Independent Parliamentary Expenses Authority Audit and Risk Committee Charter

The Chief Executive Officer (CEO), as the accountable authority of the Independent Parliamentary Expenses Authority (IPEA), has established an Audit and Risk Committee (the Committee) in compliance with subsection 45(1) of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and subsection 17(1) of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

Role

2. In accordance with subsection 17(2) of the PGPA Rule, the Committee's primary functions are to review the appropriateness of IPEA's:
   • financial reporting arrangements
   • performance reporting arrangements
   • system of risk oversight and management
   • system of internal control,

and to provide its views on these matters to the CEO, based on the Committee's inquiries, information provided to the Committee, and internal audit coverage.

3. The Committee is not responsible for the executive management of IPEA's functions. The Committee engages with IPEA's senior management team in a constructive and professional manner in carrying out its functions and formulating its advice to the CEO.
4. In undertaking its work, the Committee pays particular attention to IPEA’s achievement of its planned performance results and delivery of the major programs or activities it administers to reduce its risk of failure or significant underperformance.

Membership

5. The Committee comprises three members, appointed by the CEO, as follows:
   • the Chair of the Committee (independent, external)
   • the Deputy Chair, (independent, external) who acts as Chair in the absence of the Chair
   • an external Committee member, who may be an official of another Commonwealth entity.
6. A majority of members must be persons who are not officials of any Commonwealth entity.
7. Committee members are to have the appropriate qualifications, business and public sector knowledge, skills and experience to assist the Committee to perform its functions.
8. Committee members are appointed for an initial period not exceeding three years. Committee members may be re-appointed for further periods, as specified by the CEO, to ensure ongoing independence and to ensure that their skills and experience are appropriate for the Committee collectively. The maximum term of appointment of a Committee member is ten years.

Functions of the Audit and Risk Committee

9. The Committee is responsible for reviewing IPEA's:
   • financial reporting arrangements
   • performance reporting arrangements
   • system of risk oversight and management
   • system of internal control
   • additional functions as requested by the CEO.
10. When undertaking these reviews, the Committee considers IPEA's broader governance framework, any advice sought by the CEO and the level of maturity of IPEA's control and assurance arrangements.

Financial reporting arrangements

11. The Committee reviews IPEA's:
    • annual financial statements
    • processes and systems for preparing financial reporting information
    • financial record keeping
    • processes in place to allow IPEA to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting.
12. Following the review referred to in paragraph 11 above, the Committee provides advice to the CEO on whether, in the Committee's view, the following documents comply, where necessary, with the PGPA Act, the PGPA Rule, the Accounting Standards and takes guidance into account as relevant:
    • IPEA's annual financial statements
    • additional entity information required by the Department of Finance for the purpose of preparing the Australian Government consolidated financial statements.
13. In addition, the Committee provides annual advice to the CEO on the appropriateness of IPEA's financial reporting arrangements as a whole, with reference to any specific areas of concern or suggestions for improvement.

Performance reporting arrangements

14. The Committee reviews IPEA's:
    • Portfolio Budget Statements and Corporate Plan
    • approach to measuring its performance against its performance measures
    • annual performance statements
    • processes for the preparation of its annual performance statements and the inclusion of these statements in its Annual Report.
15. Following the review referred to in paragraph 14 above, the Committee provides advice to the CEO on whether, in the Committee's view, the annual performance statements comply with the PGPA Act, the PGPA Rule and takes guidance into account as relevant.
16. In addition, the Committee provides advice to the CEO on the appropriateness of IPEA's performance reporting arrangements as a whole, with reference to any specific areas of concern or suggestions for improvement.

System of risk oversight and management

17. The Committee reviews IPEA's:
    • enterprise risk management policy framework
    • internal controls for the effective identification and management of IPEA's risks
    • fraud control framework
    • business continuity planning arrangements.
18. Following the review referred to in paragraph 17 above, the Committee provides advice to the CEO on whether, in the Committee's view, IPEA's system of risk oversight and management as a whole complies with the PGPA Act, Commonwealth Risk Management Policy and supporting guidance and whether IPEA’s fraud control arrangements are adequate for detecting, capturing and effectively responding to fraud risks.

System of internal control

19. The Committee reviews and provides advice on the appropriateness of IPEA's:
    • approach to maintaining an effective internal control framework, including management's operation of relevant policies and procedures
    • processes for assessing whether key policies and procedures are complied with
    • system for monitoring IPEA's compliance with key laws, regulations and associated government policies that must be complied with
    • management's consideration of legal and compliance risks
    • approach to maintaining an effective internal security system
    • internal audit coverage and internal audit work plan
    • management and exercise of delegations and authorisations.
20. Following the review referred to in paragraph 19 above, the Committee provides advice to the CEO on whether, in the Committee's view, IPEA's system of internal control as a whole complies with the PGPA Act, the Commonwealth's Protective Security Policy Framework and supporting guidance, with reference to any specific areas of concern or suggestions for improvement.

Additional functions

21. The additional functions of the Committee include:
    • reviewing and advising on IPEA's mechanisms for reviewing and implementing the recommendations of, relevant parliamentary committee reports, external reviews and evaluations
    • annually reviewing IPEA's governance arrangements, or elements of the arrangements as requested by the CEO
    • other activities as requested by the CEO.

Reports to CEO

22. The Chair of the Committee reports to the CEO after each meeting.
23. The Committee, as often as necessary and at least once a year, reports to the CEO and the Members of the Authority on its operation and activities during the year and confirms to the CEO that all functions outlined in this charter have been satisfactorily addressed.
24. The Committee may, at any time, report through the CEO to the Members of the Authority on any other matter it deems of sufficient importance to do so. In addition, an individual Committee member may request a meeting with the CEO at any time.

Conduct of the Committee

25. The Committee is expected to understand and observe the requirements of the PGPA Act and PGPA Rule. The Committee is also expected to:
    • gain a good understanding of IPEA's functions, objectives and operational context
    • act in the best interests of IPEA
    • apply good analytical skills, objectivity and good judgment
    • continuously build, apply and maintain appropriate expertise and awareness of IPEA's and the Commonwealth's operating context and challenges
    • express opinions constructively and openly, raise issues that relate to the Committee's functions and pursue independent lines of enquiry
    • engage in the work of any sub-committees that may be established
    • contribute the time required to carry out its functions.
26. Committee members must not use or disclose information obtained by the Committee except in carrying out the Committee's functions, qr unless expressly agreed by the CEO. Committee members must advise the CEO as soon as practicable if their capacity to undertake their duties as a Committee member changes.

Engagement with the ANAO and IPEA's internal auditors

27. In undertaking its role, the Committee engages with the Australian National Audit Office (ANAO), as IPEA's external auditor, in relation to the ANAO's financial statement and performance audit coverage. In particular, the Committee:
    • provides input on planned ANAO financial statement and performance audit coverage
    • monitors senior management's responses to all ANAO financial statement management letters and performance audit reports including the implementation of audit recommendations
    • provides advice to the CEO on action to be taken on significant issues raised in relevant ANAO reports or better practice guides
    • meets with the ANAO as necessary.
28. In undertaking its role, the Committee engages with IPEA's contracted internal auditors in relation to providing a recommendation to the CEO on the internal audit program. In particular, the Committee:
    • consults with the IPEA Members, CEO and !PEA Executive
    • provides input on the scope of planned internal audits
    • monitors senior management's responses to all internal audit recommendations
    • provides advice to the CEO on action to be taken on significant issues raised in internal audits
    • meets with the internal auditors as necessary.

Authority

29. The CEO authorises the Committee to:
    • obtain, from any IPEA staff member or external party, any information it requires for the purposes of carrying out its functions (subject to any legal obligations to protect information)
    • discuss any matters with the ANAO or IPEA's internal auditors (subject to confidentiality considerations), in conjunction with carrying out its functions
    • seek legal or other professional advice where necessary to fulfil its functions, at IPEA's expense, subject to approval by the CEO or delegate.

Administrative arrangements

Annual Work Plan

30. The Committee prepares an annual work plan that outlines the activities to be undertaken to achieve the Committee's functions.

Induction

31. New Committee members receive relevant information and briefings from the CEO and/or the Secretariat at the time of their appointment to assist them to meet their Committee responsibilities.

Sub-Committees

32. The Committee may establish, in consultation with the CEO, one or more sub-committees to assist the Committee in carrying out its functions.
33. The responsibilities, membership and reporting arrangements for each sub-committee will be documented and approved by the Committee, in consultation with the CEO.
34. Committee sub-committees do not assume any management functions.

Meetings

35. The Committee meets at least four times per year. One or more additional meetings may be held to review IPEA's annual financial statements and performance statements or to meet other specific functions of the Committee.
36. The Chair is required to call a meeting if asked to do so by the CEO. The Chair is also required to decide if a meeting is necessary where a meeting is requested by a Committee member, internal audit or theANAO.
37. Decisions made out of session are valid decisions of the Committee.

Attendance

38. The CEO, the CFO and other IPEA management representatives may attend Committee meetings, as requested by the Chair. In addition, representatives of the ANAO and IPEA's internal auditors may be invited to attend meetings of the Committee. Attendees who are not Committee members are there as advisers or observers. The Secretariat keep minutes of all meetings.

Quorum

39. A quorum consists of two members, one of whom must be the Chair or the Deputy Chair. The quorum must be in place at all times during the meeting.

Secretariat

40. The Secretariat takes all reasonable steps to:
    • ensure the agenda for each meeting is approved by the Chair
    • circulate the agenda and supporting papers at least one week before the meeting prepare and maintain the minutes of the meetings.
41. Minutes must be reviewed by the Chair and circulated in a timely manner to each member of the Committee and to Committee advisers and observers, as appropriate.

Conflicts of interest/ Independence

42. The Committee is directly responsible to the CEO. The CEO has not delegated any powers or functions to the Committee.
43. Once each year, members of the Committee provide written declarations to the CEO declaring any material personal interests they have in relation to their responsibilities. The CEO, in consultation with the Chair, should be satisfied that there are sufficient processes in place to manage any real or perceived conflict.
44. At.the beginning of each Committee meeting, members are required to declare any material personal interests that may apply to specific matters on the meeting agenda. Where required by the Chair, the member will be excused from the meeting or from the Committee's consideration of the relevant agenda item(s). The Chair is also responsible for deciding, in consultation with the CEO where appropriate, if he/she should excuse themselves from the meeting or from the Committee's consideration of the relevant agenda item(s). Details of any material personal interests declared by the Chair or other members, and the actions taken, are recorded in the minutes where appropriate.

Review and assessment of the Committee's performance and this charter

45. The Chair of the Committee initiates a review of the performance of the Committee at least every two years. The review is conducted by IPEA staff, in consultation with the Committee. The outcomes of these reviews are shared with the committee, and reported to the CEO and the Member of the Authority.
46. The Chair provides advice to the CEO and the Members of the Authority on an external member's performance where an extension of the member's tenure is being considered.
47. At least once every two years the Committee reviews the Committee's charter. This review includes consultation with the CEO and the Members of the Authority. Any substantive changes to the charter are recommended by the Committee and formally approved by the CEO.