View Current

Terms of Reference/Charter (Council approved) - Audit and Risk Committee

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Overview

Introduction

(1) The Audit and Risk Committee Terms of Reference and Charter sets out the objectives, authority, composition and tenure, roles and responsibilities, reporting and administrative arrangements of the Audit and Risk Committee (the Committee) of the University of New England.

(2) The Committee is established as a Committee of the Council of the University of New England (the Council), with delegated authority for a number of Council functions associated with audit, risk management and compliance at the University and its related entities. The establishment of this Committee and the delegation of Council powers to it are actions authorised under Section 17 of the University of New England Act 1993 (UNE Act).

(3) The provisions of this document take effect as a Council Rule made under Section 29 of the UNE Act. The document is also the University's instrument for meeting its statutory obligations required by NSW Treasury and the Institute of Internal Auditors (Australia). For the purposes of its professional obligations, these Terms of Reference are also considered to be the University's Audit and Risk Committee Charter.

Objectives

(4) To consider, review and advise the Council on the compliance of the University and its related entities with the various laws and regulations by overseeing and monitoring the University of New England’s governance, compliance, risk and control frameworks and its external accountability requirements. 

(5) To maintain organisational arrangements that provide additional assurance, independent from operational management, on internal audit and risk management.

Top of Page

Section 2 - Committee membership

Membership

(6) The members of the Committee are as follows:

  1. Deputy Chancellor (ex-officio);
  2. Chair of the Finance and Infrastructure Committee (ex-officio); and
  3. Three (3) Lay members elected by and from the Council; at least one of the Lay members will have relevant skills and experience in relation to the Committee's key objectives.

(7) Additional members may include:

  1. Up to two (2) independent external members, with appropriate professional expertise and experience, appointed to the Committee by the Council on the recommendation of the Committee. Independent external members are not eligible to be the Chair of the Audit and Risk Committee; and
  2. Up to two (2) Lay Council members co-opted from the Council to the Committee by the Chair to meet the Committee's cultural diversity and gender representation objectives.

Attendees

(8) Official attendees who regularly attend and may participate in all or part of the meeting at the discretion of the Chair:

  1. The Chancellor;
  2. The Vice-Chancellor and Chief Executive Officer (VC&CEO);
  3. The Director Governance and University Secretary and/or nominee.
  4. Relevant Senior Executive(s), Head, Internal Audit and/or Chief Risk Officer and/or nominee.

(9) Other:

  1. Any other person invited by the Chair, including, for example, representatives from the University's external auditor, may attend Committee meetings.
  2. Other Council members may attend Committee meetings at the discretion of the Chair and they will have the status of an observer.

Membership Requirements

Chair

(10) The Committee will elect the Chair from its Lay members. The Chair will hold office for the remainder of their term on the Committee, or until removed by the Committee, whichever occurs first. If the Chair is unavailable to act as Chair for any period, then the Committee will elect a temporary Chair to act during that period.

Gender and diversity representative objective

(11) The objective will be to ensure, so far as is practicable, that the membership of the Committee considers gender and diversity representation in accordance with UNE policies.

Election procedure for elected members

(12) Elected members of the Committee will be elected by Council at a Council meeting.

Term of office

(13) The ex-officio members (Deputy Chancellor and Chair of the Finance and Infrastructure Committee) will be Committee members whilst they hold their primary office.

(14) The Lay Council members will be Committee members for two years or such other time as determined by Council, or until they cease to be a Council member, whichever occurs first.

(15) The co-opted independent external members (if applicable) will be Committee members for two years or such other time as determined by Council, or until they resign or are removed by Council, whichever occurs first.

(16) The co-opted Council members (if applicable) will be Committee members for two years or such other time as determined by Council, or until they cease to be a Council member, whichever occurs first.

Top of Page

Section 3 - Terms of reference

Functions

(17) Approval functions:

  1. approve Rules and policy instruments relating to the function of internal audit, risk management, compliance, business continuity, corruption and fraud within UNE, and the Internal Audit plan and risk management plan and the annual timetable of audits to be conducted; and
  2. Approve the Internal Audit Charter.

(18) Advisory and Monitoring Functions:

  1. advise Council in relation to the matters referred to within the scope of this Committee's objectives; and
  2. as detailed below in the Section, "Roles and responsibilities".

(19) Authority:

  1. The Committee has no executive powers;
  2. As detailed below in the Sections, "Roles and Responsibilities" and "Authority" the Committee is directly responsible and accountable to the Council for the exercise of its responsibilities. In carrying out its responsibilities, the Committee must:
    1. recognise that responsibility for management of the University of New England rests with the VC&CEO;
    2. resolve any disagreements between management and the external auditor; and
    3. in consultation with, or as requested by Council, review, revise or expand the responsibilities of the Committee from time to time.
Top of Page

Section 4 - Delegations

Delegation from Council

(20) This committee has delegated authority from the Council to perform on behalf of Council the approval, advisory and monitoring functions set out in the terms of reference above.

Top of Page

Section 5 - Authority

(21) The Council authorises the Committee, within the scope of its role and responsibilities, to:

  1. obtain any information it needs from any employee of the University and/or external party (subject to their legal obligation to protect information);
  2. discuss any matters with the external auditor, or other external parties (subject to confidentiality considerations);
  3. request the attendance of any employee of the University, as required, at Committee meetings;
  4. obtain external legal or other professional advice, as considered necessary to meet its responsibilities, at the University of New England's expense.
Top of Page

Section 6 - Roles and responsibilities

(22) The Committee's responsibilities are to:

  1. Assess internal audit activity:
    1. act as a forum for communication between the Council, senior management and Internal Audit;
    2. review the annual Internal Audit Plan to ensure:
      1. the Plan is based on UNE's risk management framework; and
      2. the Plan provides optimal cost-effective internal audit coverage of operations and reporting arrangements for the University;
    3. oversee the coordination of audit programs conducted by internal and external audit and other review functions;
    4. review all audit reports and provide advice to the Council on significant issues identified in audit reports and action taken on issues raised, including identification and dissemination of good practice;
    5. monitor management's implementation of internal audit recommendations;
    6. review and assess the performance of the internal audit operations against the annual and strategic audit plans;
    7. review the Internal Audit Charter to ensure appropriate organisational structures, authority, access and reporting arrangements are in place;
    8. review the adequacy of the Internal Audit Charter, organisation, staffing, skills and training; and
    9. monitor developments within the audit field and the standards issued by professional bodies and other regulatory authorities, in order to encourage the use of best practice by the internal audit team.
  2. Oversee risk management:
    1. review the currency, comprehensiveness and relevance of the University's Risk Management Policy, including the identification and management of risks related to fraud and business continuity;
    2. endorse the University of New England's strategic risk register;
    3. review whether a sound and effective approach has been followed in developing strategic risk management plans for major projects or undertakings;
    4. review the impact of the University of New England's risk management process on its control environment and insurance arrangements;
    5. review whether a sound and effective approach has been followed in establishing the University of New England's business continuity planning arrangements, including whether disaster recovery plans have been tested periodically;
    6. review the University of New England's fraud control plan and satisfy itself that the University of New England has appropriate processes and systems in place to capture and effectively investigate fraud related information;
    7. ensure that risk identification and linked audit activities are addressed in the development and review of internal audit plans, and in discussions on external audit strategies; and
    8. monitor the implementation of risk management across the University.
  3. Control framework:
    1. review whether management's approach to maintaining an effective internal control framework, including over external parties such as commercial activities (including controlled entities), contractors and advisors, is sound and effective;
    2. review whether management has in place relevant policies and registers, and that these are periodically reviewed and updated, including:
      1. monitor the effectiveness of management's strategies for and risk management of information technology systems and service delivery;
      2. monitor the effectiveness of management's strategies for and risk management of the maintenance, repair and replacement of buildings and other physical assets;
      3. monitor the effectiveness of management's strategies for and risk management of the provision of safety and security, utilities and other services on campus; and
      4. monitor the effectiveness of controlled entity strategies for risk and compliance management including adherence with UNE’s Controlled Entities Rules and Guidelines.
    3. determine whether the appropriate processes are in place to assess, at least once a year, whether policies and procedures are complied with;
    4. satisfy itself that appropriate policies and procedures are in place for the management and exercise of delegations;
    5. consider how management identifies any required changes to the design or implementation of internal controls; and
    6. review whether management has taken steps to embed a culture which is committed to ethical and lawful behaviour.
  4. Financial statements:
    1. satisfy itself that the financial statements have been effectively audited and reviewed, including whether appropriate action has been taken in response to audit recommendations and adjustments;
    2. provide advice to Council regarding the Committee's review of the process used for the preparation of the financial statements;
    3. satisfy itself that the financial statements are supported by appropriate management signoff on the statements and on the adequacy of the systems of internal controls;
    4. review the processes in place designed to ensure that financial information included in the University of New England's annual report is consistent with the signed financial statements;
    5. review significant accounting and reporting issues, including complex or unusual transactions, and understand their impact on the financial statements;
  5. Compliance:
    1. review the currency, comprehensiveness and relevance of the University's Compliance Rule;
    2. determine whether management has appropriately considered compliance risks as part of the University of New England's risk assessment and management arrangements;
    3. review the effectiveness of the University's compliance system for addressing UNE's compliance obligations under relevant legislation; and
    4. review the effectiveness of the system for monitoring compliance by the University of New England's controlled entities with applicable laws and regulations, and associated government policies.
  6. External audit:
    1. act as a forum for communication between the University of New England, senior management and external audit;
    2. provide input and feedback on the financial statements and performance audit coverage proposed by external audit and provide feedback on the audit services provided;
    3. review all external plans and reports in respect of planned or completed audits and monitor management's implementation of audit recommendations; and
    4. provide advice to the Council on action taken on significant issues raised in relevant external audit reports and better practice guides.
  7. Responsibilities of Members:
    1. members are expected to:
      1. contribute the time needed to study and understand the papers provided;
      2. apply good analytical skills, objectivity and good judgement; and
      3. express opinions frankly, ask questions that go to the fundamental core of the issue and pursue independent lines of enquiry.
Top of Page

Section 7 - Reporting

(23) The Committee will regularly (at least once a year) report to the Council on its operation and activities during the year. The report should include:

  1. a summary of the work the Committee performed to fully discharge its responsibilities during the preceding year;
  2. a summary of the University of New England's progress in addressing the findings and recommendations made in internal and external reports;
  3. an overall assessment of the University of New England's risk, control and compliance framework, including details of any significant emerging risks or legislative changes impacting the University of New England; and
  4. details of meetings, including the number of meetings held during the relevant period, and the number of meetings each member attended.

(24) The Committee may at any time report to the Council any other matter it deems of sufficient importance.

Top of Page

Section 8 - Reporting lines

(25) The Committee must at all times ensure it maintains a direct reporting line to and from the Head, Internal Audit (or equivalent role) and act as a mechanism for reporting internal audit activity to the Council, as appropriate.

(26) The Head, Internal Audit (or equivalent role) reports functionally to the Audit and Risk Committee and administratively to the Director Governance and University Secretary to facilitate day to day operations. If required, the Head, Internal Audit (or equivalent role) has the ability to report directly to the VC&CEO and to Council through the Chancellor and the Audit and Risk Committee through the Chair.

Top of Page

Section 9 - Conduct of Committee business

Reporting to Council

(27) The Chair of the Committee will report to Council regularly on the business conducted by the Committee.

Meetings

(28) The Committee will meet bi-monthly, or otherwise as required in order to perform its functions. Committee members should be given at least seven days' notice of meeting, or such shorter notice period as is practicable where the matter is urgent.

(29) A work plan, including meeting dates and agenda items, will be agreed by the Committee each year.

(30) Committee members, if necessary, may have in-camera discussions.

(31) The Committee will meet separately of management with the internal and external auditors at least once a year.

(32) A meeting separate of management between the Committee and the Head, Internal Audit (or equivalent role) may be convened by the Chair of the Audit and Risk Committee if required.

Business papers

(33) Unless the Chair directs otherwise, Committee business papers will be distributed to Committee members and official attendees, at least seven days prior to the meeting, or such shorter period as is practicable in the circumstances. Business papers must be treated confidentially by recipients. Any external disclosure of business papers should be made via the University Secretary.

Quorum

(34) A quorum shall consist of a simple majority of the members of the Committee at the time the meeting is held.

Use of technology

(35) For its business papers, meetings and otherwise to conduct its business the Committee and its members may use technology including telephone, video-conferencing, telepresence, email and internet as arranged by the Chair and/or University Secretary.

Resolutions

(36) The Committee may pass a resolution by "flying minute" provided that the resolution has been approved by a simple majority of the Committee members at the time the resolution is made.

Confirmation of minutes

(37) Draft minutes will normally be circulated to members for comment promptly after each meeting. Next the minutes (with any necessary changes) will be circulated for adoption by the Committee. The minutes will be finalised and adopted when they have been approved by a majority of the members present at the relevant meeting. Alternatively, the minutes may be included in the business papers for the next Committee meeting and considered/adopted by the Committee at that meeting.

Self-Review

(38) Once in every twelve-month period, the Committee shall devote at least part of one meeting to the review of its policies, practices and procedures over the preceding 12 months. The review will be conducted on a self-assessment basis (unless otherwise determined by the Council) with appropriate input sought from the Council, the internal and external auditors, management and any other relevant stakeholders, as determined by the Council.

Secretary to Committee

(39) The University Secretary and/or nominee will act as Secretary and provide administrative support to the Committee.

Standing Orders

(40) To the extent of any inconsistencies between these Terms of Reference and the Council's Standing Orders, these Terms of Reference prevail.

Dispute Resolution

(41) Members of the Committee and the University of New England's Management should maintain an effective working relationship, and seek to resolve differences by way of open negotiation. However, in the event of a disagreement between the Committee and Management, including the VC&CEO, the Chair may, as a last resort, refer the matter to the Council.

Conflicts of interest

(42) Once a year the Committee members will provide written declarations to the Council stating they do not have any conflicts of interest that would preclude them from being members of the Committee.

(43) Committee members must declare any conflicts of interest at the start of each meeting or before discussion of the relevant agenda item or topic. Details of any conflicts of interest should be appropriately minuted. In these circumstances, it may be appropriate to excuse the relevant member(s) from Committee deliberations on the item or topic where a conflict of interest exists.

Induction

(44) New members will receive relevant information and briefings on their appointment to assist them to meet their Committee responsibilities.

Review of Charter

(45) At least once a year the Committee will review this Charter. This review will include consultation with the Council. Any substantive changes to this Charter will be recommended by the Committee and formally approved by the Council.

Top of Page

Section 10 - Definitions and interpretation

Definitions

(46) Words and phrases used in this document have the following meanings, unless the context requires otherwise:

  1. Lay means a person who is not a Current Employee or Current Student.
  2. Management (for the purpose of these Definitions) means the Senior Executive, as well as the Head, Internal Audit and other managers reporting to the Audit and Risk Committee.

Interpretation

(47) This document should be interpreted using the following principles:

  1. Where Committee membership is defined by reference to an office held (for example "Chair of Finance and Infrastructure Committee"), that office-bearer is a member ex-officio and has all of the same rights and responsibilities (including voting) as other Committee members whilst holding the office specified.
  2. This document does not override or otherwise affect:
    1. the UNE Delegations Framework Rule; or
    2. the Vice-Chancellor Functions Rule; however it operates as a delegation of certain authorities that have been retained by Council.