1 AUDIT & RISK COMMTTEE CHARTER Effective: 23 August 2018 Purpose 1. The Audit & Risk (Committee) Charter sets out the membership, responsibilities, authority and operation of the Audit & Risk Committee of the Australian Postal Corporation (Corporation). 2. The Committee is a sub-committee of the Board of the Corporation, established to assist the Board to discharge its responsibilities under the Australian Postal Corporation Act (1989), the Commonwealth Government Business Enterprise Governance and Oversight Guidelines; the Equal Employment Opportunity (Commonwealth Authorities) Act 1987 and the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). 3. In particular, the Committee is responsible for providing oversight and review of financial reporting; performance reporting; system of risk oversight and management; system of internal control; and auditor independence and performance. The Committee is not responsible for the executive management of these functions. In performing its duties, the Committee will maintain effective working relationships with the Board, management and the internal and external auditors. Responsibilities 4. The Committee has the following responsibilities: Financial Reporting Responsibilities 4.1 review the half-year and annual financial reports and provide advice prior to their consideration by the Board. This will include a discussion with the auditors of any major transactions and accounting issues, accounting policies adopted and the proposed audit report; 4.2 assess any proposed changes in accounting practices or policies (by June each year), and provide advice prior to their consideration by the Board. In addition, the Committee will review any accruals, provisions, asset revaluations or estimates that significantly affect the financial report as well as other sensitive matters, such as disclosure of related party transactions; 4.3 note ASX certification representation from the Group Chief Executive Officer and Managing Director and Group Chief Financial Officer to support the Statutory Financial Statements of the Australia Post Group (Group); 4.4 review jointly with management, the external auditors and, if necessary, the General Counsel, any litigation, claim or other contingency, including tax assessments, which could have a material effect upon the financial position or operating results of the Group. The Committee will also review the manner in which these matters have been disclosed in the financial report; 4.5 discuss with the external auditor the auditor s judgments about the quality and acceptability of the Group s accounting principles; 4.6 review with the external auditor issues such as the clarity of the Group s financial disclosures and other significant decisions made by management in preparing the financial report; 4.7 consider any other matter, which affects its recommendation to the Board concerning the adoption of the financial report; 4.8 monitor the standard of corporate conduct in transactions with related parties; 4.9 monitor the adequacy of financial information provided to the Board; Nomination & Remuneration Committee Charter 1
2 review the reliability and integrity of financial information, the integrity of the Group s internal control structure and compliance with audit, accounting and financial reporting obligations; 4.11 meet with the Auditor-General as required; 4.12 receive an annual report from the Australia Post representative on Audit Committees of associated companies; and 4.13 receive an annual report from the Group Chief Executive Officer and Managing Director on any significant matters of the Corporation s subsidiary and related companies. Performance Reporting Responsibilities 4.14 consider any issues relating to the Group s performance that the Committee considers warrant review, or are referred to the Committee by the Board; 4.15 monitor the standard of non-financial performance information provided to the Committee; 4.16 review the annual performance statement; 4.17 review the proposed reporting of the Group s performance to ensure that the information is consistent with the Group s reported financial information; and 4.18 review the performance information, systems and framework, and the completeness and accuracy of performance reporting (including application of the PGPA Act, PGPA Rule and supporting guidance) that underpin the performance reporting. Risk Management Responsibilities 4.19 satisfy itself that management is ensuring an appropriate organisational culture committed to ethical and lawful behaviour and risk management; 4.20 review and have oversight over the design and effectiveness of the Enterprise Risk Management Framework and Group Risk Management Policy; 4.21 review and have oversight over the organisation Risk Profile (which includes Tier 1 risks) in conjunction with risk appetite settings; 4.22 review that the significant risks faced by the Group have been identified and appropriate mitigations plans have been implemented; 4.23 review the adequacy of assurance activities over the Group s significant risks review and have oversight over capital investment; 4.25 review and have oversight over fraud risk in the Group; 4.26 review and have oversight over the adequacy of insurance coverage for the Group; 4.27 AA: assess whether management has taken steps to embed a culture that promotes the proper use of Commonwealth resources and is committed to ethical and lawful behaviour; 4.28 review and have oversight over the Group s business physical and digital continuity planning arrangements, including whether business continuity and disaster recovery plans are periodically updated and tested; 4.29 review the Group s information security posture and controls including infrastructure; and
3 review the Group s mechanisms for reporting of information security policy breaches. Compliance Responsibilities 4.31 review and have oversight over the effectiveness of management s key group compliance programs, policies and culture; 4.32 monitor compliance with laws, regulations, Community Service Obligations including prescribed performance standards and material incidents impacting customers and/or suppliers; 4.33 monitor compliance with the requirements of the Australian Financial Services Licence; 4.34 monitor updates from management and legal counsel regarding compliance matters that may have a material impact on the Group and the financial report; 4.35 review the process for exercise and management of delegations; and 4.36 assess where relevant, the Group s compliance with International Conventions, particularly the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. Audit Independence and Performance Responsibilities External Audit 4.37 review the external auditors proposed audit scope and approach for the current year as well as audit scope, approach and budgeted fees; 4.38 discuss with external auditors any difficulties encountered in the audit, including any restriction on audit scope, access to information, and any significant resolved or unresolved disagreements with management; 4.39 monitor the relationship between internal and external auditors; 4.40 review management letters containing material findings or recommendations raised by the external auditors and monitor the nature and timeliness of management action in response to findings; 4.41 review the extent to which the external auditors achieve their key performance indicators; and 4.42 discuss with the external auditor the standard of internal audit work. Internal Audit 4.43 participate in the appointment, dismissal or replacement of the General Manager Internal Audit, noting that the day-to-day reporting line of the role is to the Group Chief Financial Officer and that the role is directly accountable, to the Chairman of the Committee; 4.1 annual review of the activities, funding (including consultation with the Committee Chairman on changes to the budget) and structure of the internal audit function, ensuring it is effective and has appropriate standing in the Group; 4.2 review the extent to which the planned audit scope can be relied upon to detect weaknesses in internal control, fraud or other illegal acts;
4 4 4.3 review significant internal audit findings and actions reported during the period and monitor the nature and timeliness of management action in response to findings; 4.4 monitor whether management has in place comprehensive and relevant policies and procedures designed to maintain an effective internal control framework, including over external parties such as contractors; 4.5 review the extent to which the internal auditors achieve their key performance indicators; 4.6 receive confirmation on a quarterly basis from the General Manager Internal Audit about the extent to which internal audit activities have been conducted in an independent manner; 4.7 review an entity-wide assurance map that identifies the Group s key assurance arrangements; and 4.8 review to ensure that the internal audit function is independent of management influence. External Auditor Independence 4.9 review and confirm the independence of the external auditors, the Australian National Audit Office (ANAO) and their contractors. The auditor s independence is governed by the Corporations Act 2001, Auditor-General Act 2007 (Cth) and Australian Accounting Professional and Ethical Standards. The Committee will obtain statements from the ANAO and their contractors confirming their independence under these relevant legislative and professional requirements. Power of the Committee 5 The Committee is authorised by the Board, within the scope of its responsibilities, to endorse for Board approval: the Group Policy Governance Framework which gives effect to the corporate governance responsibilities in the area of policy; all Level 1 Group Policies; the Group Risk Appetite Statement. any amendments to the Committee Charter. 6 The Committee is also authorised to: approve the Group Risk Management Framework; seek information it requires from any Australia Post employee and/or any external party; obtain outside legal or other professional advice at the Group s expense, and initiate special investigations as deemed necessary; and approve the annual internal audit plan including the allocation of resources and to ensure the plan is coordinated with external audit, covers higher-risk areas and provides assurance regarding compliance with relevant laws and regulations and Australia Post policies and procedures.
5 5 Structure and Composition of the Committee Membership 7 The Committee will have a minimum of three members, comprising entirely of non-executive Directors. However, the Chairman of the Board is not to be a member of the Committee. Expertise 9 Members of the Committee must be able to demonstrate a range of skills required to fulfil the responsibilities of the Committee. At least one member should possess accounting or related financial qualifications and experience. 10 The Committee will adopt and maintain a program of induction, training and awareness-raising for its members. The objective of training will be to enable the Committee to keep abreast of current thinking and leading practices in the core areas of the Committee s focus. Appointment 11 The Board shall appoint, replace or remove members to and from the Committee and review the composition of the Committee at least annually. Chairman 12 The Chairman of the Committee will be nominated by the Board. Where the Committee Chairman is unavailable for a meeting, another Committee member will act in that capacity as chosen by the Committee members present. Operation of the Committee Secretariat 13 All records, including agenda, minutes and any reports or recommendations will be prepared and kept by the Corporate Secretary. 14 Meeting agenda and papers will be provided prior to the meeting and minutes will be prepared. 15 Upon request all Directors are able to receive copies of Committee meeting papers and minutes. Frequency of meetings 16 The Committee will meet as frequently as is necessary to undertake its role effectively and in any event at least four times per year. Notice of meeting 17 Special meetings may be called at the request of any Committee member, the external auditor or internal auditor. A notice of each meeting confirming the date, time, venue and agenda will be forwarded to each member of the Committee as soon as practicable prior to the meeting date.
6 6 18 Committee meetings are permitted to be held in person, or by any technological means as consented to by the Chairman of the Committee. Attendees 19 Non-Committee members such as executives and/or external parties who the Chairman and members of the Committee think fit may be invited to attend all or part of a Committee meeting but should not participate if they have an interest in the matter under consideration. 20 Prior to each meeting, the Committee will convene privately (without management in attendance) in separate sessions with the: internal auditor; Group Chief Financial Officer; Chief Risk Officer; and external auditor. 21 The General Manager Internal Audit, Group Chief Financial Officer and the Chief Risk Officer have full access to the Committee. Quorum for meetings 22 A quorum to transact the affairs of the Committee is two persons or a majority of the Committee, whichever is greater. Committee member interests 23 Once each year, all current and former Board members (including members of the Committee) will provide written declarations, through the Corporate Secretary declaring any material personal interests they may have in relation to their responsibilities. This information is required as part of the annual Statutory Financial Statements preparation. 24 Members of the Committee will not participate in discussions and will not vote on any issues in respect of which there is an actual or perceived conflict of interest. Access to advice 25 The Committee has the authority to investigate any matters within its Charter as set out in the Committee s Charter, with the resources it needs to do so and with the right of access to information including external professional advice as necessary. Formal mechanism for reporting key matters 26 The minutes of Committee meetings shall be included in the papers for the next board meeting. 27 The Chairman of the Committee shall report the findings and recommendations of the Committee to the Board after each Committee meeting, or as appropriate.
7 7 Formal mechanism for communicating between committees in the case of shared or overlapping responsibilities 28 There may in some respect also be some overlap with the People, Safety & Culture Committee on various matters pertaining to people risks. In these instances it will be the role of the Chairman to ensure that both Committees are appraised of the overlap. Review and Assessment of the Committee Review of charter 29 This Charter should be reviewed and updated at least annually and changes required should be recommended to the Board for approval. 30 The Charter will be accessible through the Australia Post website. Review of performance 31 In order to ensure that the Committee is fulfilling its duties, it: undertakes an annual self-assessment of its performance against the requirements of this Charter and provides that information to the Board; and provides any information the Board may request to facilitate its review of the Committee s performance and its members. 32 Provide an annual report to the Board on the operation and performance of the Committee.