- Foreword and Introduction
- 1. Introduction
- 2. The Audit Committee's functions and responsibilities
- 3. Membership of the Audit Committee
- 4. Relationships with key stakeholders
- 5. Conduct of the Audit Committee
- 6. Assessment of the Audit Committee's performance
- Part 2
- Part 3
PDF of Checklists And Proforma [0.5MB]
Risk management is the culture, processes and structures that are directed towards realising potential opportunities while managing adverse effects. Risk management is an essential part of effective corporate governance. Although ultimate accountability for the management of risk remains with the Chief Executive/Board, the Chief Executive/Board will generally seek assurance from the Audit Committee that management has in place policies and arrangements designed to demonstrate that the operation of an entity's risk management arrangements are appropriate and operationally effective. This assurance role can extend to assisting the overall alignment and integration of risk management plans and the integration of risk management into business planning and program implementation activities. Better practice committees will also generally have a key role in providing assurance that management has in place effective risk management practices when implementing high risk projects, programs and/or activities.
Better practice tip: Audit Committee’s risk management responsibilities
For the Audit Committee to effectively meet its risk management responsibilities, it is important that the committee fully understands the:
- Chief Executive/Board's approach and attitude to the management of risks by the entity, including the entity's assessment of risks; and
- arrangements in place for the management of its risks, particularly the entity's highest risks.
Where the Chief Executive/Board agrees that the Audit Committee will have an assurance role in relation to individual projects, programs or activities, it is important that the committee’s role is formalised and included in the governance arrangements for the project, program or activity.
Review of an entity's management of fraud risks is generally undertaken as an integral part of an Audit Committee's risk management responsibilities. An Audit Committee can play a key role in securing awareness that fraud control interacts and links with other governance frameworks across the entity.  This is consistent with the Commonwealth Fraud Control Guidelines, which indicate that Â‘Fraud risk should not be looked at in isolation from the general business of the agency but should be considered as an aspect of the agency's broader risk assessment processes, including the agency's security risk assessment.'
Audit Committee risk management responsibilities
An Audit Committee’s responsibilities in relation to risk management would generally be to:
Part 3 includes committee and management checklists in relation to risk management fraud control (pages 77 to 84).
Standards Australia AS/NZS ISO 3100:2009 Risk Management – Principles and Guidelines, 16 October 2009. Available at <http://infostore.saiglobal.com/store>.
ANAO Better Practice Guide Fraud Control in Australian Government Entities, 2011, Section 3.4.1.
Commonwealth Fraud Control Guidelines, Attorney General’s Department, Canberra 2011, para 6.2.
AS/NZS ISO 3100:2009 Risk Management – Principles and Guidelines defines a risk management framework as ‘a set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation.’.
In exercising these responsibilities in particular, it is important that the committee’s responsibilities be determined at the commencement of the program or activity, in consultation with those with line management responsibility for the program or activity
Previous: The Audit Committee's functions and responsibilities
Next: Internal control