Audit and Risk Management Committee Charter. Medibank Private Limited (ABN ) ( Medibank )

Transcription

1 Audit and Risk Management Committee Charter Medibank Private Limited (ABN ) ( Medibank )

2 Audit and Risk Management Committee Charter Contents 1 Purpose and authority Purpose Authority 1 2 Role of the Committee 1 3 Audit and risk management responsibilities External reporting Report from MD/CEO and CFO External auditor Internal audit Internal control, actuarial and risk management 3 4 Membership Composition and size Chairman Technical expertise Secretary 5 5 Committee meetings and processes Meetings Frequency and calling of meetings Quorum Attendance by management and advisors Notice, agenda and documents Minutes Access to information and advisors 6 6 Committee s performance evaluation 6 7 Review and publication of charter 6 Audit and Risk Management Committee Charter i

3 Audit and Risk Management Committee Charter 1 Purpose and authority 1.1 Purpose The purpose of this Audit and Risk Management Committee Charter is to specify the authority delegated to the Audit and Risk Management Committee ( Committee ) by the board of directors of Medibank ( Board ) and to set out the role, responsibilities, membership and operation of the Committee. 1.2 Authority The Committee is a committee of the Board established in accordance with Medibank s constitution and is authorised by the Board to assist it in fulfilling its statutory and regulatory responsibilities. It has the authority and power to exercise the responsibilities set out in this charter and under any separate resolutions of the Board granted to it from time to time. 2 Role of the Committee The role of the Committee is to provide an objective, non-executive review of the effectiveness of Medibank s financial reporting and risk management framework, and to assist the Board in carrying out its accounting, auditing, risk management, regulatory compliance and financial reporting responsibilities, including oversight and review in respect of: (e) the integrity of Medibank s external financial reporting and financial statements; the appointment, remuneration, independence and competence of Medibank s external auditors; the overall policy direction of the audit, compliance and risk management functions; systems to ensure effective management of financial and non-financial risks; Medibank s systems and procedures for compliance with relevant laws, regulations and codes, including the Private Health Insurance Act 2007 (Cth) ( PHI Act ); the internal and external audit processes including review of the annual internal audit plan and monitoring of progress and internal audit reports; and Medibank s internal control framework. Audit and Risk Management Committee Charter 1

4 3 Audit and risk management responsibilities 3.1 External reporting The Committee is responsible for: (e) overseeing the external reporting process, including at the group and health benefits fund levels; reviewing the appropriateness of the accounting policies and the significant estimates and judgments adopted by management in the preparation of external reports; reviewing management s processes for ensuring and monitoring compliance with laws, regulations and other requirements relating to the preparation of accounts and external reporting; reviewing Medibank s main corporate governance practices as required by ASX Listing Rules, including those relating to continuous disclosure; reviewing the representations made by management in relation to external reporting; assessing information from internal and external auditors that affects the quality of external reports; and making a recommendation to the Board in respect of whether the external reports should be approved. 3.2 Report from MD/CEO and CFO The Committee may, before it recommends that the Board approve Medibank s external reports, require the receipt from its Managing Director & Chief Executive Officer ( MD/CEO ) and Chief Financial Officer ( CFO ) a statement that provides assurance to the Board in accordance with legislative requirements, ASX Corporate Governance Guidelines and Medibank s Governance Policy. The Committee is responsible for reviewing the Assurance report and management processes. 3.3 External auditor The Committee is responsible for: ensuring the adequacy, expertise and independence of the external auditor; making recommendations to the Board on the appointment, tenure, remuneration and terms of engagement of the external auditor; reviewing the external auditor s engagement and performance annually and being satisfied that the external auditor is adequate and independent, having regard to the relevant legislation and regulatory requirements; ensuring there is unfettered access for the external auditor to raise matters directly with the Board or the Committee, including inviting the external auditor to attend Committee meetings to present the audit plan, discuss audit results and consider the implications of external audit findings; Audit and Risk Management Committee Charter 2

5 (e) (h) ensuring that the external auditor attends Medibank s annual general meetings and is available to answer questions from shareholders relevant to the audit; reviewing regularly the scope of the external audit to ensure that it covers all material risks and financial reporting requirements; monitoring management s response to the external auditor s findings and recommendations and overseeing management s processes for ensuring that issues identified are addressed in an appropriate and timely manner; meeting with the external auditor without management present at least annually; and requiring that the lead external audit engagement partner normally be rotated every five years, or more frequently if the Committee considers it desirable to maintain the external auditor s independence. 3.4 Internal audit The Committee is responsible for: ensuring the adequacy, expertise, performance and independence of the internal audit function, and for overseeing management s processes for ensuring that internal audit is adequately resourced and skilled for the size and corporate complexity of Medibank; approving the appointment, terms of engagement and, if necessary, dismissal of the General Manager Internal Audit; ensuring that the General Manager Internal Audit reports directly to both the MD/CEO or CFO and to the Committee; ensuring that there is unfettered access: (ii) for the General Manager Internal Audit to raise matters directly with the Board or the Committee, including by meeting with the General Manager Internal Audit without management present at least annually; and for the internal audit function to all business operations of Medibank; (e) regularly reviewing and approving the internal audit plan and work program to ensure that it covers all material risks and financial reporting requirements; satisfying itself that internal audit processes are clearly documented and subject to regular review; and monitoring management s response to the internal audit findings and recommendations and overseeing management s processes for ensuring that issues identified are addressed in an appropriate and timely manner. 3.5 Internal control, actuarial and risk management The Committee is responsible for: assisting the Board in setting the risk management policy and appetite and monitoring whether the business is operating within that policy and appetite; Audit and Risk Management Committee Charter 3

6 reviewing management s system of risk management and internal control at least annually to ascertain whether it: (ii) has been designed to effectively manage material business risks; and is operating effectively in all material respects in relation to the financial reporting risks; (e) (h) reviewing the steps taken by management to monitor and manage all material risks consistent with the strategic objectives, risk appetite and policies approved by the Board; ensuring that Medibank has in place appropriate systems and procedures to ensure compliance with all relevant laws, regulations, codes, standards and best practice guidelines; reviewing management s anti-bribery and anti-corruption, fraud control and whistleblower policies; reviewing any material insurance matters including, as appropriate, insurance programs and deeds of indemnity, insurance and access; considering reports concerning material risk events and incidents and overseeing management s processes for ensuring that issues identified are addressed in an appropriate and timely manner; ensuring that the Appointed Actuary has access to, and is advised of, any information or document in Medibank s possession or control that relates to the solvency of the health benefits fund or concerns a matter in relation to which the Appointed Actuary will be required to give advice; ensuring that there is unfettered access: (ii) for the Appointed Actuary and Chief Risk Officer to raise matters directly with the Board or the Committee; and for the actuarial and risk management functions to all business operations of Medibank; (j) ensuring appropriate disclosures are made regarding any material exposure Medibank has to economic, environmental and social sustainability risks. 4 Membership 4.1 Composition and size The Committee will consist of at least three members: all of whom are non-executive directors; and a majority of whom are independent directors. 4.2 Chairman The chairman of the Committee must be an independent director who is not the chairman of the Board, however the chairman of the Board may sit on the Committee. The chairman of the Committee is appointed by the Board Audit and Risk Management Committee Charter 4

7 4.3 Technical expertise The Committee must be structured so that: all members are financially literate, that is, are able to read and understand financial statements; at least one member has financial expertise, that is, is an accountant or financial professional with experience of financial and accounting matters; and some members have an understanding of the industry in which Medibank operates. Medibank will disclose the relevant qualifications and experience of the members of the committee. 4.4 Secretary The Company Secretary is the secretary of the Committee. 5 Committee meetings and processes 5.1 Meetings Meetings and proceedings of the Committee are governed by the provisions in Medibank s constitution regulating meetings and proceedings of the Board and committees of the Board in so far as they are applicable and not inconsistent with this charter. Committee members may attend meetings in person or by electronic means. Committee members must reasonably make themselves available to meet with external bodies if requested to do so in accordance with relevant laws, regulations or prudential standards. 5.2 Frequency and calling of meetings The Committee will meet a minimum of four times each year, and otherwise as frequently as required to undertake its role effectively. Additional Committee meetings may be convened as the Chair of the Committee considers necessary, taking into account requests from any member, MD/CEO, CFO, Chief Risk Officer, Chief Actuary and internal and external auditors. Medibank will disclose in relation to each reporting period, the number of times the Committee has met throughout the period and the individual attendances of the members at those meetings. In cases where circumstances make it impractical to convene and hold a meeting, the Committee may pass resolutions by each member signing a circular resolution. 5.3 Quorum Two directors constitute a quorum for meetings of the Committee. 5.4 Attendance by management and advisors The MD/CEO, CFO, Chief Risk Officer, Chief Actuary and internal and external auditors may attend Committee meetings by standing invitation. Audit and Risk Management Committee Charter 5

8 The Committee chairman may also invite directors who are not members of the Committee, other senior managers and external advisors to attend meetings of the Committee. The Committee may request management and/or others to provide such input and advice as is required. 5.5 Notice, agenda and documents Unless otherwise agreed or considered necessary by the chairman, notice of each meeting confirming the venue, date and time together with an agenda of items to be discussed and supporting documentation, will be circulated by the secretary to each Committee member and any other individual invited to attend, not less than five working days before the meeting. 5.6 Minutes The secretary will keep minute books to record the proceedings and resolutions of its meetings. The chairman of the Committee, or delegate, will report to the Board after each Committee meeting. Minutes of the Committee meetings will be included in the papers for the next Board meeting after each Committee meeting. The Committee must refer any matter of significant importance to the Board for its consideration and attention. 5.7 Access to information and advisors The chairman of the Committee receives all reports between the external auditor and management, and the General Manager Internal Audit and management. The Committee has the authority to: require management or others to attend meetings and to provide any information or advice that the Committee requires; access Medibank s documents and records; obtain the advice of special or independent counsel, accountants or other experts, without seeking approval of the Board or management; and demand unfettered access at all times to senior management, the Chief Risk Officer, an Appointed Actuary and internal and external auditors. 6 Committee s performance evaluation The Company Secretary will facilitate a review of the performance of the Committee annually in accordance with processes established by the Board and will report the findings of that review to the Committee and the Board. The performance evaluation will have regard to, amongst other matters, the extent to which the Committee has met its responsibilities in terms of this charter. 7 Review and publication of charter The Board will review this charter to ensure it remains relevant to the current needs of Medibank. This charter may be amended by resolution of the Board. This charter will be made available on Medibank s website and the key features will be published in the annual report. Approved by the Board on 9 October 2014 Audit and Risk Management Committee Charter 6