposed agenda items for each meeting for the forthcoming year, and that covers all the responsibilities outlined in this Charter.
Quorum
A quorum will consist of a majority of committee members. The quorum must always be in place during the meeting.
Secretariat
The Secretariat function is managed by the CRAO, assisted by the Assurance Unit. The Secretariat will:
-
ensure the agenda for each meeting is approved by the Chair;
-
ensure that the agenda and supporting papers are circulated, at least one week before the meeting;
-
ensure the minutes of the meetings are prepared and maintained; and
-
follow up on actions agreed during the meeting.
Minutes must be reviewed by the Chair and circulated in a timely manner to each member.
Conflicts of interest
On engagement, and once each year, members of the Committee will provide written declarations through the Chair, to the CEO declaring any real or apparent conflicts of interest they may have in relation to their responsibilities. Members should consider past employment, consultancy arrangements and related party issues in making these declarations and the CEO, in consultation with the Chair, should be satisfied that there are sufficient processes in place to manage any real or apparent conflict.
At the beginning of each Committee meeting, members are required to declare any real or apparent conflicts of interest that may apply to specific matters on the meeting agenda. Where required by the Chair, the member will be excused from the meeting or from the committee’s consideration of the relevant agenda item(s). The Chair is also responsible for deciding, in consultation with the CEO where appropriate, if they should excuse themselves from the meeting or from the Committee’s consideration of the relevant agenda item(s). Details of real or apparent conflicts of interest declared by the Chair and other members, and action taken, will be appropriately recorded in the minutes.
Induction
New members will receive relevant information and briefings on their appointment to assist them to meet their committee responsibilities.
Disclosure and use of information
Committee members must not use or disclose information obtained by the Committee except in meeting the Committee’s responsibilities, or unless expressly agreed by the CEO.
Review arrangements
The Chair of the Committee, in consultation with the CEO, will initiate a review of the performance of the Committee biennially against the charter and work plan. The review will be conducted on a self-assessment basis (unless otherwise determined by the CEO) with appropriate input sought from the CEO, Committee members, and any other relevant stakeholders, as determined by the CEO.
The Committee will review this Charter annually.
The CEO will approve this charter annually.