Quality, Audit and Risk Committee Charter

Transcription

1 Quality, Audit and Risk Committee (A Committee of University Council) Quality, Audit and Risk Committee Charter This Charter is established under the authority of the Council of Edith Cowan University. The Quality, Audit and Risk Committee (QARC) is an advisory committee of Council and plays a key role in assisting Council to fulfil its responsibilities. The purpose of the Charter is to indicate how the Committee will carry out its responsibilities. To assist in this process, the Charter: 1. identifies the composition and membership of QARC. 2. includes the QARC Terms of Reference established by Council. 3. outlines the Committee s: a. powers and functions; b. responsibilities and accountabilities; and c. meeting and communication processes. 4. determines the Committee s operating principles and practices. A separate Audit Assurance Charter defines the purpose, authority and responsibility of the internal audit function within the Strategic and Governance Services Centre. Composition and Membership The QARC composition (UC119/12 Dec 2006) and current membership (as at 4 May 2018 UC187/27) is in the following table: Category Members* (i) One member of Council with relevant expertise who shall be appointed by Council to Chair D. Goldsworthy (Chair) [UC161/30] (ii) A minimum of three and maximum of five persons with relevant expertise, who may be Council members or persons co-opted from outside the University community, provided that at least one shall be a member of Council. J. Curran (Deputy Chair) Member of Council E. Bartnik Member of Council T. Aveling co-optee C. Dunham co-optee T. McAuliffe co-optee (iii) Chair, Academic Board M. McMahon 26 Oct 2017 (updated 4 May 2018) Page 1 of 7

2 * Appointments to Council Committees are approved by Council on the recommendation of the Governance and Nominations Committee (unless otherwise specified). Note that in this context, outside the University community means people who are neither staff nor enrolled students of ECU and nor are they members of Council. The majority of members, including the Chair, must be external (that is, neither staff nor enrolled students of ECU) and independent of the University (using the ASX definition of independence as a guide). Accredited Observers (UC119/12 Dec 2006) 1. Vice-Chancellor or nominee 2. The senior executive with portfolio responsibility for quality improvement 3. Director and General Counsel, Strategic and Governance Services Centre 4. Chief Risk and Assurance Officer, Strategic and Governance Services Centre 5. Chief Financial Officer 6. Representative from Office of the Auditor General Observer/Participant (Council Member) (UC143/22 Dec 2010) 1. Associate Professor Ute Mueller, School of Science (UC185/24: 1 Jan Dec 2018) Other persons may attend as required (and approved by the Chair) to assist the Committee with its business. Terms of Reference (TOR) To reflect QARC s strategic and monitoring role with respect to performance, audit, risk and compliance, Council has given the Committee the following terms of reference: 1. To advise and assist Council in the effective discharge of its fiduciary duties of governance and stewardship in respect of the University s key ongoing performance indicator framework, risk management, control and compliance, through monitoring, reporting and making recommendations intended to sustain and maintain the University s performance framework and systems of internal control, risk management, continuous quality improvement, business continuity and regulatory compliance, including occupational safety and health. 2. Without limiting the generality of (1) above, the Committee will monitor and provide recommendations, advice and reports to Council on: a. Performance and Quality Improvement i. Key Performance Indicators including the external audit thereof, and other performance indicators in ECU s Strategic Plan. ii. Summary reports on key internally-commissioned reviews (including quality reviews and compliance reviews), for example, School Reviews, Centre Reviews, Research Centre Reviews, third party provider reviews and reviews of offshore operations. iii. Significant externally imposed reviews such as those required by accreditation bodies, government agencies and regulatory bodies (including TEQSA and ASQA). iv. The alignment of continuous improvement at all levels of the University, including performance-related strategic initiatives designed to improve its capability to deliver outcomes for students and stakeholders. b. Audit i Audit Assurance (internal audit) and related operations. 26 Oct 2017 (updated 4 May 2018) Page 2 of 7

3 ii. External Audit and related operations including other reviews that the Auditor General may conduct from time-to-time. c. Risk i. The ECU Integrated Risk Management framework and strategic and operational risk management. ii. Business continuity management, planning and testing including how ECU deals with Critical Incidents that arise from time-to-time. iii. Annual reports on insurance renewals and ECU s performance in relation to workers compensation insurance. iv. Occupational Safety and Health activities including regulatory compliance and incident reporting. v. Oversight of risk management and audit arrangements for partially controlled entities, as defined under Voluntary Code of Best Practice for the Governance of Australian Universities 13. d. Integrity and Compliance i. ECU s internal investigations into suspected fraud and misconduct and corruption. ii. iii. ECU s integrity framework. ECU s legislative compliance framework and its operation. 3. To report to Council as required on such other matters as may be referred to the Committee by the Council, Chancellor or Vice-Chancellor. 4. To make decisions on matters delegated to the Committee by Council. These terms of reference should be reviewed annually and updated where necessary, consistent with the review processes for all Council Committees. Powers and Functions QARC advises and makes recommendations to Council. The Committee s powers and functions are largely considered in terms of the relationship that it has with University senior management, the University external auditors and the Strategic and Governance Services Centre (particularly the Chief Risk and Assurance Officer). Relationship with Senior Management QARC derives its authority from Council. The Committee has the authority to speak with any person, internal or external to the University, access any documents, files or records, and act on behalf of Council in obtaining an assurance on matters that fall within its terms of reference. This includes involvement in the broader control framework of the University through the oversight of matters dealing with managerial information, communication, risk management and legislative compliance. Such requests will be made after appropriate consultation with senior management and with consideration of the resource implications. Relationship with External Auditor The Auditor General Act 2006 makes the Auditor General for Western Australia (Auditor General) the external auditor of the University. However, the Auditor General Act 2006 also allows the Auditor General to appoint persons, from either his/her own office or from firms under contract to his/her office, to conduct audits on his/her behalf. To that end a representative of the Office of the Auditor General is invited to attend, as an observer, each QARC meeting. In the event that the Auditor General appoints persons other than his own staff to conduct the 26 Oct 2017 (updated 4 May 2018) Page 3 of 7

4 University s external audit, then the senior representative from the firm under contract will be invited to attend, as an accredited observer, each QARC meeting for the duration of the contract between the Auditor General and the appointed firm. The external auditor will participate in the development of the annual audit plan and in the evaluation of the results of audit assurance, risk management and compliance reviews and subsequent recommendations. QARC, or delegates of QARC, will attend the external auditor s: 1. Entrance meetings at the beginning of each audit. At this meeting, the scope of the audit and any significant areas of risk are discussed and agreed. 2. The exit meeting at the conclusion of each audit. At this meeting the implications of any final observations and recommendations on the control environment are considered. QARC will also receive and consider any interim external audit reports in respect of the University s control environment. These reports will normally be considered at the meeting at which the draft financial statements and performance indicators are tabled. Relationship with Strategic and Governance Services Centre (Audit Assurance) To preserve internal audit independence, the following relationship will apply: 1. The Chief Risk and Assurance Officer will function as the University s chief audit executive and in that capacity will report functionally to QARC. 2. The Chief Risk and Assurance Officer has the right to directly approach the Chancellor, Chair of QARC and other Committee members and will meet with the Chair of QARC independently of other University staff, on at least an annual basis. 3. The Committee may directly receive reports from the Chief Risk and Assurance Officer on the results of any audit assurance, risk management or regulatory compliance review inclusive of any recommendations made in such reports. Responsibilities and Accountabilities The Committee is directly accountable to Council. Specifically, QARC is responsible for: 1. Performance Framework and Quality Improvement a. Strategic oversight of continuous quality improvement and its integration into the University s academic and support activities. b. Strategic oversight of the University s performance framework as established by ECU s Strategic Plan and the KPI Report for the Annual Report, including consideration of related emerging trends and issues impacting on University performance. c. Monitoring the quality improvement processes consistent with ECU's Excellence Framework. d. Ensuring that collectively, quality improvement, risk management, compliance and control tools enhance the effectiveness, efficiency and economy of University activities. 2. Audit, Risk Management and Compliance a. Providing assurances to Council that all management levels develop and maintain adequate operational and financial controls in order to effectively employ and safeguard University assets and resources. 26 Oct 2017 (updated 4 May 2018) Page 4 of 7

5 b. Reviewing action taken by management to address unsatisfactory managerial controls, risks and processes and assessing these actions for timeliness and appropriateness. Such findings and recommendations will be identified in reports from Executive Management, the Chief Risk and Assurance Officer or, the Strategic and Governance Services Centre. c. Monitoring Audit Assurance to ensure that it is operating in accordance with the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors. d. Reviewing with management and the Office of the Auditor General, the University s annual financial statements, key performance indicators and any external audit reports. e. Assessing University processes for determining and managing key risks at both the operational and strategic level including the integration of risk management processes into the University s academic and support activities. f. Reviewing and endorsing the annual audit plan and any subsequent amendments to that plan before submitting it to Council for approval. g. Reviewing the effectiveness of Audit Assurance by considering and endorsing audit reports to ensure their consistency with Operational and Annual Audit Plans and the Audit and Assurance Charter. h. Reviewing the effectiveness of the system for monitoring legislative compliance and the results of any investigation and follow up of any instances of regulatory noncompliance. i. Reviewing the findings of any examinations by regulatory authorities. j. Obtaining regular updates from management and Strategic and Governance Services regarding compliance and integrity matters. k. Submitting to Council (after consultation with the Vice-Chancellor) any relevant policies for which approval has not been delegated. Meetings and Communications QARC will observe the following in regard to meetings and communications. 1. The Committee will meet at least four times per year in accordance with the ECU Meeting Schedule. The Chair may call additional meetings as required. 2. Agenda co-ordination will occur in Strategic and Governance Services, which will also be the prime content provider. The Human Resources Services Centre will provide reports on OSH at each regular meeting. Other Schools and Centres are responsible for provision of additional agenda content on an as-required basis. Agendas will include the executive summaries of reports, regular reports and other items requested by the Committee. 3. The agenda for each meeting of QARC will be approved by the Chair on the advice of the Committee Executive Officer following consultation with relevant senior staff and input from Committee members. However, to ensure the independence of Audit Assurance is maintained, matters emanating from Audit Assurance will be approved by the Chief Risk and Assurance Officer, in consultation with the Chair. 4. Each set of minutes will contain formal action items. Each action item will nominate the position of a responsible person who will complete the desired action and will nominate a deadline for the achievement of that action. Responsible persons will report progress against their action item until that item is resolved to the Committee s satisfaction. 26 Oct 2017 (updated 4 May 2018) Page 5 of 7

6 5. The Minutes of Committee meetings will be prepared and distributed by Strategic and Governance Services in a timely manner. The minutes will be distributed to members as soon as practical after approval and included in the agenda of the next meeting. Proposed amendments to the Minutes will be flagged to the Committee Executive Officer prior to the next Committee meeting. 6. To enable Council to effectively discharge its responsibilities for the stewardship of the University, QARC will report on issues within its remit to Council. 7. The QARC Chair provides a report of each meeting to the next suitable meeting of Council. Along with any special purpose reports, the QARC Chair s consolidated report will include the following: a. Reports on ECU s performance b. Strategic Issues c. Items for resolution d. Items for consideration and noting e. Items for information 8. Copies of QARC meeting agendas and minutes may be distributed to the University Executive and to other members of the University community as appropriate. Statement of Principles and Practices To be effective in its operations, the Quality, Audit and Risk Committee will adopt the following operating Principles and Practices: Focus Principles 1. The Committee notes that: a. The audit assurance function may include a programme, where appropriate, that addresses some major academic issues; and b. The quality agenda embraces and interacts with financial and non-financial quality assurance and improvement processes. 2. The Committee will implement processes to enable it to assess and improve its own performance, and to report to Council in accordance with the requirements of the ECU Corporate Governance Statement. 3. Committee membership and competency requirements will be reviewed regularly, consistent with the nominations process for Council committees. 4. Committee meeting agendas are to provide appropriate coverage across performance, audit, risk management and compliance matters. 5. The Committee has a strong commitment to audit and compliance independence. 6. To ensure accountability, the Committee may request University staff to attend Committee meetings to provide information and reasons as to why recommendations (or Council directions where appropriate) have not been implemented. 7. The Committee recognises that the quality and audit, risk and compliance review plans are statements of intent and may be subject to change as pressing new priorities emerge. Good Practices 1. To facilitate the efficient and effective handling of Committee business and the participation of all Committee members, meeting agendas will be structured to include the five areas of: 26 Oct 2017 (updated 4 May 2018) Page 6 of 7

7 a. general committee business b. performance, quality and standards c. risk and assurance d. compliance and integrity e. other matters 2. Audit Assurance Reports (after appropriate consultation) may be issued to Committee members and observers, members of University Executive and relevant stakeholders after comment by the Vice-Chancellor. The reports are subject to endorsement by the Committee at its next meeting. Amendments approved by Council: 1. Resolution UC88/7 (6 December 2001) created the Quality and Audit Committee. 2. Resolution UC137/20 (3 December 2009) amended the name to the Quality, Audit and Risk Committee. 3. The following resolutions modified the QARC Terms of Reference and the terms of this Charter: (i) Resolution UC113/5 (16 February 2006) (ii) Resolution UC119/15 (7 December 2006) (iii) Resolution UC143/22 (9 December 2010) (iv) Resolution UC149/18 (8 December 2011) (v) Resolution UC155/24 (13 December 2012) (vi) Resolution UC167/18 (11 December 2014) (vii) Resolution UC173/20 (10 December 2015) (viii) Resolution UC179/19 (8 December 2016) (ix) Resolution UC184/13 (26 October 2017) The Audit and Assurance Charter has been revised to reflect these changes. 26 Oct 2017 (updated 4 May 2018) Page 7 of 7