Go to top of page

Development and Purpose of the Audit and Risk Management Committee

The Australian Public Service Commissioner (the Commissioner) established the Audit and Risk Management Committee (the ARMC) in compliance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and section 17 of PGPA Rule. Section 17 requires the Commissioner, by written charter, to determine the functions the ARMC is to perform. The Charter must include reviewing the appropriateness of the APSC's:

  1. financial reporting
  2. performance reporting
  3. systems of risk oversight and management and
  4. systems of internal control.

This Charter sets out the ARMC's:

  1. role
  2. authority
  3. membership and tenure and
  4.  reporting and administrative arrangements.

The ARMC's administrative arrangements are set out in Attachment A, its functions in Attachment B, and its statutory requirements in Attachment C.

Role

The ARMC's role is to provide independent assurance and advice to the Commissioner, consistent with the mandatory requirements as outlined above. The ARMC will also provide assurance on external accountability requirements.

The ARMC is not responsible for the executive management of these functions. The ARMC will constructively engage with management in discharging its responsibilities to the Commissioner.

Members of the ARMC are expected to understand and observe the legal requirements of the PGPA Act and PGPA Rule. Members are also expected to:

  • act in the best interests of the APSC as a whole
  • apply good analytical skills, objectivity and judgment
  • express opinions constructively and openly, raise issues that relate to the ARMC's responsibilities and pursue independent lines of enquiry and
  • contribute the time required to meet their responsibilities.

ARMC members must not use or disclose information obtained by the ARMC except in meeting the ARMC's responsibilities, or unless expressly agreed by the Commissioner.

The ARMC will be assisted by the APSC's internal audit function. This function is responsible for delivering an internal audit program in line with the ARMC's guidance, and subject to approval by the Commissioner. The ARMC will exercise a governance role in relation to the APSC's internal audit function.

Authority

The Commissioner authorises the ARMC, within the scope of its role and responsibilities, to:

  • obtain any information it needs from any employee and/or external party (subject to their legal obligation to protect information)
  • discuss any matters with the external auditor, or other external parties (subject to confidentiality considerations)
  • request the attendance of the Commissioner or any employee at ARMC meetings and
  • obtain legal or other professional advice, as considered necessary to meet its responsibilities, at the APSC's expense.

Membership and tenure

The ARMC will consist of at least three and not more than five members appointed by the Commissioner - PGPA Rule section 17(3). From 1 July 2015, PGPA Rule section 17(4) requires that a majority of the members of the ARMC must be persons who are not officials[1] of the APSC.

Consistent with the role, members of the ARMC will bring their own knowledge, experience and skills to the work of the ARMC, and do not represent any particular interest or group.

The Commissioner will appoint the Chair of the ARMC. The Chair is authorised to appoint a Deputy Chair who will act as Chair in the absence of the Chair.

Members will be appointed for an initial period not exceeding four years. Members may be re‑appointed after a formal review of their performance, for further periods as specified by the Commissioner.

The Commissioner must not be a member of the ARMC, but may attend meetings as an observer as determined by the Chair - PGPA Rule section 17(5a).

At the discretion of the Chair, the Chief Financial Officer or other APSC official may be offered a standing invitation to attend and participate in discussion at ARMC meetings. The Chief Financial Officer must not, however, be a member of the ARMC (PGPA Rule section 17(5b)).

A representative(s) of the ANAO will be invited to attend meetings of the ARMC, as an observer.

The members, taken collectively, will have a broad range of skills and experience relevant to the operations of the APSC. At least one member of the ARMC should have broad corporate governance / senior management or financial management experience, with an understanding of accounting and auditing standards in a public sector environment.

Reporting

The ARMC will:

  • provide advice to the Commissioner - including whether appropriate action has been taken in response to audit recommendations and adjustments - and recommend the signing of the financial and performance statements by the Commissioner, having regard to advice from the ANAO and
  • as often as necessary, and at least once a year, report to the Commissioner on its operation and activities during the year. The report should include:
    • a summary of the work the ARMC performed to fully discharge its responsibilities during the preceding year
    • an overall assessment of any significant findings and emerging risks and
    • details of meetings, including the number of meetings held during the relevant period.

The ARMC may, at any time, report to the Commissioner any other matter it deems of sufficient importance to do so. In addition, at any time an individual ARMC member may request a meeting with the Commissioner.

Peter Woolcott

Australian Public Service Commissioner

Attachment A

Administrative Arrangements

Meetings

The ARMC will meet at least four times per year.

A special meeting may be held to review the APSC's annual financial and performance statements.

The Chair is required to call a meeting if requested to do so by the Commissioner, or another ARMC member.

A forward meeting plan, including meeting dates and agenda items, will be agreed by the ARMC each year. The forward meeting plan will cover the ARMC's responsibilities as detailed in this Charter.

Attendance at meetings and quorums

A quorum will consist of a majority of ARMC members.

Meetings may be held in person, by telephone or by video conference.

Where a majority is not available for a scheduled meeting, the Chair may appoint a substitute member if considered appropriate.

If the Chair is absent from any meeting or part of a meeting, the Commissioner may appoint a temporary Chair. Or in the absence of such an appointment, the ARMC will select an internal Member to chair that particular meeting or part.

The internal auditors and representatives of ANAO will be invited to attend each meeting, unless requested not to do so by the Chair of the ARMC. The Chief Financial Officer will usually attend meetings and the ARMC may request the attendance of any APSC employees at particular ARMC meetings or for certain agenda items.

The Commissioner may be invited to attend ARMC meetings to participate in specific discussions or provide strategic briefings to the ARMC.

Secretariat

The Group Manager, Enabling and Digital Services will be responsible for arranging secretarial support to the ARMC. The secretariat will ensure that an agenda is circulated approximately two weeks, and no later than one week, prior to the meeting together with any supporting papers. The secretariat will ensure that minutes for the meetings are maintained and circulated promptly to the Commissioner, members, the external and internal auditor.

Conflicts of interest

Once a year ARMC members will provide written declarations, through the Chair, to the Commissioner declaring any material personal interest that would preclude them from being members of the ARMC.

ARMC members must declare any conflicts of interest at the start of each meeting or before discussion of the relevant agenda item or topic. Details of any conflicts of interest should be appropriately minuted.

Where members or observers at ARMC meetings are deemed to have a real, or perceived, conflict of interest, it may be appropriate that they are excused from ARMC deliberations on the issue where a conflict of interest exists.

Induction

The ARMC will ensure that new members receive an appropriate induction to assist them to meet their ARMC responsibilities. It is anticipated that this will include the provision of relevant information, as well as personal briefings by ARMC members, including by an external member.

Relevant training may be provided on an ‘as needs’ basis.

Training

ARMC members who desire training or instruction in relevant accounting or financial fields in order to fulfil their duties should advise the secretariat, who will assist in identifying and obtaining access to suitable training.

Briefings

ARMC members may request a briefing or further information on agenda items prior to any ARMC meetings. Requests should be made to the secretariat.

Assessment Arrangements

The Chair of the ARMC will initiate an annual review of the performance of the ARMC. The review will be conducted on a self-assessment basis (unless otherwise determined by the Commissioner) using the ANAO Better Practice Guide tool.

Review of charter

At least once every two years the ARMC will review this charter. This review will include consultation with the Commissioner.

Any substantive changes to the charter will be formally approved by the Commissioner.

Attachment B

Functions

(Consistent with Section 17 of the Public Governance and Performance Accountability Rule 2014)

The audit committee functions are:

A. Financial reporting

  • The audit committee review and provide advice on the appropriateness of the accountable authority’s:
  • annual financial statements
  • information (other than annual financial statements) requested by Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package;
  • processes and systems for preparing financial reporting information
  • financial record keeping
  • processes in place to allow the entity to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting.
  • The audit committee provide a statement to the accountable authority:
  • whether the annual financial statements, in the committee’s view, comply with the PGPA Act, the PGPA Rules, the Accounting Standards and supporting guidance
  • whether additional entity information (other than financial statements) required by Finance for the purpose of preparing the Australian Government consolidated financial statements (including the supplementary reporting package) comply with the PGPA Act, the PGPA Rules, the Accounting Standards and supporting guidance
  • in respect of the appropriateness of the entity’s financial reporting as a whole, with reference to any specific areas of concern or suggestions for improvement.

B. Performance reporting

  • The audit committee review and provide advice on the appropriateness of the accountable authority’s:
  • systems and procedures for assessing, monitoring and reporting on achievement of the entity’s performance. In particular, the committee could satisfy itself that:
    • the entity’s Portfolio Budget Statements and corporate plan contain appropriate details of how the entity’s performance will be measured and assessed
    • the entity’s approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and corporate plan is appropriate and in accordance with the Commonwealth performance framework. This may include reviewing, over time, particular elements of the performance measures
    • the entity has appropriate systems and processes for preparation of its annual performance statement and inclusion of the statement in its annual report.
    • The audit committee review the annual performance statements and provide advice to the accountable authority on their appropriateness to the entity.
    • The audit committee provide a statement to the accountable authority whether, in their view, the accountable authority’s annual performance statements and performance reporting as a whole is appropriate, with reference to any specific areas of concern or suggestions for improvement.
    • The audit committee review the annual performance statements and provide advice to the accountable authority on their appropriateness to the entity.
    • The audit committee provide a statement to the accountable authority whether, in their view, the accountable authority’s annual performance statements and performance reporting as a whole is appropriate, with reference to any specific areas of concern or suggestions for improvement.

C. Systems of risk oversight and management

  • The audit committee review and provide advice on the appropriateness of the accountable authority’s:
  • enterprise risk management policy framework and the necessary internal controls for the effective identification and management of the entity’s risks, in keeping with the Commonwealth Risk Management Policy
  • approach to managing the entity’s key risks - including those associated with individual projects and program implementation and activities
  • process for developing and implementing the entity’s fraud control arrangements consistent with the fraud control plan, and satisfy itself that the entity has adequate processes for detecting, capturing and effectively responding to fraud risks
  • articulation of key roles and responsibilities relating to risk management and adherence to them by officials of the entity.
  • The audit committee provide a statement to the accountable authority whether in their view, the accountable authority’s system of risk oversight and management as a whole is appropriate with reference to the Commonwealth Risk Management Policy and any specific areas of concern or suggestions for improvement.

D. Systems of internal control

  • The audit committee review and provide advice on the appropriateness of the accountable authority’s:
  • internal control framework:
    • reviewing management’s approach to maintaining an effective internal control framework and whether appropriate processes are in place for assessing whether key policies and procedures are complied with
    • reviewing whether management has in operation relevant policies and procedures - such as accountable authority instructions, delegations, a business continuity management plan, or bullying and harassment policies.
  • legislative and policy compliance:
    • reviewing the effectiveness of systems for monitoring the entity’s compliance with laws, regulations and associated government policies with which the entity must comply
    • determining whether management has adequately considered legal and compliance risks as part of the entity’s enterprise risk management framework, fraud control framework and planning.
  • security compliance:
  • internal audit coverage:
    • reviewing the proposed internal audit coverage, ensuring that the coverage takes into account the entity’s primary risks, and recommending approval of the internal audit work plan by the accountable authority or the nominated delegate
    • reviewing all internal audit reports, providing advice to the accountable authority on major concerns identified in those reports, and recommending action on significant matters raised - including identification and dissemination of information on good practice.
  • The audit committee provide a statement to the accountable authority whether the accountable authority’s system of internal control is appropriate for the entity, with reference to any specific areas of concern or suggestions for improvement.

Legislated and related compliance

  • Business continuity:
    • the audit committee should satisfy itself that an appropriate approach has been taken in establishing business continuity planning arrangements - including whether business continuity and disaster recovery plans have been periodically updated and tested.
  • Ethical and lawful conduct:
    • the audit committee should assess whether the accountable authority has taken steps to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct.
  • Portfolio responsibilities - for audit committees of portfolio departments:
    • the audit committee should satisfy itself that appropriate mechanisms exist for the portfolio Secretary to be informed of all significant issues within the portfolio.
  • Parliamentary committee reports, external reviews and evaluations:
    • the audit committee should satisfy itself that the entity has appropriate mechanisms for reviewing relevant parliamentary committee reports, external reviews and evaluations of the entity and implementing, where appropriate, any resultant recommendations.

Internal Audit

  • act as a forum for communication between the Commissioner, senior management and internal audit
  • consider the internal audit coverage and annual work plan, ensure the plan is based on the APSC's risk management plan, and recommend approval of the plan by the Commissioner
  • advise the Commissioner on the adequacy of internal audit resources to carry out its responsibilities, including completion of the approved internal audit plan
  • oversee the coordination of audit programs conducted by internal and external audit and other review functions
  • review the APSC's response to all audit reports and provide advice to the Commissioner on significant issues identified in audit reports and action taken on issues raised, including identification and dissemination of good practice
  • monitor management's implementation of internal audit recommendations
  • review the internal audit charter to ensure appropriate organisational structures, authority, access and reporting arrangements are in place
  • periodically review the performance of internal audit
  • recommend to the Commissioner the appointment of the internal auditor.

Engagement with the External audit and annual work plan

  • act as a forum for communication between the Commissioner, senior management and external audit
  • provide input on the financial statement and performance audit coverage proposed by external audit and provide feedback on the audit services provided
  • review the APSC's response to all external plans and reports in respect of planned or completed audits and monitor management's implementation of audit recommendations
  • provide advice to the Commissioner on action taken on significant issues raised in relevant external audit reports and better practice guides.

Attachment C

Statutory requirements

Public Governance, Performance an d Accountability Act 2013

Section 45 – Audit committees for Commonwealth entities
  1. The accountable authority of a Commonwealth entity must ensure that the entity has an audit committee.
  2. The Committee must be constituted, and perform functions, in accordance with any requirements prescribed by the rules.

Public Governance, Performance and Accountability Rule 2014

Section 17 – Audit committee for Commonwealth entities
Guide to this section

The purpose of this section is to set out minimum requirements relating to the audit committee for a Commonwealth entity to help ensure that the committee provides independent advice and assurance to the entity’s accountable authority. It is also to require the accountable authority to determine the functions the audit committee is to perform for the entity.

This section does not prevent the same audit committee performing functions for multiple Commonwealth entities.

This section is made for subsection 45(2) of the Act.

Functions of the audit committee
  1. The accountable authority of a Commonwealth entity must, by written charter, determine the functions of the audit committee that is established for the entity as required by subsection 45(1) of the Act.
  2. The functions must include reviewing the appropriateness of the accountable authority's:
  1. financial reporting
  2. performance reporting
  3. system of risk oversight and management and
  4. system of internal control.
Membership of the Audit Committee
  1. The audit committee must consist of at least three persons who have appropriate qualifications, knowledge, skills or experience to assist the committee to perform its functions.
  2. The majority of the members of the audit committee must be persons who are not officials of the entity.
  3. Despite subsections (3) and (4), the following persons must not be a member of the audit committee:
    1. the accountable authority or, if the accountable authority has more than one member, the head (however described) of the accountable authority
    2. the Chief Financial Officer (however described) of the entity
    3. the Chief Executive Officer (however described) of the entity.

[1] As defined by the Public Governance, Performance and Accountability Act 2013.

Last reviewed: 
4 September 2020