Corporate Governance Framework
Functions and Duties
15. In particular, the Audit and Risk Committee is responsible for the following:
15.1 Financial reporting
15.1.1. Review the Annual Report and Financial Statements before submission to the Board of Commissioners and Accounting Officer for approval, focusing particularly on the wording in the Governance Statement and other disclosures relevant to the Terms of Reference of the Committee including:
- changes in, and compliance with, accounting policies and practices
- unadjusted misstatements in the financial statements
- major judgemental areas
- significant adjustments resulting from the audit
- external audit's management letter
- management's letter of representation to the external auditors.
15.1.2. Ensure that the systems for financial reporting to the Board of Commissioners, including those of budgetary control, are subject to periodic review by internal audit as to completeness and accuracy of the information provided to the Board of Commissioners.
15.2 Governance, Risk Management and Internal Control
15.2.1. Review the delegated authorities and governance structure annually, report to the Board of Commissioners on whether they are adequate and make any recommendations to the Board of Commissioners.
15.2.2. Monitor the integrity of the system of internal controls. In particular, review management's and the internal auditors' reports on the effectiveness of the system of internal control, including Health and Safety.
15.2.3. Assess the scope and effectiveness of the systems established by management to identify, assess, manage and monitor significant risks.
15.2.4. Review the comprehensiveness, reliability and integrity of the assurances provided in relation to governance, internal control and risk management.
15.2.5. At the request of the Board of Commissioners, advise it on matters of corporate governance (but without prejudice to the Committee's power to make recommendations to the Board of Commissioners on corporate governance issues arising from the work of the auditors).
15.2.6. Provide assurance to the Board of Commissioners on the adequacy and effectiveness of the risk management processes. This involves reviewing the Corporate Risk Register, obtaining assurance on risk management arrangements from internal auditors, and reviewing the status and trends of all risk in the strategic risk register.
15.2.7. To undertake in-depth reviews of individual risks from the Corporate Risk Register as per an agreed schedule of reviews.
15.2.8. Review the Commission’s policies, controls and assurance frameworks relating to cybersecurity.
15.2.9. Review with the Executive and report to the Board on the continued appropriateness of key performance indicators.
15.3 Internal Audit
15.3.1. Review the internal audit programme and ensure that the function is adequately resourced and has appropriate standing within the Commission.
15.3.2. Consider and monitor management's responses to all internal audit recommendations.
15.3.3. Meet with the internal auditors at least once a year, without management being present, to discuss their remit and any issues arising from the internal audits carried out. The internal auditors should be given the right of direct access to the Chair of the Commission and the Committee.
15.3.4. Monitor and review the effectiveness and quality of the internal audit function to ensure it provides appropriate independent assurance to the Board of Commissioners and value for money.
15.4 External Audit
15.4.1. Review the findings of the audit with the external auditor considering any material issues which arose during the audit, any accounting and audit judgements and levels of errors identified during the audit.
15.4.2. Meet with the external auditors at least once year, without the management being present, to discuss their remit and any issues arising from the audit.
15.4.3. Monitor and review the effectiveness and quality of the audit, assessing annually their independence and the relationship with the auditor as a whole, including the provision of any non-audit services, and value for money.
15.5 Public Interest Disclosure, fraud and investigations
15.5.1. Review the Commission’s arrangements for employees, Commissioners and third parties to raise concerns about possible wrongdoing in financial reporting or other matters and ensure that they allow proportionate and independent investigation.
15.5.2. Review the Commission’s policies for both internal and external public interest disclosure.
15.5.3. Review the anti-fraud and bribery policies and arrangements in place for special investigations.
15.6 Information security
15.6.1 Oversee the Commission’s approach to information security to ensure it meets all relevant requirements of the Information Commissioner’s Office and other agencies.
15.6.2. Review the Commission’s policies and assurance frameworks on information and personal data security management.
15.6.3. Assess the Commission’s response to major information security failures following reports submitted by the Senior Information Risk Officer.
15.7 Review of effectiveness
15.7.1. Periodically review its own effectiveness and report the results of that review to the Board of Commissioners.Previous section
Delegated Powers Next section
Last updated: 27 February 2023
Show updates to this content
No changes to show.