DGD15-039
Audit and Risk Management Committee Charter
AUDIT & RISK MANAGEMENT COMMITTEE CHARTER1. PrefacE...... 2
2. Objective of the Audit and Risk Committee ...... 2
3. Authority...... 3
4. Confidentiality...... 3
5. Composition...... 3
5.1 Membership...... 3
5.2 Appointment ...... 4
5.3 Attendance at meetings and Quorum...... 4
6. ARMC SCOPE ...... 5
6.1 The ARMC’s role ...... 5
6.2 The ARMC’s responsibilities...... 5
6.2.1Internal Audit...... 5
6.2.2External Audit...... 6
6.2.3 Risk Management...... 6
6.2.4INTERNAL Control Framework...... 7
6.2.5External Accountability ...... 7
6.2.6Compliance...... 7
7. Responsibilities of members...... 8
8. Monitoring Committee Performance...... 8
9. Reporting ...... 8
10. Administrative Arrangements...... 9
10.1 Meetings...... 9
10.2 PlanninG...... 9
10.3 Secretariat ...... 9
10.4 Conflict of Interest ...... 9
10.5 Monitoring and reporting cross entity arrangements...... 10
10.6Relationship with Shared Services...... 10
11. Induction and Training...... 10
12. Review of the Charter...... 10
1. Preface
The Director-General has established an Audit and Risk Management Committee (ARMC)to assist in fulfilling the oversight of Governance, Compliance and Risk Management responsibilities outlined in the following key legislation:
Section 31 of the Financial Management Act 1996, prescribes the Director-General of a Directorate to be responsible for efficient and effective financial management of the Directorate. This includes the responsibility for maintaining adequate internal controls for safeguarding the assets of the Directorate, compliance with applicable legislation and the proper reporting of the financial results of the Directorate.
Section 9 of the Public Sector Management Act 1994 requires public employees to exercise reasonable care and skill in performing their duties, to act impartially and with probity and to avoid wastage and extravagance in the use of public resources.
The Audit and Risk Management Committee Chartersets out the role, composition, authority, responsibilities and operation of the Committee.
2. Objective of the Audit and Risk Management Committee
The objectives of the ARMC are to:
- provide independent assurance, assistance and advice to the Director-General and the Executive Directors’ Council regardingACT Health’s audit, risk management, governance and compliance framework, its external accountabilities and responsibilities; and
- assist the Director-General in discharging responsibilities for exercising due care, diligence and skill in relation to the Directorate’s adequacy of internal controls, application of accounting policies, compliance with applicable laws, and reporting of financial information.
3. Authority
The ARMCis a separate activity and acts independently ofmanagement. The Committee has no executive powers. It undertakes a review and advisory role with the aim of ensuring that ACT Healthexecutives implement internal control and risk management strategies to minimise risks and to improve overall ACT Healthperformance.
The Director-General authorises the ARMC to conduct or authorise investigations into any matters within the scope of its role and responsibilities.
The ARMC has authority to:
- obtain any information it needs from any employee and/or external party (subject to their legal obligation to protect information);
- discuss any matters with the external auditors, or any other external parties (subject to confidentiality considerations);
- request the attendance of any employee, at committee meetings; and
- obtain external legal or other professionaladvice, as considered necessary to meet its responsibilities.
4. Confidentiality
ARMC members have a responsibility to treat all information with appropriate confidentiality. This includes matters tabled and/or discussed at the ARMC meetings, as well as any additional issues raised out of session.
5. Composition
5.1Membership
The ARMC shall consist of five(5) members, comprising:
- Chairperson –The Chairperson of the ARMC shall be external and independent to ACT Health.
- Deputy Chairperson – an external member who will be appointed for a fixed period of time.
- Two Deputy Directors-Generalappointed for a fixed period of time.
- An Executive Director appointed for a fixed period of time.
5.2Appointment
The Chairperson and Deputy Chairperson of the ARMC shall be appointed by the Minister on the recommendation of the Director-General.
Members will be appointed for an initial period not exceeding three years after which they will be eligible for extension or re-appointment.
The ARMC shall adopt a phased approach to the rotation of members to preserve an appropriate level of knowledge and expertise on the committee
The Director-General, ChiefFinanceOfficer,Chief Information Officer or the Manager of Internal Audit and Risk Management should not be members of the Audit Committee.
Membership of the ARMC is to be reviewed at least every three years.
5.3 Attendance at meetings and Quorum
Members of the ARMC are expected to attend all scheduled meetingsin person, or teleconference, or via video conference.Attendance will be reported in ACT Health’s annual report. Should an external member be unable to attend a meeting they cannot nominate another person to attend in their place. Internal ACT Health members are appointed by their title, not as an individual. Therefore, the person acting in their position should attend the ARMC meetings. The quorum must be in attendance during the whole meeting.
A quorum will consist of three members thatincludes at least the Chairperson or the Deputy Chairperson. Should the Chairperson be absent from a meeting, the Deputy Chairperson will be Chairperson for that particular meeting.
The ACT Auditor-General or his/her representative and/orother external audit representatives may be invited to all meetings.
The Director-Generalmay attend ARMC meetings as an observer.
The ARMC may request advisors (internal or external toACT Health) to attend meetings.
ACT HealthExecutives should be provided with opportunities to make representations to the ARMC and, if required, to attend meetings.
The Manager,Internal Audit and Risk Management will be invited to all meetings of the ARMC. Secretariat role will be performed by the Internal Audit and Risk Management Branch.
6. ARMC Scope
The ACT HealthARMC has been established to oversight audit, risk management, compliance and governance activities throughout ACT Health. This includes overseeing the implementation of audit and risk management policies and frameworks, in addition to the effective and timely implementation of all agreed remedial actions.
6.1 ARMC Responsibilities
In establishing the ARMC, ACT Healthnominated the following responsibilities;
ARMC should:
- provide oversight of financial reporting,risk management, compliance management, governance and internal controls;
- strategically overview ACT Health’s audit and risk management activities;
- evaluate the appropriateness of ACT Health’s Business Continuity Management including whether business continuity and disaster recovery plans have been periodically updated and tested;
- evaluate ACT Health’s Fraud and Corruption Control Plan including Ethics and Code of Conduct and associated training to facilitate the mitigation of fraud risk;
- review the effectiveness of the system for monitoring compliance with laws, standards and regulations.
6.2Internal Audit
ARMC should;
- actas a forum for communication and collaboration betweenDirectorGeneral, senior management and internal audit.
- review the Strategic Internal Audit Program, by assessing that the proposed internal audit coverage is aligned with ACT Health’s Strategic Priorities and key risks and recommending approval by the Director-General.
- reviewthe Terms of Reference for internal audits specified in the Strategic Internal Audit Program.
- review all Strategic Internal Audit Program (SIAP) audit reports and relevant ACT Auditor-General’s Office performance audits and provideadvice to the Director-General on significant issues identified and action taken on issues raised including identification and dissemination of good practice
- reviewACT Health’s register of audit recommendations to ensure timely implementation of agreed recommendations; and
- periodically review the Internal Audit Charter to ensure appropriate authority, access and reporting arrangements are in place.
6.3 External Audit
ARMC should;
- provideinput on Auditor General’s Office financial statement and performance audit coverage;
- act as a conduit for communication between the Director-General and external audit;
- communicatewith the ACT Auditor-General’s Office at least once annually to ensure all significant issues and concerns raised have been addressed;
- review external audit reports and monitor implementation of audit recommendations; and
- provideadvice to the Director-General about action taken regarding significant issues raised in external audit reports.
6.4Risk Management
ARMC should;
- review whether ACT Health has in place a current and comprehensive enterprise risk management framework and associated procedures for effective identification and management of ACT Health’s risks,
- monitormanagement’s performance in establishing and implementing an effective risk management program in accordance with ACT HealthRisk Management Policy, framework and guidelines;
- periodically review the Organisational Risk Register to ensure that corrective actions are taken on a timely basis to mitigate risks;
- Monitor the integration of risk management with line management activities to ensure accountabilities and performance are clearly stated and applied
- review the process for developing and implementing the fraud control plan to satisfy that ACT Healthhas appropriate processes and systems in place torecord and effectively investigate fraud related information;and
- review reports on fraud from ACT Health’s Senior Executive Responsible For Business Integrity Risk (SERBIR) that outline any identified allegations of fraud, the status of any ongoing investigations and any changes to identified fraud risk.
6.5ACT Health’s Internal Control Framework
ARMC should;
- monitormanagement’s approach to maintaining an effective internal control framework, ensuring that the framework is sound and includes external parties such as contractors and advisors;
- reviewmanagements’ processes to ensurethe appropriate policies and procedures, including Director-General instructions, are in place for the administration of delegationsand authorisations and that regular update is implemented; and
- determinewhether appropriate processes are in place to assess, at least once a year, whether key policies and procedures are complied with.
6.6Financial Statements
ARMC should;
- review draft financial statement reports and provide advice regarding signing of the draft financial statements before submission to the ACT Auditor General’s Office ;
- ensure that annual financial statements are complete, consistent with information known to committee members, and reflect appropriate accounting standards and principles;
- evaluate the completeness of financial disclosures, significant business and accounting policy changes (if applicable); and
- review interim financial reports and consider whether they are complete and consistent with the information known to committee members.
6.7 Compliance
ARMC should;
- review the effectiveness of systems for monitoring ACT Health’s compliance with laws, regulations, Industry standards and associated government policies with which ACT Health must comply; and
- review the processes management has in place designed to ensure the entity is kept up to date with new legislation or changes to existing legislation relevant to ACT Health.
7.Responsibilities of ARMC members
Members of the ARMC are expected to:
- understand and observe the legal requirements of the Financial Management Act 1996;
- apply analytical skill, objectivity and good judgment,explore root cause of issues, pursue independent lines of enquiry and express opinions frankly.
8. Monitoring Committee Performance
- The Director-General should be satisfied that an effective, comprehensive and complete service is being provided.
- The ARMC will develop appropriate performance indicators and undertake an evaluation of its performance. An annual report of the activities of the ARMC should be provided by the Chairperson to the Director General.
- The Chairperson will initiate a review of the performance of the ARMC annually.
9. Reporting
The ARMC will report annually to the Minister on key issues and more frequently if deemed necessary. Any report to the Minister will be first provided to the Director-Generalfor comment.The Director-General’scommentsmay be inserted into the body of the report.
The annual report may include:
- a summary of the work the ARMC performed to fully discharge its responsibilities during the preceding year,
- a summary of ACT Health’s progress in addressing the findings and recommendations made in internal and external auditreports;
- an overall assessment of the entity’s risk, control, governance and compliance framework, including details of any significant emerging risks or legislative changes impacting on ACT Health,and
- details of meetings, including the number of meetings held during the relevant period, and the number of meetings each member attended.
The ARMC may at any time, report to the Director-Generalany matter it deems of sufficient importance to do so. In addition, at any time, an individual committee member may request a meeting with the Director-General.
10. Administrative Arrangements
10.1Meetings
The ARMC will meet at least fivetimes per year. In addition a special meeting will be held to reviewACT Health’s annual financial statements. These meetings may be face to face or via use of technology.
The Chairperson is required to call a meeting if requested to do so by the Director-General.
10.2Planning
The ARMC will develop a forward meeting schedule that includes the dates, location, and proposed agenda items for each meeting for the forthcoming year, and that covers all the responsibilities outlined in this charter.
10.3Secretariat
TheManager, Internal Audit & Risk Management will provide secretariat support to the ARMC.
The Secretariat will ensure the agenda for each meeting and supporting papers are circulated, at least one week before each meeting. The Secretariat will also ensure that the minutes of the meetings are prepared and maintained. Minutes should be provided to each Committee member within two weeks of a meeting. Minutes may be provided to observers, as appropriate and as approved by the Chairperson.
10.4Conflict of Interest
Each committee member will,annually, provide a written conflict of interest declaration to the Director-General. The declarations must confirm that no conflicts of interest that would prejudice membershipof the ARMC are present.
ARMC members must also declare any conflicts of interest at the start of each meeting or before discussion of relevant agenda items or topics. Details of any conflicts of interest will be appropriately minuted.
Where members or observers at ARMC meetings are deemed to have a real, or perceived conflict of interest it may be appropriate that they are excused from ARMC deliberations on the issue where a conflict of interest exists.
10.5Monitoring and reporting Cross-entity arrangements
Cross-entity arrangements will often give rise to complex legislative requirements, contractual arrangements, service-level agreements or Memoranda of Understanding between ACT Health and other entities.These can involve specific monitoring and reporting arrangements.Payments from these cross-entity arrangements may be included in the ACT Health financial statements. If these amounts are material the ARMC may request clarification or reports from the cross-entity responsible.
10.6 Relationship with Shared Services
As ACT Shared Services process certain transactions and prepare financial statements on behalf ofACT Health, the results of audits of ACT Shared Services are likely to provide useful information for the ARMC. Subject to agreement fromACT Shared Services, the ARMC may request access to audit reports on ACT Shared Services. The ARMC can request key staff attendance at the ARMC meetings where ACT Shared Servicesoperations arerelevant to ACT Health.
11. Induction and Training
New ARMC members will receive relevant information and briefing on their appointment to the Committee to assist them to meet their responsibilities.
12. Review of the Charter
The ARMC will review this charter at least every three years.This review will include consultation with the Director-General. Any substantive changes to the charter will be recommended by the committee for formal approval by the Director-General.
Related Documents: ACT Health- Internal Audit Charter
- Internal Audit Policy And Procedures
- ACT Government-Internal Audit Framework-2007
- Public Sector Audit Commitees-ANAO
- ACT Health Risk Management Policy, Framework and Guidelines
- Risk Management Guidelines
- Divisional Risk Management Procedure
- Fraud Control Plan
- Business Continuity Managment Framework
- Risk Management Standard AS/NZS ISO 31000:2009
- International Standards For The Professional Practice Of Internal Auditing
Relationships:
- Director General
- Executive Directors’ Council
- Executive Council
- Minister for Health
Doc Number / Version / Issued / Review Date / Area Responsible / Page
DGD15-039 / 1 / 11/11/2015 / 01/09/2018 / IA&RM / 1 of 11