Purpose
The Board of CSIRO has established the Audit and Risk Committee (BARC) in compliance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and PGPA Rule section 17 Audit Committees for Commonwealth Entities.
The responsibilities of the Board Audit and Risk Committee The role of the CSIRO Audit and Risk Committee is to assist the Board in fulfilling its corporate governance responsibilities regarding financial reporting, audit and risk oversight, reporting obligations, and internal controls and compliance with relevant laws and policies.
The BARC discharges its role by reviewing and reporting to the Board on the following:
- financial reporting process, including the annual financial statements, to comply with applicable financial reporting requirements;
- the adequacy and operation of the risk management framework and the system of assurance from management that there is effective management of identified risks.;
- the appropriateness and effectiveness of systems of internal control and compliance to effectively manage organisational risks;
- the scope of work, performance and independence of CSIRO's internal audit and the external auditor (ANAO).
In fulfilling its role, the BARC will maintain effective working relationships with CSIRO management and the internal and external auditors.
Financial reporting
- Review the areas of greatest financial risk and how they are managed.
- Review the adequacy of the financial reporting process implemented by management and the annual financial statements to determine whether they meet all relevant requirements, are complete, reflect appropriate accounting standards and principles, contain appropriate disclosures, and that accounting policies and PGPA (Financial Reporting) Rule / Finance Secretary Directions are consistently applied.
- Review the acceptability of, correct accounting treatment for, and disclosure of significant transactions that are not part of CSIRO's normal course of business.
- Ensure that any significant adjustments, unadjusted differences, disagreements with management, and critical accounting policies and practices have been discussed with the external auditor.
- Meet with management and the external auditor to review the financial statements and the results of the audit.
- Obtain the relevant representations from management as to the preparation of the financial statements.
- On recommendation from the Chief Executive (CE) and Chief Finance Officer (CFO), inform the Board on the results of the financial statement audit and recommend the signing of the financial statements to the Board for publication in the Annual Report.
- With the CFO, identify areas for improvement in financial management and monitor progress.
Risk and Risk Management Framework oversight
- Review the adequacy and effectiveness of CSIRO's risk management framework and related processes, including business continuity planning processes.
- Oversee the effective implementation of the CSIRO risk management system which identifies, assesses, monitors and implements appropriate strategies to manage and mitigate risks throughout the organisation.
- Review and recommend for Board approval the Organisational Risk Profile and the process that underpins its development, and the appropriateness of the controls and risk mitigation strategies management implement to manage these risks.
Internal control
- Ensure management has appropriately addressed any internal control recommendations made by internal audit and the external auditor and endorsed by the BARC.
- Evaluate the process CSIRO has in place for assessing the appropriateness, effectiveness and efficiency of, and continuously improving the system of internal controls, particularly those related to areas of significant risk.
- Review the effectiveness of systems for monitoring CSIRO’s compliance with laws, regulations and associated government policies with which CSIRO must comply.
- Review whether management has in operation policies necessary to ensure that CSIRO achieves its objectives and complies with all applicable laws and Government policies and directives.
Internal audit
- Approve the Annual Operational Internal Audit Plan, ensuring that it is risk focused and covers any areas warranting specific attention by the BARC and that the plan makes provision for appropriate co-ordination with the external auditor.
- Monitor the implementation of the Annual Operational Internal Audit Plan, its scope and progress, including any restrictions on scope of activities, or significant disagreements with management.
- Periodically review the Internal Audit Charter and the effectiveness, performance, structure and resourcing of internal audit.
- Meet separately with the Internal Auditor to discuss any matters in camera privately, as required.
- Ensure significant findings and recommendations made by internal audit are received and discussed, and agreed actions are implemented in a timely manner.
- Ratify the appointment and termination of the Executive Manager, Audit.
- Review audit activity reports, complete with management responses to the significant audit issues raised.
External audit
- Review the external auditor’s proposed financial statements audit scope and audit approach, including materiality, for the current year in the light of CSIRO's circumstances and changes in regulatory and other requirements.
- Review and provide input and feedback on any performance audit coverage proposed or undertaken by the external auditor.
- Regularly review with the external auditor any audit problems or difficulties encountered in the normal course of audit work including any restriction on audit scope or access to information.
- Review and discuss significant findings and recommendations made by the external auditor on a timely basis and require that management respond promptly to recommendations made by the external auditors.
- Review and provide advice to the Board on actions taken on significant issues raised in other relevant performance audit reports and better practice guides.
- Meet in–camera with the external auditor to discuss any matters, as required.
Compliance
- Review the effectiveness of processes for identifying and reporting significant non-compliance with the PGPA Act and Rules and other applicable legislation.
- Endorse the recommendations of management regarding any significant non-compliances with the PGPA Act and Rules to be disclosed in the CSIRO Annual Report.
- Obtain regular updates from management and General Counsel regarding other significant regulatory compliance issues, and legal disputes and claims that may have a material impact on CSIRO's reputation or financial statements.
Fraud
- Obtain regular updates from management regarding security matters reported, and alleged fraud incidents investigated, by the CSIRO Fraud and/or Security team.
- Endorse the results of the biennial CSIRO Fraud Risk Assessment and CSIRO Fraud and Corruption Control Plan, completed in accordance with Paragraph (a) of the Fraud Rule (Section 10 of the PGPA Act) and guidance of the Commonwealth Fraud Control Framework.
Membership
The Board appoints the BARC Chair and members.
The Committee comprises at least 3 non-executive members of the Board. An external member may be appointed to the Committee to provide professional advice and consultation on all matters pertaining to Committee activities.
A quorum constitutes the greater of two or a majority of non-executive members of the Board on the Committee.
Meetings
The BARC will meet at least four times a year. If required, additional Meetings may be requested through the BARC Chair by any member, the Company Secretary, internal auditor or the external auditor. In the absence of the Chair, one of the Committee Members, either nominated by the Chair, or elected by the Committee, will act as the Committee Chair for that meeting.
Directors who are not Committee Members may attend Meetings.
At the invitation of the BARC Chair, appropriate management, the internal auditor and representatives of the external auditor are to attend BARC meetings, to provide reports and periodic presentations to the Committee.
Recommendations of the Committee are to be referred to the Board for approval.
The Corporate Secretary supports the Committee and attends the meetings.