Non-corporate entities: ANAO guidance on
preparing an Audit Committee charter

This guidance is provided to assist Accountable Authorities and Audit Committees of noncorporate entities when reviewing their Audit Committee charter, particularly in light of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and PGPA Rule section 17 – Audit committee for Commonwealth entities, which took effect from 1 July 2014. This rule requires, amongst other things, the functions of an Audit Committee to include reviewing the appropriateness of the Accountable Authority’s: financial reporting; performance reporting; system of risk oversight and management; and system of internal control.

With the exception of the section on a committee’s functions, this material has been drafted as an example of a good practice Audit Committee charter. The section on the functions of an Audit Committee has been drafted as guidance for consideration by each entity’s Accountable Authority as the extent of the responsibilities to be undertaken by each Audit Committee is a matter for decision by the Accountable Authority.

[ENTITY NAME]
AUDIT COMMITTEE CHARTER

The [accountable authority] has established an Audit Committee in compliance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and PGPA Rule section 17 – Audit committee for Commonwealth entities.

Role

The committee’s role is to provide independent assurance to the Accountable Authority on [the entity’s] financial and performance reporting responsibilities, risk oversight and management, and system of internal control. [Other functions that the accountable authority decides the committee is responsible for to be added as appropriate]

The committee is not responsible for the executive management of these functions. The committee will engage with management in a constructive and professional manner in discharging its advisory responsibilities and formulating its advice to the [accountable authority].

Members of the committee are expected to understand and observe the legal requirements of the PGPA Act and rules. Members are also expected to:

u  act in the best interests of the entity as a whole;

u  apply good analytical skills, objectivity and good judgment;

u  express opinions constructively and openly, raise issues that relate to the committee’s responsibilities and pursue independent lines of enquiry, and

u  contribute the time required to meet their responsibilities.

Committee members must not use or disclose information obtained by the committee except in meeting the committee’s responsibilities, or unless expressly agreed by the [accountable authority].

The committee will be assisted by the entity’s internal audit function that will be responsible for delivering an internal audit program in line with the Audit Committee’s guidance and subject to approval by the [accountable authority or nominated authority]. The committee will exercise a governance role in relation to the entity’s internal audit function.

Authority

The [accountable authority] authorises the committee, in accordance with its role and responsibilities, to:

u  obtain any information it requires from any official or external party (subject to any legal obligation to protect information);

u  discuss any matters with the ANAO, or other external parties (subject to confidentiality considerations);

u  request the attendance of any official, including the [accountable authority], at committee meetings, and

u  obtain legal or other professional advice, as considered necessary to fulfil its role, at [the entity’s] expense, subject to approval by the [accountable authority], or delegate.

Membership

The Audit Committee comprises [insert number or range] members, appointed by the [accountable authority]. [[1]]

The [accountable authority] will appoint the Chair of the committee.

The committee is authorised to appoint a Deputy Chair who will act as chair in the absence of the Chair.

The [accountable authority], Chief Financial Officer, Chief Information Officer, Head of Internal Audit or other management representatives may attend meetings as [advisers/observers,] as determined by the Chair, but will not be members of the committee.

A representative(s) of the ANAO will be invited to attend meetings of the committee, as an observer.

Committee members, taken collectively, will have a broad range of skills and experience relevant to theoperations of [the entity]. At least one member of the committee will have accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment.

Committee members will be appointed for an initial period determined by the [accountable authority]. Members may be re-appointed after a formal review of their performance, for further periods as specified by the [accountable authority].

Functions [[2]]

For each function a number of specific responsibilities are listed for consideration by the Accountable Authority.

The extent of responsibilities to be undertaken is a matter or decision by the Accountable Authority. In setting the Audit Committee charter, it is expected that the views of the committee would be sought. The extent of detail to be included in the committee’s charter, or contained in a supporting work program is also a matter to be settled by the [accountable authority] generally in consultation with the Audit Committee. The charter should, nevertheless, contain sufficient detail to ensure the committee and other stakeholders are clear about the committee’s functions and responsibilities.

Consideration of the committee’s functions and underpinning responsibilities could be expected to take into account the entity’s broader governance framework, the extent and level of assurance sought by the [accountable authority], and the level of maturity of the entity’s control and assurance arrangements.

Financial reporting

[Responsibilities that may be undertaken to fulfil the committee’s financial reporting function for consideration by the Accountable Authority]

u  Review the financial statements and provide advice to the [accountable authority] (including recommending their signing by the [accountable authority]). In particular, the committee will review:

a)  [the entity’s] compliance with accounting standards

b)  the appropriateness of accounting policies and disclosures, including any significant changes to accounting policies

c)  areas of significant judgement and financial statement balances that require estimation

d)  significant or unusual transactions

e)  sign-off by [entity] management in relation to the quality of the financial statements, internal controls and compliance

f)  the auditor’s judgments about the adequacy of the [entity’s] accounting policies and the quality of the [entity’s] processes for the preparation of the [entity’s] financial statements, through discussions with the ANAO, and

g)  whether appropriate management action has been taken in response to any issues raised by the ANAO, including financial statement adjustments or revised disclosures.

u  Act as a forum for communication between [entity] management and the ANAO.

u  Review the processes in place designed to ensure that financial information included in the [entity’s] annual report is consistent with the signed financial statements.

Performance reporting

[Responsibilities that may be undertaken to fulfil the committee’s performance reporting function for consideration by the Accountable Authority]

a)  review the entity’s systems and procedures for assessing and reporting the achievement of the entity’s performance. In particular, the committee will satisfy itself that:

b)  the entity’s Portfolio Budget Statements and corporate plan include details of how the entity’s performance will be measured and assessed

c)  the entity’s approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and Corporate Plan is sound, and has taken into account guidance issued by the Department of Finance

d)  the entity has sound processes in place for the preparation of its annual Performance Statement and the inclusion of the Statement in its annual report, and

e)  the entity’s proposed Performance Statement is not inconsistent with the entity’s financial information, including its financial statements, that it proposes to include in its annual report.

Note: the requirement for entities to prepare performance statements in accordance with section 39 of the PGPA Act applies from 2015–16. The Audit Committee’s responsibilities in relation to performance reporting should be reviewed at the time the Public Governance, Performance and Accountability Amendment (Corporate Plans and Annual Performance Statements) Rule 2015, and the associated Resource Management Guides are finalised.

Systems of risk oversight and management

[Responsibilities that may be undertaken to fulfil the committee’s risk oversight and management function for consideration by the Accountable Authority]

u  Review whether management has in place a current and sound enterprise risk management framework and associated internal controls for effective identification and management of the entity’s business and financial risks, including fraud [see note].

u  Satisfy itself that a sound approach has been followed in managing the entity’s highest risks including those associated with individual projects, program implementation, and activities.

u  Review the process of developing and implementing the entity’s fraud control arrangements and satisfy itself that the entity has appropriate processes and systems in place to detect, capture and effectively respond to fraud risks.

u  Review reports on fraud from management that outline any significant or systemic allegations of fraud, the status of any ongoing investigations and any changes to identified fraud risk in the entity.

u  At least annually, commission an entity-wide assurance map that identifies the entity’s key assurance arrangements.

Note: In a number of entities, separate committees have been established with responsibilities relating to areas such as risk, fraud, security, or information technology. The Audit Committee’s functions will need to take this into account, noting that the committee is required to comply with the requirements of PGPA Rule section 17 - Audit committee for Commonwealth entities.

System of internal control (see note in risk management item above)

[Responsibilities that may be undertaken to fulfil the committee’s internal control function for consideration by the Accountable Authority]

Internal control framework

u  Review management’s approach to maintaining an effective internal control framework; this framework should include controls in relation to functions performed by external parties such as contractors and advisers.

u  Review whether management has in place relevant policies and procedures, including [accountable authority] Instructions or their equivalent, and that these are periodically reviewed and updated.

u  Satisfy itself that appropriate processes are in place to assess whether key policies and procedures are complied with.

u  Satisfy itself that management periodically assesses the adequacy of [the entity’s] information security arrangements, including complying with entity reporting obligations.

Legislative and policy compliance

u  Review the effectiveness of systems for monitoring [the entity’s] compliance with laws, regulations and associated government policies with which [the entity] must comply.

u  Review, where relevant, [the entity’s] compliance with International Conventions, particularly the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.

u  Determine whether management has appropriately considered legal and compliance risks as part of the entity’s enterprise risk management plan.

u  Provide advice to the [accountable authority] regarding the issue of [the entity’s] annual Compliance Report.

Internal audit coverage

u  Review the proposed internal audit coverage, ensure the coverage takes into account [the entity’s] key risks, and recommend approval of the Internal Audit Work Plan by the [accountable authority] or [nominated delegate].

u  Review all audit reports and provide advice to the [accountable authority] on significant issues identified in audit reports and recommend action on significant issues raised, including identification and dissemination of good practice.

u  Obtain an annual report from the Head of Internal Audit, or the outsourced internal audit service provider, on the overall state of [the entity’s] internal controls.

Business continuity management

u  Satisfy itself that a sound approach has been followed in establishing [the entity’s] business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested.

Delegations

u  Review whether appropriate policies and associated procedures are in place for the management and exercise of delegations and authorisations.

Ethical and lawful conduct

u  Assess whether management has taken steps to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct.

In addition to the four mandatory functions referred to above, the Accountable Authority may decide the entity’s Audit Committee should undertake some or all of the following responsibilities.

Other functions

[Responsibilities that may be undertaken to fulfil the committee’s other functions for consideration by the Accountable Authority]

Administration of the internal audit function

u  Periodically review the Internal Audit Charter.

u  Advise the [accountable authority] on the adequacy of internal audit resources, or budget, to carry out its responsibilities, including completion of the approved Internal Audit Work Plan.

u  Coordinate, to the extent possible, the work programs of internal audit and other assurance or review functions.

u  Monitor management’s implementation of internal audit recommendations.

u  Periodically review the Internal Audit Charter to ensure appropriate authority, access and reporting arrangements are in place.

u  Obtain an annual report from the Head of Internal Audit or the internal audit service provider on the overall state of [the entity’s] internal controls.

u  Periodically review the performance of internal audit, and report the results to the [accountable authority].

u  Provide advice to the [accountable authority] on the appointment of the Head of Internal Audit (in the case of an in-house internal audit function) or recommend to the [accountable authority] the appointment of the internal audit service provider where the internal audit function is outsourced or co-sourced.

u  Periodically meet privately with the Head of Internal Audit.

Governance arrangements

u  Periodically review [the entity’s] governance arrangements or elements of the arrangements as determined by the [accountable authority] and suggest improvements, where appropriate, to the [accountable authority].

Portfolio responsibilities [for Audit Committees of portfolio departments only]

u  Satisfy itself that appropriate mechanisms are in place for the portfolio Secretary to be informed of all significant issues within the portfolio.

Parliamentary committee reports, external reviews and evaluations

u  Satisfy itself that [the entity’s] has appropriate mechanisms in place to review relevant parliamentary committee reports, external reviews and evaluations of the entity and implement, where appropriate, any recommendations arising.

Other

u  Undertake other activities related to its responsibilities as requested by the [accountable authority].