Role and responsibilities of the Audit and Risk Management Committee
Pursuant to Section 18 of the Royal Melbourne Institute of Technology Act 2010, a committee of Council will be known as the Audit and Risk Management Committee (the Committee). This Charter establishes the role and responsibilities of the Committee.
To assist Council in discharging its responsibilities to the University and its Controlled Entities with respect to:
- the integrity of the annual financial statements and financial reporting
- exposure to legal and business risk
- the effectiveness of the external and internal audit functions;
- the adequacy and effectiveness of financial management, financial control systems and other internal controls
- the process for monitoring compliance with laws and regulations, and
- monitoring compliance with the University Code of Conduct.
The Committee has the authority to conduct or authorise investigations or reviews and make determinations in respect of any matters within its scope of responsibilities. It is empowered to:
- oversee the appointment, compensation and work of any registered company auditor engaged by the University
- resolve any disagreement between management and the external or internal auditor on financial reporting or audit findings
- pre-approve all auditing and non-audit services
- retain independent counsel, accountants, the internal auditors, or others to advise the Committee or assist in the conduct of an investigation
- seek any information it requires from employees – all of whom are directed to cooperate with the Committee’s requests – or from external parties, and
- meet with the University’s officers, external auditors, internal auditors, or outside counsel, as necessary.
The Committee may delegate authority to subcommittees providing any findings or recommended decisions are presented to the full Committee at its next scheduled meeting.
3. Members Skills
All members will be financially literate and at least one member will be designated as the “financial expert,” as defined under the Corporations Act 2001.
The Committee shall meet at least four times per year. The Chair of the Committee has the power to call a meeting of the Committee when deemed necessary.
All Committee members are expected to attend each meeting, in person or through teleconference or video conference.
The Committee can invite any persons, including management and officers of the University, external and internal auditors, or others to attend the meetings of the Committee and may refer matters deemed to require attention directly to the appropriate executive officers.
The University Secretary or nominee will be the Committee Secretary.
In addition to the Purpose, the Committee will carry out the following responsibilities:
- Review significant accounting and reporting issues, including complex or unusual transactions and highly judgmental areas, and recent professional and regulatory pronouncements, and understand their impact on the University’s financial statements.
- Review with management and the external auditors the process and results of the annual audit and the annual financial statements.
- Review the annual financial report and consider whether it is complete, consistent with information known to the Committee members and reflects appropriate accounting principles.
- Review other sections of the annual report and related regulatory filings before release and consider the accuracy and completeness of the information.
- Review how management develops interim financial information and the nature and extent of internal and external auditor involvement.
- Review accounting policies of the University and approve policy changes for recommendation to Council.
Risk Management and Internal Control
- Consider the effectiveness of the University’s internal control systems, including fraud management systems, and information technology security and control.
- Understand the scope of internal and external auditors’ review of risks and internal controls, and obtain reports on significant findings and recommendations together with management’s responses.
- Review the University’s risk profile, risk framework, risk identification and risk management on a regular basis to ensure they are regularly updated, and material business risks of the University are dealt with appropriately and on a timely basis.
- Review the University’s insurance coverage annually to ensure it is appropriate.
- Review with the Director Internal Audit and Risk Management the charter, annual workplan, activities, resourcing, organisational structure and reporting arrangements of the internal audit function.
- Have final authority to review and approve the annual Internal Audit Plan and all major changes to the Plan.
- Ensure there are no unjustified restrictions or limitations on the internal audit function and concur in the appointment, replacement and dismissal of the Director Internal Audit and Risk Management.
- At least once per year review the performance of the Director Internal Audit and Risk Management, and concur with the annual remuneration package.
- Review the effectiveness of the internal audit function including compliance with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing.
- Ensure the Internal Audit Annual Plan is linked with and covers the material business risks of the University.
- Regularly meet with the Director Internal Audit and Risk Management separately to discuss any matters which the Committee or internal audit believes should be discussed privately.
- Review the external auditors’ proposed audit scope and approach each year, including the coordination of external and internal audit activity.
- Review the reports received from the external auditors and consider the adequacy of action taken by management in respect of those reports.
- Meet with external auditors separately as required to discuss any matters the Committee or external auditors believe should be discussed privately.
- Review annually the performance of the external auditors.
- Review and confirm the independence of the external auditors by obtaining written confirmations from the external auditors on relationships between the external auditors and the University.
- Monitor relationships with the Office of Auditor-General to ensure timely completion of the University’s annual report (including review of the Auditor-General’s Annual Report and Management letter along with the University’s draft response to the report) and adequacy of action taken in respect of those reports.
- Monitor compliance with laws and regulations and the University’s Statutes, regulations and policies, and regularly review the effectiveness of compliance systems.
- Review the process for communicating the University Code of Conduct to staff, and for monitoring compliance with the Code.
- Obtain regular updates from management and the University Legal Counsel on compliance matters and reportable incidents.
- The minutes and/or a report of each Committee meeting must be submitted to the next Council meeting. The report should include the Committee’s minutes, any formal resolutions or decisions taken by the Committee, any significant matters or recommendations arising from the audit process(es) and any other issue of which the Committee believes Council should be informed.
- Provide open communication between internal audit and risk management, the external auditors, and Council.
- Report annually to Council on the Committee’s performance including completion of its work plan.
- Report annually to stakeholders via the RMIT Annual Report on the Committee’s composition, responsibilities and performance.
- Perform other activities related to this Charter as requested by Council.
- Review and assess the adequacy of the Committee’s charter annually, requesting University Council approval for any proposed changes.
- Institute and oversee special investigations as need.