Audit and Risk Committee Principal Department Charter Complies with Internal Audit & Risk Management Policy TPP 15-03 and the 2013 IPPF Standards Last reviewed: September 2015 Contact: Chief Audit Executive Review history April 2010 First published, based on model in TPP 09-05 Aug 2011, Apr 2012, Oct 2012, Mar 2013, July 2013 Annexures only Regular updates August 2013 Updated as Principal Department Charter, paired with the new Shared Arrangement Charter September 2015 Updated based on the new model charter in TPP 15-03 Preface The Secretary, NSW Treasury (“the Secretary”) established the Audit and Risk Committee (‘the Committee’) in compliance with the Internal Audit and Risk Management Policy for the NSW Public Sector, TPP 09-05. Following the replacement of that policy on 1 July 2015, the Secretary has ensured the Committee complies with the new TPP 15-03, and that this Charter has been revised in alignment with the model Charter in the new policy. Treasury is the Principal Department in a Shared Arrangement Agreement with other entities. Annexure 1 (attached) defines what constitutes the Principal Department and what entities belong to the Shared Arrangement Agreement (which has its own Committee Charter). The Treasury Audit & Risk Committee advises the Secretary in relation to the Principal Department and all of the other entities for which he is Chief Executive Officer. The Treasury (Principal Department) Committee also oversees audit and risk for the Total State Sector Accounts. This charter sets out the Committee’s objectives, authority, composition and tenure, roles and responsibilities, reporting and administrative arrangements. Objective The objective of the Committee is to provide independent assistance to the Secretary by monitoring, reviewing and providing advice about Treasury’s governance processes, risk management and control frameworks, and its external accountability obligations. Authority The Secretary authorises the Committee, within the scope of its role and responsibilities, to: obtain any information it needs from any employee and/or external party (subject to their legal obligation to protect information) discuss any matters with the external auditor, or other external parties (subject to confidentiality considerations) request the attendance of any employee, including the Secretary, at committee meetings obtain external legal or other professional advice, as considered necessary to meet its responsibilities. The payment of costs for that advice by the agency is subject to the prior approval of the Secretary. Composition and tenure The Committee will consist of at least three (3) members, and no more than five (5) members 1, appointed by the Secretary. The Secretary will appoint the chair and members of the Committee. The chair is counted as one member of the Committee. Members will be appointed for an initial period of no less than three (3) years and not exceeding five (5) years, after which they will be eligible for extension or re-appointment for a further term(s) subject to a formal review of their performance by the Secretary. No individual’s total term on the Committee will exceed eight (8) years. 1 Inclusive of the Chair. Audit and Risk Committee Principal Department Charter 1 The chair must be appointed for one (1) term only for a period of at least three (3) years, with a maximum period of five (5) years. The term of appointment for the chair can be extended but any extension must not cause the total term to exceed five (5) years as a chair of the Audit and Risk Committee. Current employees of all NSW government sector agencies2 other than State Owned Corporations cannot serve as members or chairs of an Audit and Risk Committee. The members should collectively develop, possess and maintain a broad range of skills and experience relevant to the operations, governance and financial management of Treasury, the environment in which Treasury operates and the contribution that the Committee makes to Treasury. At least one member of the Committee must have accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment. Roles and responsibilities The Committee has no executive powers. The Committee is directly responsible and accountable to the Secretary for the exercise of its responsibilities. In carrying out its responsibilities, the Committee must at all times recognise that primary responsibility for management of Treasury rests with the Secretary. The responsibilities of the Committee may be revised or expanded in consultation with, or as requested by, the Secretary from time to time. The Committee’s responsibilities are to: Risk management 2 review whether management has in place a current and appropriate risk management framework that is consistent with AS/NZS ISO 31000:2009 review risk management plans and provide advice to the Secretary seek assurance from management and Internal Audit that risk management processes are operating effectively seek assurance from management and Internal Audit as to the adequacy and effectiveness of internal controls review risk reports and provide advice to the Secretary review whether a sound and effective approach has been followed in developing risk management plans for major projects or undertakings review the impact of the agency’s risk management on its control environment and insurance arrangements review the agency’s fraud control plan and be satisfied that the agency has appropriate processes and systems in place to capture and effectively investigate fraud related information review whether a sound and effective approach has been followed in establishing the agency’s business continuity planning arrangements, including whether disaster recovery plans have been tested periodically. Government sector is defined in the Government Sector Employment Act 2013. Audit and Risk Committee Principal Department Charter 2 Control framework review whether management’s approach to maintaining an effective internal control framework, including over external parties such as contractors and advisors, is sound and effective review whether management has in place relevant policies and procedures, and that these are periodically reviewed and updated determine whether the appropriate processes are in place to assess, at least once a year, whether laws, regulations, policies and procedures are complied with review whether appropriate policies and procedures are in place for the management and exercise of delegations consider how management identifies any required changes to the design or implementation of internal controls review whether management has taken steps to embed a culture which is committed to ethical and lawful behaviour receive from management reports on all suspected and actual frauds, thefts and breaches of laws while making it clear that a report to the Committee will not be eligible as a public interest disclosure, provide a line of communication so that employees may raise issues of concern relating to the management of Treasury’s physical and financial resources, or to the accuracy or sufficiency of information being provided to managers or the Secretary. External accountability assess the policies and procedures for management review and consideration of the financial position and performance of the agency including the frequency and nature of that review (including the approach taken to addressing variances and budget risks) review procedures around early close and year-end review the financial statements and provide advice to the Secretary (including whether appropriate action has been taken in response to audit recommendations and adjustments), and recommend their signing by the Secretary satisfy itself that the financial statements are supported by appropriate management signoff on the statements review the Chief Financial Officer Letter of Certification and supporting documentation (consistent with NSW Treasury Policy and Guidelines Paper Certifying the Effectiveness of Internal Controls over Financial Information (TPP 14-05) review cash management policies and procedures review policies and procedures for collection, management and disbursement of grants and tied funding. review the processes in place designed to ensure that financial information included in Treasury’s annual report is consistent with the signed financial statements undertake all of the above in relation to the Total State Sector Accounts as well as those of the Principal Department satisfy itself that Treasury has a performance management framework that is linked to organisational objectives and outcomes. Compliance with applicable laws and regulations determine whether management has appropriately considered legal and compliance risks as part of Treasury’s risk assessment and management arrangements review the effectiveness of the system for monitoring Treasury’s compliance with applicable laws and regulations, and associated government policies. Audit and Risk Committee Principal Department Charter 3 Internal audit act as a forum for communication between the Secretary, senior management and internal and external audit review and provide advice to the Secretary on the internal audit policies and procedures review the risk based audit methodology review the internal audit coverage and annual work plan, ensure the plan is based on Treasury’s risk management plan, and recommend approval of the plan by the Secretary advise the Secretary on the adequacy of internal audit resources, including outsourced service providers, to carry out its responsibilities, including completion of the approved internal audit plan oversee the coordination of audit programs conducted by internal and external audit and other review functions review audit findings and related recommendations that have been assessed as the most significant, according to the risk the audit finding represents to the agency if the recommendation(s) related to the finding are not implemented provide advice to the Secretary on significant issues identified in audit reports and action taken on these issues, including identification and dissemination of good practice monitor management’s implementation of internal audit recommendations review the internal audit charter to ensure appropriate organisational structures, authority, access and reporting arrangements are in place periodically review the performance of internal audit and the Chief Audit Executive provide advice to the Secretary on the results of any external assessments of the internal audit function provide advice to the Secretary on whether the Chief Audit Executive should be a dedicated role within the agency provide advice to the Secretary on the appointment or replacement of the Chief Audit Executive and recommend to the Secretary the appointment or replacement of external internal audit service providers. External audit act as a forum for communication between Treasury, senior management and internal and external audit provide input and feedback on the financial statement and performance audit coverage proposed by external audit and provide feedback on the audit services provided review all external plans and reports in respect of planned or completed audits and monitor management’s implementation of audit recommendations provide advice to the Secretary on action taken on significant issues raised in relevant external audit reports and better practice guides review the Audit Office tabled Reports to Parliament concerning the Report on State Finances and the entities comprising the Principal Department Treasury, discuss any significant operational or financial issues raised in those reports, and monitor management’s follow-through in relation to agreed recommendations. Responsibilities of members Members of the Committee are expected to understand and observe the requirements of the Internal Audit and Risk Management Policy, TPP 15-03. Members are also expected to: make themselves available as required to attend and participate in meetings contribute the time needed to study and understand the papers provided apply good analytical skills, objectivity and good judgement Audit and Risk Committee Principal Department Charter 4 abide by the relevant ethical codes that apply to employment within the NSW public sector express opinions frankly, ask questions that go to the fundamental core of the issue and pursue independent lines of enquiry maintain strict confidentiality, even after their terms on the Committee end, and declare any real or perceived conflicts of interest proactively and promptly. Reporting The Committee will regularly, but at least once a year, report to the Secretary on its operation and activities during the year. The report should include: an overall assessment of Treasury’s risk, control and compliance framework, including details of any significant emerging risks or legislative changes impacting Treasury a summary of the work the Committee performed to fully discharge its responsibilities during the preceding year details of meetings, including the number of meetings held during the relevant period, and the number of meetings each member attended. a summary of Treasury’s progress in addressing the findings and recommendations made in internal and external reports a summary of the Committee’s assessment of the performance of internal audit The Committee may, at any time, report to the Secretary any other matter it deems of sufficient importance to do so. In addition, at any time an individual committee member may request a meeting with the Secretary. Reporting Lines The Committee must at all times ensure it maintains a direct reporting line to and from internal audit and act as a mechanism for internal audit to report to the Secretary on functional matters. The following reporting line is prescribed: Audit and Risk Committee Principal Department Charter 5 Administrative arrangements Meetings The Committee will meet at least four (4) times per year. A special meeting may be held to review Treasury’s annual financial statements, with additional meetings to consider the statements of the Crown Entity and the NSW General Government and Total State Sector financial statements. The chair is required to call a meeting if requested to do so by the Secretary or another Committee member. A meeting plan, including meeting dates and agenda items, will be agreed by the Committee each year. The meeting plan will cover all of the Committee’s responsibilities as detailed in this charter. Attendance at meetings and quorums A quorum will consist of a majority of Committee members. A quorum must include at least two (2) independent members. Meetings can be held in person, by telephone or by video conference. The Secretary may attend the meetings of the Audit and Risk Committee. Committee members are able to have in-camera discussions if necessary. The Chief Audit Executive, Chief Risk Officer (as relevant), external audit representatives and any other agency representatives may attend Committee meetings, except where the Committee members wish to have in-camera discussions. The Committee may also request the Chief Finance Officers with responsibility for Treasury, Crown and the Total State Sector, or other employees or service providers, to attend committee meetings or participate for certain agenda items. The Committee will meet separately with both the internal and external auditors at least once a year. Dispute Resolution Members of the Committee and Treasury’s management should maintain an effective working relationship, and seek to resolve differences by way of open negotiation. However, in the event of a disagreement between the Committee and management, including the Secretary, the chair may, as a last resort, refer the matter to the Secretary of the Department of Premier and Cabinet to be dealt with independently3. Secretariat The Secretary will appoint a person or persons to provide secretariat support to the Committee. The Secretariat will ensure the agenda for each meeting and supporting papers are circulated, after approval from the chair, at least one (1) week before the meeting, and ensure the minutes of the meetings are prepared and maintained. Minutes must be approved by the chair and circulated within two (2) weeks of the meeting to each member and committee observers, as appropriate. Minutes must be accompanied by a list of Action Items detailing matters requiring attention as a result of the Committee’s deliberations. Because of the length of time between most meetings, copies of minutes of Committee meetings, including the list of action items, shall be provided to the Secretary after approval by the Chair but before finalisation. In this way the Secretary is kept is up-to-date and his questions and comments can be taken into account. Each set of Minutes will be confirmed at the next meeting, by at least a majority of Committee members. 3 For all other agencies the referral is to Treasury. This is clearly impractical in Treasury’s case. Audit and Risk Committee Principal Department Charter 6 Reports from the internal auditor and the external auditor will be provided to members. So will reports from Parliamentary and other relevant reviews involving Treasury’s operations, if they contain recommendations for improvement or reform of those operations. Conflicts of interest Once a year the Committee members will provide written declarations to the Secretary stating they do not have any conflicts of interest that would preclude them from being members of the Committee. Committee members must declare any conflicts of interest at the start of each meeting or before discussion of the relevant agenda item or topic. Details of any conflicts of interest should be appropriately minuted. Where members or observers at Committee meetings are deemed to have a real, or perceived, conflict of interest it may be appropriate that they are excused from Committee deliberations on the issue where a conflict of interest exists. Induction New members will receive relevant information and briefings on their appointment to assist them to meet their Committee responsibilities. Assessment arrangements The Secretary, in consultation with the chair of the Committee, will establish a mechanism to review and report on the performance of the Committee, including the performance of the chair and each member, at least annually. The review will be conducted on a self-assessment basis (unless otherwise determined by the Secretary) with appropriate input sought from the Secretary, the internal and external auditors, the Chief Audit Executive, the Chief Risk Officer (as relevant), management and any other relevant stakeholders, as determined by the Secretary. Review of charter At least once a year the Committee will review this Charter. This review will include consultation with the Secretary. Any substantive changes to this Charter will be recommended by the Committee and formally approved by the Secretary. Publication of charter This Charter will be published on the Treasury intranet and website. Signatories Reviewed by the Chair of the Treasury Audit and Risk Committee, Peter Lucas Reviewed by the Secretary of the Treasury, Rob Whitfield ___________________________________ ______________________________________ Date:______________________________ Date:_________________________________ Audit and Risk Committee Principal Department Charter 7 Annexure 1 Treasury Cluster: Audit & Risk Committee arrangements Section 1: Principal Department The Principal Department Audit & Risk Committee Charter applies to NSW Treasury. For the purposes of the Treasury (Principal Department) Audit & Risk Committee, it is agreed that the term “Treasury” means the department known as NSW Treasury, including the Crown Finance Entity. It also includes the Industrial Relations Division, which reports through the Secretary to the Minister for Industrial Relations. The Principal Department Committee also acts as the Audit & Risk Committee for the Total State Sector Accounts. Section 2: Participants in the Shared Arrangement Agreement A separate Shared Arrangement Agreement Audit & Risk Committee Charter covers the entities in this section. a) Entities for which the Treasury Secretary is CEO Electricity Assets Ministerial Holding Corporation Liability Management Ministerial Corporation Lotteries Assets Ministerial Holding Corporation State Rail Authority Residual Holding Corporation Ports Assets Ministerial Holding Corporation b) Entities for which the Treasury Secretary is NOT the CEO4 Port Botany Lessor Pty Limited (Directors) Port Kembla Lessor Pty Limited (Directors) Port of Newcastle Lessor Pty Limited (Directors) Section 3: Exclusions The Shared Arrangement Agreement does not apply to the following entities, which have their own Audit & Risk Committees: 4 New South Wales Treasury Corporation (TCorp) Long Service Corporation (LSC) Internal Audit Bureau of NSW (IAB) SAS Trustee Corporation Trustees of the Parliamentary Contributory Superannuation Fund The office which operates as CEO or Board for the purposes of TPP 15-03 is shown in parentheses following each entity. Audit and Risk Committee Principal Department Charter 8 Nor does the Shared Arrangement agreement apply to: Hunter Valley Training Company Pty Ltd Energy Industries Superannuation Scheme Pty Limited Police Superannuation Advisory Committee Superannuation Administration Corporation (trading as Pillar) These entities are not required to meet the obligations of TPP 15-03, as they are not included in Schedule 2 or 3 of the Public Finance and Audit Act 1983. Cobbora Holding Company Pty Ltd is a standalone Corporations Act company with the Treasurer as sole shareholder. It is not a formal part of the Treasury cluster, but Treasury has an oversight role. Neither the Principal Department Charter nor the Shared Arrangement Charter has any application to the entities listed under “Exclusions”. Audit and Risk Committee Principal Department Charter 9 Annexure 2 List of all Agencies/Entities in the Treasury Cluster ** Indicates a Schedule 2 agency (statutory body) under the Public Finance & Audit Act 1983. *** Indicates a Schedule 3 agency (government department) under the Public Finance & Audit Act 1983. Schedule 2 and 3 agencies must comply with TPP 15-03. It is good practice for the others. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. The Treasury*** Crown Finance Entity Electricity Assets Ministerial Holding Corporation Hunter Valley Training Company Pty Ltd Liability Management Ministerial Corporation** Lotteries Assets Ministerial Holding Corporation State Rail Authority Residual Holding Corporation** Ports Assets Ministerial Holding Corporation Port Botany Lessor Pty Limited Port Kembla Lessor Pty Limited Port of Newcastle Lessor Pty Limited New South Wales Long Service Corporation** Internal Audit Bureau** New South Wales Treasury Corporation** SAS Trustee Corporation** Trustees of the Parliamentary Contributory Superannuation Fund** Superannuation Administration Corporation (trading as Pillar) Energy Industries Superannuation Scheme Pty Limited Police Superannuation Advisory Committee Audit and Risk Committee Principal Department Charter 10