Role and general purpose
Established in compliance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and PGPA Rule section 17 – Audit committee for Commonwealth entities, the general purpose and role of the Audit Risk Committee (ARC) is to provide independent advice to the Registrar of the Administrative Appeals Tribunal with the effective discharge of the Registrar’s responsibilities in the areas of financial and performance reporting, internal control systems and risk oversight and management systems. The ARC plays an advisory role and is authorised to exercise those powers expressly delegated to it in this charter. Other than to the Registrar, the ARC has no direct obligation to or from any management group, team or Division.
Members of the ARC are expected to understand and observe the requirements of the PGPA Act and rules. Members are also expected to:
- be proactive in identifying issues and risks that require further management attention;
- ask relevant questions, evaluate the answers and continue to probe for information until completely satisfied with the answers provided;
- encourage openness and transparency;
- work constructively with AAT management to achieve continuous improvement within the entity;
- express opinions, frankly, ask questions that draw out the key issues and pursue independent lines of enquiry;
- display a professional approach to duties, including an appropriate commitment of time and effort; and
convey technical matters to other members of the ARC, where members have been chosen for particular technical skills.
Unless otherwise required by law or expressly agreed by the Registrar, members of the ARC are required to keep Committee discussions, committee papers and deliberations confidential.
The ARC will be supported by the Registrar and his or her nominees, principally the Chief Corporate Officer, Chief Risk Officer, Chief Financial Officer (CFO) and Internal Auditors.
Authority and powers
The Registrar authorises the ARC, in accordance with its role and responsibilities, to:
- obtain any information it requires from any employee or external party (subject to any legal obligation to protect information);
- discuss any matters with the Australian National Audit Office (ANAO), external auditor, or other external parties (subject to confidentiality considerations);
- request the attendance of any employee or other person at a committee meeting; and
- obtain legal or other professional advice, as considered necessary to fulfill its role at the AAT’s expense, up to a limit of $5,000 or as otherwise authorised by the Registrar
The ARC may establish one or more sub-committee/s to assist the full ARC in meeting its responsibilities, in consultation with the Registrar.
Composition and skills
Membership - The ARC shall comprise a total of five members. This includes an Independent Chair and four members appointed by the Registrar and shall incorporate at least three members who are independent and external to AAT. From 1 July 2021 all ARC members are to be independent and external to the AAT, with a majority of members being persons who are not officials of any Commonwealth entity.
The Registrar may wish to appoint internal members as Special Advisors to the committee.
The ARC is authorised to appoint a Deputy Chair who will act as chair in the absence of the Chair.
Observers - The Registrar, Chief Corporate Officer, Chief Risk Officer, Chief Financial Officer, or other management representatives may attend meetings as advisers or observers, as determined by the ARC. A representative(s) of the ANAO will be invited to attend meetings of the ARC, as an observer.
ARC members and any Special Advisors will be appointed for an initial period determined by the Registrar. Members may be re-appointed after a formal review of their performance, for further periods as specified by the Registrar.
The ARC, taken collectively, will have a broad range of skills and experience appropriate to carry out its responsibilities in an efficient, effective and ethical manner. Collectively, the ARC will have the following knowledge or expertise:
- the operations and framework of the AAT;
- risk identification, evaluation, and management;
- project and program management;
- information management and security;
- the operations of government and the public sector including information technology systems and controls;
- the roles of internal and external audit;
- the application of accounting, auditing and assurance standards;
- relevant legislative and other policy requirements of the entity;
- public sector reporting requirements, including financial and performance reporting; and
- internal control, compliance activities and fraud control
Functions and responsibilities
The ARC’s functions and responsibilities are set out below.
- Review the annual financial statements and provide advice and recommendations to the Registrar, including recommending their signing by the Registrar. In particular, the ARC will review:
- the AAT’s compliance with the PGPA Act, the PGPA Rules, the Accounting standards and supporting guidance,
- information ((other than annual financial statements) requested by Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package
- processes and systems for preparing financial reporting information, including financial record keeping
- the auditor’s judgments about the adequacy and appropriateness of the AAT’s accounting policies and the quality of the AAT’s processes for the preparation of the AAT’s financial statements, through discussions with the ANAO, and
- whether appropriate management action has been taken in response to any issues raised by the ANAO, including financial statement adjustments or revised disclosures.
- Review the processes in place designed to ensure that financial information included in the AAT’s annual report is consistent with the signed financial statements.
- Assess whether external reporting is consistent with information and knowledge held by ARC members and is adequate for the needs of the AAT.
- Review and make recommendations to the Registrar for approval of changes to accounting policies and treatments having an impact on external reporting.
Review and provide advice on the appropriateness of the AAT’s systems and procedures for assessing, monitoring and reporting the achievement of the AAT’s performance. In particular, the committee will satisfy itself that:
The AAT’s Portfolio Budget Statements and corporate plan include details of how the AAT’s performance will be measured and assessed
The AAT’s approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and corporate plan is sound, and has taken into account the Commonwealth performance framework . This may include reviewing, over time, elements of the performance measures.
The AAT has sound processes in place for the preparation of its annual Performance Statement and the inclusion of the Statement in its annual report, and
The AAT’s proposed Performance Statement is not inconsistent with the AAT’s financial information, including its financial statements that it proposes to include in its annual report.
Risk oversight and management
Review whether management has in place a current and sound enterprise risk management policy framework and associated internal controls for effective identification and management of the AAT’s business and financial risks, in keeping with Commonwealth Risk Management Policy
Review the approach to managing the AAT’s key risks, including those associated with individual projects and program implementation and activities
Review the process of developing and implementing the AAT’s fraud control arrangements and whether the AAT has appropriate processes and systems in place to detect, capture and effectively respond to fraud risks
Review reports on fraud from management that outline any significant or systematic allegations of fraud, the status of any ongoing investigations and any changes to identify fraud risk in the AAT
Periodically assess whether the AAT has or needs an AAT-wide assurance map that identifies the AAT’s key business and operational risks and relevant assurance arrangements
Internal control framework
Review management’s approach to implementing and reviewing an effective internal control framework; this framework should include controls in relation to functions performed by external parties such as contractors and advisers.
Review whether management has in place relevant policies and procedures, including Accountable Authority Instructions or their equivalent and delegations and authorisations, a business continuity management plan and that these are periodically reviewed and updated.
Satisfy the committee that appropriate processes are in place to assess whether key policies and procedures such as WHS, information security etc. are complied with.
Legislative and policy compliance
- Review the effectiveness of systems for monitoring AAT’s compliance with laws, regulations and government policies with which the AAT must comply.
- Determining whether management has adequately considered legal and compliance risks as part of the entity’s enterprise risk management framework, fraud control framework and planning.
Reviewing management’s approach to maintaining an effective internal security system (including complying with the Protective Security Policy Framework—and ICT security policy.
Internal audit coverage
Review the proposed internal audit coverage, ensure the coverage takes into account the AAT’s key risks, and recommend approval of the Internal Audit Plan by the Registrar or nominated delegate.
Review all audit reports and provide advice to the Registrar on significant issues identified in audit reports and recommend action on significant issues raised, including identification and dissemination of good practice.
Obtain regular reports from the outsourced internal audit service provider/s, on the overall status of the AAT’s internal audit activities and monitor management’s implementation of internal audit recommendations.
Periodically review the performance of internal audit and report the results to the Registrar.
Provide advice to the Registrar on the appointment of the internal audit service provider where the internal audit function is outsourced or co-sourced.
Periodically meet privately with the internal audit service provider/s.
External Audit - engagement with the ANAO
Provide input on planned ANAO financial statement and performance audit coverage
Monitor management’s responses to all ANAO financial statement management letters and performance audit reports, including the implementation of audit recommendations
Act as a forum for communication between AAT management and the ANAO.
Provide advice to the Registrar on action to be taken on significant issues raised in relevant ANAO reports or better practice guides
Meet privately with the ANAO at least once per year.
- Periodically review the AAT’s governance arrangements or elements of the arrangements as determined by the Registrar and suggest improvements, where appropriate, to the Registrar.
Parliamentary committee reports, external reviews and evaluations
- Satisfy the committee that the AAT has appropriate mechanisms in place to review relevant parliamentary committee reports, external reviews and evaluations of the AAT and implement where appropriate any recommendation arising.
Business continuity management
- Assess whether the AAT has a sound approach to business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested.
Ethical and lawful conduct
- Assess whether management has taken steps to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct.
- Undertake other activities related to its responsibilities as requested by the Registrar.
The ARC will, as often as necessary and at least once per year, report to the Registrar on its operation and activities during the year and confirm to the Registrar that all functions outlined in this charter have been satisfactorily addressed.
The audit committee will provide a statement to the accountable authority:
- whether the annual financial statements, in the committee’s view, comply with the PGPA Act, the PGPA Rules, the Accounting Standards and supporting guidance;
- whether additional entity information (other than financial statements) required by Finance for the purpose of preparing the Australian Government consolidated financial statements (including the supplementary reporting package) comply with the PGPA Act, the PGPA Rules, the Accounting Standards and supporting guidance;
- in respect of the appropriateness of the entity’s financial reporting, with reference to any specific areas of concern or suggestions for improvement.
The audit committee will provide a statement to the accountable authority whether, in their view, the accountable authority’s annual performance statements and performance reporting as a whole is appropriate, with reference to any specific areas of concern or suggestions for improvement.
The audit committee will provide a statement to the accountable authority whether in their view, the accountable authority’s system of risk oversight and management as a whole is appropriate (with reference to the Commonwealth Risk Management Policy for NCEs) and any specific areas of concern or suggestions for improvement.
The audit committee will provide a statement to the accountable authority whether the accountable authority’s system of internal control is appropriate for the entity, with reference to any specific areas of concern or suggestions for improvement.
The ARC may, at any time, report to the Registrar any other matter it deems of sufficient importance to do so. In addition, at any time an individual committee member may request a meeting with the Registrar.
Administrative and other arrangements
The ARC will develop an annual work plan that outlines the activities to be undertaken to achieve the ARC’s functions as outlined in this charter. A forward meeting schedule will be implemented, which includes dates and proposed agenda items for each meeting for the forthcoming year.
The ARC will meet at least four times per year. One or more special meetings may be held to review the AAT’s annual financial statements and performance statements or to meet other specific responsibilities of the ARC.
The Chair is required to call a meeting if asked to do so by the Registrar and decide if a meeting is required if requested by another member, internal auditor or the ANAO.
A quorum will consist of a majority of ARC members. Where there is more than one external member on the ARC, a quorum will include at least one external member. The quorum must be in place at all times during the meeting.
Conflicts of interest
Once each year, members of the ARC will provide written declarations, through the Chair, to the Registrar, declaring any material personal interest they may have in relation to their responsibilities. External members should consider past employment, consultancy arrangements and related party issues in making these declarations and the Registrar, in consultation with the Chair, should be satisfied that there are sufficient processes in place to manager any real or perceived conflict.
At the beginning of each ARC meeting, members are also required to declare any material personal interests that may apply to specific matters on the meeting agenda. Where required by the Chair, the member will be excused from the meeting or from the ARC’s consideration of the relevant agenda items(s). The Chair is also responsible for deciding, in consultation with the Registrar where appropriate, if he/she should excuse themselves from the meeting or from the ARC’s consideration of the relevant agenda item(s).
Secretariat and meeting papers/minutes
The Governance and Reporting Officer will provide secretariat support to the ARC. The secretariat will ensure the agenda for each meeting is approved by the Chair; the agenda and supporting papers are circulated at least one week before the meeting; and ensure the minutes of the meetings are prepared and maintained. Minutes must be reviewed by the Chair and circulated in a timely manner to each member and committee advisor and observer as appropriate.
New members will receive relevant information and briefings on their appointment to assist them to meet their ARC responsibilities.
The Chair of the ARC, in conjunction with the Registrar, will undertake a review of the performance of the ARC at least once every two years. The review will be conducted on a self-assessment basis (unless otherwise determined by the Registrar) with appropriate input sought from the Registrar, ARC members, senior management, internal audit, the ANAO and any other relevant stakeholders as determined by the Registrar.
The Chair will provide advice to the Registrar on an external member’s performance where an extension of the member’s tenure is being considered.
Review of this charter
The ARC will review this charter and performance of the ARC periodically. This review will include consultation with the Registrar. Any substantive changes to the charter will be recommended by the ARC to the Registrar.