Audit Risk and Improvement Committee Internal Audit Charter

Federation Council - Audit Risk and Improvement Committee Internal Audit Charter 28/10/2020 4:48 PM Reference: 17/13884 Version No: 4 Page 1

Audit Risk and Improvement Committee

Internal Audit Charter

Record No: 17/13884

Version No: 4


Table of Contents

Federation Council Audit Risk and Improvement Committee...................................................................................... 4

Internal Audit Charter ................................................................................................................................................... 4

Adopted by Federation Council on 20/10/2020 ........................................................................................ 4

1. Objective .............................................................................................................................................................. 4

2. Background ........................................................................................................................................................... 4

3. Definitions ............................................................................................................................................................ 5

4. Roles, Responsibility and Authority...................................................................................................................... 5

4.1 Council ........................................................................................................................................................ 5

4.2 Chief Audit Executive ................................................................................................................................. 5

4.3 Internal Auditor .......................................................................................................................................... 6

4.4 Audit Risk and Improvement Committee .................................................................................................. 6

4.4.1 Responsibilities. ........................................................................................................................... 6

5. Composition and Tenure ...................................................................................................................................... 7

5.1 Members (voting) ....................................................................................................................................... 7

5.2 Attendee (non-voting) ................................................................................................................................ 7

5.3 Invitees (non-voting) for specific Agenda items ........................................................................................ 7

6. Meetings ............................................................................................................................................................... 7

6.1 Attendance at Meetings and Quorums ...................................................................................................... 7

6.2 Secretariat .................................................................................................................................................. 8

7. Reporting .............................................................................................................................................................. 8

7.1 Summary of Audit Activities each meeting by the Chief Audit Executive.................................................. 8

7.2 Summary of Audit Activities to Council after each meeting ...................................................................... 8

7.3 Annual report to Council by the Chair ....................................................................................................... 8

7.4 Annual Attestation Certificate from General Manager ............................................................................. 8

8. Induction of new members .................................................................................................................................. 9

9. Planning ................................................................................................................................................................ 9

10. Conflicts of Interest .............................................................................................................................................. 9


11. Quality Assurance and Improvement Program .................................................................................................... 9

11.1 Biennial review of Audit Risk and Improvement Committee .................................................................... 9

11.2 Biennial Review of Internal Auditors ......................................................................................................... 9

11.3 Review of Internal Audit Charter ............................................................................................................. 10

11.4 Strategic External Review ......................................................................................................................... 10

12. Register of Audit Risk and Improvement Committee Members ........................................................................ 10

12.1 Independent Members ............................................................................................................................ 10

12.2 Council Representatives ........................................................................................................................... 10

13. Schedule of Changes & Amendments ................................................................................................................ 11

Attachment A: Schedule of Responsibilities for the 'Audit Risk and Improvement Committee' (The Committee) ... 12


Federation Council Audit Risk and Improvement Committee Internal Audit Charter

Adopted by Federation Council on 20/10/2020

1. Objective

The objective of internal auditing is to provide an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. According to the Amendment Act (pending proclamation), the Audit Risk and Improvement Committees role is to keep under review the following aspects of Council's operations: (a) compliance (b) risk management (c) fraud control (d) financial management (e) governance (f) implementation of the strategic plan, delivery program and strategies (g) service reviews (h) collection of performance measurement data by the council (i) any other matters prescribed by the regulations. In addition, the Committee is to provide information to the Council for the purpose of improving the Council’s performance of its functions.

2. Background

In May 2016, Corowa Council and Urana Councils amalgamated to become Federation Council and was governed under an Administrator appointed by the Minister.

In May 2017, following a tender process, Council appointed Richmond Sinnott and Delahunty to provide internal audit services under contract for three years to align with Council elections. Subsequently, Council undertook a risk assessment for each department to identify key business risk factors and rated these risks to help formulate the audit plan.

The Internal Audit Charter was drafted for Federation Council based on proposed changes to the Act and adopted in June 2017.

In July 2017 Council advertised for independent (external) members to be appointed to form an internal audit committee.

The first Internal Audit (Audit Risk and Improvement Committee) meeting was held on 7 September 2017.

On 9 September 2017 NSW Local Government elections were held for all amalgamated councils. Following the new council being sworn in on 17 October, a period of three months followed where the role of General Manager was carried out under an interim capacity until being filled permanently in June 2017.

Councillor delegates (Cr. Miegel and Cr. Wales) were endorsed on 19 December 2017.


Council is seeking Expressions of Interest for the next 3 year period until 2023.

Council elections scheduled for September 2020 have now been postponed until September 2021 due to the Covid-19 pandemic.

3. Definitions

Audit Risk and Improvement Committee – Membership consists of a minimum of two independent external members and one councillor providing oversight and monitoring of the council’s audit processes, including the council’s internal control activities. This oversight includes internal and external reporting, risk management activities, internal and external audit, and compliance.

The appointment of an Audit Risk and Improvement Committee facilitates this by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes in line with the Office of Local Government Internal Audit Guidelines and Part 4A of the Local Government Amendment (Governance and Planning) Act 2016.

Chief Audit Executive - The Director Corporate and Community Services is appointed as Chief Audit Executive at Federation Council as defined in The International Standards for the Professional Practice of Internal Auditing (Standards) issued by the Institute of Internal Auditors.

Internal Audit – An independent, objective assurance and consulting activity providing independent assurance over the internal controls and risk management framework of the council. Federation Council has engaged an independent Accountancy firm to carry out its Internal Audit function.

External Audit – Statutory function that provides an opinion on the council’s annual financial reports, as required under Divisions 2 and 3 of the Local Government Act 1993 to council and its external stakeholders.

Enterprise Risk Management - Internal audit will identify and evaluate the effectiveness of council’s risk management system and contribute to the improvement of risk management and control systems. The annual Internal Audit plan is developed after consideration of the council’s risk registers and those areas that are high risk to the organisation.

4. Roles, Responsibility and Authority

4.1 Council

The Council is primarily responsible for the preparation of financial statements of the organisation and the establishment and maintenance of a system of internal controls. It also manages the organisation's affairs, in compliance with applicable laws and regulations.

4.2 Chief Audit Executive

The Chief Audit Executive is authorised to direct a comprehensive program of internal audit work in the form of reviews, previews, consultancy advice, evaluations, appraisals, assessments and investigations of functions, processes, controls and governance frameworks in the context of the achievement of business objectives.

The Director Corporate and Community Services is appointed as Chief Audit Executive at Federation Council as defined in The International Standards for the Professional Practice of Internal Auditing (Standards) issued by the Institute of Internal Auditors.

The Internal Audit function shall have independent status within the Federation Council and for this purpose shall be responsible directly through the Chief Audit Executive to the Audit Risk and Improvement Committee and administratively to the General Manager.


4.3 Internal Auditor

The internal auditor forms a part of management's system of internal control and has an advisory role to support the Audit Risk and Improvement Committee.

Internal Audit and their staff shall not undertake any operating responsibilities outside internal audit work. Internal Audit staff and contractors shall report to the Chief Audit Executive on any situations where they feel their objectivity may be impaired. Similarly, the Chief Audit Executive should report any such situations to the Audit Risk and Improvement Committee.

4.4 Audit Risk and Improvement Committee

Audit, Risk and Improvement Committee members and the Chair are to serve a three to five-year term. A member’s term cannot exceed eight years and the Chair’s term cannot exceed five years.

The Audit Risk and Improvement Committee assists Council in the fulfilment of its duties by overseeing the financial reporting process and interacting with the external and internal auditors on behalf of Council.

The Council authorises the Audit Risk and Improvement Committee, within the scope of its role and responsibilities, to:

Express opinions frankly, ask questions that go to the fundamental core of issues, and pursue independent lines of enquiry

Obtain any information it needs from any employee or external party (subject to their legal obligations to protect information) through the Chief Audit Executive or other senior manager.

Discuss any matters with the external auditor or other external parties (subject to confidentiality considerations).

Request the attendance of any employee or councillors at Committee meetings.

Obtain external legal or other professional advice considered necessary to meet its responsibilities within purchasing and financial control processes.

Members of the Committee are expected to:

Understand the relevant legislative and regulatory requirements appropriate to Federation Council.

Contribute the time needed to study and understand the papers provided.

Apply good analytical skills, objectivity and good judgment.

The Auditor-General, as the external auditor, expresses an opinion on the financial statements prepared by management and may conduct performance audits of activities of the organisation.

The work of Internal Audit does not relieve the staff of the Federation Council from their accountability to discharge their responsibilities. All Federation Council staff are responsible for risk management and the operation and enhancement of internal control. This includes responsibility for implementing remedial action endorsed by management following an internal audit.

4.4.1 Responsibilities.

'The Committee will develop a 'Schedule of Responsibilities'. This Schedule to be reviewed annually (generally at the final Meeting of the calendar year), with this Schedule forming the basis of an 'Annual Work Plan' for the Committee' and forming an attachment to this Internal Audit Charter.


5. Composition and Tenure

Members of the Committee, taken collectively, should have a broad range of skills and experience relevant to the operations of Federation Council. At least one member of the Committee shall have accounting or related financial management experience, with understanding of accounting and auditing standards in a public sector environment. Committee membership will consist of:

5.1 Members (voting)

One councillor representative formally appointed by Council to coincide with the Mayoral election (a backup Councillor Representative may be nominated but only attends when necessary due to absence).

A minimum of two independent external members, one of which is elected as chairperson (skills based appointments)

5.2 Attendee (non-voting)

General Manager

Chief Audit Executive – Director Corporate & Community Services

5.3 Invitees (non-voting) for specific Agenda items

Governance Officer

Senior Executive staff (Manex)

Representatives of the external auditor

Other officers/managers may attend by invitation as requested by the Committee

External Members can be appointed by the Council for up to 3 terms consecutively

The independent external members will be appointed for the term of Council, after which they will be eligible for extension or re-appointment following a formal review of their performance and public EOI process.

6. Meetings

The Audit Risk and Improvement Committee will meet at least three times per year, with one of these meetings to include review and endorsement of the annual audited financial reports and external audit opinion.

The need for any additional meetings will be decided by the Chair of the Committee, though other Committee members may make requests to the Chair for additional meetings.

A forward meeting plan, including meeting dates and agenda items, will be agreed by the Committee each year. The forward meeting plan will cover all Committee responsibilities as detailed in this Audit Risk and Improvement Committee, Internal Audit Charter.

6.1 Attendance at Meetings and Quorums

A quorum will consist of a majority of Committee members, including at least one independent member. Meetings can be held in person, by telephone or by video conference.

The Chief Audit Executive will be invited to attend each meeting unless requested not to do so by the Chair of the Committee. The Committee may also request other members of the senior executive or any other employees to participate for certain agenda items, as well as the external auditor.


6.2 Secretariat

The Committee appointed Secretariat will provide secretariat support to the Committee. The Secretariat will ensure the agenda for each meeting and supporting papers are circulated, at least one week before the meeting, and ensure minutes of the meetings are prepared and maintained. Minutes shall be approved by the Chair and circulated to each member within three weeks of the meeting being held.

7. Reporting

7.1 Summary of Audit Activities each meeting by the Chief Audit Executive

The Chief Audit Executive shall at all times report to the Audit Risk and Improvement Committee and make available all internal audit reports.

At each Audit Risk and Improvement Committee meeting the Chief Audit Executive shall submit a report summarising all audit activities undertaken during the period, indicating:

1. Internal audit engagements completed or in progress.

2. Outcomes of each internal audit engagement undertaken.

3. Remedial action taken or in progress.

In addition to the normal process of reporting on work undertaken by Internal Audit, the Chief Audit Executive shall draw to the attention of the Audit Risk and Improvement Committee all matters that, in the Chief Audit Executive’s opinion, warrant reporting in this matter.

7.2 Summary of Audit Activities to Council after each meeting

Council is to be advised of the internal audits undertaken and progress made implementing corrective actions and any significant or emerging risk issues after each quarterly meeting of the Audit, Risk and Improvement Committee. Copies of minutes of the Audit Risk and Improvement Committee meetings are currently submitted to the Council following each quarterly meeting.

7.3 Annual report to Council by the Chair

The Chair of the Audit Risk and Improvement Committee will report annually to a council meeting on Councils performance.

The Committee may, at any time, consider any other matter it deems of sufficient importance to do so. In addition, at any time an individual Committee member may request a meeting with the Chair of the Committee.

At the first Committee meeting after 30 June each year, Internal Audit will provide a performance report of:

The performance of Internal Audit for the financial year as measured against agreed key performance indicators.

The approved Internal Audit Plan of work for the previous financial year showing the current status of each audit.

7.4 Annual Attestation Certificate from General Manager

The General Manager will be required to publish in the Councils annual report, an annual attestation certificate indicating whether the council has complied with the core requirements for the Audit Risk and Improvement


Committee and the internal audit function. This is currently in transition and is required to be fully implemented by 2024.

8. Induction of new members

Council will provide a period of induction for new Committee members to include:

An introduction to the senior executive team and key people

A update on the status of Councils existing audit actions with all new Members appointed to the Committee to be provided with an update on the status of the internal and external audits and any prior work achieved or outstanding.

A copy of the Organisational Structure and access to key plans and reports as published on Councils website

9. Planning

The Chief Audit Executive shall prepare an annual Internal Audit Plan for review and approval by the Audit Risk and Improvement Committee, showing the proposed areas for audit.

The Chief Audit Executive has discretionary authority to adjust the Internal Audit Plan as a result of receiving special requests from management to conduct reviews that are not on the plan, with these to be approved at the next meeting of the Audit Risk and Improvement Committee.

10. Conflicts of Interest

Committee members must declare any conflicts of interest at the start of each meeting or before discussion of a relevant agenda item or topic. Details of any conflicts of interest should be appropriately minuted.

Where members or invitees at Committee meetings are deemed to have a real or perceived conflict of interest, it may be appropriate they be excused from Committee deliberations on the issue where the conflict of interest may exist. The final arbiter of such a decision is the Chair of the Committee.

11. Quality Assurance and Improvement Program

The Head of the Internal Audit is to establish a quality assurance and improvement program which includes ongoing monitoring and periodic self-assessments, an annual review and strategic external review at least once each council term. This is in transition and is required to be fully implemented by 2024.

11.1 Biennial review of Audit Risk and Improvement Committee

The Head of the Internal Audit will initiate a review of the performance of the Committee at least once every two years. The review will be conducted on a self-assessment basis with appropriate input from management and any other relevant stakeholders.

11.2 Biennial Review of Internal Auditors

The Head of the Internal Audit will initiate a review of the performance of the Internal Auditors at least once every two years. The review will be conducted with appropriate input from management and any other relevant stakeholders. Feedback will be sought from key stakeholders following each internal audit.


11.3 Review of Internal Audit Charter

At least once every two years (no later than December) the Audit Risk and Improvement Committee will review the

Audit Risk and Improvement Committee Internal Audit Charter.

Note that Council elections are now postponed until 2021 and a model internal audit charter is referred to as part

of the implementation of Risk Management and Internal Audit Framework by December 2022 by which time all

Councils will need to ensure their Charter (TOR) is in alignment with this.

The next review is scheduled to align with release of Model Internal Audit Charter to ensure we are able to meet

the minimum requirements of the new framework.

The Audit Risk and Improvement Committee will approve any changes to this Audit Risk and Improvement Committee Internal Audit Charter.

The Chief Audit Executive shall submit the Internal Audit Charter to Council for adoption within 6 months of a new

Council being elected) or when significant changes are proposed.

The Chief Audit Executive shall periodically review the Internal Audit Charter to ensure it remains up-to-date and reflects the current scope of internal audit work.

11.4 Strategic External Review

A review by an external assessor on the effectiveness of the Audit, Risk and Improvement Committee and the internal audit function - reported to the Audit, Risk and Improvement Committee and governing body of the council will be implemented by 2024 in accordance with the implementation of the Risk Management and Internal Audit framework timeline.

12. Register of Audit Risk and Improvement Committee Members

12.1 Independent Members

Committee Member Appointment Date re-appointed Review date

Linda MacRae (Chairperson) 01/09/2017 June 2020

Peter McLean 01/09/2017 June 2020

12.2 Council Representatives

Committee Member Appointment Date re-appointed Review date

Cr Paul Miegel 19/12/2017 Res 228/17

Cr Norm Wales 19/12/2017 Res 228/17


13. Schedule of Changes & Amendments

Version Date Changes/Amendment

Version 1 21/06/2016 Development of document for Federation Council 16/21973

15/03/2017 Updated with new logo

07/06/2017 New policy template applied. Revised committee composition and membership to include Director of Finance and removal

of Internal auditor as member and added as an advisory role.

Version 2 29/06/2017 Adopted by Council

29/1/2018 Updated with Councillor representatives ref 13.2

Version 3 22/02/2019

Updated with additional information on responsibilities of the committee, timing of councillor appointment to coincide

with Mayoral election, external member appointments may be up to 3 consecutive terms and inclusion of status of the

internal and external audits and any prior work achieved or outstanding being provided to new members of the committee.

Addition of Schedule of Responsibilities for the Committee (Attachment A)

Change name from “Charter” to “Terms of Reference”

21/05/2019 Adopted by Council

Version

3.1 05/06/2019

Removed reference to CFO Section 5.2 as this position no longer exists. Replaced with Senior Executive staff and

Governance Officer

Added recommendations from Audit Office draft recommendation report for 30 June 2019 to Schedule of Responsibilities

Version 4 20/10/2020

Clarified reporting and evaluation requirements in line with proposed changes to the LGA and implementation of Risk

Management and Internal Audit Framework for Local Councils in NSW.

Terminology updated to reflect that used in Internal Audit Framework.

Amended review period to once every two years to coincide with Internal Audit Framework requirement to support

alignment with model Charter by Dec 22

Amended review of Committee and review of Internal Auditor to once every two years from annually.

Alignment with provisions of new framework to identify transitioning arrangements and timelines for components not yet

implemented.


Attachment A: Schedule of Responsibilities for the 'Audit Risk and Improvement Committee' (The Committee)

(a) Compliance:

Review the effectiveness of the Council's system for monitoring its compliance with legislation; regulations

and policies by obtaining regular updates (at each meeting) from Management on compliance or non-

compliance matters, including the results of Management's investigation and follow up ( including disciplinary

action) of any instances of non-compliance.

(b) Risk Management:

Ensure that the Council has a robust Risk Management Plan in place - this Plan to be reviewed annually by

the Committee

Review the Council's risk profile to ensure that its strategic and operational risks are dealt with

appropriately ( twice per year)

Ensure that there is regular review of the Council's risk profile (annually)

Monitor the progress of any major law suits that the Council is dealing with (at each meeting)

Ensure that the Council has current 'Occupational Health and Safety' (OH &S) Plans in place - Management

to provide half yearly statistical reports to the Committee regarding OH&S matters

Ensure that the Council has appropriate Business Continuity and ICT Disaster Recovery Plans in place

(including a robust testing regime of these plans) - Management to provide a status update at least annually

Regularly monitor (at least annually) the Council's Insurance coverage ( exposure) and premiums

Ensure that the Council has up to date sound and effective risk management practices in place for Major

Projects that provides a reporting status update frequency according to the level of risk.

(c) Fraud Control:

Ensure that the Council has a Fraud Control Framework and Policy in place. These documents are to be

reviewed by the Committee regularly ( at least bi-annually)

Management to report to the Committee regarding any instances of suspected fraud ( as required)

Assess whether Management has appropriate controls in place to identify transactions that may carry more

than acceptable level of fraud risk - these controls would generally form part of the 'rolling' internal audit

program ( refer (i)

(d) Financial Management:

(1) Financial (Management) Reporting (e.g. Council's Quarterly Financial Report):

Review on a regular basis (at each meeting) the Council's Financial Management Reports to ensure that the

Council is operating within its budget framework and in a financially sustainable manner

(2 Annual and Long Term Budget

Refer (f)

(2) Annual Financial Report:

Annually review the External Auditor's (Audit Office of NSW) proposed audit scope and approach


Annually review significant accounting legislative changes; regulatory and or professional pronouncements

and any relevant policies to ensure the Council's Financial Reports ( Annual and Management) reflect any

such changes

Annually review, with Management and the External Auditors, the results of the annual audit, including any

recommendations made and difficulties encountered

Recommend to the Council the adoption of the annual Financial Report and provide any relevant additional

information to the Council that may be required to ensure that the Council has an understanding of any of

the financial (or other) implications incorporated in the Report

Regularly monitor ( at each meeting) the implementation of any recommendations made by the External

Auditor

(e) Governance (of the Committee):

The Minutes of each Committee meeting are to be formally provided to the Council for adoption

The Committee should meet privately, without Management, as required, with the External and Internal

Auditors. The Chair of the Committee to provide any relevant feedback, to the General Manager, regarding

any issues discussed at these Meetings

The Chair of the Committee to prepare an annual report to the Council of the Committee's activities

(f) Implementation of the Strategic Plan; Delivery Program and Strategies:

Management to provide the Committee with the Council's annual Budget; Long term Financial Plan;

Strategic Plan and any other relevant Plans and Strategies so that the Committee is assured that the Council

is operating in a financially sustainable manner and that the Council has the resources; capacity and

capability to undertake its Plans and Programs that are included in these documents.

(g) Service Reviews:

Management to advise the Committee when service reviews are being undertaken including the short;

medium and long term implications of such service reviews (as required).

(h) Collection of Performance Measurement data by the Council:

Management to provide the Committee with the results of any Performance Measurement data collected

by the Council and advise of the implications for the Council of such data (as required).

(i) Internal Audit:

Review the Committee's Internal Audit Charter (at least once every two years) and submit to council for

adoption within 6 months of a new council being elected or when significant changes are proposed.)

Review and approve the Committee's 'Schedule of Responsibilities' at least once every two years and

submit to council for adoption with Internal Audit Charter within 6 months of a new council being elected

or when significant changes are proposed.)

Review the proposed work plan for the Committee annually

Review and approve the strategic internal audit plan annually to ensure it addresses the Council's material

strategic and operational risks

Review and approve the annual internal audit work program annually

Endorse the audit scopes of the proposed internal audit projects ( at each meeting or when required)


Monitor ( at each meeting) the implementation of the recommendations that are contained in the internal

audit reports

Conduct a review of the performance of the Internal Auditor and internal audit function at least once every

two years.

Perform a self- assessment of its own performance at least once every two years.

Review credit card expenditure and the gifts and benefits register annually

(j) Information Technology

Ensure that the Council has adequate Information Technology and Communications Systems (ITC Systems)

to meet the needs of the Community and the services that Council provides. Management to provide

regular updates of the Council's ITC Systems and advise of any potential risk areas (at least annually)

(k) Other Matters

The Committee is to ensure that the Council has robust Policies and Procedures in place covering such

matters as:

Councillors and Staff 'Code of conduct'

Procurement

Asset management

Investments

Credit cards

Accounts receivable and payable

Public Interest Disclosures

Pecuniary Interests

Section 355 Committees

Use of IT resources and Social Media

Complaints Management

Fraud and Corruption

NOTE: This is a controlled document. If you are reading a printed copy please check that you have the latest version by checking it on Councils Electronic Document system. Printed or downloaded versions of this document are uncontrolled.

Documents

Audit Risk and Improvement Committee Internal Audit Charter