Audit and Risk Committee

The role of ARPANSA's Audit and Risk Committee is to provide independent assurance to the CEO on ARPANSA’s financial and performance reporting responsibilities, risk oversight and management, and system of internal control.

Committee membership

Chair

Margaret Donnan - Independent Director, Battery Stewardship Council and Board member of Environment Protection Authority Victoria

Members

Claire Miller - Board member of the Mine Land Rehabilitation Authority, Non-Executive Director of Central Gippsland Health Service, Non-Executive Director and Mine Land Rehabilitation Authority, and Commissioner Victorian Gambling and Casino Control Commission.
Dennis Clark - Chief Risk Officer for two life insurance companies, Member of the Victorian Ombudsman Audit and Risk Committee and Consultant to Aboriginal Hostels and the Commonwealth Government.
Richard Thornton - Former CEO of Natural Hazards Research Australia

Audit and Risk Committee Charter

1. Introduction

For the purposes of the finance law (within the meaning of the Public Governance, Performance and Accountability Act 2013 (PGPA Act)) ARPANSA is a listed entity, of which the accountable authority is the Chief Executive Officer (CEO) of ARPANSA. The CEO has established the Audit and Risk Committee (the Committee) in accordance with subsection 45(1) of the Act (PGPA Act) and the Public Governance, Performance and Accountability Rule (PGPA Rule), 2014.

2. Purpose

A Charter for the Committee is required by subsection 17(1) of the PGPA Rule. This Charter includes functions that the Committee must undertake to provide independent assurance to the CEO including reviewing the appropriateness of ARPANSAs: financial reporting; performance reporting; system of risk oversight and management; and the system of internal control.

The Committee is not responsible for the executive management of these functions. The Committee will engage with management in a constructive and professional manner in discharging its advisory responsibilities and formulating its advice to the CEO.

3. Functions

3.1 Financial reporting

The Committee must review the appropriateness of ARPANSA’s financial reporting and compliance with the mandatory requirements of the PGPA Act, the PGPA Rule, the Accounting Standards and also consider advice given in supporting guidance.

The Committee’s function for financial reporting includes to:

review and provide advice on the appropriateness of the CEO’s annual financial statements including recommending their signing by the CEO;

In particular the Committee will review:

information (other than annual financial statements) requested by Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package;
processes and systems for preparing financial reporting information;
financial record keeping;
processes in place to allow the entity to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting.

The Committee must provide a statement to the CEO that specifies:

whether the annual financial statements, in the Committee’s view, comply with the PGPA Act, the PGPA Rules, the Accounting Standards and supporting guidance;
whether additional entity information (other than financial statements) required by Finance for the purpose of preparing the Australian Government consolidated financial statements (including the supplementary reporting package) comply with the PGPA Act, the PGPA Rules, the Accounting Standards and supporting guidance;

in respect of the appropriateness of the financial reporting as a whole, with reference to any specific areas of concern or suggestions for improvement.

3.2 Performance reporting

The Committee must review the appropriateness of the CEO’s performance reporting for the entity including reviewing the mandatory requirements of the PGPA Act, the PGPA Rule, and also the Commonwealth performance framework and consider advice given in supporting guidance. The review would usually cover information provided in the Corporate Plan, the Portfolio Budget Statement and the Annual Performance Statement.

The Committee must review and provide advice on the appropriateness of the systems and procedures for assessing, monitoring and reporting on achievement of ARPANSA’s performance.

In particular, the Committee should satisfy itself that:

The Portfolio Budget Statements and Corporate Plan contain appropriate details of how ARPANSA’s performance will be measured and assessed;
the approach to measuring ARPANSA’s performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and Corporate Plan is appropriate and in accordance with the Commonwealth performance framework. This may include reviewing, over time, particular elements of the performance measures;
appropriate systems and processes are in place for preparation of ARPANSA’s Annual Performance Statement and inclusion of the statement in its annual report. The Committee must review the Annual Performance Statement and provide advice to ARPANSA on their appropriateness.

The Committee must provide a statement to the CEO specifying whether, in their view, the Annual Performance Statement and performance reporting as a whole is appropriate, with reference to any specific areas of concern or suggestions for improvement.

3.3 Risk oversight and management

The Committee must review the appropriateness of ARPANSA’s risk oversight and management.

The Committee must sufficiently understand ARPANSA’s risk appetite and operating environment, and review the mandatory requirements of the PGPA Act, the PGPA Rule, the Commonwealth Risk Management Policy and also consider advice in supporting guidance.

The Committee must review and provide advice on the appropriateness of ARPANSA’s:

enterprise risk management policy framework and the necessary internal controls for the effective identification and management of the risks, in keeping with the Commonwealth Risk Management Policy (for Non-Commonwealth Entities (NCEs));
approach to managing key risks, including those associated with individual projects and program implementation and activities;
process for developing and implementing the fraud control arrangements consistent with the fraud control framework, and satisfy itself that there are adequate processes for detecting, capturing and effectively responding to fraud risks;
articulation of key roles and responsibilities relating to risk management and adherence to them by officials of ARPANSA.

The Committee must provide a statement to the CEO specifying whether in their view, ARPANSA’s system of risk oversight and management as a whole is appropriate (with reference to the Commonwealth Risk Management Policy for NCEs) and any specific areas of concern or suggestions for improvement.

3.4 Internal control

The Committee must review the appropriateness of ARPANSA’s system of internal control and understand the operating context, governance requirements, and reviewing the mandatory requirements of the PGPA Act, the PGPA Rule and also consider advice in supporting guidance.

The Committee will review and provide advice on the appropriateness of ARPANSA’s financial and non-financial internal controls including:

internal control framework - reviewing management’s approach to maintaining an effective internal control framework and whether appropriate processes are in place for assessing whether key policies and procedures are complied with, reviewing whether management has in operation relevant policies and procedures, such as accountable authority instructions, delegations, a business continuity management plan, or bullying and harassment policies;
legislative and policy compliance - reviewing the effectiveness of systems for monitoring ARPANSA’s compliance with laws, regulations and associated government policies with which ARPANSA must comply, determining whether management has adequately considered legal and compliance risks as part of ARPANSA’s enterprise risk management framework, fraud control framework and planning;
security compliance - reviewing management’s approach to maintaining an effective internal security system (including complying with the Protective Security Policy Framework);
internal audit coverage - reviewing the proposed internal audit coverage, ensuring that the coverage takes into account ARPANSA’s primary risks, and recommending approval of the internal audit work plan by the CEO or the nominated delegate, reviewing all internal audit reports, providing advice on major concerns identified in those reports, and recommending action on significant matters raised, including identification and dissemination of information on good practice.

The Committee must provide a statement to ARPANSA specifying whether the system of internal control is appropriate for ARPANSA, with reference to any specific areas of concern or suggestions for improvement.

3.5 Engage with ANAO

The Committee will engage with the ANAO, as the entity’s external auditor, in relation to the ANAO’s financial statement and performance audit coverage.

In particular, the Committee will:

provide input on planned ANAO financial statement and performance audit coverage;
review entity specific and relevant cross-entity external performance audit reports and monitor management’s response and implementation of audit recommendations;
provide advice to the CEO on action to be taken on significant issues raised in relevant ANAO reports or better practice guides;
meet privately with the ANAO at least once per year.

4. Authority

This Charter is authorised by the CEO and must be followed by all ARPANSA employees. Both ongoing and non-ongoing employees must comply with this Charter unless otherwise stated. Any direction given in this Charter or subordinate directive is a direction for the purposes of section 13(5) of the Public Service Act 1999.

The CEO authorises the Committee, in accordance with its role and responsibilities, to:

obtain any information it requires from any official (as defined by section 14A of the Australian Radiation Protection and Nuclear Safety Act 1998) or external party (subject to any legal obligation to protect information);
discuss any matters with the ANAO, or other external parties (subject to confidentiality considerations);
request the attendance of any official, including the CEO and CFO, at Committee meetings; and
obtain legal or other professional advice, as considered necessary to fulfil its role, at ARPANSA’s expense, subject to approval by the CEO, or delegate.

5. Membership

The members of the Committee are appointed for 3 years and may be reappointed.

The Committee comprises three to five members, appointed by the CEO.

The CEO will appoint the Chair of the Committee.

The CEO, in consultation with the Committee, will appoint a person to provide secretariat support to the Committee.

Members are expected to attend all meetings of the Committee unless exceptional circumstances exist and must, where applicable, notify the Chair prior to the meeting of their absence. Attendance by proxy requires previous agreement from the Chair.

Invitees: The Chief Executive Officer, Chief Financial Officer, General Counsel, members of the Internal Audit team or other management representatives may attend meetings as advisers or observers, as determined by the Chair, but will not be members of the Committee. Those nominated to attend a meeting will be listed on the agenda.

6. Meetings

The Committee will meet at least four times per year.

One or more special meetings may be held to review ARPANSA’s annual financial statements and performance statements or to meet other specific responsibilities of the Committee. The Chair will meet with the CEO as required to escalate any issues.

The Secretariat or nominated delegate will facilitate all logistics for the meetings, including overseeing meeting room booking, development of the agenda, collating of papers, and follow-up of outstanding action items.

A quorum will consist of a majority of Committee members.

7. Agenda, papers, and minutes

The Secretariat, and relevant support within the Risk and Quality Team, will develop an agenda under supervision of the Chair. The agenda and associated documents will be provided to members not less than 5 working days prior to the meeting.

Under the supervision of the Chair, the Secretariat or nominated delegate will coordinate the keeping of meeting minutes and action items. The Chair approved minutes, or relevant extracts from them, will be published after the Committee has signed off on the final version of the meeting minutes.

8. Conduct of the Committee

Members of the Committee are expected to understand and observe the legal requirements of the PGPA Act and PGPA Rule. Members are also expected to:

act in the best interests of the entity as a whole;
apply good analytical skills, objectivity and good judgment;
express opinions constructively and openly, raise issues that relate to the Committee’s responsibilities and pursue independent lines of enquiry; and
contribute the time required to meet their responsibilities.

Committee members must not use or disclose information obtained by the Committee except in meeting the Committee’s responsibilities, or unless expressly agreed by the CEO.

9. Conflicts of interest

Members of the Committee will provide written declarations annually, through the Chair, to the CEO declaring any material personal interests they may have in relation to their responsibilities. External members should consider past employment, consultancy arrangements and related party issues in making these declarations and the CEO, in consultation with the Chair, should be satisfied that there are sufficient processes in place to manage any real or perceived conflict.

At the beginning of each Committee meeting, members are required to declare any material personal interests that may apply to specific matters on the meeting agenda.

Where required by the Chair, the member will be requested to recuse themselves from the meeting or from the Committee’s consideration of the relevant agenda item(s).

The Chair is also responsible for deciding, in consultation with the CEO where appropriate, if he/she should recuse themselves from the meeting or from the Committee’s consideration of the relevant agenda item(s). Details of material personal interests declared by the Chair and other members, and actions taken, will be appropriately recorded in the minutes.

10. Induction and development

New members are expected to participate in an induction and orientation program upon appointment, including management briefings and site visits.
Members will be given the opportunity to undertake ongoing and continuous education to improve and maintain skills and knowledge to perform their role effectively.

11. Reporting

The Committee will, as often as necessary, and at least once a year, report to the CEO on its operation and activities during the year and confirm to the CEO that all functions outlined in this Charter have been satisfactorily addressed.

The Committee may, at any time, report to the CEO any other matter it deems of sufficient importance to do so. In addition, at any time an individual Committee member may request a meeting with the CEO.

12. Performance

The Chair of the Committee, in consultation with the CEO, will undertake an annual review of the performance of the Committee.

The review will be conducted on a self-assessment basis (unless otherwise determined by the CEO) with appropriate input sought from the CEO, Committee members, senior management, the internal and external auditors, Chief Financial Officer, and any other relevant stakeholders, as determined by the CEO.

The Chair will provide advice to the CEO on an external member’s performance where an extension of the member’s tenure is being considered.

13. Review

The Committee will review this Charter and as necessary, revise it at least biennially, or otherwise as required.

This review will include consultation with the CEO.

Any substantive changes to the Charter will be recommended by the Committee and formally approved by the CEO.