In accordance with subsection 45(1) of the Public Governance, Performance and Accountability Act 2013, the secretary of the department established the Assurance and Audit Committee.
Role and function of the committee
Subsections 17(1) and 17(2) of the Public Governance, Performance and Accountability Rule 2014 (the Rule) established mandatory functions for audit committees:
- The accountable authority of a Commonwealth entity must, by written charter, determine the functions of the audit committee for the entity.
- The functions must include reviewing the appropriateness of the accountable authority's:
- financial reporting
- performance reporting
- system of risk oversight and management
- system of internal control.
- The committee will also review:
- internal audit resourcing and coverage in relation to the department's key risks, and recommending approval of the internal annual audit and assurance plan by the Secretary
- internal and Australian National Audit Office (ANAO) audit reports, providing advice to the secretary about significant issues identified, and the implementation of agreed actions in accordance with the department's agreed approach.
To address the functions of the committee, as far as is practicable, the committee should indicate which matters it will consider during any given year in a forward plan (the work plan), noting that it may consider other or additional matters in response to changes in the department's operations and environment.
The committee is required to provide written advice in regard to the appropriateness of the committee’s functions:
The committee will review the appropriateness of the accountable authority’s financial reporting for the department, in compliance with subsection 17(2)(a) of the PGPA Rule. This will include a review of the financial information systems and the appropriateness of the department’s financial reporting, in compliance with the mandatory requirements of the PGPA Act, the PGPA Rules and the Accounting Standards.
The committee, in fulfilling its review of the appropriateness of financial reporting, will:
- review the department’s processes and systems for preparing financial reporting information, and financial record keeping
- review the processes in place to allow the department to stay informed throughout the year of any changes or additional requirements in relation to financial reporting
- review the annual financial statements, including compliance with the PGPA Act, the PGPA Rules and the Accounting Standards; and additional department information (other than financial statements) required by Finance for the purpose of preparing the Australian Government consolidated financial statements (including the supplementary reporting package)
- provide written advice to the secretary about the appropriateness of the department’s financial reporting, including its annual financial statements and identify any areas of concern and suggestions for improvement.
The committee will review the appropriateness of the accountable authority’s performance reporting for the department, in compliance with subsection 17(2)(b) of the PGPA Rule. This will include a review of the department’s performance information, systems and framework and the completeness and appropriateness of its performance reporting.
The committee, in fulfilling its review of the appropriateness of performance reporting, will:
- review the department’s systems and procedures for assessing, monitoring and reporting on achievement of the department’s performance. Specifically, the committee will satisfy itself that:
- The department’s portfolio budget statements and corporate plan contain appropriate details of how the department’s performance will be measured and assessed
- The department’s approach to measuring its performance throughout the financial year against its performance measures included in the portfolio budget statements and corporate plan is appropriate, and in accordance with the Commonwealth performance framework
- The department has appropriate systems and processes for preparation of its annual performance statement and inclusion of the statement in its annual report
- provide written advice to the secretary of its view on the appropriateness of the department’s performance reporting, including its annual performance statement, and identify any areas of concern and suggestions for improvement.
System of risk oversight and management
The committee will support the secretary, who is required to establish and maintain an appropriate system of risk oversight and management for the department (in compliance with section 16(a) of the PGPA Act and subsection 17(2)(c) of the PGPA Rule, as well as the Commonwealth Risk Management Policy), by reviewing the appropriateness of the department’s system of risk oversight and management. This review will include reviewing whether identified risks and their treatments are consistent with the committee’s understanding of the department’s operating context and the committee’s experience in risk management.
In undertaking this function, the committee will take into account whether:
- management has a current and appropriate enterprise risk management framework and the necessary internal controls for the effective identification and management of the department’s risks, in keeping with the Commonwealth Risk Management Policy
- an appropriate approach has been followed in managing the department’s key risks (including those associated with individual projects and program implementation and activities)
- the department’s processes for developing and implementing fraud control arrangements are consistent with the Commonwealth Fraud Control Framework 2017, and in compliance with section 10 of the PGPA Rule requirements, and satisfy itself that the department has adequate process design for detecting, capturing and effectively responding to fraud risks
- management has adequately developed risk management capability in the department and whether key roles, responsibilities and authorities relating to risk management are clearly articulated.
The committee, in fulfilling its review of the appropriateness of the department’s system of risk oversight and management, will provide written advice to the secretary of its view in relation to the appropriateness of the department’s system of risk oversight and management (with reference to the Commonwealth Risk Management Policy), and identify any areas of concern and suggestions for improvement.
System of internal control
The committee will review the appropriateness of the accountable authority’s system of internal control for the department, in compliance with subsection 17(2)(d) of the PGPA Rule.
In undertaking this function, the committee will take into account the following:
- Internal control framework:
- Management’s approach to maintaining an effective internal control framework and whether appropriate processes are in place for assessing whether key policies and procedures are complied with.
- Whether management has in operation relevant policies and procedures (e.g. accountable authority instructions, delegations/authorisations, a business continuity management plan or bullying and harassment policies).
- Legislative and policy compliance:
- The effectiveness of systems for monitoring the department’s compliance with laws, regulations and associated government policies with which the department must comply.
- Whether management has adequately considered legal and compliance risks as part of the department’s enterprise risk management framework, fraud control framework and planning.
- Security compliance:
- Management’s approach to maintaining an effective internal security system and ICT security policy (including complying with the Protective Security Policy Framework).
- Internal audit coverage:
- The proposed internal audit coverage, ensuring that the coverage takes into account the department’s primary risks, and recommend approval of the internal audit work plan by the secretary.
- All internal audit reports, provide advice to the secretary on major concerns identified in those reports, and recommend action on significant matters raised, including identification and dissemination of information on good practice.
The committee will provide written advice to the secretary on the appropriateness of the department’s system of internal control, and identify any areas of concern and suggestions for improvement.
The committee comprises:
- 3 members at a minimum who are not officials of the department
- up to 2 senior executive service (SES) level Australian Public Service (APS) officer members external from the department.
The committee will be supported by up to 2 departmental advisors.
The deputy chair of the committee will be appointed by the chair of the committee in consultation with the secretary and may act in the chair’s absence.
Selection and appointment
The identification and selection of members and departmental advisors is at the discretion of the secretary in consultation with the chair.
In identifying and selecting candidates, the secretary, in consultation with the chair will have regard to the collective knowledge, skills and experience the committee requires to fulfil its responsibilities under this charter.
Members shall be appointed for a maximum term of up to 3 years, and departmental advisors up to 2 years.
The selection of the chair is at the discretion of the secretary. The chair shall be appointed for a maximum term of up to 5 years. Upon confirming their appointment, new members will be provided with an induction pack to support their onboarding process.
The chair, members and advisors may be extended for periods of up to 2 years, to manage member rotation and prevent loss of multiple members at any one time.
Skills and knowledge
Consistent with subsection 17(3) of the Rule the members, taken collectively, will have a broad range of knowledge, skills and experience relevant to the operations of the department, including its information technology environment.
All members should be conversant with financial management reporting and
- at least one member of the committee must have accounting or related financial management experience and/or qualifications, and a comprehensive understanding of accounting and auditing standards
- at least one member of the committee must have information and communications technology (ICT)-related experience and/or qualifications, and a comprehensive understanding of ICT risk management.
Departmental advisors should collectively contribute knowledge of the breadth of the department’s business and its operating context. Departmental advisors will receive all papers and attend all meetings.
Independent committee members will be remunerated at a level that reflects the particular skills and expertise the member brings to the committee, and the time required for meeting preparation, attendance at meetings and interaction with management outside of committee meetings. Provision will be made for the additional responsibilities of the chair.
The APS officer (SES level) member from another government department is not remunerated.
Consistent with subsection 17(5) of the Rule and the department's governance structure, the secretary, chief financial officer, the chief information officer, chief internal auditor, chief operating officer, and the general counsel, may not be members of the committee but may attend meetings as observers.
Representatives from the ANAO and external providers of internal audit services will not be members of the committee, however may attend relevant committee meetings (in whole or in part) as observers, as determined by the chair or by the committee.
At the chair's discretion internal staff or external parties may attend meetings (in whole or in part) as invited guests.
The committee is directly accountable to the secretary for the performance of its functions.
The committee has no executive powers in relation to the operations of the department. The committee may only review the appropriateness of particular aspects of those operations, consistent with its functions, and advise the secretary accordingly.
Responsibility for the appropriateness of the department's financial reporting, performance reporting, system of risk oversight and management, and system of internal control rests with the secretary and officials of the department.
Conflict of interest
On engagement and each year thereafter, members of the committee and its sub-committees will provide written declarations to the secretary declaring any actual, perceived or potential conflict of interest they may have in relation to their responsibilities. Members should consider past employment, consultancy arrangements and related party issues in making these declarations. The secretary must be satisfied that the committee has sufficient processes in place to manage any actual, perceived or potential conflict.
At the beginning of each committee or sub-committee meeting, members are required to declare any actual, perceived or potential conflict of interest that may apply to specific matters on the meeting agenda. Where required by the chair, the member will be excused from the meeting or from the committee’s consideration of the relevant agenda item(s). Details of actual, perceived or potential conflicts of interest declared by members of the committee and its sub-committees, and action taken, will be appropriately reflected in the minutes.
Conflicts of interest will be managed by the chair in consultation with the deputy chair.
If the chair has an actual, perceived or potential conflict, it must be declared prior to the meeting commencing to the secretary or in the secretary’s absence the deputy secretary with responsibility for governance matters.
The secretary authorises the committee, in performing its functions to:
- seek any information it requires from:
- any official of the department
- external parties
- request legal or other professional advice, subject to approval by the appropriate delegate
- require the attendance of any official of the department at meetings, as appropriate
- request the attendance of a committee member, as selected by the Assurance and Audit Committee, at internal committee meetings within the department (as an observer), as appropriate.
The secretary directs officials of the department to cooperate with the committee.
The committee, in consultation with the secretary, may establish sub-committees to assist it in meeting its responsibilities. A member of the committee may be appointed as the chair of the sub-committee.
The responsibilities, membership and reporting arrangements for each sub-committee shall be documented and approved by the full committee. Sub-committees are to develop their own terms of reference, to be reviewed annually by the full committee.
The actions of the sub-committee will be reported to the committee at each meeting. Any matter deemed of sufficient importance will be reported to the secretary through the chair of the committee.
The committee will meet at least 4 times per year, and more often if required. Special meetings may be held to review the department's annual financial statements and performance statements or to meet other specific responsibilities of the committee.
The chair will call a meeting if requested to do so by the secretary, and may call a meeting if requested by another committee member.
A quorum for any committee meeting will be 3 of 5 members, one of whom must be the chair or the deputy chair.
In accordance with its charter, the department will provide secretariat services to the committee as determined by the secretary.
The chair will report to the secretary after each meeting. Any matter deemed of sufficient importance will be reported to the secretary immediately.
The committee will, as often as necessary, and at least once a year, report to the secretary on its operation and activities during the year.
The committee will engage with department’s senior managers and other key stakeholders in order to fulfil its functions, in accordance with its Communications and Stakeholder Engagement Strategy.
Review of functions
The chair of the committee will initiate a review of the performance of the committee and any sub-committees at least once every 2 years. The outcomes of this assessment will be reported to the secretary.
The committee will review the appropriateness of this charter at least annually, in consultation with the secretary. The outcomes of this review will be reported to the secretary.
Disclosure and use of information
Committee members must not use or disclose information obtained by the committee except in meeting the committee’s responsibilities, or unless expressly agreed by the secretary.