Board Audit and Risk Committee (BARC) Charter

Effective 1 July 2025

1. PURPOSE

The Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires that accountable authorities of Commonwealth Entities have an audit committee, and that committee is constituted and performs functions in accordance with the associated rules¹.

The CSIRO Board, as CSIRO’s accountable authority, has established the Board Audit and Risk Committee (BARC) in compliance with the PGPA Act and the Public Governance, Performance and Accountability Rule (PGPA Rule), regarding Audit Committees for Commonwealth Entities² and to assist the Board in the oversight of systems relating to risk and control³.

2. FUNCTIONS OF THE BOARD AUDIT AND RISK COMMITTEE (BARC)

The functions of the BARC are to review the appropriateness of CSIRO’s:

• financial reporting
• performance reporting
• system of risk oversight and management, and
• system of internal control⁴. The BARC will assist the CSIRO Board to fulfil its oversight responsibilities in these areas and to discharge its duty of care, diligence and skill. The BARC has the following functions:

2.1 Financial Reporting

To assist the Board in ensuring the appropriateness of CSIRO’s financial reporting, the BARC will review, report and provide advice to the Board on:

• CSIRO’s significant financial and accounting matters.
• the adequacy of the financial reporting process implemented by management and the annual financial statements to determine whether they meet all relevant requirements, are complete, reflect appropriate accounting standards and principles, contain appropriate disclosures, and that accounting policies and PGPA (Financial Reporting) Rule / Finance Secretary Directions are consistently applied.
• CSIRO’s financial record keeping arrangements.
• the acceptability of correct accounting treatment for, and disclosure of significant transactions that are not part of CSIRO's normal course of business.

The BARC will also obtain representations from Management and the External Auditors as to the preparation of the financial statements, and (on recommendation from the Chief Executive (CE) and Chief Finance Officer (CFO)) will provide a statement to the Board on the results of the financial statement audit (including whether the annual financial statements comply with the PGPA Act, the PGPA Rules, the Accounting Standards and supporting guidance) and recommend the signing of the financial statements to the Board for publication in the Annual Report.

2.2 Performance Reporting

To assist the Board in ensuring the appropriateness of CSIRO’s performance measurement and reporting, the BARC will review, report and provide advice on the appropriateness of CSIRO’s systems and procedures for assessing, monitoring and reporting on achievement of the entity’s performance.

In particular, the committee should satisfy itself that:

The performance reporting system and framework is appropriate, with reference to the Commonwealth Performance Reporting Framework and relevant rules of the PGPA Act (including relevant requirements, directions or guidance).

• The entity’s approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and Corporate Plan is appropriate and in accordance with the Commonwealth performance framework. This may include reviewing performance measures.
• The entity has appropriate systems and processes for preparation and publication of its annual performance statement. The BARC will review the organisational performance report prior to finalisation and provide advice to the Board on its appropriateness. This will include providing a statement to the Board on whether, in the BARC’s view, CSIRO’s annual performance statement and performance reporting as a whole is appropriate, with reference to any specific areas of concern or suggestions for improvement.

2.3 External Audit

To ensure maximum benefit to CSIRO from the activities of the external auditor, the BARC will:

• Review the external auditor’s proposed financial statements audit scope and audit approach, including materiality, for the current year.
• Review and discuss significant findings and recommendations made by the external auditor on a timely basis and require that management respond promptly to recommendations made by the external auditors.
• Review and provide advice to the Board on actions taken on significant issues raised in other relevant performance audit reports and better practice guides.
• Meet with the external auditor to discuss any matters, as required.

2.4 Risk Oversight and Management

To assist the Board in ensuring the appropriateness of CSIRO’s risk management arrangements, the BARC will review, report and provide advice on:

• the adequacy and effectiveness of CSIRO's enterprise risk management policy and framework and related processes to identify, and manage the entity’s risks, including business continuity planning processes.
• the Organisational Risk Profile and the process that underpins its development, and the appropriateness of the controls and risk mitigation strategies management implement to manage these risks.

The BARC will also provide an annual statement to the Board on whether, in the BARC’s view, CSIRO’s system of risk oversight and management as a whole is appropriate, identifying any specific areas of concern or suggestions for improvement.

2.5 Internal Control

To assist the Board in ensuring the appropriateness of CSIRO’s system of internal controls, the BARC will review, report and provide advice on:

Internal Control Framework

• CSIRO’s Internal Controls Framework, and the appropriateness, effectiveness and efficiency of, the system of internal controls, particularly those related to areas of significant risk.
• whether management has in operation, policies necessary to ensure that CSIRO achieves its objectives and complies with all applicable laws and Government policies and directives.

Legislative and Policy Compliance

• The effectiveness of CSIRO’s processes for identifying and reporting significant non?compliance with the PGPA Act and Rules and other applicable legislation.
• The recommendations of management regarding any significant non-compliances with the PGPA Act and Rules to be disclosed in the CSIRO Annual Report⁵.
• Oversight and compliance with environmental and climate-related disclosure requirements⁶.

The BARC will also receive regular updates from management and the Chief Legal Officer regarding other significant regulatory compliance issues, and legal disputes and claims that may have a material impact on CSIRO's reputation or financial statements.

Security, Fraud and Corruption

• The process for developing and implementing CSIRO’s fraud and corruption control arrangements consistent with the fraud and corruption control plan and satisfy itself that CSIRO has adequate processes for detecting, capturing and effectively responding to fraud and corruption risks.
• Management’s approach to maintaining an effective internal security system (including complying with the Protective Security Policy Framework).
• Regular updates from management regarding security matters reported, and alleged fraud and corruption incidents investigated, by the CSIRO Fraud and/or Security teams.
• The results of the biennial CSIRO Fraud Risk Assessment and CSIRO Fraud and Corruption Control Plan, completed in accordance with the Fraud Rule of the PGPA Rule⁷ and guidance of the Commonwealth Fraud Control Framework.

2.6 Internal Audit

To ensure the appropriate and effective operation of CSIRO’s internal audit function, the BARC will:

• Regularly review the Internal Audit Charter and the effectiveness, performance structure and resourcing of internal audit.
• Endorse the Annual Internal Audit Plan and recommend it to the CSIRO Board for approval, ensuring that it is risk focused and covers any areas warranting specific attention by the BARC and that the plan makes provision for appropriate co?ordination with the external auditor.
• Monitor the implementation of the Annual Internal Audit Plan and review audit activity reports, complete with management responses to the significant audit issues raised.
• Monitor the implementation of audit actions over time.
• Meet separately with the Internal Auditor to discuss any matters as required.
• At Management’s request, Consult on the appointment and termination of the Head of Internal Audit.

3. AUTHORITY

The BARC has the full authority of the Board to carry out the functions and responsibilities set out in this Charter, including having access to reasonable internal and external resources and obtaining independent advice at CSIRO’s expense.

The BARC does not have the authority to approve any matter on behalf of the Board unless formally delegated to do so by the CSIRO Board.

Recommendations of the BARC are to be referred to the Board for approval.

4. MEMBERSHIP

The following rules apply to the membership of the BARC:

• The Board appoints the BARC Chair and members.
• The BARC must consist of at least three members who have appropriate qualifications, knowledge, skills or experience to assist the committee to perform its functions.⁸
• The following can not be a member of the BARC:
  • An employee⁹ (including the Chief Financial Officer¹⁰)
  • The Chair of the CSIRO Board¹¹
  • The Chief Executive¹²
• BARC Members must declare material personal conflicts of interests as soon as they become aware and at least before or at the commencement of each BARC meeting. The BARC shall determine the most appropriate manner to manage any actual or perceived conflicts.

The BARC Chair shall be responsible for:

• Ensuring that the BARC operates in accordance with this Charter.
• The conduct of BARC Meetings.

Reporting and making recommendations to the CSIRO Board on the Functions of the BARC.

5. MEETINGS

The following rules shall apply to BARC Meetings:

• The BARC will meet at least four times a year. Additional meetings may be held by request through the BARC Chair.
• At the invitation of the BARC Chair, appropriate management, the internal auditor and representatives of the external auditor are to attend BARC meetings.
• Recommendations of the BARC are to be referred to the Board for approval. The BARC does not have the authority to approve any matter on behalf of the Board unless formally delegated to do so by the CSIRO Board.
• The CSIRO Corporate Secretary supports the BARC and attends the meetings.
• A meeting quorum is constituted upon three members attending the meeting¹³.
  • If the quorum for a meeting cannot be reached for any reason, the Chair of the Committee can consider the attendance of any member of the CSIRO Board at the meeting, other than the Chair of the CSIRO Board and Chief Executive, to contribute towards making up the quorum for the meeting, despite the Board Member not being an appointed Committee Member.
  • Board Members who are not BARC Members may attend meetings as observers.
• Minutes of each BARC meeting will be submitted to the Board for information.

6. REPORTING TO THE BOARD

The BARC, through the Chair, shall report to the CSIRO Board in relation to:

• Material matters discussed and reviewed by the BARC.
• Recommendations regarding the appropriateness of CSIRO’s financial reporting, performance reporting, system of risk oversight and management and system of internal control.
• Significant matters that may require Ministerial notification and disclosure in the Annual report14.

The BARC can recommend that information and papers considered by the BARC be shared with other Committees, to assist that Committee in the performance of its functions and responsibilities.

7. REVIEW OF BARC PERFORMANCE AND THIS CHARTER

The performance and membership of the BARC will be reviewed annually by the Chair of the Board.

This Charter shall be reviewed at least every two years by the BARC with recommendations for changes to be made to the Board for approval.

Effective 1 July 2025

1. PURPOSE

The Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires that accountable authorities of Commonwealth Entities have an audit committee, and that committee is constituted and performs functions in accordance with the associated rules¹.

The CSIRO Board, as CSIRO’s accountable authority, has established the Board Audit and Risk Committee (BARC) in compliance with the PGPA Act and the Public Governance, Performance and Accountability Rule (PGPA Rule), regarding Audit Committees for Commonwealth Entities² and to assist the Board in the oversight of systems relating to risk and control³.

2. FUNCTIONS OF THE BOARD AUDIT AND RISK COMMITTEE (BARC)

The functions of the BARC are to review the appropriateness of CSIRO’s:

• financial reporting
• performance reporting
• system of risk oversight and management, and
• system of internal control⁴. The BARC will assist the CSIRO Board to fulfil its oversight responsibilities in these areas and to discharge its duty of care, diligence and skill. The BARC has the following functions:

2.1 Financial Reporting

To assist the Board in ensuring the appropriateness of CSIRO’s financial reporting, the BARC will review, report and provide advice to the Board on:

• CSIRO’s significant financial and accounting matters.
• the adequacy of the financial reporting process implemented by management and the annual financial statements to determine whether they meet all relevant requirements, are complete, reflect appropriate accounting standards and principles, contain appropriate disclosures, and that accounting policies and PGPA (Financial Reporting) Rule / Finance Secretary Directions are consistently applied.
• CSIRO’s financial record keeping arrangements.
• the acceptability of correct accounting treatment for, and disclosure of significant transactions that are not part of CSIRO's normal course of business.

The BARC will also obtain representations from Management and the External Auditors as to the preparation of the financial statements, and (on recommendation from the Chief Executive (CE) and Chief Finance Officer (CFO)) will provide a statement to the Board on the results of the financial statement audit (including whether the annual financial statements comply with the PGPA Act, the PGPA Rules, the Accounting Standards and supporting guidance) and recommend the signing of the financial statements to the Board for publication in the Annual Report.

2.2 Performance Reporting

To assist the Board in ensuring the appropriateness of CSIRO’s performance measurement and reporting, the BARC will review, report and provide advice on the appropriateness of CSIRO’s systems and procedures for assessing, monitoring and reporting on achievement of the entity’s performance.

In particular, the committee should satisfy itself that:

The performance reporting system and framework is appropriate, with reference to the Commonwealth Performance Reporting Framework and relevant rules of the PGPA Act (including relevant requirements, directions or guidance).

• The entity’s approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and Corporate Plan is appropriate and in accordance with the Commonwealth performance framework. This may include reviewing performance measures.
• The entity has appropriate systems and processes for preparation and publication of its annual performance statement. The BARC will review the organisational performance report prior to finalisation and provide advice to the Board on its appropriateness. This will include providing a statement to the Board on whether, in the BARC’s view, CSIRO’s annual performance statement and performance reporting as a whole is appropriate, with reference to any specific areas of concern or suggestions for improvement.

2.3 External Audit

To ensure maximum benefit to CSIRO from the activities of the external auditor, the BARC will:

• Review the external auditor’s proposed financial statements audit scope and audit approach, including materiality, for the current year.
• Review and discuss significant findings and recommendations made by the external auditor on a timely basis and require that management respond promptly to recommendations made by the external auditors.
• Review and provide advice to the Board on actions taken on significant issues raised in other relevant performance audit reports and better practice guides.
• Meet with the external auditor to discuss any matters, as required.

2.4 Risk Oversight and Management

To assist the Board in ensuring the appropriateness of CSIRO’s risk management arrangements, the BARC will review, report and provide advice on:

• the adequacy and effectiveness of CSIRO's enterprise risk management policy and framework and related processes to identify, and manage the entity’s risks, including business continuity planning processes.
• the Organisational Risk Profile and the process that underpins its development, and the appropriateness of the controls and risk mitigation strategies management implement to manage these risks.

The BARC will also provide an annual statement to the Board on whether, in the BARC’s view, CSIRO’s system of risk oversight and management as a whole is appropriate, identifying any specific areas of concern or suggestions for improvement.

2.5 Internal Control

To assist the Board in ensuring the appropriateness of CSIRO’s system of internal controls, the BARC will review, report and provide advice on:

Internal Control Framework

• CSIRO’s Internal Controls Framework, and the appropriateness, effectiveness and efficiency of, the system of internal controls, particularly those related to areas of significant risk.
• whether management has in operation, policies necessary to ensure that CSIRO achieves its objectives and complies with all applicable laws and Government policies and directives.

Legislative and Policy Compliance

• The effectiveness of CSIRO’s processes for identifying and reporting significant non?compliance with the PGPA Act and Rules and other applicable legislation.
• The recommendations of management regarding any significant non-compliances with the PGPA Act and Rules to be disclosed in the CSIRO Annual Report⁵.
• Oversight and compliance with environmental and climate-related disclosure requirements⁶.

The BARC will also receive regular updates from management and the Chief Legal Officer regarding other significant regulatory compliance issues, and legal disputes and claims that may have a material impact on CSIRO's reputation or financial statements.

Security, Fraud and Corruption

• The process for developing and implementing CSIRO’s fraud and corruption control arrangements consistent with the fraud and corruption control plan and satisfy itself that CSIRO has adequate processes for detecting, capturing and effectively responding to fraud and corruption risks.
• Management’s approach to maintaining an effective internal security system (including complying with the Protective Security Policy Framework).
• Regular updates from management regarding security matters reported, and alleged fraud and corruption incidents investigated, by the CSIRO Fraud and/or Security teams.
• The results of the biennial CSIRO Fraud Risk Assessment and CSIRO Fraud and Corruption Control Plan, completed in accordance with the Fraud Rule of the PGPA Rule⁷ and guidance of the Commonwealth Fraud Control Framework.

2.6 Internal Audit

To ensure the appropriate and effective operation of CSIRO’s internal audit function, the BARC will:

• Regularly review the Internal Audit Charter and the effectiveness, performance structure and resourcing of internal audit.
• Endorse the Annual Internal Audit Plan and recommend it to the CSIRO Board for approval, ensuring that it is risk focused and covers any areas warranting specific attention by the BARC and that the plan makes provision for appropriate co?ordination with the external auditor.
• Monitor the implementation of the Annual Internal Audit Plan and review audit activity reports, complete with management responses to the significant audit issues raised.
• Monitor the implementation of audit actions over time.
• Meet separately with the Internal Auditor to discuss any matters as required.
• At Management’s request, Consult on the appointment and termination of the Head of Internal Audit.

3. AUTHORITY

The BARC has the full authority of the Board to carry out the functions and responsibilities set out in this Charter, including having access to reasonable internal and external resources and obtaining independent advice at CSIRO’s expense.

The BARC does not have the authority to approve any matter on behalf of the Board unless formally delegated to do so by the CSIRO Board.

Recommendations of the BARC are to be referred to the Board for approval.

4. MEMBERSHIP

The following rules apply to the membership of the BARC:

• The Board appoints the BARC Chair and members.
• The BARC must consist of at least three members who have appropriate qualifications, knowledge, skills or experience to assist the committee to perform its functions.⁸
• The following can not be a member of the BARC:
  • An employee⁹ (including the Chief Financial Officer¹⁰)
  • The Chair of the CSIRO Board¹¹
  • The Chief Executive¹²
• BARC Members must declare material personal conflicts of interests as soon as they become aware and at least before or at the commencement of each BARC meeting. The BARC shall determine the most appropriate manner to manage any actual or perceived conflicts.

The BARC Chair shall be responsible for:

• Ensuring that the BARC operates in accordance with this Charter.
• The conduct of BARC Meetings.

Reporting and making recommendations to the CSIRO Board on the Functions of the BARC.

5. MEETINGS

The following rules shall apply to BARC Meetings:

• The BARC will meet at least four times a year. Additional meetings may be held by request through the BARC Chair.
• At the invitation of the BARC Chair, appropriate management, the internal auditor and representatives of the external auditor are to attend BARC meetings.
• Recommendations of the BARC are to be referred to the Board for approval. The BARC does not have the authority to approve any matter on behalf of the Board unless formally delegated to do so by the CSIRO Board.
• The CSIRO Corporate Secretary supports the BARC and attends the meetings.
• A meeting quorum is constituted upon three members attending the meeting¹³.
  • If the quorum for a meeting cannot be reached for any reason, the Chair of the Committee can consider the attendance of any member of the CSIRO Board at the meeting, other than the Chair of the CSIRO Board and Chief Executive, to contribute towards making up the quorum for the meeting, despite the Board Member not being an appointed Committee Member.
  • Board Members who are not BARC Members may attend meetings as observers.
• Minutes of each BARC meeting will be submitted to the Board for information.

6. REPORTING TO THE BOARD

The BARC, through the Chair, shall report to the CSIRO Board in relation to:

• Material matters discussed and reviewed by the BARC.
• Recommendations regarding the appropriateness of CSIRO’s financial reporting, performance reporting, system of risk oversight and management and system of internal control.
• Significant matters that may require Ministerial notification and disclosure in the Annual report14.

The BARC can recommend that information and papers considered by the BARC be shared with other Committees, to assist that Committee in the performance of its functions and responsibilities.

7. REVIEW OF BARC PERFORMANCE AND THIS CHARTER

The performance and membership of the BARC will be reviewed annually by the Chair of the Board.

This Charter shall be reviewed at least every two years by the BARC with recommendations for changes to be made to the Board for approval.