PART 2 Model Audit Committee charter—FMA entity [51]

Chief Executives and Audit Committees are encouraged to review their existing charters against this model taking into account each entity’s particular circumstances including the range of factors outlined in Part 3 of this Guide.

The Chief Executive has established the Audit Committee in compliance with section 46 of the Financial Management and Accountability Act 1997 (FMA Act) and Regulation 22C of the Financial Management and Accountability Regulations.

This charter sets out the committee’s objectives, authority, responsibilities, composition and tenure, reporting and administrative arrangements.

Objective

The objective of the committee is to provide independent assurance and assistance to the Chief Executive (and the Executive Board) on [the entity’s] risk, control and compliance framework, and its financial statement responsibilities.

Authority

The Chief Executive authorises the committee, within its responsibilities, to:

obtain any information it requires from any employee or external party (subject to any legal obligation to protect information);
discuss any matters with the external auditor, or other external parties (subject to confidentiality considerations);
request the attendance of any employee, including the Chief Executive, at committee meetings; and
obtain legal or other professional advice, as considered necessary to meet its responsibilities, at [the entity’s] expense to a preapproved limit of $XXX

Composition and tenure

The Audit Committee comprises [insert number or range] members, appointed by the Chief Executive. [52]

The Chief Executive will appoint the Chair of the committee.

The committee is authorised to appoint a Deputy Chair who will act as chair in the absence of the Chair.

The Chief Executive, Chief Financial Officer, Chief Information Officer, and Head of Internal Audit may attend meetings as observers, as determined by the Chair, but will not be members of the committee.

A representative of external audit will be invited to attend all meetings of the committee, as observer.

The members, taken collectively, will have a broad range of skills and experience relevant to the operations of [the entity]. At least one member of the committee will have accounting or related financial management experience with an understanding of accounting and auditing standards in a public sector environment.

Members will be appointed for an initial period not exceeding three years. Members may be re-appointed after a formal review of their performance, for a further period not exceeding two years, unless otherwise agreed following discussions with the Chair.

Responsibilities

Risk Management
review whether management has in place a current and comprehensive enterprise risk management framework and associated procedures for effective identification and management of the entity’s business and financial risks, including fraud; determine whether a sound and effective approach has been followed in managing the entity’s major risks including those associated with individual projects, program implementation, and activities [53]; assess the impact of the entity’s enterprise risk management framework on its control environment and insurance arrangements; determine whether a sound and effective approach has been followed in establishing [the entity’s] business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested; review the process of developing and implementing [the entity’s] fraud control arrangements and satisfy itself the entity has appropriate processes and systems in place to detect, capture and effectively respond to fraud-related information; and review reports on fraud from the entity’s Fraud Manager that outline any identified allegations of fraud, the status of any ongoing investigations and any changes to identified fraud risk in the entity.

Risk Management

review whether management has in place a current and comprehensive enterprise risk management framework and associated procedures for effective identification and management of the entity’s business and financial risks, including fraud;
determine whether a sound and effective approach has been followed in managing the entity’s major risks including those associated with individual projects, program implementation, and activities [53];
assess the impact of the entity’s enterprise risk management framework on its control environment and insurance arrangements;
determine whether a sound and effective approach has been followed in establishing [the entity’s] business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested;
review the process of developing and implementing [the entity’s] fraud control arrangements and satisfy itself the entity has appropriate processes and systems in place to detect, capture and effectively respond to fraud-related information; and
review reports on fraud from the entity’s Fraud Manager that outline any identified allegations of fraud, the status of any ongoing investigations and any changes to identified fraud risk in the entity.

Internal control
review whether management’s approach to maintaining an effective internal control framework, including over external parties such as contractors and advisers, is sound and effective; review whether management has in place relevant policies and procedures, including Chief Executive’s Instructions or their equivalent, and that these are periodically reviewed and updated; determine whether the appropriate processes are in place to assess, at least once a year, whether key policies and procedures are complied with; review whether appropriate policies and supporting procedures are in place for the management and exercise of delegations; consider how management identifies any required changes to the design or implementation of key internal controls; and assess whether management has taken steps to embed a culture that promotes the proper use [54] of Commonwealth resources and is committed to ethical and lawful behaviour.
Financial statements
satisfy itself about the adequacy of key internal controls and that the financial statements are supported by appropriate management sign-off; review the financial statements and provide advice to the Chief Executive; (including whether appropriate action has been taken in response to audit recommendations and adjustments) [55] and recommend their signing by the Chief Executive; and review the processes in place designed to ensure that financial information included in [the entity’s] annual report is consistent with the signed financial statements.
Legislative and policy compliance
review the effectiveness of the system for monitoring [the entity’s] compliance with those laws, regulations and associated government policies that the entity must comply with; review, where relevant, the entity’s compliance with International Conventions, particularly the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. determine whether management has appropriately considered legal and compliance risks as part of the entity’s enterprise risk management plan; and provide advice to the Chief Executive regarding the issue of the entity’s annual Compliance Report. [57]

Internal audit
act as a forum for communication between the Board, senior management and internal and external audit; review the proposed internal audit coverage, ensure the coverage is aligned with [the entity’s] key risks, and recommend approval of the Annual Work Plan by the Chief Executive;[58] advise the Chief Executive on the adequacy of internal audit resources to carry out its responsibilities, including completion of the approved internal audit work plan; coordinate, as far as practicable, audit programs conducted by internal audit and other review functions;[59] review all audit reports and provide advice to the Board on significant issues identified in audit reports and action to be taken on issues raised, including identification and dissemination of good practice;[60] monitor management’s implementation of internal audit recommendations; periodically review the internal audit charter to ensure appropriate authority, access and reporting arrangements are in place; periodically review the performance of internal audit; and provide advice to the Chief Executive on the appointment of the Head of Internal Audit (in the case of an in-house internal audit function) and/or recommend to the Chief Executive the appointment of the internal auditor where outsourced or co-sourced.
External audit
act as a conduit for communication between the Board, senior management and external audit [61]; provide input and feedback on financial statement and performance audit coverage proposed by external audit, and provide feedback on the audit services provided; review all external audit plans and reports [62] in respect of planned or completed audits and monitor management’s response and implementation of audit recommendations [63] ; and provide advice to the Chief Executive on action to be taken on significant issues raised in relevant external audit reports or better practice guides.
Governance arrangement
periodically review [the entity’s] governance arrangements or elements of the arrangements as determined by the Chief Executive and suggest improvements, where appropriate, to the Chief Executive .

Other responsibilities
Portfolio responsibilities: satisfy itself that appropriate mechanisms are in place for the portfolio Chief Executive to be informed of all significant issues within the portfolio that may affect the portfolio responsibilities of the Chief Executive. Parliamentary committee reports and external reviews satisfy itself that the entity has appropriate mechanisms in place to review and implement, where appropriate, relevant parliamentary committee reports and external reviews of the entity, and recommendations arising from these reports and reviews. Performance reporting framework satisfy itself that the entity has an appropriate performance reporting framework that meets government policy objectives and requirements and is linked to the entity’s objectives and outcomes.

Other responsibilities

Portfolio responsibilities:

satisfy itself that appropriate mechanisms are in place for the portfolio Chief Executive to be informed of all significant issues within the portfolio that may affect the portfolio responsibilities of the Chief Executive.

Parliamentary committee reports and external reviews

satisfy itself that the entity has appropriate mechanisms in place to review and implement, where appropriate, relevant parliamentary committee reports and external reviews of the entity, and recommendations arising from these reports and reviews.

Performance reporting framework

satisfy itself that the entity has an appropriate performance reporting framework that meets government policy objectives and requirements and is linked to the entity’s objectives and outcomes.

Sub-committees

The committee may establish one or more sub-committee/s to assist the full committee in meeting its responsibilities.

The responsibilities, membership and reporting arrangements for each sub-committee shall be documented and approved by the full committee. The committee stipulates that:

a member of the full committee is appointed as Chair of the sub–committee; the membership of sub–committees may extend beyond members of the full committee if additional expertise on particular matters is required;
minutes of all meetings of sub-committees are to be taken, distributed promptly to all members of the full committee, and tabled for discussion at the next full committee meeting; and
important issues that may require consideration by the full committee are brought to the attention of the Chair immediately following a sub-committee meeting so that the Chair is in a position to decide what action to take.

Audit Committee sub–committees should not assume any management functions nor should management exert inappropriate influence over the work of sub–committees.

Responsibilities of committee members

Members of the committee are expected to understand and observe the legal requirements of the FMA Act and regulations. Members are also expected to:

act in the best interests of the entity;
apply good analytical skills, objectivity and good judgment;
express opinions constructively and openly, raise issues that relate to the committee’s responsibilities and pursue independent lines of enquiry; and
contribute the time required to review the papers provided.

Reporting

The committee will as often as necessary, and at least once a year, report to the Chief Executive on its operation and activities during the year. The report should include:

a summary of the work the committee performed to discharge its responsibilities during the preceding year;
a summary of [the entity’s] progress in addressing the findings and recommendations made in internal and external audit and parliamentary committee reports;
an overall assessment of [the entity’s] risk, control and compliance framework, including details of any significant emerging risks or legislative changes impacting [the entity]; and
details of meetings, including the number of meetings held during the relevant period, and the number of meetings each member attended.

The committee may, at any time, report to the Chief Executive any other matter it deems of sufficient importance to do so. In addition, at any time an individual committee member may request a meeting with the Chief Executive .

Administrative arrangements

Meetings

The committee will meet at least four times per year. A special meeting may be held to review [the agency’s] annual financial statements.

The Chair is required to call a meeting if asked to do so by the Chief Executive , and decide if a meeting is required if requested by another member.

Planning

The committee will develop a forward meeting schedule that includes the dates, location, and proposed agenda items for each meeting for the forthcoming year, that cover all the responsibilities outlined in this charter.

Attendance at meetings and quorums

A quorum will consist of a majority of committee members. Where there is more than one external member on the committee, a quorum will include at least one external member.

Secretariat

The Chief Executive, in consultation with the committee, will appoint a person to provide secretariat support to the committee. The secretariat will: ensure the agenda for each meeting is approved by the Chair; the agenda and supporting papers are circulated, at least one week before the meeting; and ensure the minutes of the meetings are prepared and maintained. Minutes must be reviewed by the Chair and circulated within two weeks of the meeting to each member and committee observers, as appropriate.

Conflicts of interest

Once each year, members of the Audit Committee will provide written declarations to the Chair for provision to the Chief Executive declaring any potential or actual conflicts of interest they may have in relation to their responsibilities. External members should consider past employment, consultancy arrangements and related party issues in making these declarations and the Chair should be satisfied that there are sufficient processes in place to manage any real or perceived conflict.

At the beginning of each Audit Committee meeting, members are required to declare any potential or actual conflicts of interest that may apply to specific matters on the meeting agenda. Where required by the Chair, the member will be excused from the meeting or from the committee’s consideration of the relevant agenda item(s). Details of potential or actual conflicts of interest declared by members and action taken will be appropriately minuted.

Induction

New members will receive relevant information and briefings on their appointment to assist them to meet their committee responsibilities.

Assessment arrangements

The Chair of the Audit Committee, in consultation with the Chief Executive, will initiate a review of the performance of the committee at least once every two years. The review will be conducted on a self-assessment basis (unless otherwise determined by the Chief Executive) with appropriate input sought from the Chief Executive, committee members, senior management, the internal and external auditors, Chief Financial Officer, and any other relevant stakeholders, as determined by the Chief Executive.

The Chair will provide advice to the Chief Executive/Board on an external member’s performance where an extension of the member’s tenure is being considered.

Review of charter

At least once a year the committee will review this charter. This review will include consultation with the Chief Executive.

Any substantive changes to the charter will be recommended by the committee and formally approved by the Chief Executive.

Approved

[Signature]

Chief Executive

Date:

[51]. In entities subject to the FMA Act, responsibility and accountability for the entity generally rests with the Chief Executive. However, entities such as Prescribed Agencies under the FMA Act may have different governance structures depending on the entity’s particular enabling legislation or other instrument of appointment. These arrangements can include entities governed by a single chief executive or a chief executive together with a number of full or part-time appointees. The specific arrangements under which entities are constituted will, in turn, dictate their governance arrangements including the composition and membership of the Audit Committee

[52]. The Audit Committee may have a temporary increase in the number of members as a result of staggering the rotation of members.

[53]. In exercising these responsibilities in particular, it is important that the committee’s responsibilities be determined at the commencement of the program or activity, in consultation with those with line management responsibility for the program or activity.

[54].The FMA Act, s.44, Promoting proper use etc. of Commonwealth resources, states that: ‘A Chief Executive must manage the affairs of the Agency in a way that promotes proper use of the Commonwealth resources for which the Chief Executive is responsible’. Proper use is defined as: ‘efficient, effective, economical and ethical use that is not inconsistent with the policies of the Commonwealth’..

[55].The FMA Regulations require the Audit Committee to provide advice to the Chief Executive on the preparation and review of financial statements of the agency.
In line with this convention, the Australian Parliament has enacted the Criminal Code Amendment (Bribery of Foreign Public Officials) Act 1999.

[57]. Chief Executives of FMA agencies are required to provide an annual Certificate of Compliance to their portfolio minister and copied to the Minister for Finance and Deregulation, by 15 October each year.

[58]. FMA Regulation 22C requires the Audit Committee to advise the Chief Executive about the internal audit plans of the Agency.

[59]. FMA Regulation 22C requires the Audit Committee to coordinate, as far as practicable, the work programs relating to internal and external audit.

[60]. The FMA Regulations require the Audit Committee to review all audit reports involving matters of concern to senior management of the agency, including the identification and dissemination of good practices; and provide advice to the Chief Executive on action to be taken on matters of concern raised in a report of the internal auditors or in a report of the Auditor-General concerning the agency.

[61]. See s46(1)(b) of the FMA Act.

[62]. This should include being advised of the implications for the entity of audit recommendations and guidance arising from such things as cross-agency audits and better practice guides.

[63]. FMA Regulation 22C requires the Audit Committee to review all audit reports involving matters of concern to senior management of the agency, including the identification and dissemination of good practices.

Previous: Appendix 3: Example of an assurance map for Audit Committee use

Next: Model Audit Committee charter—CAC entity