Audit and Risk Management Committee Charter

Purpose of the Charter

The Australian Public Service Commissioner (the Commissioner) has established the Audit and Risk Committee (the ARC) in compliance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).Section 17 PGPA Rule requires the Commissioner, by written charter, to determine the functions of the ARC, which are to include reviewing the appropriateness of the APSC's:

1. financial reporting;
2. performance reporting;
3. systems of risk oversight and management; and
4. systems of internal control.

This Charter sets out the ARC's:

1. functions (as noted above and in detailed at Attachment B.)
2. role;
3. authority; and
4. membership and tenure.

The ARC's administrative arrangements are set out in Attachment A

Role

The ARC's role is to provide independent advice to the Commissioner, consistent with the mandatory functions as outlined in the PGPA Act and Rule. The ARC is not responsible for any executive management decisions.

Members of the ARC are expected to understand and observe the legal requirements of the PGPA Act and PGPA rule. The ARC will constructively engage with management in discharging its role and functions for the Commissioner. Members are also expected to:

• act in the best interests of the APSC as a whole;
• apply good analytical skills, objectivity and judgement;
• express opinions constructively and openly, raise issues that relate to the ARC's responsibilities and pursue independent lines of enquiry; and
• contribute the time required to meet their responsibilities.

ARC members must not use or disclose information obtained in their role on the ARC except in meeting the ARC's role and functions, or unless expressly agreed by the Commissioner.

The ARC will be assisted by the APSC's Chief Audit Executive and internal audit function, through the delivery of a risk-based and timely internal audit program.

Authority

The Commissioner authorises the ARC, within the scope of its role and functions, to:

• obtain any information it needs from any employee and/or external party (subject to their legal obligation to protect information);
• discuss any matters with the external auditor, or other external parties (subject to confidentiality considerations);
• request the attendance of the Commissioner or any employee at ARC meetings; and
• obtain legal or other professional advice, as considered reasonably necessary to meet its role and functions, at the APSC's expense. The ARC must work with Enabling Services to ensure its procurement obligations are met, should the ARC seek to procure legal or other professional advice.

Membership

The ARC will consist of at least 3 independent members appointed by the Commissioner. No members will be officials of the APSC.

The Deputy Commissioner Integrity, Reform and Enabling, First Assistant Commissioner Workplace Reform and Diversity and Assistant Commissioner, Enabling Services will attend ARC meetings. Other officials, such as the Chief Financial Officer, will attend meetings to support the ARC to discharge its functions.

The members, taken collectively, will have a broad range of skills and experience relevant to the role and functions of the ARC, and ensure they understand the business of the APSC.

Reporting

The ARC will:

• provide written advice to the Commissioner – including whether appropriate action has been taken in response to audit recommendations – and recommend the signing of the financial and performance statements by the Commissioner, having had regard to advice from the Australian National Audit Office (ANAO) (on the financial statements and performance statements, if audited)
• at least once a year report to the Commissioner on its operation and activities during the year. The report should include:
  • a summary of the work the ARC has performed to discharge its role and functions
  • an assessment of the appropriateness of the APSC’s financial reporting, performance reporting,systems of risk oversight and management, and systems for internal control
  • performance of the internal audit function in supporting the ARC.

The ARC may, at any time, report to the Commissioner any matter it deems of sufficient importance to do so. In addition, at any time an individual ARC member may request a meeting with the Commissioner.

Dr Gordon de Brouwer
Australian Public Service Commissioner
30 August 2024

Attachment A

Administrative arrangements

Meetings

• The ARC will meet at least 4 times per year.
• A special meeting may be held to review the APSC's annual financial and performance statements.
• The Chair is required to call a meeting if requested to do so by the Commissioner, and consider the requests of ARC members for additional discussions.
• A forward meeting plan, including meeting dates and agenda items, will be agreed by the ARC each year. The forward meeting plan will cover the ARC's responsibilities as detailed in this Charter.

Attendance at meetings and quorums

• A quorum will consist of a majority of ARC members.
• Meetings may be held in person, by telephone or by video conference.
• If the Chair is absent from any meeting or part of a meeting,another member can act as the Chair.
• The internal auditors and representatives of ANAO will be invited to attend each meeting, unless requested not to do so by the Chair of the ARC. The Chief Financial Officer will usually attend meetings and the ARC may request the attendance of any APSC employees at a particular ARC meeting or for certain agenda items.
• The Commissioner may be invited to attend ARC meetings to participate in specific discussions or provide strategic briefings to the ARC.

Secretariat

• The Assistant Commissioner, Enabling Services will be responsible for arranging secretarial support to the ARC. The secretariat will maintain the forward work plan, and ensure that an agenda is circulated no later than one week prior to meetings together with any supporting papers. The secretariat will ensure that minutes for the meetings are maintained and circulated promptly to members, the external and internal auditor; and prepare a summary of each meeting to be provided to Executive Board.
• The secretariat will support the Commissioner with the management of ARC member contracts. The secretariat will ensure that new members receive an appropriate induction. This will include this Charter, past minutes and key corporate artefacts = as well as personal briefing by the ARC Chair.
• The secretariat will prepare and circulate tasking to enable the efficient and effective conduct of meetings.

Conflicts of interest

• Once a year ARC members will provide written declarations, through the Chair, to the Commissioner declaring any material personal interest that would preclude them from being members of the ARC.
• ARC members must declare any conflicts of interest at the start of each meeting or before discussion of the relevant agenda item or topic. Details of any conflicts of interest should be appropriately minuted.
• Where members or observers at ARC meetings are deemed to have a real, or perceived, conflict of interest, it may be appropriate that they are excused from ARC deliberations on the issue where a conflict of interest exists.

Assessment arrangements

• The Chair of the ARC will initiate a review of the performance of the ARC at least once every two years. The review will be conducted on a self-assessment basis (unless otherwise determined by the Commissioner).

Review of charter

• Each year, the ARC will review this charter with the support of the secretariat.
• Any changes to the charter will be formally approved by the Commissioner.

Attachment B

Functions

Consistent with Section 17 of the Public Governance and Performance Accountability Rule 2014, the ARC functions are:

1. Financial reporting

   • The ARC review and provide advice on the appropriateness of the APSC’s:
     • annual financial statements
     • information (other than annual financial statements) requested by the Department of Finance (Finance) in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package (SRP)
     • processes and systems for preparing financial reporting information
     • financial record keeping
     • processes in place to allow the APSC to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting.
   • The ARC provide advice to the Commissioner:
     • whether the annual financial statements, in the ARC’s view, comply with the PGPAAct, the PGPA Rules, the Accounting Standards and supporting guidance
     • whether additional entity information (other than financial statements) required by Finance for the purpose of preparing the Australian Government consolidated financial statements (including the SRP) comply with the PGPA Act, the PGPA Rule, the Accounting Standards and supporting guidance
     • in respect of the appropriateness of the APSC’s financial reporting as a whole, with reference to any specific areas of concern or suggestions for improvement.

2. Performance reporting

   • The ARC review and provide advice on the appropriateness of the APSC’s:
     • systems and procedures for assessing, monitoring and reporting on achievement of the APSC’s performance. In particular, the ARC should satisfy itself that:
       • the APSC’s Portfolio Budget Statements (PBS) and Corporate Plan contain appropriate details of how the entity’s performance will be measured and assessed
       • the APSC’s approach to measuring its performance throughout the financial year against the performance measures included in its PBS and Corporate Plan is appropriate and in accordance with the Commonwealth Performance Framework, including s16EA PGPA Rule. This may include reviewing, over time, particular elements of the performance measures
       • the APSC has appropriate systems and processes for preparation of its annual performance statement and inclusion of the statement in its annual report.

• The ARC provide advice to the Commissioner on the appropriateness of APSC’s:
  • PBS performance measures
  • Corporate Plan performance measures
  • Annual Performance Statement.
• The ARC provide advice to the Commissioner whether, in their view, performance reporting as a whole is appropriate, with reference to any specific areas of concern or suggestions for improvement.

3. Systems of risk oversight and management

   • The ARC review and provide advice on the appropriateness of the APSC’s:
     • enterprise risk management policy framework and the necessary internal controls for the effective identification and management of the APSC’s risks, in keeping with the Commonwealth Risk Management Framework
     • approach to managing the APSC’s key risks – including those associated with individual projects and program implementation and activities
     • process for developing and implementing the APSC’s fraud control arrangements consistent with the fraud control plan, and satisfy itself that the APSC has adequate processes for detecting, capturing and effectively responding to fraud risks
     • articulation of key roles and responsibilities relating to risk management and adherence to them by officials of the APSC.
   • The ARC provide advice to the Commissioner whether in their view, the APSC’s system of risk oversight and management as a whole is appropriate with reference to the Commonwealth Risk Management Policy and any specific areas of concern or suggestions for improvement.

4. Systems of internal control

• The ARC review and provide advice on the appropriateness of the APSC’s:
  • internal control framework:
    • reviewing management’s approach to maintaining an effective internal control framework and whether appropriate processes are in place for assessing whether key policies and procedures are complied with
    • reviewing whether management has in operation relevant policies and procedures – such as accountable authority instructions,delegations and other key policies.
  • legislative and policy compliance:
    • reviewing the effectiveness of systems for monitoring the APSC’s compliance with laws, regulations and associated government policies with which the APSC must comply.
  • business continuity:
    • determining whether an appropriate approach has been taken in establishing business continuity planning arrangements – including whether business continuity and disaster recovery plans have been periodically updated and tested.
  • ethical and lawful conduct:
    • assessing whether steps have been taken to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct.
  • Parliamentary committee reports, external reviews and evaluations:
    • reviewing mechanisms for reviewing relevant parliamentary committee reports, external reviews and evaluations of the APSC and implementing, where appropriate, any resultant recommendations.
  • security compliance:
    • reviewing management’s approach to maintaining an effective internal security system – including complying with the Protective Security Policy Framework – and ICT security policy.
  • internal audit coverage:
    • reviewing the proposed internal audit coverage, ensuring that the coverage takes into account the APSC’s primary risks, and is adequate, and recommending approval of the internal audit work plan by the Commissioner or the nominated delegate
    • reviewing all internal audit reports, providing advice on major concerns identified in those reports, monitoring implementation and recommending action on significant matters raised – including identification and dissemination of information on good practice
    • reviewing the internal audit charter to ensure appropriate organisational structures, authority, access and reporting arrangements are in place.
• The ARC provide advice to the Commissioner whether the system of internal control is appropriate for the APSC, with reference to any specific areas of concern or suggestions for improvement.