- Foreword and Introduction
- 1. Introduction
- 2. The Audit Committee’s functions and responsibilities
- 3. Membership of the Audit Committee
- 4. Relationships with key stakeholders
- 5. Conduct of the Audit Committee
- 6. Assessment of the Audit Committee’s performance
- Part 2
- Part 3
PDF of Checklists And Proforma [0.5MB]
Reviewing the effectiveness of how an entity is monitoring its compliance with relevant legislation, regulations and associated government policies is generally an established function of Audit Committees.
Entity compliance can be grouped into four broad categories:
- legislation and policy administered by the entity that it also needs to comply with;
- framework legislation and policy such as the FMA Act, the CAC Act and the Public Service Act 1999 and related policies;
- legislation and policy that has general application to the entity in areas such as security, occupational health and safety, privacy, and freedom of information; and
- international conventions.
Entities must comply with a considerable volume and complexity of legislation and policy. It would therefore be expected that Audit Committees will focus on those aspects that pose the highest risk to the entity, and on how the entity manages its compliance responsibilities.
An important responsibility of Audit Committees is reviewing the processes management has in place designed to ensure the entity is kept up to date with new legislation or changes to existing legislation relevant to the entity.
Audit Committee compliance with legislative and policy requirements
An Audit Committee’s responsibilities in relation to legislative and policy compliance would generally be to:
Appendix 2 details the legal status and legislative and policy requirements for Audit Committees.
Part 3 includes a committee and a management checklist in relation to compliance with legislative and policy requirements (pages 98 to 104).
In meeting their responsibilities, it is important that Audit Committees consider the implications of cross-agency governance arrangements.
These arrangements are becoming more common as governments address increasingly complex and/or wide-ranging policy and operational issues that involve more than one agency and/or jurisdiction. As a result, audit committees’ responsibilities increasingly involve consideration of such arrangements.
Where an entity’s activities involve cross-agency arrangements, it would be expected that they would require specific consideration when the Audit Committee is reviewing the entity’s risk management and control frameworks, legislative compliance, financial statement and other obligations.
In considering cross-agency issues, the Audit Committee should be cognisant of its general responsibility to ensure entity information and documents to which it has access remain confidential. Where there are benefits in sharing information with another entity, the Audit Committee should seek the authority of the Chief Executive/Board, if not already provided.
Better practice tip: Sharing information between Audit Committees
Where cross-agency arrangements exist, there may be benefit in sharing information between Audit Committees. Before doing this, it is important to obtain approval from the Chief Executive/Board to share information outside the entity.
Often cross-agency arrangements involve multiple legislative requirements, contracts, service-level agreements or memoranda of understanding with other entities, and can involve complex monitoring and reporting arrangements. Audit Committees should explicitly consider, in consultation with the Chief Executive/Board and other entities involved, the role they will play in providing assurance and advice on these arrangements. In considering their role, Audit Committees must recognise the likely additional time, effort and resources this may involve, and the impact on the committee’s work program and meeting schedule.
In particular, some cross-agency arrangements will be material in the context of the entity’s financial statements. In this case, the Audit Committee may be required to play a pivotal role in reviewing the mechanisms that provide the required assurance to the Chief Executive/Board.
External service provision
In a similar way to cross-agency arrangements, program and service delivery using external service providers can have important risk management, control, security, and accountability implications. Reviewing the legal and administrative arrangements in place to effectively manage external service providers can be part of an Audit Committee’s responsibilities.
Generally, as part of the committee’s internal control responsibilities, it would review whether management’s approach to maintaining an effective internal control framework, including over external parties such as contractors, is sound and effective.
. Chief Executives of FMA agencies are required to provide a Certificate of Compliance, in the form prescribed by the Department of Finance and Deregulation, to their portfolio minister and copied to the Finance Minister by 15 October each year. The Board of General Government Sector CAC authorities and wholly-owned companies are also required to provide a Compliance Report in the form prescribed by the Department of Finance and Deregulation, to the Secretary of Finance on behalf of the Finance Minister by the fifteenth day of the fourth month after the end of the financial year of the body. Although in most cases an entity’s financial statements will be signed before the deadline for the submission of an entity’s certificate of compliance, it would be expected that the Audit Committee will consider the entity’s compliance with relevant legislation and policies to assess the extent to which any non-compliance may affect the entity’s financial statements.
. In line with this convention, the Australian Parliament has enacted the Criminal Code Amendment (Bribery of Foreign Public Officials) Act 1999. It is recognised that this matter is likely to be low risk for many entities. The Institute of Chartered Accountants in Australia and PricewaterhouseCoopers’ Guide to Foreign Bribery and Corruption provides guidance to Audit Committees on meeting their responsibilities in this area.
. IThe Commonwealth Fraud Control Guidelines require Chief Executives of FMA agencies and certain CAC bodies to report annually to their minister on fraud risk and fraud control measures. The Australian Government Protective Security Policy Framework requires agencies and relevant CAC bodies to report compliance with the mandatory requirements of the Policy to the relevant portfolio minister.
Previous: Financial statements
Next: Internal Audit