Audit and Risk committee

Audit and Risk committee

The role of the Standing Committee on Audit and Risk is to assist the University Council in discharging its responsibilities relating to the management of audit and risk across the University and with regard to each of its business enterprises and controlled entities.

Terms of Reference

Approved by Macquarie University Council 27 October 2016

The University Council has established the Audit and Risk Committee (“the Committee”). This charter sets out the Committee’s objectives, authority, composition and tenure, roles and responsibilities, reporting and administrative arrangements.

1. Objective

The objective of the Committee is to provide independent assistance to the University Council by overseeing and monitoring the governance, risk and control and compliance frameworks, and external accountability requirements of the University and its controlled entities (“the University”). The Committee is an integral component of the University’s corporate governance arrangements, and its responsibilities generally cover the review and oversight of the following areas:

  • Internal audit
  • External audit
  • Risk management
  • Internal controls
  • Corruption and fraud prevention
  • External accountability (including the financial statements)
  • Compliance with applicable laws and regulations

2. Authority

The Committee does not have delegated financial responsibility or any management functions and has
no executive powers.

3. Composition and tenure

The Committee will be constituted by:

  • The Deputy Chancellor;
  • The Chair of the Finance and Facilities Committee
  • No less than three members of the University Council who are elected by the University Council
  • Up to three persons external to the University who are appropriately qualified and elected by the University Council, on the recommendation of the Committee

No member of the Committee may be a member of the University executive or management.

The University Council will appoint a University Council member as the Chair of the Committee, and the Chair is counted as one member of the Committee.

Members may be appointed for an initial period not exceeding two (2) years, after which they will be eligible for re-appointment. Re-appointment will only be made after a formal review of performance and independence, and shall be for a period not exceeding two (2) years. Notwithstanding the above, on the cessation of a University Council member’s appointment to Council, their appointment to this Committee will cease.

Given the nature of the responsibilities of the Committee, the University Council should appoint members who collectively possess most or all of the following skills and experience.

  • broad business and/or financial management experience
  • experience with the public sector
  • an understanding of the business and current issues affecting the sector
  • familiarity with risk identification, evaluation and management
  • an understanding of internal controls and compliance systems, particularly in information technology systems
  • familiarity with relevant legislative requirements
  • knowledge of current accounting and auditing standards
  • a good understanding of the roles of internal and external audit
  • pursue better practice

Members are expected to:

  • Contribute the time needed to study and understand the papers provided
  • Apply good analytical skills, objectivity and sound judgement
  • Express opinions frankly, ask questions that go to the fundamental core of the issue and purse independent lines of enquiry
  • Work collaboratively with other members of the Committee.

4. Roles and responsibilities

The Committee has no executive powers except as specified below.

The Committee is directly responsible and accountable to the University Council for the exercise of its responsibilities. In carrying out its responsibilities, the Committee must at all times recognise that primary responsibility for management of the University rests with the Vice Chancellor and the University Council.

The Committee’s responsibilities are set out below:

4.1 Risk management

4.1.1 Review whether management has in place a current and appropriate “enterprise risk management” process, and associated procedures for effective identification and management of the University’s financial and business risks, including fraud and corruption.

4.1.2 Review whether a sound and effective approach has been followed in developing strategic risk management plans for major operations or projects.

4.1.3 Review the impact of the University’s risk management process on its control environment and insurance arrangements.

4.1.4 Review whether a sound and effective approach has been followed in establishing the University’s business continuity planning arrangements, including whether disaster recovery plans are in place and have been tested periodically.

4.1.5 Review the University’s fraud control plan and satisfy itself that the University has appropriate processes and systems in place to capture and effectively investigate fraud related information.

4.1.6 Satisfy itself that management periodically assesses the adequacy of the University’s information security infrastructure

4.2 Control framework

4.2.1 Review whether management’s approach to maintaining an effective Internal Control Framework, including over external parties such as contractors, advisors or outsourced service providers, is sound and effective.

4.2.2 Review whether management has in place relevant internal control policies and procedures, and that these are periodically reviewed and updated.

4.2.3 Determine whether the appropriate processes are in place to assess, at least once a year, whether policies and procedures are complied with.

4.2.4 Review whether appropriate policies and procedures are in place for management and exercise of delegations.

4.2.5 Assess how management identifies any required changes to the design or implementation of internal controls.

4.2.6 Review whether management has taken steps to imbed a culture which is committed to ethical and lawful behaviour.

4.3 External accountability

4.3.1 Review the annual statutory financial statements and provide advice to the University Council (including whether appropriate action has been taken in response to audit recommendations and adjustments), and recommend their approval and signing.

4.3.2 Satisfy itself that the financial statements are supported by appropriate management signoff on the statements and on the adequacy of the systems of internal controls.

4.3.3 Review the processes in place designed to ensure that the financial information included in the University’s annual report is consistent with the signed financial statements.

4.4 Compliance with applicable laws and regulations

4.4.1 Determine whether management has appropriately considered legal and compliance risks as part of the University’s risk assessment and management arrangements.

4.4.2 Review the effectiveness of the system for monitoring the University’s compliance with applicable laws and regulations, and associated government policies.

4.4.3 Provide advice to the Council regarding the issue of the University’s annual Certificate of Compliance, or equivalent report.

4.5 Internal Audit

4.5.1 Act as a forum for communication between the University Council, senior executives and management and internal and external audit.

4.5.2 Review the internal audit coverage and annual work plan, ensure that the plan is consistent with the University’s risk profile, and approve the plan.

4.5.3 Review and assess the adequacy of internal audit resources to carry out its responsibilities including the completion of the internal audit plan.

4.5.4 Oversee the coordination of internal audit programs and other review functions.

4.5.5 Review all internal audit reports and provide advice, where appropriate, to the University Council on significant issues identified and action taken on issues raised, including identification and dissemination of better practice.

4.5.6 Monitor management’s implementation of internal audit recommendations.

4.5.7 Review and approve the internal audit charter at least annually to ensure appropriate organisational structures, authority, access and reporting arrangements are in place.

4.5.8 Review the performance of internal audit annually.

4.5.9 Oversee a Tender for internal audit services to include review of tender documents and selection of candidates.

4.5.10 Provide advice to the University Council on the appointment or replacement of the Internal Auditor.

4.5.11 Review the entity-wide assurance map that identifies the entity’s key assurance arrangements

4.6 External audit

4.6.1 Act as a forum for communication between the University Council, senior executives and management and internal and external auditor.

4.6.2 Provide input and feedback on the financial statements audit coverage and plans proposed by external audit.

4.6.3 Assess the performance of the external auditor annually and provide feedback to the auditor on the services provided.

4.6.4 Review reports issued by external audit and monitor management’s timely implementation of external audit recommendations.

4.6.5 Provide advice to the University Council on action taken on significant issues raised by external audit.

4.7 Audit & Risk Committees of controlled entities

4.7.1 Review Terms of Reference of Audit & Risk Committees constituted by controlled entities, and provide feedback and recommendations, if any, to the Chair of those committees as appropriate.

4.7.2 Review and consider minutes of meetings of Audit & Risk Committees of controlled entities.

5. Administrative arrangements

5.1 Meetings

The Committee will meet at least four (4) times a year.

The Chair is required to call a meeting if requested to do so by the Chancellor or University Council,
another Committee member or the Vice-Chancellor.

A meeting plan, including meeting dates and agenda items, will be agreed by the Committee each year.
The meeting plan will cover all of the Committee’s responsibilities as detailed in these Terms of

5.2 Attendance at meetings and quorums

A quorum will consist of at least four (4) committee members.

Meetings can be held in person, by telephone or video conference.

The Chancellor may attend any meeting.

The following persons should be invited to attend meetings of the Committee, unless requested by the Chair of the Committee not to do so:

  • The Vice-Chancellor
  • Deputy Vice-Chancellors
  • Chief Operating Officer and Deputy Vice-Chancellor
  • Chief Financial Officer
  • Director, Human Resources
  • Director Property
  • Chief Information Officer
  • General Counsel
  • Director, Risk and Assurance
  • Internal auditor
  • External auditor

The Chair of the Committee may also allow observers to attend meetings, including members of Council.

The members of the Committee should meet privately with the external and internal auditor at least once a year, at times to be determined by the Chair.

5.3 Dispute resolution

Members of the Committee and the University Executive and Management should maintain an effective working relationship, and seek to resolve differences by way of open negotiation. However, in the event of a disagreement between the Committee and Management, the Chair may, as a last resort, refer the matter to the University Council.

5.4 Secretariat and minutes

The University Council will appoint a person to provide secretariat support to the Committee. The Secretariat will ensure the agenda for each meeting and supporting papers are circulated, after approval from the Chair, at least one (1) week before the meeting, and ensure the minutes of the meetings are prepared and maintained.

Draft minutes must be prepared and initially reviewed by the Chair of the Committee and then circulated to members within ten (10) working days of the date of the meeting of which they are a record.

The agreed draft minutes of Committee meetings, whether confirmed or unconfirmed at the time of the closing of the University Council agenda date, shall be included in the agenda papers of the University Council for noting.

The minutes of the Committee meetings shall be confirmed as a true and correct record of the meeting.

In addition to other requirements established by the Rules of the University Council, the agenda and confirmed minutes of the Committee are to be distributed to the following persons:

  • The Vice Chancellor
  • Deputy Vice-Chancellors
  • Chief Operating Officer and Deputy Vice-Chancellor
  • Chief Financial Officer
  • Director, Human Resources
  • Director Property
  • Chief Information Officer
  • General Counsel
  • Director, Risk and Assurance
  • Internal auditor
  • External auditor

5.5 Access

In exercising its functions the Committee may:

  • Require the attendance at a meeting of the Committee of:
    • Any employee, external consultant or contractor of the University
    • A member of the Council
  • Require the production of any document in the custody and or control of the University
  • Obtain independent reviews or external advice, as required, after advising the Vice-Chancellor

5.6 Conflicts of interest

Once a year the Committee members will provide written declarations to the Chancellor stating they do not have any conflicts of interest that would preclude them from being members of the Committee.

Committee members must declare any conflicts of interest at the start of each meeting in relation to agenda items or before discussion of any subsequent matter arising during the course of the meeting.

Where members or observers at Committee meetings are deemed to have a real or perceived conflict of interest it may be appropriate that they are excused from the Committee deliberations on the related matter.

5.7 Review of terms of reference

At least once a year the Committee will review its Terms of Reference. This will include consultation with the University Council. Any subsequent changes to the Terms of Reference will be recommended by the Committee and formally approved by the University Council.

5.8 Assessment arrangements

The University Council, in consultation with the Chair of the Committee, will establish a mechanism to review and report on the performance of the Committee, including the performance of the Chairman and each member, at least annually. The review will be conducted on a self-assessment basis (unless otherwise determined by the University Council) with appropriate input sought from the University Council, the internal and external auditors, management and any other relevant stakeholders, as determined by the University Council.


(as at April 2016)

* The Chancellor and Deputy Chancellor are members of the committee by virtue of their office, in accordance with the provisions of Section 21 of the Macquarie University By-Law 2005.

Back to the top of this page