Risk, Audit and Compliance Committee

Purpose

In accordance with Section 16 of the University of Wollongong Act 1989, the Council is charged with overseeing risk management and risk assessment across the University. The Council Risk, Audit and Compliance Committee assists the Council in fulfilling its corporate governance and independent oversight responsibilities in relation to the University’s management of risk, compliance with legislation and standards, its internal control structure and audit requirements, and its external reporting responsibilities.

Terms of reference

1. Purpose and Authority

The Risk, Audit and Compliance Committee is a formally constituted committee of the University Council. The Committee has particular responsibility to assist and advise Council in fulfilling its corporate governance and independent oversight responsibilities in relation to the University’s management of risk, compliance with legislation and standards, its internal control structure and audit requirements, and its external reporting responsibilities. This function is provided under the authority of, and in accordance with, the University of Wollongong Act, 1989.

2. Composition

2.1 The Risk, Audit and Compliance Committee shall consist of:

four (4) external Council members nominated by Council, at least one of whom has recognised professional financial, risk management or commercial qualifications and expertise;

one (1) elected staff member of the University Council appointed by Council;

up to two (2) external members (external to the Council and not a current staff member or current student of the University of Wollongong) with appropriate professional expertise and experience who will be recommended by the Chair and approved by Council;

2.2 The Chair of the Committee is appointed by Council and shall be one of the external members of the Committee;

2.3 Should the Chairperson be absent from a meeting, the remaining members will elect a temporary Chairperson from amongst the remaining Council members;

2.4 Where a member is unavailable to attend a meeting, a nominated alternate external Council member may be invited to attend in their place at the discretion of the Chair.

2.5 Unless otherwise provided, the term of office of all Committee members shall be two (2) years. Reappointments are permitted. Wherever possible, both genders shall be represented on the Committee;

2.6 Invited attendees as non-voting observers shall be:

I. The Vice-Chancellor – in attendance at each meeting;
II.   Any member of the Senior Executive for relevant matters in their respective portfolios;
III.  The Chair of Academic Senate in relation to matters of academic risk;
IV.  The Director, Business Improvement and Assurance Division and the Manager, Business Assurance;
V.   The Director of Financial Services;
VI.  Other officers of the University – as required depending on the issues for consideration;
VII. Representatives of the NSW Audit Office; and
VIII.Representatives of the contracted Internal Audit provider.

3. Meetings

3.1 The Risk, Audit and Compliance Committee shall meet at least four (4) times per year;

3.2 Both the Internal Auditors and the External Auditors shall have the right of access to the Committee, or the Chair, whenever they deem necessary;

3.3 The Quorum for a meeting shall be three Committee members;

3.4 The Chief Operating Officer will be the Secretary to the Risk, Audit and Compliance Committee but will not be a member of the Committee;

3.5 The University will provide an Executive Officer to support the Committee as a Committee of Council;

3.6 The Committee Secretary or Executive Officer must prepare the draft agenda for approval of the Committee Chair for circulation at least seven (7) days prior to the scheduled meeting;

3.7 The Committee Secretary or Executive Officer must prepare the minutes of the Committee meeting within seven (7) working days of each meeting;

3.8 After the Committee Chair has given preliminary approval, the draft minutes are to be circulated to Committee members;

3.9 The minutes of the meetings must be confirmed and signed at the next Committee meeting;

3.10 Each set of minutes will be presented to the next available Council meeting.

4. Responsibilities

The Risk, Audit and Compliance Committee shall:


4.1 Monitor risk and internal controls

a. Oversee the processes for the identification and assessment of the general risk spectrum, review the outcomes of risk management processes and monitor emerging risks based on changes in the external environment;

b. Review and recommend to Council new and significant amendments to policies and related items, in the areas of risk management, compliance management and fraud, and monitor compliance with applicable laws and regulations;

c. Oversee the adequacy of measures taken to mitigate organisational exposure to fraud and corruption, including receiving a report at least annually detailing all significant incidents and the manner in which they were dealt with;

d. Monitor the process for the receipt, retention and treatment of information received under the Public Interest Disclosures Act, complaints referred to external authorities, and significant matters relating to internal controls or possible fraud;

e. Oversee risk reporting in all areas of University operations including but not limited to commercial activities, workplace health and safety, security and staff, and student conduct;

f. Ensure a University-wide risk assessment, or update, involving all key stakeholders is undertaken at least annually;

g. Oversee the operation of delegations at the University, including receiving a report at least annually detailing all significant changes to the Delegations of Authority;

h. Provide an annual report outlining the University’s risk profile to University Council.


4.2 Oversee Compliance

a. Oversee the processes of compliance with external compliance obligations and reporting, including but not limited to TEQSA requirements;

b. Oversee the process for the management of legislative compliance requirements.


4.3 Oversight of Internal Audit

a. Review the Internal Audit Charter and ensure there is appropriate resourcing of the Internal Audit function;

b. Be consulted (via the Chair) on the appointment, career development and, if applicable, the removal of the Director, Business Improvement and Assurance Division and the Manager, Business Assurance;

c. Approve the selection of the primary contracted Internal Audit provider;

d. Ensure the right of access of the Director, Business Improvement and Assurance Division and the Manager, Business Assurance to all levels of staff, data and information, records and documents, for internal audit purposes (including for UOW controlled entities);

e. Review and approve the Internal Audit Plan annually and monitor progress against the Plan, ensuring that the independence and integrity of the Internal Audit function is maintained;

f. Review significant internal audit reports and findings, including management response in terms of content, appropriateness and timeliness;

g. Monitor management implementation of internal audit recommendations;

h. At least once per year meet with the Director, Business Improvement and Assurance and the Manager, Business Assurance in the absence of management;

i. At least once per year meet with the contracted Internal Audit provider in the absence of management;

j. Meet with the Vice-Chancellor ‘in-camera’, if and when required;

k. Periodically review the performance of the internal audit function.


4.4 Controlled Entities and Major Joint Ventures

a. The risk management, audit and compliance functions for all UOW controlled entities and major joint ventures will be overseen by the Risk, Audit and Compliance Committee;

b. Each controlled entity or major joint venture (through its own Board and/or Audit Committee), where appropriate, is responsible for its risk management, audit and compliance functions, however:

I. At least annually, each controlled entity / major joint venture will provide a report to the Risk, Audit and Compliance Committee outlining the entity’s approach to risk management, audit and compliance as well as providing an up-to-date version of its general risk assessment;
II. At least annually, the Chairperson, or representative, of the Board or Audit Committee of each controlled entity / major joint venture will attend a Risk, Audit and Compliance Committee meeting to provide an update on the status of key risks, risk management, audit and compliance activities;
III. The internal audit plans of each controlled entity / major joint venture will be incorporated into the overall UOW internal audit plan and the minutes of each controlled entity’s Risk and Audit Committee will be provided to the Risk, Audit and Compliance Committee.

c. The Director Business Improvement & Assurance, in conjunction with the Manager, Business Assurance, will work with each controlled entity / major joint venture to develop consistent risk and compliance registers and a consistent approach to risk management.


4.5 External Financial Reporting

a. Review any significant accounting and reporting issues, including professional and regulatory announcements, and understand their effect on the University’s financial statements, in particular:

I. The consistency of accounting policies and appropriate adoption of new accounting standards;
II. Considering the need for appropriateness of, and correct disclosure of, any changes made to the University’s accounting policies;
III. The treatment and disclosure of complex or unusual transactions;
IV. Significant judgements made by management in preparing the financial statements, including any significant accounting estimates;
V. Going concern assumptions.

b. Review the annual financial statements of the University and recommend their acceptance to Council;

c. Obtain written representations from the Vice-Chancellor and Chief Operating Officer that:

I. The University’s financial records have been properly maintained;
II. The University’s financial statements and notes present a true and fair view (in all material respects) of its financial condition and are in accordance with relevant accounting standards;
III. The financial statements are founded on a sound system of risk management and internal compliance and control, and that the system is operating effectively (in all material respects) in relation to financial reporting risk;
IV. The University’s risk management and internal compliance and control systems are operating efficiently and effectively in respect to its material business risks.

d. Obtain written representations from the most senior responsible officer of the Controlled Entities and other major joint ventures that:

I. The financial records have been properly maintained;
II. The financial statements and notes present a true and fair view (in all material respects) of its financial condition and are in accordance with relevant accounting standards;
III. The financial statements are founded on a sound system of risk management and internal compliance and control, and that the system is operating effectively (in all material respects) in relation to financial reporting risk;
IV. The risk management and internal compliance and control systems are operating efficiently and effectively in respect to its material business risks;
V.    All other relevant information has been provided to RACC as required.

4.6 External Audit Activity

a. Act as a mechanism for the External Auditor of the Annual Financial Statements to communicate with Council;

b. Review and endorse the External Auditor's proposed audit plan and audit approach, including materiality levels;

c. Discuss the appropriateness of accounting policies, estimates and judgements;

d. Review the External Auditor's summary management report which details the results and significant findings from the audit, and management responses theretol

e. At least once per year meet with the External Auditor of the Annual Financial Statements in the absence of management;

f. Review other External Audit reports relating to any aspect of University operations, including management response in terms of content, appropriateness and timeliness;

g. Monitor management's implementation of recommendations arising from all external audit reports.

5. Education

5.1 The University will assist the Committee in maintaining appropriate financial literacy;

5.2 The University is responsible for providing new members with an induction program and educational opportunities;

5.3 The University is responsible for providing the Committee with educational resources relating to accounting principles and procedures, current accounting topics pertinent to the University and other resources, as reasonably requested by the Committee.

6. Reviews

6.1 To ensure the Committee is fulfilling its stewardship duties to the Council, the Committee will:

a. Conduct an annual assessment of its performance against its Terms of Reference and provide a report of its findings to the Council;

b. Review, at least every three (3) years, the Committee Terms of Reference and, in conjunction with the Chief Operating Officer and Secretary to Council, recommend to Council any appropriate amendments for approval.

Current members

Name Position
Greg West External member of Council (Chair)
Nieves Murray External member of Council
Mike Sneesby External member of Council
Katherine McConnell External member of Council
Samantha Peace Staff member of Council