Audit and Risk committee
Standing Committee on Audit and Risk
Terms of Reference
The University Council has established the Audit and Risk Committee (“the Committee”). These Terms of Reference set out the Committee’s objectives, authority, composition and tenure and roles and responsibilities. The procedures for the Committee are set out in the procedures for Council Committees and these Terms of Reference should be read in conjunction with the procedures for Council Committees document.
The objective of the Committee is to provide independent assistance to the University Council by overseeing and monitoring the governance, risk and control and compliance frameworks, and external accountability requirements of the University and its controlled entities (“the University”). The Committee is an integral component of the University’s corporate governance arrangements, and its responsibilities generally cover the review and oversight of the following areas:
- Internal audit
- External audit
- Risk management
- Internal controls
- Corruption and fraud prevention
- External accountability (including the financial statements)
- Compliance with applicable laws and regulations
The Committee does not have delegated financial responsibility or any management functions and has no executive powers.
- The Committee will be constituted by up to five external members of Council appointed by Council on the recommendation of the Nominations and Remuneration Committee
- Council may appoint up to three additional persons external to the University who are appropriately qualified on the recommendation of the Nominations and Remuneration Committee.
- The Nominations and Remuneration Committee will maintain a skills matrix to ensure the Committee is comprised of an appropriate mix of skills and any recommendations for changes to Committee membership will be in consultation with the Chair of the Committee.
No member of the Committee may be a member of the University executive or management.
4. Roles and responsibilities
The Committee is directly responsible and accountable to the University Council for the exercise of its responsibilities.
The Committee’s responsibilities are set out below:
4.1 Risk management
4.1.1 Review whether management has in place a current and appropriate risk management process, and associated procedures for effective identification and management of the University’s financial and business risks, including fraud and corruption.
4.1.2 Review whether a sound and effective approach has been followed in developing strategic risk management plans for major operations or projects.
4.1.3 Review the impact of the University’s risk management process on its control environment and insurance arrangements.
4.1.4 Review the adequacy of the University’s insurance arrangements on an annual basis.
4.1.5 Review whether a sound and effective approach has been followed in establishing the University’s business continuity planning arrangements, including whether disaster recovery plans are in place and have been tested periodically.
4.1.6 Review the University’s fraud control plan and satisfy itself that the University has appropriate processes and systems in place to capture and effectively investigate fraud related information.
4.1.7 Satisfy itself that management periodically assesses the adequacy of the University’s information security infrastructure
4.2 Control framework
4.2.1 Review whether management’s approach to maintaining an effective Internal Control Framework, including over external parties such as contractors, advisors or outsourced service providers, is sound and effective.
4.2.2 Review whether management has in place relevant internal control policies and procedures, and that these are periodically reviewed and updated.
4.2.3 Determine whether the appropriate processes are in place to assess, at least once a year, whether policies and procedures are complied with.
4.2.4 Review whether appropriate policies and procedures are in place for management and exercise of delegations.
4.2.5 Assess how management identifies any required changes to the design or implementation of internal controls.
4.2.6 Monitor strategies to enhance a culture which is committed to ethical and lawful behaviour.
4.3 External accountability
4.3.1 Review the annual statutory financial statements and provide advice to the University Council (including whether appropriate action has been taken in response to audit recommendations and adjustments), and recommend their approval and signing.
4.3.2 Satisfy itself that the financial statements are supported by appropriate management signoff on the statements and on the adequacy of the systems of internal controls.
4.4 Compliance with applicable laws and regulations
4.4.1 Determine whether management has appropriately considered legal and compliance risks as part of the University’s risk assessment and management arrangements.
4.4.2 Review the effectiveness of the system for monitoring the University’s compliance with applicable laws and regulations, and associated government policies.
4.4.3 Provide advice to the Council regarding the issue of the University’s annual Certificate of Compliance, or equivalent report.
4.5 Internal audit
4.5.1 Act as a forum for communication between the University Council, senior executives and management and internal and external audit.
4.5.2 Review the internal audit coverage and annual work plan, ensure that the plan is consistent with the University’s risk profile, and approve the plan.
4.5.3 Review and assess the adequacy of internal audit resources to carry out its responsibilities including the completion of the internal audit plan.
4.5.4 Oversee the coordination of internal audit programs and other review functions.
4.5.5 Review all internal audit reports and provide advice, where appropriate, to the University Council on significant issues identified and action taken on issues raised, including identification and dissemination of better practice.
4.5.6 Monitor management’s implementation of internal audit recommendations.
4.5.7 Review and approve the internal audit charter at least annually to ensure appropriate organisational structures, authority, access and reporting arrangements are in place.
4.5.8 Review the performance of internal audit annually.
4.5.9 Oversee a Tender for internal audit services to include review of tender documents and selection of candidates as required.
4.5.10 Provide advice to the University Council on the appointment or replacement of the Internal Auditor.
4.5.11 Review the entity-wide assurance map that identifies the entity’s key assurance arrangements.
4.5.12 Meet with the Internal Auditor without management present on a regular basis.
4.6 External audit
4.6.1 Act as a forum for communication between the University Council, senior executives and management and internal and external auditor.
4.6.2 Provide input and feedback on the financial statements audit coverage and plans proposed by external audit.
4.6.3 Assess the performance of the external auditor annually and provide feedback to the auditor on the services provided.
4.6.4 Review reports issued by external audit and monitor management’s timely implementation of external audit recommendations.
4.6.5 Provide advice to the University Council on action taken on significant issues raised by external audit.
4.6.6 Meet with the External Auditor without management present on a regular basis.
4.7 Audit & Risk Committees of controlled entities
4.7.1 Review Terms of Reference of Audit & Risk Committees constituted by controlled entities, and provide feedback and recommendations, if any, to the Chair of those committees as appropriate.
4.7.2 Review and consider minutes of meetings of Audit & Risk Committees of controlled entities.
5. Version history
5.1 Approval authority
5.2 Version 1 date
10 April 2014
5.3 Subsequent versions
14 December 2017
(as at 1 March 2019)
Mr Frank Zipfinger (Chair)
Ms Deborah Hadwen
Ms Jingmin Qian
Dr Roger Millar
Mr David McKean
Mr Michael Book