Independent Parliamentary Expenses Authority Audit and Risk Committee Charter

The Chief Executive Officer (CEO), as the Independent Parliamentary Expenses Authority’s (IPEA) accountable authority, has established an Audit and Risk Committee (the Committee) in compliance with subsection 45(1) of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and subsection 17(1) of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

Role

1. In accordance with subsection and 45(2) of the PGPA Act and 17(2) of the PGPA Rule, the Committee’s primary functions are to review the appropriateness of IPEA’s:
   • financial reporting
   • performance reporting
   • system of risk oversight and management
   • system of internal control,

and to provide its views on these matters to the accountable authority, based on the Committee’s inquiries, information provided to the Committee, and internal audit coverage.

2. The Committee is not responsible for the executive management of IPEA’s functions. The Committee engages with IPEA’s senior management team in a constructive and professional manner to carry out its functions and formulate its advice to the accountable authority.
3. In undertaking its work, the Committee pays particular attention to IPEA’s achievement of its planned performance results and delivery of the major programs or activities it administers to reduce its risk of failure or significant underperformance.

Membership

4. The Committee comprises 3 members, appointed by the accountable authority, as follows:
   • the Chair of the Committee (independent, external)
   • the Deputy Chair, (independent, external) who acts as Chair in the absence of the Chair
   • an external Committee member, who may be an official of another Commonwealth entity.
5. A majority of members must be persons who are not officials of any Commonwealth entity.
6. Committee members are to have the appropriate qualifications, business and public sector knowledge, skills and experience to assist the Committee to perform its functions.
7. Committee members are appointed for an initial period not exceeding 3 years. Committee members may be re-appointed for further periods, as specified by the accountable authority, to maintain ongoing independence and to make sure their skills and experience are appropriate for the Committee collectively. A Committee member’s maximum term of appointment is 10 years. 

Functions of the Audit and Risk Committee

8. The Committee is responsible for reviewing and providing advice on IPEA’s:
   • financial reporting
   • performance reporting
   • system of risk oversight and management
   • system of internal control
   • additional functions as requested by the accountable authority.
9. When undertaking these reviews, the Committee considers IPEA’s broader governance framework, advice sought by the accountable authority and the level of maturity of IPEA’s control and assurance arrangements.

Financial reporting arrangements

10. The Committee reviews the appropriateness of IPEA’s financial reporting, which requires the Committee to review compliance with the mandatory requirements of the PGPA Act, the PGPA Rule, the Accounting Standards and also consider advice given in supporting guidance.
11. The Committee reviews and provides advice on IPEA’s:
    • annual financial statements
    • information (other than annual financial statements) requested by the Department of Finance (Finance) in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package
    • processes and systems for preparing financial reporting information
    • financial record keeping
    • processes in place to allow IPEA to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting.
12. Following the review referred to in point 12 above, the Committee provides advice to the accountable authority on whether, in the Committee’s view, the following documents comply, where necessary, with the PGPA Act, the PGPA Rule, the Accounting Standards and takes guidance into account as relevant:
    • IPEA’s annual financial statements
    • additional entity information (other than financial statements) required by Finance for the purpose of preparing the Australian Government consolidated financial statements.
13. In addition, the Committee provides annual advice to the accountable authority on the appropriateness of the accountable authority’s financial reporting arrangements as a whole, with reference to any specific areas of concern or suggestions for improvement.

Performance reporting arrangements

14. The audit committee reviews and provides advice on the appropriateness of the accountable authority’s systems and procedures for assessing, monitoring and reporting on achievement of the entity’s performance.
15. the Committee reviews and provides advice on IPEA’s:
    • Portfolio Budget Statements and Corporate Plan
    • approach to measuring its performance against its performance measures
    • annual performance statements
    • processes for the preparation of its annual performance statements and their inclusion in its Annual Report.
16. Following the review referred to in point 16 above, the Committee provides advice to the accountable authority on whether, in the Committee’s view, the annual performance statements comply with the PGPA Act, the PGPA Rule and takes guidance into account as relevant.
17. In addition, the Committee provides advice to the accountable authority on the appropriateness of IPEA’s annual performance statements and performance reporting as a whole, with reference to any specific areas of concern or suggestions for improvement.

System of risk oversight and management

18. The Committee reviews the appropriateness of IPEA’s system of risk oversight and management. This requires the Committee to gain a sufficient understanding of the accountable authority’s risk appetite and the entity’s operating environment, and reviewing the mandatory requirements of the PGPA Act, the PGPA Rule, the Commonwealth Risk Management Policy (mandatory for NCEs and a better practice for CCEs) and also consider advice in supporting guidance.
19. The Committee reviews and provides advice on IPEA’s:
    • enterprise risk management policy framework
    • internal controls for the effective identification and management of IPEA’s risks
    • fraud control framework
    • business continuity planning arrangements.
20. Following the review referred to in point 20 above, the Committee provides advice to the accountable authority on whether, in the Committee’s view, IPEA’s system of risk oversight and management as a whole complies with the PGPA Act, Commonwealth Risk Management Policy and supporting guidance and whether IPEA’s fraud control arrangements are adequate for detecting, capturing and effectively responding to fraud risks.

System of internal control

21. The Committee reviews the appropriateness of IPEA’s system of internal control, requiring the Committee to gain a sufficient understanding of the entity’s operating context, governance requirements, and review the mandatory requirements of the PGPA Act, the PGPA Rule and also considers advice in supporting guidance.
22. As required, the Committee reviews and provides advice on the appropriateness of IPEA’s:
    • approach to maintaining an effective internal control framework, including management’s operation of relevant policies and procedures
    • processes for assessing whether key policies and procedures are complied with
    • system for monitoring IPEA’s compliance with key laws, regulations and associated government policies that must be complied with
    • management’s consideration of legal and compliance risks
    • approach to maintaining an effective internal security system
    • internal audit coverage and internal audit work plan
    • internal audit reports, providing advice to the accountable authority on major concerns identified in those reports, and recommending action on significant matters raised—including identification and dissemination of information on good practice.
    • management and exercise of delegations and authorisations.
23. Following the review referred to in point 23 above, the Committee provides advice to the accountable authority on whether, in the Committee’s view, IPEA’s system of internal control complies with the PGPA Act, the Commonwealth’s Protective Security Policy Framework and supporting guidance, with reference to any specific areas of concern or suggestions for improvement.

Additional functions

24. The Committee’s additional functions include:
    • reviewing and advising on IPEA’s mechanisms for reviewing and implementing the recommendations of relevant parliamentary committee reports, external reviews and evaluations
    • reviewing IPEA’s Business Continuity Plan, as required, and providing advice that it is satisfied that IPEA’s has taken an appropriate approach in establishing business continuity planning arrangements—including whether business continuity and disaster recovery plans have been periodically updated and tested
    • assessing whether the accountable authority has taken steps to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct
    • reviewing annually IPEA’s governance arrangements, or elements of the arrangements as requested by the accountable authority
    • other activities as requested by the accountable authority.

Reports to accountable authority

25. The Chair of the Committee reports to the accountable authority after each meeting.
26. The Committee, as often as necessary and at least once a year, reports to the accountable authority and the Members of the Authority on its operation and activities during the year and confirms to the accountable authority that all functions outlined in this charter have been satisfactorily addressed.
27. The Committee may, at any time, report through the accountable authority to the Members of the Authority on any other matter it deems of sufficient importance to do so. In addition, an individual Committee member may request a meeting with the accountable authority at any time.
28. Through the Secretariat, the Committee will provide the Members, for their Members meetings, with the last ARC approved ARC meeting minutes.

Conduct of the Committee

29. The Committee is expected to understand and observe the requirements of the PGPA Act and PGPA Rule. The Committee is also expected to:
    • gain a good understanding of IPEA’s functions, objectives and operational context
    • act in the best interests of IPEA
    • apply good analytical skills, objectivity and good judgment
    • continuously build, apply and maintain appropriate expertise and awareness of IPEA’s and the Commonwealth’s operating context and challenges
    • express opinions constructively and openly, raise issues that relate to the Committee’s functions and pursue independent lines of enquiry
    • engage in the work of any sub-committees that may be established
    • contribute the time required to carry out its functions.
30. Committee members must not use or disclose information obtained by the Committee except in carrying out the Committee’s functions, or unless expressly agreed by the accountable authority. Committee members must advise the accountable authority as soon as practicable if their capacity to undertake their duties as a Committee member changes.

Engagement with the ANAO and IPEA's internal auditors

31. In undertaking its role, the Committee engages with the Australian National Audit Office (ANAO), as IPEA’s external auditor, in relation to the ANAO’s financial statement and performance audit coverage. In particular, the Committee:
    • provides input on planned ANAO financial statement and performance audit coverage
    • monitors senior management’s responses to all ANAO financial statement management letters and performance audit reports including the implementation of audit recommendations
    • provides advice to the accountable authority on action to be taken on significant issues raised in relevant ANAO reports or better-practice guides
    • meets with the ANAO as necessary.
32. In undertaking its role, the Committee engages with IPEA’s contracted internal auditors in relation to providing a recommendation to the accountable authority on the internal audit program. In particular, the Committee:
    • consults with the IPEA Members, accountable authority and IPEA Executive
    • provides input on the scope of planned internal audits
    • monitors senior management’s responses to all internal audit recommendations
    • provides advice to the accountable authority on action to be taken on significant issues raised in internal audits
    • meets with the internal auditors as necessary.

Authority

33. The accountable authority authorises the Committee to:
    • obtain, from any IPEA staff member or external party, information it requires for the purposes of carrying out its functions (subject to any legal obligations to protect information)
    • discuss any matters with the ANAO or IPEA’s internal auditors (subject to confidentiality considerations), in conjunction with carrying out its functions
    • seek legal or other professional advice where necessary to fulfil its functions, at IPEA’s expense, subject to approval by the accountable authority or delegate.

Administrative arrangements

Annual Work Plan

34. The Committee prepares an annual work plan that outlines the activities to be undertaken to achieve the Committee’s functions.

Induction

35. New Committee members receive relevant information and briefings from the accountable authority and/or the Secretariat at the time of their appointment to assist them to meet their Committee responsibilities.

Sub-Committees

36. The Committee may establish, in consultation with the accountable authority, one or more sub-committees to assist the Committee in carrying out its functions.
37. The responsibilities, membership and reporting arrangements for each sub-committee will be documented and approved by the Committee, in consultation with the accountable authority.
38. Committee sub-committees do not assume any management functions.

Meetings

39. The Committee meets at least 4 times per year. One or more additional meetings may be held to review IPEA’s annual financial statements and performance statements or to meet the Committee’s other specific functions.
40. The Chair is required to call a meeting if asked to do so by the accountable authority. The Chair is also required to decide if a meeting is necessary where a meeting is requested by a Committee member, internal audit or the ANAO.
41. Decisions made out of session are valid decisions of the Committee.
42. The Secretariat keeps minutes of all meetings.

Attendance

43. The accountable authority, the CFO/CRO and other IPEA management representatives may attend Committee meetings, as requested by the Chair. In addition, representatives of the ANAO and IPEA’s internal auditors may be invited to attend meetings of the Committee. Attendees who are not Committee members are there as advisers or observers.

Quorum

44. A quorum consists of 2 members, one of whom must be the Chair or the Deputy Chair. The quorum must be in place at all times during the meeting.

Secretariat

45. The Secretariat takes all reasonable steps to:
    • ensure the agenda for each meeting is approved by the Chair
    • circulate the agenda and supporting papers at least one week before the meeting
    • prepare and maintain the minutes of the meetings.
46. Minutes must be reviewed by the Chair and circulated in a timely manner to each member of the Committee and to Committee advisers and observers, as appropriate.

Conflicts of interest/ Independence

47. The Committee is directly responsible to the accountable authority. The accountable authority has not delegated any powers or functions to the Committee.
48. Once each year, ideally the first meeting of the calendar year, members of the Committee provide written declarations to the accountable authority declaring any material personal interests they have in relation to their responsibilities. The accountable authority, in consultation with the Chair, should be satisfied that there are sufficient processes in place to manage any real or perceived conflict.
49. At the beginning of each Committee meeting, members are required to declare any material personal interests that may apply to specific matters on the meeting agenda. Where required by the Chair, the member will be excused from the meeting or from the Committee’s consideration of the relevant agenda item(s). The Chair is also responsible for deciding, in consultation with the accountable authority where appropriate, if he/she should excuse themselves from the meeting or from the Committee’s consideration of the relevant agenda item(s). Details of any material personal interests declared by the Chair or other members, and the actions taken, are recorded in the minutes where appropriate.
     

Review and assessment of the Committee's performance and this charter

50. The Chair of the Committee initiates a review of the performance of the Committee at least every two years. The review is conducted by IPEA staff, in consultation with the Committee. The outcomes of these reviews are shared with the Committee and reported to the accountable authority and the Members.
51. The Chair provides advice to the accountable authority and the Members on an external member’s performance where an extension of the member’s tenure is being considered.
52. At least once every 2 years the Committee reviews the Committee’s charter. This review includes consultation with the accountable authority and the Members of the Authority. Any substantive changes to the charter are recommended by the Committee and formally approved by the accountable authority.