Audit, Risk & Cmpliance Cmmittee Charter Objective and rle f the cmmittee The bjective f the Cmmittee is t assist the Bard f Directrs t discharge its crprate gvernance respnsibilities t exercise due care, diligence and skill in relatin t the Cmpany s: > achievement f crprate gals within an apprpriate framewrk f internal cntrl and risk management; > reprting f financial infrmatin t users f financial reprts; > applicatin f accunting plicies; > maintenance f the independence f the cmpany s auditrs; > financial management; > internal cntrl system; > risk management & analysis; > business plicies and practices; > cmpliance with the Cmpany s cnstitutinal dcumentatin and material cntracts; > cmpliance with statutry ccupatinal health and safety laws and regulatins; > cmpliance with applicable laws and regulatins; and > mnitring and cntrlling f business and ther risk. Cardn has adpted the cncept f three lines f defence as part f its gvernance and risk management framewrk. The three lines f defence are as fllws: > Cardn s frnt line senir management frm the cmpany s varius divisins (cllectively the Operatinal Risk and Cmpliance Cmmittee (ORMC)) has the principal respnsibility fr the management f risk and implementing effective Gvernance, Risk Management and Cmpliance Framewrk (GRC) (First Line f Defence); > Cardn s Risk, Legal and Tax functins are respnsible fr facilitating the effective identificatin, assessment, management, reprting and mnitring f risk (Secnd Line f Defence); and > Internal Audit is respnsible fr prviding versight and review f the implementatin f cntrls t identify, manage, reprt and mnitr risk (Third Line f Defence). The Cmmittee des nt replace r replicate established management respnsibilities and delegatins r the reprting lines and respnsibilities f internal audit r external audit functins. 1
Accrdingly, its rle is t: > serve as an independent and bjective party t review the financial infrmatin presented by management t the Bard and the general public; > ensure implementatin and management f an Enterprise Wide Risk Management system; > ensure identificatin, assessment and management f Cardn s significant risks; > serve as an independent and bjective party t review the efficiency and effectiveness f the infrmatin presented by management t the Bard cncerning risk management, quality management, and ccupatinal health & safety; > versee and appraise the quality f audits cnducted by the Cmpany s internal and external auditrs; > advise the Bard f pssible cnflict f interest and/r lss f independence by the Cmpany s internal and external auditrs in respect f wrk prpsed t be undertaken by the auditrs > maintain, by scheduling regular meetings, pen lines f cmmunicatin amng the Bard and the internal and external auditrs t exchange views and infrmatin, as well as cnfirm their respective authrity and respnsibilities; and > determine the efficiency and effectiveness f administrative perating and accunting cntrls used by the cmpany. Membership The Cmmittee will be appinted by the Bard and shall cnsist f at least three members. In this regard: > majrity f members will be nn-executive Directrs f the Bard; > the Bard shall appint the Chairman f the Cmmittee; > the qurum fr meetings f the Cmmittee shall be the majrity f members; > the Chief Executive Officer and Chief Financial Officer will attend by invitatin; and > the Cmpany Secretary r Grup Internal Audit & Risk Manager will act as Secretary t the Cmmittee. Duties and respnsibilities The Cmmittee shall cnsider any matters relating t the financial affairs f the Cmpany and t the internal and external audit that it determines t be desirable. In additin, the Cmmittee shall examine any ther matters referred t it by the Bard. The main duties and respnsibilities f the Cmmittee are as fllws. 1. Financial Integrity The Cmmittee will: > Assess and enhance the adequacy and effectiveness f Cardn s systems f internal cntrl surrunding key financial and peratinal prcesses by: 2
cnsidering the reprts and recmmendatins f internal and external audit; cnsidering the infrmatin prvided by management; mnitring the implementatin f agreed recmmendatins in respect f internal cntrls; and cnsidering any ther infrmatin requested by, r prvided t, the Cmmittee. > Review the draft annual and half-yearly financial statements f the Cmpany prir t apprval by the Bard, fcusing in particular n: whether they are cmplete and cnsistent with infrmatin knwn t Cmmittee members abut Cardn; ensuring that all disclsures by Cardn are adequate; whether the financial statements reflect apprpriate accunting principles and significant changes in accunting plicies and practices; majr judgment areas that need t be reslved (e.g. valuatin f fixed assets, impaired lans, nature f prvisins and reserves etc.); cmplex and/r unusual transactins; prpsed departures frm accunting standards r ther reprting requirements; and significant audit adjustments and audit qualificatins t accunts. 2. Statutry/Cmpliance The Cmmittee will: Ensure cmpliance with statutry requirements fr financial reprting; > Review the adequacy and effectiveness f Cardn s system fr mnitring cmpliance with laws, regulatins and Cardn s wn plicies and prcedures in relatin t key financial and peratinal cntrls and prcesses; > Cnsider the effects n the Cmpany f any new r prpsed accunting practices, principles, develpments, disclsure requirements and legislative r regulatry prnuncements; > Obtain regular updates frm management and Cardn s senir legal cunsel regarding such cmpliance matters; and > Keep itself apprised f the latest develpments, plicies and trends in relatin t financial matters, rules and regulatins, insfar as they may affect Cardn r the markets in which Cardn des business. 3. Evaluatin f Plicies and Cntrls The Cmmittee will: > Evaluate the adequacy and integrity f the accunting cntrl system by reviewing written reprts frm the internal and external auditrs and mnitring Management s respnses and actins t crrect any nted deficiencies; and 3
> Evaluate the adequacy and effectiveness f the Cmpany s administrative, perating and accunting plicies thrugh active cmmunicatin with perating management and the internal and external auditrs. 4. Audit Effectiveness The Cmmittee will: > Recmmend t the Bard the appintment f external auditrs and the payment f annual fees; > Cmmunicate the Cmmittee's expectatins t bth the internal auditr and the external auditr; > Review the audit plans f the internal and external auditrs; > Agree and peridically review the internal auditr's verall audit apprach and plan, its audit apprach in risk areas and its planned c-rdinatin with the external auditr, having regard t Cardn s risks; > Evaluate the verall effectiveness f the internal and external auditrs thrugh regular meetings with them; and > Ensure that n management restrictins are being placed n the internal and external auditrs. 5. Independence f External Auditrs The Cmpany must cmply with the requirements f the Crpratins Act 2001 in respect f the independence f its external auditrs, wh are appinted as the result f a cmpetitive tender prcess. T maintain the independence f its external audit functin the cmpany requires that its external auditrs cmply with the requirements f Accunting Prfessinal and Ethical Standards Bard APES 110 - Cde f Ethics fr Prfessinal accuntants. A frmal declaratin f independence will be btained frm the external auditr n a bi-annual basis. This declaratin shuld cnfirm that the auditr is independent, bth in appearance and in fact, and has n cnflict f interest situatin, and that there is nthing t the auditr's knwledge that culd cmprmise independence. In accrdance with the Crpratins Act, the external auditr is required t rtate the lead partner and the review partner s that neither rle is perfrmed by the same partner fr mre than five years, r mre than five years ut f seven successive years. The Cmpany must nt engage its external auditrs fr any prject that wuld put the firm in the psitin f auditing its wn wrk r that wuld therwise be inapprpriate fr a firm expected t exercise fully bjective and impartial judgment. It fllws then that the fllwing types f services by the Cmpany s external auditrs are prhibited; > Bkkeeping and related services; > Appraisal r valuatin services that invlves the valuatin f matters material t the financial reprts and the valuatin invlves a significant degree f subjectivity; > Management services f a decisin-making, supervisry r prlnged (nging) mnitring nature; > Brker-dealer services; 4
> Legal services that are dealing with issues that culd have a material impact n the financial statements; > Tax advice; > M&A; and > Any wrk that wuld cmprmise independence in perfrming their External Audit bligatins. The Cmpany s external auditrs are nt prhibited frm evaluating and making recmmendatins abut cntrl in its audit rle. Any prpsal t engage the Cmpany s external auditrs fr nn-audit services requires pre apprval by the Cmmittee where the fees are expected t exceed $10,000. An update f any nn-audit services will be prvided at each Cmmittee meeting. A full analysis f the ttal fees paid t external auditrs, including a breakdwn f fees fr nn-audit activities will be prvided in the Annual Reprt. 6. Cmpliance with legal and regulatry bligatins The Cmmittee will review all regular reprts prvided t the Cmmittee by executive management cvering areas f: > Crprate Gvernance; and > Regulatry Affairs. 7. Enterprise Wide Risk Management System The Cmmittee will: > Oversee the adequacy and implementatin f the Cmpany s enterprise-wide risk management plicy, framewrk and plans fr management f Cardn s significant risks; > Develp and refine Cardn s enterprise-wide appetite fr risk, in cnjunctin with the full Bard; > Mnitr and assess Cardn s rganisatin-wide prfile (within the cntext f Cardn s risk appetite), its expsure t significant risk and the adequacy f the identificatin f risk; > Mnitr, assess the adequacy f, and make recmmendatins n, risk management plicies in relatin t Cardn s significant risks; > Assess and review reprts received frm the Operatinal Risk Management Cmmittee and where apprpriate make recmmendatins t the Bard; > Mnitr and evaluate the effectiveness f the Operatinal Risk Management Cmmittee; and > Act as a frum fr discussin with the Operatinal Risk Management Cmmittee f significant risk issues affecting Cardn. This prcess frms part f the gvernance prcess that ensures Cardn s risk management functin perates effectively and efficiently. 8. Occupatinal Health and Safety The Cmmittee will: > Oversee the planning, mnitring and reprting prcess f the Grup Health, Safety, Envirnment and Quality (HSEQ) Cmmittee, evaluating the effectiveness f the cmmittee, which ensures 5
Cardn is meeting its legislative requirements and all relevant standards in prviding and maintaining a safe and healthy wrkplace fr ur emplyees, cntractrs and visitrs; > Mnitr and assess the adequacy f, and make recmmendatins n, Occupatinal Health and Safety plicies in relatin t Cardn s significant risks in this area; and > Act as a frum fr discussin with the Grup HSEQ Cmmittee f significant health and safety issues affecting Cardn. This prcess frms part f the gvernance prcess that ensures Cardn s health and safety functin perates effectively and efficiently. 9. Internal Audit Internal audit has its wn internal audit charter. Pursuant t that charter, the internal auditrs present their audit reprts t the Cmmittee. The Cmmittee will act as a frum fr internal audit and versee its planning, mnitring and reprting prcesses. This prcess frms part f the gvernance prcess that ensures that Cardn s internal audit functin perates effectively, efficiently and ecnmically. In its review and evaluatin f the internal audit functin pursuant t clause 4, the Cmmittee must review and advise the Bard as t the: > Adequacy f the internal audit charter; > Structure, qualificatin requirements and prfessinal and ethical practices; > Internal audit strategic and peratinal plans t ensure an ptimum, cst effective audit cverage; > Perfrmance f internal audit relative t its annual audit plan; and > Findings f internal audit and the actins prpsed t be taken by management, including an assessment that the prpsed slutin is the mst apprpriate and cst-effective. T the extent practicable, the Cmmittee will seek t ensure that there are n unnecessary verlaps between the internal and external audit functins. The Cmmittee has the right f direct cntact with the internal auditrs. Similarly, the internal auditrs have a right f direct and unfettered access t the Cmmittee thrugh the chairpersn. 10. Other The Cmmittee will: > Review the Cmpany s Treasury Management activities; > Establish and peridically review a cde f cnduct and mnitr the ethical behavir f the Cmpany and management t ensure cmpliance; > Review the external audits carried ut n behalf f dmestic and internatinal regulatry authrities in respect t the delivery f Cmpany s services; > Review the placement f the Cmpany s insurance prgram and its alignment with the Cmpany s risk prfile; > Identify any special prjects r investigatins deemed necessary; > Review and cnfirm ARCC Charter annually; 6
> Review and cnfirm Internal Audit Charter annually; > Review and cnfirm Annual ARCC prgram; > Review PI Claims; > Cnfirm minutes f ARCC meetings; and > Review prgress against actins arising frm previus meetings. 11. N Executive Pwer The Cmmittee shall have n executive pwer with regard t its findings and recmmendatins. Reprting requirements The Chair f the Audit, Risk & Cmpliance Cmmittee will reprt t the Bard after each ARCC meeting. The reprt shuld cver the findings and recmmendatins f the Cmmittee. The minutes f all Cmmittee meetings shall be circulated t members f the Bard. Cmmittee meetings Frequency The Cmmittee will hld at least fur (4) meetings per annum, r mre as required, t fulfill its respnsibilities. The Cmmittee will als meet at the request f the Bard, any ther Directr nt a member f the Cmmittee, the Chief Executive Officer, the Cmpany Secretary r the Cmpany s external auditr. Qurum A majrity f members must be present t prvide a qurum. A member may be present at a meeting in persn r by telephne. Agenda 14 days prir t each meeting, the agenda will be discussed with the Chairman f the Cmmittee and the papers will be distributed 7 days prir t the meeting. In setting the agenda, there will be an emphasis n the mst significant risks and threats t Cardn, within the scpe f the Cmmittee s respnsibilities, and the nging evaluatin f what is dne t mitigate such risks. Cllective decisins Decisins f the Cmmittee shall be regarded as its cllective decisin r advice unless there is a material dissensin, in which case a minrity view will be recrded in the minutes f the meeting and placed befre the Bard. Minutes Minutes f meetings must be prepared and distributed t Cmmittee members as sn as pssible after the cnclusin f the meeting and, subject t any agreed amendments, shall be signed in draft frmat and 7
presented at the subsequent Bard meeting. These minutes will then be cnfirmed as an accurate recrd f the meeting at the next subsequent meeting f the Cmmittee and signed in final frmat. Other attendees The Cmmittee chairpersn may request a Cardn fficer, internal auditrs r ther external parties t attend a meeting f the Cmmittee. Further the chairpersn may invite a representative f external audit t attend any meeting f the Cmmittee and t present and cmment n apprpriate agenda items. Ethical practices Members f the Cmmittee will, at all times in the discharge f their duties and respnsibilities, exercise hnesty, bjectivity, independence and prbity and nt engage knwingly in acts r activities that have the ptential t bring discredit t Cardn. Members als must refrain frm entering int any activity that may prejudice their ability t carry ut their duties and respnsibilities bjectively and must at all times act in a prper and prudent manner in the use f infrmatin acquired in the curse f their duties. Members must nt use Cardn s infrmatin fr any persnal gain fr themselves r their immediate families r in any manner that wuld be cntrary t law r detrimental t the welfare and gdwill f Cardn. Further, members must nt publicly cmment n matters relative t activities f the Cmmittee ther than as authrised by Cardn. With respect t crprate gvernance, ensure that Cardn has implemented an effective cde f ethics and whistleblwers plicies/prcedures. Evaluatin f cmmittee activities Annually, the Cmmittee chairpersn shall facilitate the assessment f the perfrmance f the Cmmittee and take apprpriate actin in respect f areas where there is a perceived need fr enhancement f its rle, peratinal prcesses r membership and reprt t the Bard n the cmmittee review. Authrity and access t persnnel and infrmatin The Cmmittee shall have unlimited access t bth internal and external auditrs and advisrs and t senir management f the Cmpany. The Cmmittee shall als have the ability t cnsult independent experts where required t fulfill its respnsibilities. 8