DESNZ Audit and Risk Assurance Committee: terms of reference
Published 21 February 2024
1. The purpose of the DESNZ Audit and Risk Assurance Committee is to support the Departmental Board and Accounting Officer by reviewing the comprehensiveness and reliability of assurances on governance, risk management, the control environment and the integrity of financial statements and the annual report.
Responsibilities
2. The Audit and Risk Assurance Committee will advise the Departmental Board and Accounting Officer on:
a) the effective operation of the overall control (including financial), risk and governance arrangements, including ensuring adequate assurance is available to the Accounting Officer for the annual Governance Statement
b) the accounting policies, the accounts, and the annual report of the organisation, including the process for review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors
c) the planned activity and results of both internal and external audit (including the NAO’s audit of the Resource Accounts) and their implications for DESNZ
d) the adequacy of management response to issues identified by audit activity, including calling Directors to account as necessary, and advising on how to promote effective learning of lessons emerging from them
e) proposals for tendering for Internal Audit services
f) anti-fraud policies, whistle-blowing processes, and arrangements for special investigations
g) effective enforcement of Business Appointment Rules
3. The Audit and Risk Assurance Committee is not an executive committee of DESNZ. As such it will endeavour to complement rather than duplicate the work of the Departmental Board and the other committees, through independent Non-Executive scrutiny. It will consider items remitted to it by the Departmental Board and report back on progress as appropriate.
Membership
4. Members of the Audit and Risk Assurance Committee are non-executives appointed by the Permanent Secretary.
- Non-Executive Board Member and Chair of the Audit and Risk Assurance Committee, Vikas Shah
- Non-Executive Board Member and member of the Audit and Risk Assurance Committee, Peter Mather
- Independent Non-Executive Members of the Audit and Risk Assurance Committee (currently Elaine Clements, Alison Rodwell, Andre Katz, Anne Marie Millar, David Scott and Tristan Morgan)
5. The following non-members also attend:
- First Permanent Secretary (as required), Jeremy Pocklington
- Second Permanent Secretary, Clive Maxwell
- Chief Financial Officer, David Thomas
- Director, Implementation and Delivery (Risk Manager), Simon Hulme
- National Audit Office representative
- Head of Internal Audit
- others may be invited to attend Committee meetings as and when subjects for which they are responsible are discussed
6. The Audit and Risk Assurance Committee may:
- co-opt additional members or attendees for a period not exceeding a year to provide specialist skills, knowledge, and experience
- ask any other officials of the organisation to attend and/or provide it with a written report to assist it with its discussions on any particular matter
- ask any or all of those who normally attend but who are not members to withdraw to facilitate open and frank discussion of particular matters
- procure specialist ad-hoc advice at the expense of the organisation, subject to budgets agreed by the Board
7. The Head of Internal Audit and the representative of External Audit will have free and confidential access to the Chair of the Audit and Risk Assurance Committee separately from management.
Attendance
8. The Committee is considered quorate when at least 3 members are present, one of which should be the Chair (or the member the Chair has delegated duties to).
Substitutes
9. Substitutes are not permitted unless in exceptional circumstances, which must be agreed by the Chair of the Audit and Risk Assurance Committee.
Transparency of Committee activity
10. The Audit and Risk Assurance Committee will report to the Board and Accounting Officer after each meeting.
11. The Audit and Risk Assurance Committee will provide the Board and Accounting Officer with an Annual Report, timed to support finalisation of the accounts and the Governance Statement, summarising its conclusions from the work it has done during the year.
12. The Audit and Risk Assurance Committee will periodically review its own effectiveness and report the results of that review to the Board.
13. The Audit and Risk Assurance terms of reference should be made publicly available on GOV.UK.
Frequency and timings of meetings
14. The Audit and Risk Assurance Committee will meet at least 4 times a year.
15. The Chair of the Audit and Risk Assurance Committee may convene additional meetings, as they deem necessary.
16. The Board or the Accounting Officer may ask the Audit and Risk Assurance Committee to convene further meetings to discuss particular issues on which they want the Committee’s advice.
17. Committee business can be undertaken outside of a full meeting by, for example, email. All matters considered by this route should be reported to the Committee at its next full meeting.
Agendas, papers, minutes and action log
18. The Audit and Risk Assurance Committee will be provided with a secretariat function by the DESNZ Governance team. They will:
a) work with the Chair and the Permanent Secretary to develop and agree agendas (based on the statutory requirements set out in the HMT ARAC handbook)
b) ensure high quality, accurate minutes are taken to record Committee meeting proceedings and decisions
c) lead on the forward look of agenda items, commissioning and circulation of papers
19. For each meeting, the Audit and Risk Assurance Committee will be provided (one week in advance of the meeting) with:
a) a report summarising any significant changes to the organisation’s strategic risks and a copy of the strategic/corporate Risk Register, with the relevant performance report
b) a progress report from the Head of Internal Audit summarising:
- work performed (and a comparison with work planned)
- key issues emerging from the work of internal audit including reports on the effectiveness of systems for governance, risk management and control
- management response to audit recommendations
- changes to the agreed internal audit plan
- any resourcing issues affecting the delivery of the objectives of internal audit
c) a progress report (written / verbal) from the External Audit representative summarising work done and emerging findings (this may include, where relevant to the organisation, aspects of the wider work carried out by the NAO, for example, Value for Money reports and good practice findings)
d) a business update from the Permanent Secretary
e) management assurance reports (Director General risk management reports on rotation)
f) reports on the management of major incidents, “near misses” and lessons learned
g) any other report requested by the Committee
20. As and when appropriate the Committee will be provided with additional material including:
a) Internal and External Audit
- any Internal Audit report with a ‘limited’ assurance
- proposals for the terms of reference of internal audit / the internal audit charter
- the internal audit strategy
- the Head of Internal Audit’s Annual Opinion and Report
- quality assurance reports on the internal audit function
- external audit’s management letter
- a report on any proposals to tender for audit functions
- a report on co-operation between internal and external audit
b) Risk and assurance
- the organisation’s risk management strategy
- the organisation’s risk appetite
- twice yearly reports on corporate assurance
- cyber security and information risk management and assurance including, risk mitigation strategies, governance, threat intelligence (third party and supply chain), structure and resources, business continuity, incident response and people, training and awareness
- Partner Organisation risk management and assurance
c) Finance
- progress updates on the preparation of the accounts of DESNZ
- the draft and final accounts of DESNZ
- key accounting judgements
- a report on any changes to accounting policies
d) Governance
- the draft Governance Statement
- the organisation’s Single Departmental Plan
- twice yearly reports on the Business Appointment Rules process and data
- conflicts of interest policy and declarations
- anti-fraud and whistle-blowing policies
- annual review of ARAC terms of reference
21. Arm’s Length Bodies
a) The Committee will, in consultation with the Department’s Accounting Officer and the Directors of Finance and Commercial, establish appropriate arrangements to identify the Arm’s Length Bodies and Partner Organisations with the greatest potential to impact the Department’s objectives and its consolidated financial statements.
b) The Committee will support the Department’s Accounting Officer by establishing appropriate relationships with DESNZ Partner Organisations. This includes Committee members observing Partner Organisation ARAC meetings and feeding back to the Committee. Partner Organisation ARAC Chairs / members will also have the opportunity to annually observe a DESNZ ARAC meeting. The Committee will endeavour to ensure that additional opportunities for communication exist for the sharing of good practice and issues of mutual concern such as ARAC Chair’s conferences and networking meetings.
Effectiveness
22. The Committee will be evaluated annually, as part of a three-year cycle in which the first two reviews will be led by Governance Team and the third review will be independently run with support of Cabinet Office.
Conflicts of interest
23. Each member of the Audit and Risk Assurance Committee should take personal responsibility to declare pro-actively any potential conflict of interest arising out of business undertaken by the Department, arising on the agenda or from changes in the member’s personal circumstances.
24. Governance Secretariat will maintain a Register of Interests which all members will be expected to update. This Register will inform the Governance Secretariat of any conflicts of interest that they need to take into account when circulating papers for Committee meetings. The Register could be subject to FOI requests and the release of any information will be determined on a case-by-case basis. High level details of Conflicts of Interest will be published on GOV.UK.
25. If there are conflicts, the Chair of the Audit and Risk Assurance Committee will determine an appropriate course of action with the member. For example, the member might simply be asked to leave while a particular item of business is taken; or in more extreme cases the member could be asked to stand down from the Committee. If it is the Chair who has a conflict of interest, the Committee should ask another member of the Audit and Risk Assurance Committee to lead in determining the appropriate course of action.
26. Members should comply at all times with the Code of Conduct for Board Members of Public Bodies and other appropriate guidance including with the rules relating to the use of public funds and to have regard to the principles of public life: selflessness, integrity, objectivity, accountability, openness, honesty and leadership and act in the best interests of the Department.