Audit and Risk Committee Principal Department

advertisement
Audit and Risk Committee
Principal Department
Charter
Complies with Internal Audit & Risk Management Policy TPP 15-03 and the 2013 IPPF Standards
Last reviewed: September 2015
Contact: Chief Audit Executive
Review history
April 2010
First published, based on model in TPP 09-05
Aug 2011, Apr 2012, Oct 2012,
Mar 2013, July 2013 Annexures only
Regular updates
August 2013
Updated as Principal Department Charter, paired with
the new Shared Arrangement Charter
September 2015
Updated based on the new model charter in TPP 15-03
Preface
The Secretary, NSW Treasury (“the Secretary”) established the Audit and Risk Committee (‘the
Committee’) in compliance with the Internal Audit and Risk Management Policy for the NSW Public
Sector, TPP 09-05. Following the replacement of that policy on 1 July 2015, the Secretary has
ensured the Committee complies with the new TPP 15-03, and that this Charter has been revised in
alignment with the model Charter in the new policy.
Treasury is the Principal Department in a Shared Arrangement Agreement with other entities.
Annexure 1 (attached) defines what constitutes the Principal Department and what entities belong to
the Shared Arrangement Agreement (which has its own Committee Charter). The Treasury Audit &
Risk Committee advises the Secretary in relation to the Principal Department and all of the other
entities for which he is Chief Executive Officer. The Treasury (Principal Department) Committee also
oversees audit and risk for the Total State Sector Accounts.
This charter sets out the Committee’s objectives, authority, composition and tenure, roles and
responsibilities, reporting and administrative arrangements.
Objective
The objective of the Committee is to provide independent assistance to the Secretary by monitoring,
reviewing and providing advice about Treasury’s governance processes, risk management and
control frameworks, and its external accountability obligations.
Authority
The Secretary authorises the Committee, within the scope of its role and responsibilities, to:

obtain any information it needs from any employee and/or external party (subject to their legal
obligation to protect information)

discuss any matters with the external auditor, or other external parties (subject to
confidentiality considerations)

request the attendance of any employee, including the Secretary, at committee meetings

obtain external legal or other professional advice, as considered necessary to meet its
responsibilities. The payment of costs for that advice by the agency is subject to the prior
approval of the Secretary.
Composition and tenure
The Committee will consist of at least three (3) members, and no more than five (5) members 1,
appointed by the Secretary.
The Secretary will appoint the chair and members of the Committee. The chair is counted as one
member of the Committee.
Members will be appointed for an initial period of no less than three (3) years and not exceeding five
(5) years, after which they will be eligible for extension or re-appointment for a further term(s) subject
to a formal review of their performance by the Secretary. No individual’s total term on the Committee
will exceed eight (8) years.
1
Inclusive of the Chair.
Audit and Risk Committee Principal Department Charter
1
The chair must be appointed for one (1) term only for a period of at least three (3) years, with a
maximum period of five (5) years. The term of appointment for the chair can be extended but any
extension must not cause the total term to exceed five (5) years as a chair of the Audit and Risk
Committee.
Current employees of all NSW government sector agencies2 other than State Owned Corporations
cannot serve as members or chairs of an Audit and Risk Committee.
The members should collectively develop, possess and maintain a broad range of skills and
experience relevant to the operations, governance and financial management of Treasury, the
environment in which Treasury operates and the contribution that the Committee makes to Treasury.
At least one member of the Committee must have accounting or related financial management
experience, with an understanding of accounting and auditing standards in a public sector
environment.
Roles and responsibilities
The Committee has no executive powers.
The Committee is directly responsible and accountable to the Secretary for the exercise of its
responsibilities. In carrying out its responsibilities, the Committee must at all times recognise that
primary responsibility for management of Treasury rests with the Secretary.
The responsibilities of the Committee may be revised or expanded in consultation with, or as
requested by, the Secretary from time to time.
The Committee’s responsibilities are to:
Risk management









2
review whether management has in place a current and appropriate risk management
framework that is consistent with AS/NZS ISO 31000:2009
review risk management plans and provide advice to the Secretary
seek assurance from management and Internal Audit that risk management processes are
operating effectively
seek assurance from management and Internal Audit as to the adequacy and effectiveness of
internal controls
review risk reports and provide advice to the Secretary
review whether a sound and effective approach has been followed in developing risk
management plans for major projects or undertakings
review the impact of the agency’s risk management on its control environment and insurance
arrangements
review the agency’s fraud control plan and be satisfied that the agency has appropriate
processes and systems in place to capture and effectively investigate fraud related information
review whether a sound and effective approach has been followed in establishing the
agency’s business continuity planning arrangements, including whether disaster recovery
plans have been tested periodically.
Government sector is defined in the Government Sector Employment Act 2013.
Audit and Risk Committee Principal Department Charter
2
Control framework








review whether management’s approach to maintaining an effective internal control framework,
including over external parties such as contractors and advisors, is sound and effective
review whether management has in place relevant policies and procedures, and that these are
periodically reviewed and updated
determine whether the appropriate processes are in place to assess, at least once a year,
whether laws, regulations, policies and procedures are complied with
review whether appropriate policies and procedures are in place for the management and
exercise of delegations
consider how management identifies any required changes to the design or implementation of
internal controls
review whether management has taken steps to embed a culture which is committed to ethical
and lawful behaviour
receive from management reports on all suspected and actual frauds, thefts and breaches of laws
while making it clear that a report to the Committee will not be eligible as a public interest
disclosure, provide a line of communication so that employees may raise issues of concern
relating to the management of Treasury’s physical and financial resources, or to the accuracy or
sufficiency of information being provided to managers or the Secretary.
External accountability










assess the policies and procedures for management review and consideration of the financial
position and performance of the agency including the frequency and nature of that review
(including the approach taken to addressing variances and budget risks)
review procedures around early close and year-end
review the financial statements and provide advice to the Secretary (including whether
appropriate action has been taken in response to audit recommendations and adjustments), and
recommend their signing by the Secretary
satisfy itself that the financial statements are supported by appropriate management signoff on
the statements
review the Chief Financial Officer Letter of Certification and supporting documentation (consistent
with NSW Treasury Policy and Guidelines Paper Certifying the Effectiveness of Internal Controls
over Financial Information (TPP 14-05)
review cash management policies and procedures
review policies and procedures for collection, management and disbursement of grants and tied
funding.
review the processes in place designed to ensure that financial information included in Treasury’s
annual report is consistent with the signed financial statements
undertake all of the above in relation to the Total State Sector Accounts as well as those of the
Principal Department
satisfy itself that Treasury has a performance management framework that is linked to
organisational objectives and outcomes.
Compliance with applicable laws and regulations
determine whether management has appropriately considered legal and compliance risks as part
of Treasury’s risk assessment and management arrangements
review the effectiveness of the system for monitoring Treasury’s compliance with applicable laws
and regulations, and associated government policies.
Audit and Risk Committee Principal Department Charter
3
Internal audit














act as a forum for communication between the Secretary, senior management and internal
and external audit
review and provide advice to the Secretary on the internal audit policies and procedures
review the risk based audit methodology
review the internal audit coverage and annual work plan, ensure the plan is based on
Treasury’s risk management plan, and recommend approval of the plan by the Secretary
advise the Secretary on the adequacy of internal audit resources, including outsourced
service providers, to carry out its responsibilities, including completion of the approved
internal audit plan
oversee the coordination of audit programs conducted by internal and external audit and other
review functions
review audit findings and related recommendations that have been assessed as the most
significant, according to the risk the audit finding represents to the agency if the
recommendation(s) related to the finding are not implemented
provide advice to the Secretary on significant issues identified in audit reports and action
taken on these issues, including identification and dissemination of good practice
monitor management’s implementation of internal audit recommendations
review the internal audit charter to ensure appropriate organisational structures, authority,
access and reporting arrangements are in place
periodically review the performance of internal audit and the Chief Audit Executive
provide advice to the Secretary on the results of any external assessments of the internal
audit function
provide advice to the Secretary on whether the Chief Audit Executive should be a dedicated
role within the agency
provide advice to the Secretary on the appointment or replacement of the Chief Audit
Executive and recommend to the Secretary the appointment or replacement of external
internal audit service providers.
External audit
act as a forum for communication between Treasury, senior management and internal and
external audit
provide input and feedback on the financial statement and performance audit coverage proposed
by external audit and provide feedback on the audit services provided
review all external plans and reports in respect of planned or completed audits and monitor
management’s implementation of audit recommendations
provide advice to the Secretary on action taken on significant issues raised in relevant external
audit reports and better practice guides

review the Audit Office tabled Reports to Parliament concerning the Report on State Finances
and the entities comprising the Principal Department Treasury, discuss any significant
operational or financial issues raised in those reports, and monitor management’s follow-through
in relation to agreed recommendations.
Responsibilities of members
Members of the Committee are expected to understand and observe the requirements of the Internal
Audit and Risk Management Policy, TPP 15-03. Members are also expected to:

make themselves available as required to attend and participate in meetings

contribute the time needed to study and understand the papers provided

apply good analytical skills, objectivity and good judgement
Audit and Risk Committee Principal Department Charter
4

abide by the relevant ethical codes that apply to employment within the NSW public
sector

express opinions frankly, ask questions that go to the fundamental core of the issue and
pursue independent lines of enquiry

maintain strict confidentiality, even after their terms on the Committee end, and declare any
real or perceived conflicts of interest proactively and promptly.
Reporting
The Committee will regularly, but at least once a year, report to the Secretary on its operation and
activities during the year. The report should include:
 an overall assessment of Treasury’s risk, control and compliance framework, including
details of any significant emerging risks or legislative changes impacting Treasury
 a summary of the work the Committee performed to fully discharge its responsibilities
during the preceding year
 details of meetings, including the number of meetings held during the relevant period, and
the number of meetings each member attended.
 a summary of Treasury’s progress in addressing the findings and recommendations made
in internal and external reports
 a summary of the Committee’s assessment of the performance of internal audit
The Committee may, at any time, report to the Secretary any other matter it deems of sufficient
importance to do so. In addition, at any time an individual committee member may request a meeting
with the Secretary.
Reporting Lines
The Committee must at all times ensure it maintains a direct reporting line to and from internal audit
and act as a mechanism for internal audit to report to the Secretary on functional matters.
The following reporting line is prescribed:
Audit and Risk Committee Principal Department Charter
5
Administrative arrangements
Meetings
The Committee will meet at least four (4) times per year. A special meeting may be held to review
Treasury’s annual financial statements, with additional meetings to consider the statements of the
Crown Entity and the NSW General Government and Total State Sector financial statements.
The chair is required to call a meeting if requested to do so by the Secretary or another Committee
member.
A meeting plan, including meeting dates and agenda items, will be agreed by the Committee each
year. The meeting plan will cover all of the Committee’s responsibilities as detailed in this charter.
Attendance at meetings and quorums
A quorum will consist of a majority of Committee members. A quorum must include at least two (2)
independent members.
Meetings can be held in person, by telephone or by video conference.
The Secretary may attend the meetings of the Audit and Risk Committee. Committee members are
able to have in-camera discussions if necessary. The Chief Audit Executive, Chief Risk Officer (as
relevant), external audit representatives and any other agency representatives may attend Committee
meetings, except where the Committee members wish to have in-camera discussions. The
Committee may also request the Chief Finance Officers with responsibility for Treasury, Crown and
the Total State Sector, or other employees or service providers, to attend committee meetings or
participate for certain agenda items.
The Committee will meet separately with both the internal and external auditors at least once a year.
Dispute Resolution
Members of the Committee and Treasury’s management should maintain an effective working
relationship, and seek to resolve differences by way of open negotiation. However, in the event of a
disagreement between the Committee and management, including the Secretary, the chair may, as a
last resort, refer the matter to the Secretary of the Department of Premier and Cabinet to be dealt with
independently3.
Secretariat
The Secretary will appoint a person or persons to provide secretariat support to the Committee. The
Secretariat will ensure the agenda for each meeting and supporting papers are circulated, after
approval from the chair, at least one (1) week before the meeting, and ensure the minutes of the
meetings are prepared and maintained. Minutes must be approved by the chair and circulated within
two (2) weeks of the meeting to each member and committee observers, as appropriate. Minutes
must be accompanied by a list of Action Items detailing matters requiring attention as a result of the
Committee’s deliberations.
Because of the length of time between most meetings, copies of minutes of Committee meetings,
including the list of action items, shall be provided to the Secretary after approval by the Chair but
before finalisation. In this way the Secretary is kept is up-to-date and his questions and comments
can be taken into account. Each set of Minutes will be confirmed at the next meeting, by at least a
majority of Committee members.
3
For all other agencies the referral is to Treasury. This is clearly impractical in Treasury’s case.
Audit and Risk Committee Principal Department Charter
6
Reports from the internal auditor and the external auditor will be provided to members. So will reports
from Parliamentary and other relevant reviews involving Treasury’s operations, if they contain
recommendations for improvement or reform of those operations.
Conflicts of interest
Once a year the Committee members will provide written declarations to the Secretary stating they do
not have any conflicts of interest that would preclude them from being members of the Committee.
Committee members must declare any conflicts of interest at the start of each meeting or before
discussion of the relevant agenda item or topic. Details of any conflicts of interest should be
appropriately minuted.
Where members or observers at Committee meetings are deemed to have a real, or perceived,
conflict of interest it may be appropriate that they are excused from Committee deliberations on the
issue where a conflict of interest exists.
Induction
New members will receive relevant information and briefings on their appointment to assist them to
meet their Committee responsibilities.
Assessment arrangements
The Secretary, in consultation with the chair of the Committee, will establish a mechanism to review
and report on the performance of the Committee, including the performance of the chair and each
member, at least annually. The review will be conducted on a self-assessment basis (unless
otherwise determined by the Secretary) with appropriate input sought from the Secretary, the internal
and external auditors, the Chief Audit Executive, the Chief Risk Officer (as relevant), management
and any other relevant stakeholders, as determined by the Secretary.
Review of charter
At least once a year the Committee will review this Charter. This review will include consultation with
the Secretary.
Any substantive changes to this Charter will be recommended by the Committee and formally
approved by the Secretary.
Publication of charter
This Charter will be published on the Treasury intranet and website.
Signatories
Reviewed by the Chair of the Treasury Audit
and Risk Committee, Peter Lucas
Reviewed by the Secretary of the Treasury,
Rob Whitfield
___________________________________
______________________________________
Date:______________________________
Date:_________________________________
Audit and Risk Committee Principal Department Charter
7
Annexure 1
Treasury Cluster: Audit & Risk Committee arrangements
Section 1:
Principal Department
The Principal Department Audit & Risk Committee Charter applies to NSW Treasury.
For the purposes of the Treasury (Principal Department) Audit & Risk Committee, it is
agreed that the term “Treasury” means the department known as NSW Treasury, including
the Crown Finance Entity. It also includes the Industrial Relations Division, which reports
through the Secretary to the Minister for Industrial Relations.
The Principal Department Committee also acts as the Audit & Risk Committee for the Total
State Sector Accounts.
Section 2:
Participants in the Shared Arrangement Agreement
A separate Shared Arrangement Agreement Audit & Risk Committee Charter covers the
entities in this section.
a) Entities for which the Treasury Secretary is CEO





Electricity Assets Ministerial Holding Corporation
Liability Management Ministerial Corporation
Lotteries Assets Ministerial Holding Corporation
State Rail Authority Residual Holding Corporation
Ports Assets Ministerial Holding Corporation
b) Entities for which the Treasury Secretary is NOT the CEO4



Port Botany Lessor Pty Limited (Directors)
Port Kembla Lessor Pty Limited (Directors)
Port of Newcastle Lessor Pty Limited (Directors)
Section 3:
Exclusions
The Shared Arrangement Agreement does not apply to the following entities, which have
their own Audit & Risk Committees:





4
New South Wales Treasury Corporation (TCorp)
Long Service Corporation (LSC)
Internal Audit Bureau of NSW (IAB)
SAS Trustee Corporation
Trustees of the Parliamentary Contributory Superannuation Fund
The office which operates as CEO or Board for the purposes of TPP 15-03 is shown in parentheses following each entity.
Audit and Risk Committee Principal Department Charter
8
Nor does the Shared Arrangement agreement apply to:




Hunter Valley Training Company Pty Ltd
Energy Industries Superannuation Scheme Pty Limited
Police Superannuation Advisory Committee
Superannuation Administration Corporation (trading as Pillar)
These entities are not required to meet the obligations of TPP 15-03, as they are not
included in Schedule 2 or 3 of the Public Finance and Audit Act 1983.
Cobbora Holding Company Pty Ltd is a standalone Corporations Act company with the
Treasurer as sole shareholder. It is not a formal part of the Treasury cluster, but
Treasury has an oversight role.
Neither the Principal Department Charter nor the Shared Arrangement Charter has any
application to the entities listed under “Exclusions”.
Audit and Risk Committee Principal Department Charter
9
Annexure 2
List of all Agencies/Entities in the Treasury Cluster
** Indicates a Schedule 2 agency (statutory body) under the Public Finance & Audit Act 1983.
*** Indicates a Schedule 3 agency (government department) under the Public Finance & Audit Act
1983.
Schedule 2 and 3 agencies must comply with TPP 15-03. It is good practice for the others.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
The Treasury***
Crown Finance Entity
Electricity Assets Ministerial Holding Corporation
Hunter Valley Training Company Pty Ltd
Liability Management Ministerial Corporation**
Lotteries Assets Ministerial Holding Corporation
State Rail Authority Residual Holding Corporation**
Ports Assets Ministerial Holding Corporation
Port Botany Lessor Pty Limited
Port Kembla Lessor Pty Limited
Port of Newcastle Lessor Pty Limited
New South Wales Long Service Corporation**
Internal Audit Bureau**
New South Wales Treasury Corporation**
SAS Trustee Corporation**
Trustees of the Parliamentary Contributory Superannuation Fund**
Superannuation Administration Corporation (trading as Pillar)
Energy Industries Superannuation Scheme Pty Limited
Police Superannuation Advisory Committee
Audit and Risk Committee Principal Department Charter
10
Download