Audit and Risk Committee
The Audit and Risk Committee is appointed by the City of Perth to oversee the activities of the Council’s external and internal auditors.
- Lord Mayor Basil Zempilas
- Cr Catherine Lezer (Presiding Member)
- Deputy Lord Mayor Liam Gobbert (Deputy Presiding Member)
- Cr Sandy Anghie
- Ashwin Kumar- Term Expires 22 February 2024
- Robert Maurich- Term Expires 22 February 2023
Audit and Risk Committee Terms of Reference
The City of Perth (‘City’) has established the Audit and Risk Committee (‘Committee’) under Section 7.1A of the Local Government Act 1995.
The Committee assists the Council in fulfilling their oversight responsibilities in relation to systems of risk management and internal control, the City’s processes for monitoring compliance with laws and regulations, including financial and performance reporting and external and internal audit. The Committee is not responsible for the management of these functions.
The Committee will engage with management in a constructive and professional manner to perform its oversight responsibilities. The Chair of the Committee is responsible to, and reports to, the accountable authority.
Members of the Committee are expected to:
- understand the legal and regulatory obligations of the Council for governing the entity;
- understand the governance arrangements that support achievement of the City’s strategies and objectives;
- exercise due care, diligence and skill when performing their duties;
- adhere to the City’s code of conduct and the code of ethics of any professional body which they are a member of;
- help to set the right tone in the City by demonstrating behaviours which reflect the City’s desired culture;
- be aware of contemporary and relevant issues impacting the public sector; and
- only use information provided to the Committee to carry out their responsibilities, unless expressly agreed by Council.
To help support the Committee’s role in overseeing the internal audit function, the Internal Audit and Risk Manager will functionally report to the Committee.
The Committee will prepare an annual work plan that outlines when it will perform key activities, in consultation with the accountable authority.
The Council authorises the Committee, in accordance with this Terms of Reference, to:
- obtain any information it requires from any official or external party (subject to any legal obligation to protect information);
- discuss any matters with the internal auditors, Office of the Auditor General (OAG), or other external parties (subject to confidentiality considerations);
- request the attendance of any officer or elected members at audit committee meetings; and
- obtain legal or other professional advice when necessary to fulfil its role, at the entity’s expense, subject to approval by Council or delegate.
The Committee may undertake other activities as requested by Council.
The Committee comprises of six (6) members of whom two (2) must be independent, appointed by Council. The Committee will be led by a Chair. The Chair and other elected members on the Committee will be appointed by Council resolution after every Council election until a subsequent Council election is held or a member resigns from the Committee. The Chair shall not be the Lord Mayor.
Independent Committee Members will be appointed for an initial period of two years as determined by Council.
To support the skills and experience of Committee Members, the Committee will implement an induction and training program for new members.
The Committee may invite the Chief Executive Officer, Chief Financial Officer, Internal Audit and Risk Manager, or other management representatives to present information and participate in the meeting. An officer from the Office of the Auditor General (OAG) will be invited to attend committee meetings as an observer.
The Committee will be administratively supported by a City officer.
The Committee will be responsible for the following:
Risk management, fraud and internal control
The Committee oversees the entity’s system of risk management and internal controls. Its responsibilities include, but are not limited to:
- Providing oversight on significant risk exposures and control issues, including fraud risks, governance issues and other matters as necessary or requested by senior management and the accountable authority.
- Considering the impact of City’s culture on risk management and internal controls.
- Annually reviewing the City’s risk management policy.
- Based on knowledge and understanding of the City’s risks, reviewing whether strategic risks are appropriately reflected in the risk profile and reported to the accountable authority.
- Reviewing and assessing the effectiveness of processes for identifying, managing, treating and mitigating the City’s risks and ensuring that remaining risks align with the City’s risk appetite. The Committee should prioritise risks involving:
- significant business risks, including environmental and occupational health and safety risks;
- potential non-compliance with laws, regulations and standards; and
- fraud and theft.
- Considering the adequacy and effectiveness of internal controls and the risk management framework by:
- reviewing reports from management, internal audit, consultants, regulators and the Office of the Auditor General (OAG);
- ensuring strategic risk registers consider risks that may impact whether the entity will achieve its strategic objectives;
- monitoring management responses and ensuring timely correction actions are taken by management;
- enquiring with management and the OAG regarding their assessment of the risk of material misstatement in the financial report due to fraud;
- enquiring with management, internal auditors and the OAG about whether they are aware of any actual, suspected or alleged fraud or corruption affecting the City including the City’s response to the matters; and
- reviewing the business continuity planning process and be assured that material risks are identified and appropriate business continuity plans, including disaster recovery plans, are in place.
- Reviewing summary reports from management on all suspected, alleged and actual frauds, thefts and breaches of laws and ensuring these are reported to the accountable authority and/or relevant authorities.
- Reviewing summary reports from management on communication from external parties including regulators that indicate problems in the internal control system or inappropriate management actions.
The Audit and Risk Committee is responsible for guiding and overseeing the activities, resources and structure of the internal audit function. The Audit and Risk Committee’s responsibilities include, but are not limited to:
- Annually reviewing internal audit’s mission, resources and budget and protecting internal audit’s independence from management.
- Reviewing the internal audit structure, composition, skills and experience, service delivery model, independence and access to Council.
- Advising Council on the adequacy of internal audit resources or budget to perform the approved internal audit plan.
- Ensuring that the internal audit function, through the Internal Audit and Risk Manager, has a direct reporting relationship with Committee and Council (functional reporting relationship) and has access to all levels of management needed to perform their duties.
- Monitoring internal audit’s participation in non-assurance roles to assess whether it impacts their independence or interferes with the delivery of the internal audit program.
- Assessing the internal audit plan to ensure that it comprehensively covers material business risks that may threaten the achievement of strategic objectives and allows internal audit to assess culture.
- Reviewing and recommending the approval of the internal audit plan and work program by Council.
- Communicating the Audit and Risk Committee’s expectations to the Internal Audit and Risk Manager in writing through the internal audit charter.
- Reviewing the internal audit charter annually for Council’s approval.
- Reviewing the quality and timeliness of internal audit reports.
- Considering the implications of internal audit findings on the business, its risks and controls.
- Monitoring management’s implementation of internal audit recommendations.
- Monitoring the progress of the internal audit plan and work program.
- Monitoring the quality of internal audit services delivered and compliance with the Institute of Internal Auditors’ International Professional Practices Framework.
- Ensuring that internal audit has complete and timely access to all accounts, information, documents and records of the entity as needed to effectively perform their duties. This also includes discussing whether management was cooperative and provided timely responses to internal audit requests.
- Meeting privately with the Internal Audit and Risk Manager at least once per year.
Compliance and ethics
The Audit and Risk Committee oversees the City’s processes to ensure compliance with relevant laws and regulations and for promoting a strong governance culture within the entity. This includes, but is not limited to:
- Understanding the City’s compliance framework including its obligations, the officers responsible for compliance activities and management oversight and review of these processes.
- Considering the impact of the City’s culture on compliance processes.
- Overseeing compliance by reviewing arrangements that monitor the impact of changes in key laws, regulations, internal policies and accounting standards affecting the City’s operations.
- Obtaining updates from management on matters of compliance and ethical matters that may have material impact on the City’s financial statements, strategy, operations, health and safety or reputation.
- Reviewing and monitoring related party transactions and conflicts of interest.
- Enquiring with management, internal audit and the OAG on their assessment of the compliance culture, the risk of non-compliance, or whether they have any knowledge of any actual, suspected or alleged non-compliance affecting the entity.
- Meeting with management to discuss regulatory compliance matters the City has considered in the preparation of the financial statements, such as compliance with accounting standards.
Financial and performance reporting
The Audit and Risk Committee oversees the integrity of financial and performance reporting processes within the entity. The committee’s responsibilities include:
- reviewing the financial statements and providing advice to Council about whether they should be endorsed by Council. The review includes assessing:
- whether the financial statements are consistent with the knowledge of the Audit and Risk Committee members;
- whether the financial statements comply with the Local Government Act 1995 and associated regulations;
- whether the financial statements accurately reflects the entity’s financial position and performance, and if not, whether additional disclosures are required;
- the appropriateness of accounting policies and disclosures, including changes to accounting policies;
- areas of significant judgement, estimation and significant or non-routine transactions;
- whether appropriate management action has been taken in response to any issues raised by the OAG, including financial statement adjustments or revised disclosures;
- the quality of the entity’s processes for preparing the financial statements, including how management has checked that they comply with relevant requirements;
- significant issues, errors or discrepancies in the draft financial statements and ensuring members understand the reasons why these occurred; and
- the representation letter to be provided to the OAG to confirm that the assertions, including any immaterial errors collated during the audit, are appropriate.
- Acting as a forum for communication between management and the OAG.
- Reviewing the entity’s process to ensure the financial information included in the annual report is consistent with the audited financial statements.
The Audit and Risk Committee is responsible for communicating and liaising with the OAG. This includes understanding the results of financial and performance audits conducted within the entity and overseeing whether recommendations are implemented by management. The committee’s responsibilities include, but are not limited to:
- Meeting with the OAG to discuss the audit plan (audit entrance meeting) and the results of the financial audit (audit exit meeting).
- Discussing with the OAG any significant resolved or unresolved disagreements with management.
- Monitoring and critiquing management’s response to OAG findings and recommendations.
- Reviewing reports from the OAG including auditor’s reports, closing reports and management letters.
- Reviewing all representation letters signed by management to assess whether the information appears complete and appropriate.
- Meeting with the OAG at least once per year without management presence. At this meeting, the committee will discuss matters relating to the conduct of the audit, including any difficulties encountered, restrictions on scope of activities or access to information, significant disagreements with management and adequacy of management responses.
- Reviewing performance audits conducted at the entity and ensuring that agreed recommendations are implemented.
- Monitoring the relationship between internal auditors and the OAG.
- Reviewing results of relevant OAG audit reports and better practice publications for guidance on good practices, including any self-assessment by management.
- Reviewing the form and content of the proposed auditor’s report on the entity’s financial and performance report. This may include any proposed modification, emphasis of matter, key audit matters, other matters and uncorrected misstatements in other information.
Perform other activities related to the role of this charter as requested by Council.
The Audit and Risk Committee will meet at least four (4) times a year or more frequently as necessary.
The Chair is required to call a meeting if asked to do so by Council. If a meeting is requested by another Audit and Risk Committee member, OAG or Internal Audit and Risk Manager, the Chair will decide whether the meeting is necessary.
The Chair will oversee the planning and conduct of meetings including the agenda and draft minutes, and reporting to the accountable authority.
A quorum will consist of a majority of committee members. The quorum must be in place at all times during the meeting.
Independence and conflicts of interest
The Audit and Risk Committee must be independent from management of the City.
Audit and Risk Committee elected members will provide declarations of any actual or perceived conflicts of interest as required under the Local Government Act 1995.
External members, as required under the Code of Conduct for Council Members, Committee Members and Candidates, will provide written declarations of any actual or perceived conflicts of interest to the accountable authority. These members should consider past employment, consultancy arrangements and related party issues when making these declarations to Council. In consultation with the Chair, Council should be satisfied that there are sufficient processes in place to manage any actual, perceived or potential conflicts of interest.
Audit committee performance assessment arrangements
The Chair of the Audit and Risk Committee, in consultation with Council, will review the performance of the Audit and Risk Committee annually, together with the annual review of this charter.
The Audit and Risk Committee will, as often as necessary, and at least once a year, report to Council on its operations and activities during the year and confirm to Council that all functions outlined in this charter have been satisfactorily addressed.
The Audit and Risk Committee may at any time, report to the accountable authority on any other matters it deems to be sufficiently important. In addition, any individual Audit and Risk Committee member may request a meeting with Council at any time.
Review of charter
The Audit and Risk Committee will ensure that this charter complies with relevant legislative and regulatory requirements and will propose amendments when necessary to ensure that it accurately reflects the committee’s current role and responsibilities.
The Audit and Risk Committee will review this charter once a year and more frequently if required. The review will include consultation with the accountable authority. Any substantive changes to the charter will be recommended by the audit committee and formally approved by the accountable authority.