AUDIT & RISK COMMITTEE CHARTER Rle and Respnsibilities The Bard f The Institute f Internal Auditrs Australia (IIA-Australia) has established a Bard Audit & Risk Cmmittee as part f its respnsibilities in relatin t the crprate gvernance f IIA-Australia. The Bard Audit & Risk Cmmittee is nt a plicy making bdy, but assists the Bard by implementing Bard plicy. The Cmmittee is t identify and versight the management f risks which relate t its wrk. Where management f risks is t a level that is nt cnsistent with the IIA-Australia s risk appetite, they shuld be escalated t the Bard. The bjectives f the Cmmittee include: assisting the Bard f Directrs in the gvernance f the IIA-Australia, and the exercising f due care, diligence and skill in relatin t: reprting f financial infrmatin t users f financial reprts; applicatin f accunting plicies; financial management; the internal cntrl system; the risk management system; the perfrmance management system; business plicies and practices; prtectin f the assets f the IIA-Australia; and cmpliance with applicable laws, regulatins, standards and best practice guidelines; imprving the credibility and bjectivity f the accuntability prcess, including financial reprting; verseeing the effectiveness f the internal and external audit functins and being a frum fr cmmunicatin between the Bard f Directrs and the internal and external auditrs; ensuring the independence f the external auditr; prviding a structured reprting line fr internal audit and mnitring the bjectivity and independence f the internal auditr; assuring the quality f internal and external reprting f financial and nnfinancial infrmatin; assuring the crrelatin between related financial and nn-financial infrmatin and reprts; ensuring an ethical culture has been embedded thrughut IIA-Australia; and May 2013; Amended May 2014; Amended Octber 2014; Amended May 2015; reviewed May 2016; Amended May 2017; Amended May 2018 Page 1
verseeing the risk prfile and recmmending the risk management framewrk f the IIA-Australia t the Bard 1. Respnsibilities are detailed in the attached Appendix. Cmmittee Membership The Audit & Risk Cmmittee is a cmmittee f the Bard. Cmmittee membership will be cmprised f bard members (tw) and apprpriately qualified external member/s. An external member may be a frmer member f the Bard. The Chair f the Bard may nt be a member f the Audit & Risk Cmmittee. At least ne member f the Audit & Risk Cmmittee will be a qualified accuntant hlding a current accunting certificatin (eg CPA r CA). Each Cmmittee member must be financially literate. The Cmmittee will cmprise five members. The Chair f the Audit & Risk Cmmittee is appinted by the Chairman f the Bard. All appintments t the Cmmittee including external members and the appintment f the Chair shall be apprved by the Bard. Members will be appinted t the Audit & Risk Cmmittee fr tw years, and can be reappinted. Membership f the Audit & Risk Cmmittee is t be cnfirmed annually by the Bard in alignment with the AGM. Terms f appintment t the Audit & Risk Cmmittee are t prvide fr bth cntinuity f membership and fresh perspective. Other persns may attend meetings f the Audit & Risk Cmmittee, by invitatin. Persns wh may usually be invited are: Chief Executive Officer; Finance Manager; Internal Audit prvider 2 ; and External audit prvider. These persns may take part in the business f and discussins at the meeting but have n vting rights. Cmmittee Meetings The Cmmittee will hld meetings at least three times each year and additinally as it cnsiders necessary at apprpriate pints in the audit cycles. The internal r external auditrs may request a meeting if they cnsider that ne is necessary. Such a request is t be met at the discretin f the Chair. 1 Supprted by the fllwing dcumentatin: IIA-Australia s Risk Management Plicy; Risk Management Framewrk; Risk Appetite Statement; Business Cntinuity Plan; Business Impact Analysis 2 See Page 8 f this dcument, Internal Audit Page 2
A qurum will number three. In the Chair s absence frm a meeting, the members f the Cmmittee present at the meeting will select a Chair fr that particular meeting. Meetings f the Cmmittee may be held face-t-face r thrugh any technlgical means by which members can participate in a discussin. The ntice and agenda f meeting will include relevant supprting papers as apprpriate. The Cmmittee may invite any such ther persns t attend as it sees fit, and cnsult with ther persns r seek any infrmatin it cnsiders necessary t fulfil its respnsibilities. The Audit & Risk Cmmittee members may meet separately with the external audit prvider and/r head f internal audit t discuss issues f mutual interest. Cnflict f Interest Cmmittee members will be invited t disclse cnflicts f interest at the cmmencement f each meeting. Onging cnflicts f interest need nt be declared at each meeting nce acknwledged. Where members r invitees at Audit & Risk Cmmittee meetings are deemed t have a real r perceived cnflict f interest, they will be excused frm Cmmittee discussins and deliberatins n the issue where a cnflict f interest exists. Authrity The Bard authrises the Audit & Risk Cmmittee, thrugh the Chair, t: seek any infrmatin it requires frm: any emplyee. All emplyees f the IIA-Australia are directed t cperate with any request made by the Audit & Risk Cmmittee, and external parties; btain utside legal r ther independent prfessinal advice with the agreement f the Executive Cmmittee. Secretariat Duties The Cmpany Secretary will fulfil the rle f Secretary t the Audit & Risk Cmmittee. The Secretary will assist the Chair develp and distribute cmmittee agendas, papers, minutes, and calendar. The Secretary will ensure the agenda and supprting papers fr each meeting are circulated at least ne week befre the meeting. Minutes must be apprved by the Chair and circulated within tw weeks f the meeting t each member. The minutes will be ratified by members in attendance/discussin and signed by the Cmmittee Chair. The Cmmittee Chair is t reprt t the Bard fllwing each meeting f the Cmmittee. The manner f reprting may be by distributin f a cpy f the minutes f the meeting supplemented by ther written infrmatin if necessary, including any recmmendatins requiring Bard actin and/r apprval. Page 3
The Cmmittee Chair is t prvide r facilitate the supply f infrmatin regarding the Audit & Risk Cmmittee which is t be included in the IIA-Australia Annual Reprt. Vting Any matters requiring a decisin will be decided by a majrity f vtes f members present. Audit & Risk Cmmittee Perfrmance and Review The Audit & Risk Cmmittee will review its perfrmance n an annual basis. This review may be cnducted as a self-assessment, and will be crdinated by the Chair. The assessment may seek input frm the Bard, Chief Executive Officer, and Head f Internal Audit and External Audit prvider. Training needs will be mnitred by the Chair. The Cmmittee will prvide an Annual Reprt cvering the previus year, including the results f the review f perfrmance, t the Bard at its March meeting. Charter Review The Cmmittee shuld review their charter annually t prvide assurance that it remains cnsistent with the Bard s bjectives and respnsibilities. The Bard apprves r further reviews the charter. Page 4
RESPONSIBILITIES OF THE AUDIT & RISK COMMITTEE APPENDIX External Reprting Cnsider the apprpriateness f the accunting plicies and principles adpted and any amendments theret, as well as the methds f applying thse plicies/principles, ensuring that they are in accrdance with the stated financial reprting framewrk; Assess significant estimates and judgements in financial reprts by enquiring f management abut the prcess used in making material estimates and judgements and then enquire f the internal and external auditrs the basis fr their cnclusins n the reasnableness f management's estimates; Assess management explanatins fr unusual transactins r significant variances frm prir year results r current year budget; Review management's prcesses fr ensuring and mnitring cmpliance with laws, regulatins and ther requirements (including Australian Accunting Standards and the Crpratins Act 2001) relating t the external reprting by the IIA-Australia f financial and nn-financial infrmatin; Assess infrmatin frm internal and external auditrs that affects the quality f financial reprts (eg. actual and ptential material audit adjustments, financial reprt disclsures, nn-cmpliance with the laws and regulatins, internal cntrl issues); Ask the external auditr fr an independent judgement abut the apprpriateness, nt just the acceptability, f the accunting principles used and the clarity f the financial disclsure practices used r prpsed t be used by the IIA-Australia as put frward by management; Assess the management f nn-financial infrmatin in dcuments (bth public and internal) t ensure the infrmatin des nt cnflict with the financial statements r ther dcuments. Assess internal cntrl systems cvering infrmatin releases that have the ptential t adversely reflect n the cnduct f the IIA-Australia; and Recmmend t the Bard whether the financial and nn-financial statements shuld be signed based n the Cmmittee's assessment f them. Related-Party Transactins Review and mnitr the prpriety f related-party transactins. Page 5
Crprate Gvernance Assist the Bard t ensure apprpriate crprate gvernance is in place. Assist the Bard by testing the reasnableness f the draft budget. Internal Cntrl and Risk Management Assess the internal prcesses fr determining and managing key risk areas, particularly: cmpliance with laws, regulatins, standards and best practice guidelines, including industrial relatins laws; imprtant judgements and accunting estimates; litigatin and claims; fraud and theft; and relevant business risks ther than thse that are dealt with by ther specific Bard Cmmittees; Based n the risk assessment undertaken ensure that the IIA-Australia has an effective risk management system and that significant r material risks identified by the Bard are reprted back at least annually t the Bard; recmmend the risk prfile and risk appetite f the IIA-Australia, fr apprval by the Bard; receive and review reprts frm management cncerning the IIA- Australia s risk management strategies; recmmend and versee the prcess develped by management t identify principal risks, evaluating their ptential impact, and implementing apprpriate strategies t manage thse risks; recmmend principles, strategies, plicies and prcesses fr managing risk; receive and review reprts frm management regarding reslutin f significant risk expsures and risk events; review and mnitr the risk implicatins f new and emerging risks, rganisatinal change, regulatry change and majr initiatives; prvide a frmal frum fr cmmunicatin between the Bard and senir management; Obtain and assess management reprts n any suspected r actual fraud, theft r breaches f laws, and recmmend apprpriate actins by the Bard; Address the effectiveness f the internal cntrl, risk management and perfrmance management systems with management and the internal and external audit prviders; Evaluate the prcess the IIA-Australia has in place fr assessing and cntinuusly imprving internal cntrls, particularly thse related t areas f significant risk; Page 6
Assess whether management has cntrls in place fr unusual types f transactins and/r any ptential transactins that may invlve an unacceptable degree f risk; Understand the prcesses management has implemented fr managing insurable risks and, if applicable, self-insurance, including assessing the adequacy f insurance cver; Assess the effectiveness f and cmpliance with the crprate cde f ethical cnduct; Meet peridically with key management, internal and external auditrs and cmpliance staff t understand and discuss the cntrl envirnment; Review the adequacy f peridical internal financial reprts; Review cmpliance with internal plicies, plans and prcedures; and Review the delegatins f the Bard and IIA-Australia staff members. Page 7
External Audit Make recmmendatins t the Bard n the appintment, remuneratin and mnitring f the effectiveness and independence f the external audit prvider; Review the external audit prvider s fee and be satisfied that an effective, cmprehensive and cmplete audit can be cnducted fr the set fee; At the start f each audit, agree the terms f the engagement with the external audit prvider. Review the external audit prvider s annual engagement letter; Invite the external audit prvider t attend Audit & Risk Cmmittee meetings t review the audit plan, discuss audit results, cnsider the implicatins f the external audit findings and therwise discuss management and the cntrl envirnment issues; Tgether with the external audit prvider, review the scpe f the external audit (particularly the identified risk areas) and any additinal agreed-upn prcedures n a regular and timely basis; Enquire f the external audit prvider if there have been any significant disagreements with management irrespective f whether r nt they have been reslved; Mnitr and critique management's respnsiveness t the external audit prvider s findings and recmmendatins; Review all representatin letters signed by management and ensure that the infrmatin prvided is cmplete and apprpriate; Prvide the pprtunity fr the Audit & Risk Cmmittee members t meet with the external audit prviders withut management persnnel being present at least nce a year; Review the external audit prviders independence based n the external auditr's relatinships and services with the IIA-Australia and ther rganisatins that may impair r appear t impair the external audit prvider s independence; and Advise the Bard n the rtatin f the external audit prvider at intervals f apprximately each five years r therwise as the need may arise. Page 8
Internal Audit Make recmmendatins t the Bard n the appintment, remuneratin, remval and mnitring f the effectiveness and independence f internal audit 3 ; Be satisfied that sufficient funds are available t enable an effective, cmprehensive and cmplete audit t be cnducted fr the areas identified fr internal audit review; Cmmunicate the Audit & Risk Cmmittee's expectatins t the internal auditr; Ensure the Head f Internal Audit reprts directly t the Audit & Risk Cmmittee; Review the internal auditr's missin, charter and resurcing (including qualificatins, skills, experience, funding and equipment); Review and apprve the scpe f the internal audit plan and wrk prgram; Mnitr the prgress f the internal audit plan and wrk prgram and cnsider the implicatins f internal audit findings fr the cntrl envirnment; Mnitr and assess management's respnsiveness t internal audit findings and recmmendatins; Evaluate the prcess the IIA-Australia has in place fr mnitring and assessing the effectiveness f the internal auditr; Ensure that the internal auditr and the external auditr prgrams are apprpriately crdinated t achieve maximum effectiveness; and avid duplicatin; and Prvide the pprtunity fr Audit & Risk Cmmittee members t meet with the internal auditr withut management persnnel being present at least nce a year. Cmpliance with Standards All activities and respnsibilities f the Cmmittee are t be perfrmed t the standards published by the IIA-Australia 4 r prescribed by the Bard; and relevant accunting and auditing standards. 3 A member f the IIA-Australia staff will be nminated as the Head f internal audit. Internal audit wrk will be prvided by cntractrs. 4 Audit cmmittees: A guide t gd practice. 3 rd editin AICD, AuASB, IIA Australia, 2017. Page 9