Assurance and Audit Committee: committee charter
In accordance with subsection 45(1) of the Public Governance, Performance and Accountability Act 2013, the Secretary of the department established the Assurance and Audit Committee (the Committee).
Role and function of the Committee
Subsections 17(1) and 17(2) of the Public Governance, Performance and Accountability Rule 2014 (the Rule) established mandatory functions for audit committees:
- The accountable authority of a Commonwealth entity must, by written charter, determine the functions of the audit committee for the entity.
- The functions must include reviewing the appropriateness of the accountable authority's:
- financial reporting
- performance reporting
- system of risk oversight and management
- system of internal control
- The Committee will also review:
- internal audit resourcing and coverage in relation to the department's key risks, and recommending approval of the Internal Annual Audit and Assurance Plan by the Secretary
- internal and Australian National Audit Office (ANAO) audit reports, providing advice to the Secretary about significant issues identified, and the implementation of agreed actions in accordance with the department's agreed approach
To address the Functions of the Committee, as far as is practicable, the Committee should indicate which matters it will consider during any given year in a forward plan (the Work Plan), noting that it may consider other or additional matters in response to changes in the department's operations and environment.
The Committee is required to provide written advice in regard to the appropriateness of the Committee’s functions:
The Committee will review the appropriateness of the accountable authority’s financial reporting for the department, in compliance with subsection 17(2)(a) of the PGPA Rule.
This will include a review of the financial information systems and the appropriateness of the department’s financial reporting, in compliance with the mandatory requirements of the PGPA Act, the PGPA Rules and the Accounting Standards.
The Committee, in fulfilling its review of the appropriateness of financial reporting, will:
- review the department’s processes and systems for preparing financial reporting information, and financial record keeping
- review the processes in place to allow the department to stay informed throughout the year of any changes or additional requirements in relation to financial reporting
- review the annual financial statements, including compliance with the PGPA Act, the PGPA Rules and the Accounting Standards and additional department information (other than financial statements) required by Finance for the purpose of preparing the Australian Government consolidated financial statements (including the supplementary reporting package)
- provide written advice to the Secretary about the appropriateness of the department’s financial reporting, including its annual financial statements and identify any areas of concern and suggestions for improvement
The Committee will review the appropriateness of the accountable authority’s performance reporting for the department, in compliance with subsection 17(2)(b) of the PGPA Rule.
This will include a review of the department’s performance information, systems and framework and the completeness and appropriateness of its performance reporting.
The Committee, in fulfilling its review of the appropriateness of performance reporting, will:
- review the department’s systems and procedures for assessing, monitoring and reporting on achievement of the department’s performance. Specifically, the Committee will satisfy itself that:
- provide written advice to the Secretary of its view on the appropriateness of the department’s performance reporting, including its annual performance statement, and identify any areas of concern and suggestions for improvement
- the department’s Portfolio Budget Statements and Corporate Plan contain appropriate details of how the department’s performance will be measured and assessed
- the department’s approach to measuring its performance throughout the financial year against its performance measures included in the Portfolio Budget Statements and Corporate Plan is appropriate, and in accordance with the Commonwealth performance framework
The department has appropriate systems and processes for preparation of its annual performance statement and inclusion of the statement in its annual report.
System of Risk Oversight and Management
The Committee will support the Secretary, who is required to establish and maintain an appropriate system of risk oversight and management for the department (in compliance with section 16(a) of the PGPA Act and subsection 17(2)(c) of the PGPA Rule, as well as the Commonwealth Risk Management Policy), by reviewing the appropriateness of the department’s system of risk oversight and management.
This review will include reviewing whether identified risks and their treatments are consistent with the Committee’s understanding of the department’s operating context and the Committee’s experience in risk management.
In undertaking this function, the Committee will take into account whether:
- management has a current and appropriate enterprise risk management framework and the necessary internal controls for the effective identification and management of the department’s risks, in keeping with the Commonwealth Risk Management Policy
- an appropriate approach has been followed in managing the department’s key risks (including those associated with individual projects and program implementation and activities)
- the processes for developing, and implementing, the department’s fraud control arrangements consistent with the Commonwealth Fraud Control Framework 2017, and in compliance with section 10 of the PGPA Rule requirements, and satisfy itself that the department has adequate process design for detecting, capturing and effectively responding to fraud risks
- management has adequately developed risk management capability in the department and whether key roles, responsibilities and authorities relating to risk management are clearly articulated
The Committee, in fulfilling its review of the appropriateness of the department’s system of risk oversight and management, will provide written advice to the Secretary of its view in relation to the appropriateness of the department’s system of risk oversight and management (with reference to the Commonwealth Risk Management Policy), and identify any areas of concern and suggestions for improvement.
System of Internal Control
The Committee will review the appropriateness of the accountable authority’s system of internal control for the department, in compliance with subsection 17(2)(d) of the PGPA Rule.
In undertaking this function, the Committee will take into account the following:
- internal control framework:
- management’s approach to maintaining an effective internal control framework and whether appropriate processes are in place for assessing whether key policies and procedures are complied with
- whether management has in operation relevant policies and procedures (e.g. accountable authority instructions, delegations/authorisations, a business continuity management plan or bullying and harassment policies)
- legislative and policy compliance:
- the effectiveness of systems for monitoring the department’s compliance with laws, regulations and associated government policies with which the department must comply
- whether management has adequately considered legal and compliance risks as part of the department’s enterprise risk management framework, fraud control framework and planning
- security compliance:
- management’s approach to maintaining an effective internal security system and ICT security policy (including complying with the Protective Security Policy Framework)
- internal audit coverage:
- the proposed internal audit coverage, ensuring that the coverage takes into account the department’s primary risks, and recommend approval of the internal audit work plan by the Secretary
- all internal audit reports, provide advice to the Secretary on major concerns identified in those reports, and recommend action on significant matters raised, including identification and dissemination of information on good practice
The Committee will provide written advice to the Secretary on the appropriateness of the department’s system of internal control, and identify any areas of concern and suggestions for improvement.
The Committee comprises:
- three independent members at a minimum (that is, persons who are not officials of the department)
- two officials of the department, including one Deputy Secretary
The Committee will be supported by up to three departmental advisors.
The Chair of the Committee will be one of three independent members.
The Deputy Chair of the Committee will be the member who is a Deputy Secretary.
Selection and appointment
The identification and selection of members and departmental advisors is at the discretion of the Secretary in consultation with the Chair.
In identifying and selecting candidates, the Secretary, in consultation with the Chair will have regard to the collective knowledge, skills and experience the Committee requires to fulfil its responsibilities under this Charter.
Members shall be appointed for a maximum term of up to three years, and departmental advisors up to two years.
The selection of the Chair is at the discretion of the Secretary. The Chair shall be appointed for maximum term of up to five years.
The Chair, members and advisors may be extended for periods of up to two years, to ensure manage member rotation and prevent loss of multiple members at any one time.
Skills and knowledge
Consistent with subsection 17(3) of the Rule the members, taken collectively, will have a broad range of knowledge, skills and experience relevant to the operations of the department, including its information technology environment.
All members should be conversant with financial management reporting, and:
- at least one member of the committee must have accounting or related financial management experience and/or qualifications, and a comprehensive understanding of accounting and auditing standards
- at least one member of the committee must have ICT-related experience and/or qualifications, and a comprehensive understanding of ICT risk management
Departmental advisors should collectively contribute knowledge of the breadth of the department’s business and its operating context. Departmental advisors will receive all papers and attend all meetings.
External committee members will be remunerated at a level that reflect the particular skills and expertise the member brings to the Committee, and the time required for meeting preparation, attendance at meetings and interaction with management outside of committee meetings. Provision will be made for the additional responsibilities of the Chair.
Consistent with subsection 17(5) of the Rule and the department's governance structure, the Secretary, Chief Financial Officer, the Chief Information Officer, Chief Internal Auditor, Chief Operating Officer, and the General Counsel, may not be members of the Committee but may attend meetings as observers.
Representatives from the ANAO and external providers of internal audit services will not be member of the Committee, however may attend relevant Committee meetings (in whole or in part) as observers, as determined by the Chair or by the Committee.
At the Chair's discretion internal staff or external parties may attend meetings (in whole or in part) as invited guests.
The Committee is directly accountable to the Secretary for the performance of its functions.
The Committee has no executive powers in relation to the operations of the department. The Committee may only review the appropriateness of particular aspects of those operations, consistent with its functions, and advise the Secretary accordingly.
Responsibility for the appropriateness of the department's financial reporting, performance reporting, system of risk oversight and management, and system of internal control rests with the Secretary and officials of the department.
Members with a conflict of interest will notify the Committee as soon as these issues become apparent. Any member with a conflict of interest will absent themselves from discussions about relevant matters.
The Secretary authorises the Committee, in performing its functions to:
- seek any information it requires from:
- any official of the department
- external parties
- request legal or other professional advice, subject to approval by the appropriate delegate
- require the attendance of any official of the department at meetings, as appropriate
- request the attendance of a Committee member, as selected by the Assurance and Audit Committee, at internal committee meetings within the department (as an observer), as appropriate
The Secretary directs officials of the department to cooperate with the Committee.
The Committee will meet at least four times per year, and more often if required. Special meetings may be held to review the department's annual financial statements and performance statements or to meet other specific responsibilities of the Committee.
The Chair will call a meeting if requested to do so by the Secretary, and may call a meeting if requested by another Committee member.
A quorum for any Committee meeting will be three members, one of whom must be the Chair or the Deputy Chair, and one of whom must be an independent member.
In accordance with its Charter, the department will provide secretariat services to the Committee as determined by the Secretary.
The Chair will report to the Secretary after each meeting. Any matter deemed of sufficient importance will be reported to the Secretary immediately.
The Committee will, as often as necessary, and at least once a year, report to the Secretary on its operation and activities during the year.
The Committee will engage with the department’s senior managers and other key stakeholders in order to fulfil its functions, in accordance with its Communications and Stakeholder Engagement Strategy.
Review of functions
The Chair of the Committee will initiate a review of the performance of the Committee at least once every two years. The outcomes of this assessment will be reported to the Secretary.
The Committee will review the appropriateness of this Charter at least annually, in consultation with the Secretary. The outcomes of this review will be reported to the Secretary.
Last updated: 18 November 2020
Content ID: 67737