Audit, Risk and Compliance Committee (ARCC)

Terms of Reference

Introduction

These Terms of Reference set out the objectives, composition, reporting, administrative arrangements, and review process for the Audit, Risk and Compliance Committee (the Committee).

Purpose

The Committee has no executive powers; it is directly responsible and accountable to the ET for the exercise of its responsibilities.

The Committee is authorised, within the scope of its role, to obtain any information or advice and discuss matters with staff or external parties as considered necessary to meet its responsibilities.

Specific responsibilities

The Committee has risk management, financial management, internal audit and assurance responsibilities:

Risk Management

• Provide an objective view to ET on the effectiveness of the CSIRO risk management framework.
• Discuss and endorse for ET consideration the Operational Risk Profile (ORP) identifying key organisational risks.
• Review and monitor strategic and operational risks and relevant treatment plans on a quarterly basis or more frequently if required.
• Review and monitor the implementation of risk management initiatives such as CSIRO’s processes and systems for capture and investigation of fraud, reporting process for governance incidents and periodic testing of business continuity and disaster recovery arrangements.

Financial Management

• Review and monitor the performance of business areas against budget and recommend adjustments aligned with enterprise risk.
• Monitor performance against areas identified for improvement in financial management across business areas, for example financial fraud, compliance).

Internal audit

• Review the activities, resources and the operational effectiveness of the internal audit function to carry out its responsibilities and where appropriate make recommendations to the ET.
• Review and endorse the annual internal audit plan for approval by BARC to ensure adequate coverage of CSIROs significant risks, the system of internal control and the efficiency and effectiveness of CSIRO operations.
• Monitor the progress of the internal audit plan. Advise Internal Audit on the scope of the planned work or facilitate any access to required information.
• Review all audit reports and provide advice to the ET on significant issues identified in audit reports and action taken on issues raised, including identification and dissemination of good practice.
• Review any significant findings and recommendations made by internal audit and ensure they are received, considered and responded to by management on a timely basis.
• Monitor follow up action in response to internal audit’s recommendations and management's agreed action plans.

Assurance

• Review the performance of business areas and ensure that they are reflective of appropriate accounting standards and principles, contain appropriate disclosures, and that Public Governance Performance and Accountability Act 2013 legislative requirements are consistently applied.
• Review the effectiveness of the systems for monitoring the organisation’s compliance with applicable laws and regulations, associated government policies and internal policies and procedures, including compliance by external parties such as contractors and advisors.
• Review and endorse an annual compliance plan for approval by ET.
• Review whether management has taken steps to embed a culture which is committed to ethical and lawful behaviour.
• Consider and review internal compliance reporting
• Review the Fraud Control Plan and monitor progress of fraud control actions
• Consider and review updates regarding compliance matters that may have a material impact on CSIROs reputation.

Composition

The Committee comprises:

• Chief Operating Officer (Co- Chair)
• Chief Scientist (Co-Chair)
• Director, ESS (two-yearly rotation)
• Executive Manager, ESS (annual rotation)
• Director BU (two-yearly rotation)
• Research Director BU (annual rotation)

The following senior CSIRO officers shall attend Committee meetings in an advisory role. These officers will not be official members but could provide advice and participate in discussion as required:

• Chief Financial Officer
• Director Governance

Administrative arrangements

Meetings

• The Committee will meet six times per year. Extraordinary meetings may be held as required.
• All papers to be provided one week in advance to the Secretariat.
• Papers are required to be approved by Directors, at a minimum. Those clearing papers may be required to attend to address the committee.
• Draft minutes will be approved by one co-chair at minimum.
• Approved minutes will be distributed within 10 business days of meeting.

Attendance and quorum

• Representatives are welcome if approved by a co-chair in advance of the meeting.
• A quorum will comprise a co-chair and a majority of the Committee members (or their representatives).

Secretariat

• Governance will provide the Secretariat to the Committee.
• Guests and subject matter experts may be invited by a co-chair as meeting guests.
• Observers may be invited by a co-chair on a rotational basis as a development opportunity.

Review

The Committee will review its terms of reference annually.

Reporting

On a quarterly basis, the co-chairs will provide a summary of key issues and recommendations from the Committee on matters within its remit to the ET, where possible immediately following the Committee meeting.

On an annual basis, the Committee will provide an overall assessment to ET of the organisation’s risk, control and compliance framework, including details of any significant emerging risks or legislative changes impacting the organisation.