The Board of ANSTO has established the Risk & Audit Committee in compliance with section 32 of the Commonwealth Authorities and Companies Act 1997. This charter sets out the Committee’s objectives, authority, composition and tenure, roles and responsibilities, reporting and administrative arrangements.
The objective of the Committee is to provide independent assurance and assistance to the Board on ANSTO’s risk, control and compliance framework, and its external accountability responsibilities.
The Board authorises the Committee, within the scope of its role and responsibilities, to:
- Obtain any information it needs from any employee and/or external party (subject to their legal obligation to protect information)
- Discuss any matters with the external auditor, or other external parties (subject to confidentiality considerations)
- Request the attendance of any employee, including directors, at Committee meetings
- Obtain external legal or other professional advice, as considered necessary to meet its responsibilities, at ANSTO’s expense
Composition and tenure
The Board is responsible for the appointment of Committee members. The Committee will consist of at least three members drawn from the Board.1 The Board will appoint a non-executive member as Chair of the Committee and the Chair will rotate every three years.2
Members will be appointed for an initial period not exceeding three years after which they will be eligible for extension or re-appointment, after a formal review of their performance. The Chief Executive Officer, Chief Finance Officer, the Head of Internal Audit or representatives from ANSTO management will not be members of the Committee, but may attend all or part of meetings as observers as invited by the Chair.
The members, taken collectively, will have a broad range of skills and experience in audit and risk management relevant to the operations of ANSTO. At least one member of the Committee should have accounting or related financial management experience with an understanding of accounting and auditing standards in a public sector environment.
Roles and responsibilities
The Committee has no executive powers, unless delegated to it by the Board.
The Committee is directly responsible and accountable to the Board for the exercise of its responsibilities. In carrying out its responsibilities, the Committee must at all times recognise that primary responsibility for management of ANSTO rests with the Chief Executive Officer.
The responsibilities of the Committee may be revised or expanded in consultation with, or as requested by, the Board from time to time.
The Committee’s responsibilities3 are to:
- Review whether management has in place a current and comprehensive risk management framework, and associated procedures for effective identification and management of ANSTO’s financial and business risks, including fraud
- Review whether a sound and effective approach has been followed in developing strategic risk management plans for major projects or undertakings
- Review the impact of ANSTO’s risk management framework on its control environment and insurance arrangements
- Receive at the close of each financial year, a comprehensive report from the Chief Financial Officer detailing ANSTO’s insurance arrangements, the extent of coverage of specific risk exposures and claims made and pending during the period
- Review whether a sound and effective approach has been followed in establishing ANSTO’s business continuity planning arrangements, including whether disaster recovery plans have been tested periodically
- Review ANSTO’s fraud and corruption control plan and public interest disclosure framework and satisfy itself ANSTO has appropriate processes and systems in place to capture and effectively investigate fraud and corruption related information
- Review whether management’s approach to maintaining an effective internal control framework, including over external parties such as contractors and advisors, is sound and effective4
- Review whether management has in place relevant policies and procedures, including Chief Executive Instructions or their equivalent, and that these are periodically reviewed and updated prior to their submission to the Board for approval
- Determine whether the appropriate processes are in place to assess, at least once a year, whether policies and procedures are complied with
- Review whether appropriate policies and procedures are in place for the management and exercise of delegations and whether there are any major financial transactions outside normal business and/or in excess of authorities
- Consider how management identifies any required changes to the design or implementation of internal controls
- Review whether management has taken steps to embed a culture which is committed to ethical and lawful behaviour including regularly reviewing the corporate code of ethics prior to submission to the Board for approval
- Review whether proper systems are in place for approval of any related party transactions or management of any conflicts of interests concerning employees
- Review the financial statements and provide advice to the Board (including whether appropriate action has been taken in response to audit recommendations and adjustments), and recommend their signing by the Chair of the Board
- Satisfy itself that the financial statements are supported by appropriate management signoff on the statements and on the adequacy of the systems of internal controls
- Review the processes in place designed to ensure that financial information included in ANSTO’s annual report is consistent with the signed financial statements
- Satisfy itself that ANSTO has appropriate mechanisms in place to review and implement, where appropriate, relevant Parliamentary Committee reports and recommendations
- Satisfy itself that ANSTO has a performance management framework that is linked to organisational objectives and outcomes5
- Determine whether management has appropriately considered legal and compliance risks as part of ANSTO’s risk assessment and management arrangements
- Receive and consider at the close of each financial year, a report from the ANSTO Legal Counsel, detailing all outstanding significant legal issues for ANSTO
- Review the effectiveness of the system for monitoring ANSTO’s compliance with relevant laws, regulations and associated government policies.
- Act as a forum for communication between the Board, senior management and internal and external audit6
- Review the internal audit coverage and annual work plan, ensure the plan is based on ANSTO’s risk management plan, and approve the scope and approach of the plan; advise the Board on the adequacy of internal audit resources to carry out its responsibilities, including completion of the approved internal audit plan
- Oversee the coordination of audit programs conducted by internal and external audit and other review functions
- Review all audit reports and provide advice to the Board on significant issues identified in audit reports and action taken on issues raised, including identification and dissemination of good practice
- Monitor management’s implementation of internal audit recommendations
- Review the internal audit charter to ensure appropriate organisational structures, authority, access and reporting arrangements are in place
- Periodically review the performance of internal audit
- Provide advice to the Board on the appointment or cessation of the Head of internal audit7
- Act as a forum for communication between the Board, senior management and internal and external audit
- Provide input and feedback on the financial statement and performance audit coverage proposed by external audit and provide feedback on the audit services provided
- Review all external plans and report8 in respect of planned or completed audits and monitor management’s implementation of audit recommendations
- Provide advice to the Board on action taken on significant issues raised in relevant external audit reports and better practice guides
Responsibilities of members
Members of the Committee are expected to understand and observe the legal requirements of the CAC Act. Members are also expected to:
- Contribute the time needed to study and understand the papers provided
- Apply good analytical skills, objectivity and good judgment
- Express opinions frankly, ask questions that go to the fundamental core of the issue and pursue independent lines of enquiry
The Committee will regularly, but at least once a year, report to the Board on its operation and activities during the year. The report should include:
- A summary of the work the Committee performed to fully discharge its responsibilities during the preceding year
- A summary of ANSTO’s progress in addressing the findings and recommendations made in internal, external and Parliamentary Committee reports
- An overall assessment of ANSTO’s risk, control and compliance framework, including details of any significant emerging risks or legislative changes impacting ANSTO
- Details of meetings, including the number of meetings held during the relevant period, and the number of meetings each member attended
The Committee may, at any time, report to the Board any other matter it deems of sufficient importance to do so. In addition, at any time an individual Committee member may request a meeting with the Chair of the Board.
The Committee will meet at least four times per year. A special meeting may be held to review ANSTO’s annual financial statements. The Chair is required to call a meeting if asked to do so by the Board, or another Committee member.
Attendance at meetings and quorums
A quorum will consist of a majority of Committee members. Meetings can be held in person, by telephone or by video conference.
The Head of Internal Audit and external audit representatives will be invited to attend each meeting, unless requested not to do so by the Chair of the Committee. The Committee may also request the Chief Finance Officer or other employees to attend Committee meetings or participate in certain agenda items.
The Committee will meet separately with both the internal and external auditors at least once a year.
The Chair of the Board and/or the Chief Executive Officer may be invited to attend Committee meetings to participate in specific discussions or provide strategic briefings to the Committee.
A Board-appointed person will provide secretariat support to the Committee. The Secretariat will ensure the agenda for each meeting and supporting papers are circulated, after approval from the Chair, at least one week before the meeting, and ensure the minutes of the meetings are prepared and maintained. Minutes must be approved by the Chair and circulated within two weeks of the meeting to each member and Committee observers, as appropriate.
Conflicts of interest
Once a year Risk & Audit Committee members will provide written declarations to the Board stating they do not have any conflicts of interest or related party transactions that would preclude them from being members of the Committee.
Risk & Audit Committee members must declare any conflicts of interest at the start of each meeting or before discussion of the relevant agenda item or topic. Details of any conflicts of interest should be appropriately minuted.
Where members or observers at Risk & Audit Committee meetings are deemed to have a real, or perceived, conflict of interest it may be appropriate that they are excused from Committee deliberations on the issue where a conflict of interest exists.
New members will receive relevant information and briefings on their appointment to assist them to meet their Committee responsibilities.
The Chair of the Committee, in consultation with the Chair of the Board, will initiate a review of the performance of the Committee at least once every two years. The review will be conducted on a self-assessment basis (unless otherwise determined by the Board) with appropriate input sought from the Board, the Chief Executive Officer, the internal and external auditors, management and any other relevant stakeholders, as determined by the Board.
Review of Charter
At least once a year the Committee will review this charter and the Internal Audit Charter. This review will include consultation with the Board.
Any substantive changes to the charter will be recommended by the Committee and formally approved by the Board.
The Chair shall keep the Board informed of the Committee’s activities by providing each Board member with a full set of Risk & Audit Committee papers (in advance) for each Board meeting that directly follows the Risk & Audit Committee meeting, together with a verbal report on those matters specially drawn to the Board’s notice at the Board meeting.
The Chair shall also arrange for prompt circulation to each member of the Board a copy of the approved minutes of the Committee’s meetings.
At least once a year the Chair shall provide a formal report to the Board, to coincide with the submission of the annual financial statements for the approval of the Board.
Approved by the ANSTO Board on 4 August 2011
- The Board may elect to stagger the rotation of members. If so, the Audit Committee may have a temporary increase in the number of members until the transition process has been completed.
- The Board may also wish to appoint a Deputy Chair to act as Chair when the Chair is unavailable to attend meetings.
- The Audit Committee’s responsibilities will be affected by whether the entity has established a separate Committee to undertake particular responsibilities, for example a risk or fraud Committee. In such cases it would be appropriate for the Audit Committee to confirm the responsibilities of the other Committees and periodically share current and relevant information between each Committee.
- The Sarbanes-Oxley Act of 2002 requires the Chief Executive Officer and Chief Finance Officers in public companies listed in the United States to provide formal certification as to the effectiveness of the internal control framework over financial reporting. This practice could be adopted by Australian Government public sector Audit Committees in discharging their responsibilities in respect of an entity’s control framework.
- It is recognised that in some entities this role is undertaken by the Board.
- Section 32 of the CAC Act requires Audit Committees in CAC entities to provide a forum for communication between the directors, and the entity’s senior managers and internal and external auditors.
- Amend as appropriate depending on whether internal audit services are in-house, co-sourced or outsourced.
- This should include being advised of the implications for the entity of audit recommendations and guidance arising from such things as cross-agency audits and better practice guides.