Audit and Risk Management Committee

*Membership of the Audit and Risk Management Committee is limited to external members of Council i.e. not a current RMIT staff member or student.

**The appointment of external experts will be considered and recommended to Council by NRPC. The appointment will be for a three-year term (unless specified otherwise). External experts are eligible for reappointment; however, terms cannot exceed 12 years in total (whether consecutive or not).

In making these appointments, the Council shall satisfy itself that each member is independent of management and does not have any business or other relationship which could interfere with or be reasonably perceived to have the potential to interfere with their capacity to exercise independent judgement.

Members of the Committee should have the appropriate level of skills and business experience. At least one member of the Committee will hold a formal accounting qualification, with a strong financial and accounting background.

In the absence of the Chair, the Committee will elect a chair from the Category B members.

The Committee may invite or require Officers of the University to attend meetings where appropriate to assist in the effective discharge of the Committee's duties or for selected agenda items as determined by the Chair. 

The Committee may meet with the Vice-Chancellor, Chief Operating Officer, Chief Finance Officer, General Counsel, Director Risk, Internal Auditors and External Auditors without any other management being present.

The primary objective and responsibility of the Committee is to assist the Council in fulfilling and discharging its responsibilities in relation to the University’s accounting policies, financial reporting practice, financial and internal control systems, external and internal audit functions, risk management framework and compliance framework, by providing an objective view on the effectiveness of these policies, financial reporting practices, systems and risk management framework.

Pursuant to Section 18 of the Royal Melbourne Institute of Technology Act 2010, a committee of Council will be known as the Audit and Risk Management Committee (“the Committee”). Council authorises the Committee to:

• approve the University’s risk management framework, monitor its implementation and report accordingly to Council
• approve the University’s approach to and outcomes of compliance monitoring and report to Council
• approve the appointment of an external firm as the provider of Internal Audit services to the University and any proposed changes to that appointment.
• approve the Internal Audit Plan
• establish internal working groups as required to assist in exercising the responsibilities set out in the Terms of Reference
• obtain outside legal and/or other independent professional advice and to secure the attendance of external parties with relevant experience and expertise if it considers this necessary. The Committee is entitled to call upon resources from the University to support the achievement of its duties.
• obtain all information it requires and request reports from management, Internal Audit, General Counsel and VAGO/External Auditor which it considers necessary for the performance of its duties.
• Endorse governance level policies.

Unless indicated otherwise, ‘University’ refers to the RMIT Group (RMIT University and its Controlled Entities).

Financial Reporting

• Review and endorse the annual financial statements and reports for the University before submission to the Council for approval, and through reports from senior management and VAGO to the Committee, consider the following:
  • The appropriateness of accounting practices selected, the consistency with which they are applied and any changes in financial policy, accounting standards and practice.
  • The appropriateness of the material judgments and estimates made in the course of the preparation of the financial statements.
  • The propriety of any related party transactions.
  • Significant adjustments arising from the external audit and the impact and reasons for those adjustments.
  • The VAGO independent audit opinion.
  • Audit representation letters to be signed by management and the contents of those letters.
  • VAGO’s audit management letters and management’s responses to them.
  • The form of and responses to questionnaires to management in connection with the University's annual financial statements.
  • Key Management Personnel (KMP) declaration of related parties’ transactions signed by KMP.
• Review and recommend to Council the University’s annual budget.
• Monitor the University’s financial performance (long term and short term) against budget and approved financial performance indicators and targets, and any corrective actions required to achieve budget objectives.
• Monitor the University’s financial sustainability and its financial long-term plan.
• Monitor policies relating to financial matters including Delegations of Authority.

Internal Controls

• Discuss with management, Internal Audit, the Director Risk and VAGO, the adequacy and effectiveness of the University's accounting, financial, and internal controls including the University's policies and processes to assess, monitor and manage these controls.
• Obtain reports on internal control findings raised by Internal Audit and any external auditors, together with management’s responses to these findings.
• Oversee and provide high-level direction in relation to the University’s annual internal controls certification process, including the methods employed to gain assurances from management that internal controls have operated effectively over the specified financial reporting period.

External Audit

• Oversee the University's relationship with VAGO (or the external auditor appointed by VAGO).
• Review and agree with the External Auditor the scope of the audit plan before the audit commences and subsequently the result of the audit.
• Review any significant changes made to the External Audit plan and the reasons for those changes including whether any restrictions on scope have been placed by management on the audit.
• Review any significant difficulties or disputes encountered with management during the course of the audit and the resolution of those difficulties or disputes.
• Review reports and management letters from the External Auditor including reviews of accounting procedures and recommendations for improvements in internal controls and management responses.

Internal Audit

• Ensure the independence of the internal audit function.
• Review the activities, resources, organisational structure and the operational effectiveness of the internal audit function and where appropriate make recommendations to the Council.
• Review and approve the annual internal audit plan (for the RMIT Group) to ensure adequate coverage of significant business risks, the system of internal control and the efficiency and effectiveness of operations.
• Monitor the progress of the internal audit plan and approve any changes required to the plan.
• Review reports from the internal auditor, the rating of those reports and the recommendations contained therein.
• Review any significant findings and recommendations made by internal audit and ensure they are received, considered and responded to by management on a timely basis.
• Monitor follow up action in response to internal audit’s recommendations and management's agreed action plans.
• Consider any difficulties encountered by internal audit during the course of its work, including any restrictions on the scope of the planned work or access to required information.
• Ensure that the activities of internal audit are coordinated with VAGO/External Auditors.
• Approve the appointment of an external firm as the provider of Internal Audit services to the University and any proposed changes to that appointment.
• Periodically review the performance of the Internal Audit Function.

Risk Management

• By receiving updates about the University’s Strategic Risk profile and the Strategic Risk profile for the Controlled Entities, provide an objective view to Council on the effectiveness of the University’s risk management framework.
• Review and monitor risk aspects arising from external reviews of the University’s performance, including quality reviews performed by Commonwealth regulatory bodies.
• By obtaining management reports into and reviewing significant cases of conflicts of interest, misconduct, fraud or grievances and the resolution and reporting of those cases, monitor the overall risk culture of the University.
• Receive regular University wide complaints reporting, including analysis of numbers, trends, themes and causes.
• Receive regular reports on cyber security related matters.  
• Review the University’s insurance coverage and other risk transfer arrangements to ensure it is appropriate.
• Review management reports on critical incidents and review the University’s business continuity and resilience plans to ensure they are appropriate.

Compliance

• Review the effectiveness of the University’s systems and processes for ensuring compliance with laws, regulations and internal policies, and the results of management’s investigation and follow-up of any instances of non-compliance.
• Endorse governance level policies.
• Receive reports relating to integrity of operation and practice, including preventing and responding to fraud and corruption, whistleblower instances, handling of sensitive information and conflict of interest.
• Review updates from management, General Counsel and University Secretary regarding compliance matters that may have a material impact on the University’s reputation or financial statements.
• Review the findings of any examinations conducted by regulatory or other external bodies in relation to compliance matters.
• Review reports from the General Counsel about any current pending litigation or regulatory proceedings in which the University is a party and which may have a material effect on the University.

• The Committee plays an important and active role in oversight of many elements of educational regulatory compliance, including but not limited to:
  • Oversight of external compliance obligations and reporting, including under the Tertiary Education Quality Standards Act (TEQSA), the Australian Skills Quality Authority Act (ASQA), the Higher Education Support Act (HESA) and the Education Services for Overseas Students Act (ESOS) and associated regulations and standards.
  • Review the findings of any examinations by a regulator and management’s actions to address any recommendations. 

There shall be an agenda and minutes for all meetings and the Secretary (who shall not be a Committee member) shall record the proceedings of the meeting and distribute Chair approved minutes within 10 business days of the meeting.

The Committee shall review its own performance on an annual basis and refer findings and actions arising from the review process to Council.

The Terms of Reference for the Committee shall be reviewed on an annual basis and any amendments recommended to Council for approval.

To Council after each meeting. The Committee will immediately escalate to Council any significant or material matters of concern.

Quorum is a majority of members. The Chair holds an additional ‘casting’ vote if there is a tie in the vote.

Four times a year or more as required. Members will receive regular reporting between meetings where that facilitates the Committee’s functions. In consultation with the Chair, additional or special meetings may be requested.

None

University Secretariat

Name: Ms Nicole Knight

Role: Associate Director University Governance

Email: council.secretariat@rmit.edu.au

Phone: 03 9225 2008