Audit Committee Charter
Pursuant to section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule),the Audit Committee will provide independent adviceto the CEO on the appropriateness of the AOFM’s: financial and performance reporting; risk oversight and management;internal control environment; and governance arrangements (including code of conduct).
The committee is not responsible for the executive management of these functions.
Exclusions from Audit Committee Remit
Responsibility for approving detailed debt management, investment and financial risk policies rests with the Secretary to the Treasury. The Secretary’s responsibilities include setting policy and operational limits with respect to credit, interest rate and liquidity risk. The committee should not overlap with the policy role of the Secretary.
The CEO authorises the committee, consistent with its Responsibilities and Functions, to obtain information from, hold discussions with, or request presentations by any official, external party or the external auditors, as it deems necessary to fulfil its objective. Any requests are to be done subject to appropriate legal and confidentiality considerations. The AOFM will meet reasonable expenditure in relation to legal or professional advice, provided the Committee first consults with the Chief Risk and Assurance Officer (CRAO) on the level of anticipated expenditure. The committee Chair may directly access the Secretary to the Treasury on any audit matter judged to be of sufficient concern.
The Audit Committee will comprise four members, appointed by the CEO. Membership of the committee is to include:
• Three external members with relevant skills and experience, one of whom must be the Chair; and
• An internal member from the AOFM,having experience relevant to assist the business of the committee.
The members, taken collectively, will have a broad range of skills and experience relevant to the operations of the AOFM. The Audit Committee should comprise of members who collectively possess:
• Accounting or related financial management experience;
• Risk and performance management experience; and
• Financial markets experience.
Composition of the committee will be reviewed tri-annually by the CEO to ensure the appropriate balance of skills, knowledge and experience.
The Chair is authorised to appoint a Deputy Chair, who will act as chair when required. The Deputy Chair must be an external member.
External members shall be appointed for an initial term of three (3) years. Members may be reappointed for further periods, at the discretion of the CEO.
The internal member will remain a member of the Audit Committee until otherwise instructed by the CEO.
Individual responsibilities of Audit Committee members
Members of the committee are expected to understand and observe the legal requirements of the PGPA Act and Rule. Members are also expected to:
• Have a sound understanding of the AOFM’s functions, objectives and operational context;
• Act in the best interests of the AOFM;
• Apply objectivity, sound analytical skills, and sound judgment in meeting the committee’s objective;
• Express opinions constructively and openly, raise issues that relate to the committee’s responsibilities and pursue independent lines of enquiry; and
• Contribute the time required to consider adequately the papers provided.
Responsibilities and functions
• Review the appropriateness of the financial statements and provide advice to the Chief Executive Officer on matters including compliance with the PGPA Framework and Accounting standards.
• Review whether there is a current and comprehensive financial reporting framework and associated procedures for effective internal control (including appropriate management sign-offs), management responses to audit recommendations and adjustments, and compliance with relevant accounting standards, laws or regulations; and
• Review the annual financial statements and recommend signing of the financial statements by the CEO.
• Satisfy itself that the approach to measuring performance covers the whole performance reporting life cycle and sufficiently addresses the AOFM’s performance measurement and assessment, and that the approach to this is sound and has taken into account guidance issued by the Department of Finance and the ANAO;
• Consider the appropriateness,with reference to the Commonwealth’s performance reporting framework, of the processes that the AOFM has in place for the preparation of its annual Performance Statement and the inclusion of the Statement in its annual report; and
• Satisfy itself that the AOFM has sound processes in place to ensure that the AOFM’s proposed Performance Statement is not inconsistent with its financial information, including the financial statements.
• Provide advice to the CEO about the appropriateness of the AOFM’s performance information.
System of risk oversight and management
• Satisfy itself as to whether management has in place a current and comprehensive Enterprise Risk Management (ERM) framework and that this is consistent with the committee’s understanding of the AOFM’s operating context and the Commonwealth Risk Management Policy;
• Determine whether the ERM framework (or an alternative sound and effective approach) has been utilised in managing the AOFM’s major risks and identifying the prospect of emerging risks, including those associated with individual projects, program implementation, legal obligations and other business process activities;
• Determine whether a sound and effective approach has been followed in establishing the AOFM’s business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested;
• Consider the impact of the entity’s culture and performance management on risk management outcomes (and internal control); and
• Review the adequacy and performance of the AOFM’s fraud control arrangements and enquire of management, the internal auditor and the external auditor whether they are aware of any actual, suspected or alleged fraud or corruption affecting the entity and how they responded to such instances.
System of internal control Internal control framework
• Provide advice to the CEO on the adequacy and effectiveness of the internal control framework.
• Review whether AOFM’s approach to maintaining an effective internal control framework is sound and effective, including for critical business processes, contract management, business continuity, delegations, and lawful conduct;
• Review the AOFM’s assurance map and strategy to assess whether planned assurance activities provide sufficient comfort that key obligations,policies and procedures are complied with, and to identify gaps or inefficiencies in assurance activities; and
• Review the adequacy and performance of the AOFM’s protective security arrangements (Governance, Information Security, Physical Security and Personnel Security).
Legislative and policy compliance
• Review the effectiveness of the AOFM’s systems for monitoring compliance and other assurance activities with regard to relevant laws, regulations and associated government policies; and
• Review reports on compliance from the AOFM’s Assurance Manager regarding breaches of legislative or policy compliance, the status of any ongoing remedial activities and any changes to risks of the AOFM.
Internal audit coverage
• Review the proposed internal audit coverage regarding its alignment with the AOFM’s key risks, and recommend approval of the Annual Work Plan by the CEO;
• Provide advice to the CEO on the allocation of internal audit resources (topics) either through review of the annual internal audit plan and/or requests for specific topics.
• Review all audit reports and provide advice to the CEO on significant issues identified in audit reports and action to be taken on issues raised;
• Monitor management’s implementation of internal audit recommendations;
• Review internal audit’s annual report on the overall state of the AOFM’s internal controls;
• Periodically review the internal audit charter to ensure appropriate authority, access and reporting arrangements are in place; • Annually review the performance of internal audit; and
• Meet privately with Internal Audit at least once per year.
External audit coverage
• Review all external audit plans and reports in respect of planned or completed audits;
• Monitor management’s response to and implementation of audit recommendations;
• Provide advice to the CEO on action to be taken on significant issues raised in relevant external audit reports; and
• Meet privately with External Audit at least once per year.
The committee will report to the CEO annually on its operation and activities during the year to confirm to the CEO that all responsibilities and functions outlined in this charter have been satisfactorily addressed. This will be in the form of an annual written statement outlining the committee’s view of the appropriateness of the AOFM’s financial reporting, performance reporting, system of internal control and risk oversight and management, with reference to the responsibilities and functions outlined in this charter. The committee may, at any time, report to the CEO any other matter it deems of sufficient importance to do so. In addition, at any time an individual committee member may request a meeting with the CEO.
The committee will meet at least four times per year. Special meeting(s) may be convened, at the Chair’s discretion, in consultation with the CEO,to discuss any matter deemed sufficiently significant. The Chair is required to call a meeting if asked to do so by the CEO or members of the Audit Committee.
Meeting attendance by non-members
The AOFM Chief Financial Officer (CFO), internal auditor and external auditor may also attend and participate in meetings as observers at the invitation of the Chair. The committee may, at its discretion, deal with particular issues or agenda items with none, some or all of the invitees listed in this paragraph. The committee may also ask such invitees to absent themselves from particular discussions.
The CEO may attend as an observer at his/her own discretion.
The committee will develop a forward Work Plan that includes the dates, and proposed agenda items for each meeting for the forthcoming year, and that covers all the responsibilities outlined in this charter. Quorum A quorum will consist of three committee members.The quorum must be in place at all times during the meeting.
The Secretariat function is managed by the CRAO, assisted by the Assurance Unit.
The Secretariat will:
• ensure the agenda for each meeting is approved by the CEO and Chair;
• ensure that the agenda and supporting papers are circulated, at least one week before the meeting;
• ensure the minutes of the meetings are prepared and maintained; and
• follow up on actions agreed during the meeting.
Minutes must be reviewed by the Chair and circulated in a timely manner to each member.
Conflicts of interest
Once each year at the last audit committee meeting of the calendar year, members of the committee will provide written declarations through the Chair,to the CEO declaring any potential or actual conflicts of interest they may have in relation to their responsibilities. External members should consider past employment, consultancy arrangements and related party issues in making these declarations and the CEO, in consultation with the Chair, should be satisfied that there are sufficient processes in place to manage any real or perceived conflict.
At the beginning of each committee meeting, members are required to declare any potential or actual conflicts of interest that may apply to specific matters on the meeting agenda. Where required by the Chair, the member will be excused from the meeting or from the committee’s consideration of the relevant agenda item(s). Details of potential or actual conflicts of interest declared by members and action taken will be appropriately minuted.
New members will receive relevant information and briefings on their appointment to assist them to meet their committee responsibilities.
The Chair of the committee, in consultation with the CEO, will initiate a review of the performance of the committee biennially. The review will be conducted on a self-assessment basis (unless otherwise determined by the CEO) with appropriate input sought from the CEO, committee members, and any other relevant stakeholders, as determined by the CEO.
Review of charter
The committee will review this charter at least once per financial year. This review will include consultation with the CEO. Any substantive changes to the charter will be recommended by the committee and formally approved by the CEO.