Corporate report

Dstl Audit and Risk Assurance Committee - terms of reference

Updated 20 August 2024

These terms of reference define the membership, administration, duties and authorities of the Dstl Audit and Risk Assurance Committee, as defined in the HM Treasury Audit and Risk Assurance Committee Handbook. The Annex further defines the schedule of responsibilities and matters reserved for the Audit and Risk Assurance Committee’s consideration.

For further information on the Audit and Risk Assurance Committee, please contact the Dstl Secretariat.

1. Overall purpose

The Dstl Board has established an Audit and Risk Assurance Committee as a sub-committee of the Board to support them in their responsibilities for issues of risk, control and governance by reviewing the comprehensiveness of assurances in meeting the Board and Accounting Officer’s assurance needs, and reviewing the reliability and integrity of these assurances.

The Audit and Risk Assurance Committee does not have any executive responsibilities nor is charged with making or endorsing any decisions. It takes care to maintain its independence.

2. Responsibilities

The Audit and Risk Assurance Committee advises the Board and the Chief Executive on:

  • the strategic processes for risk, control and governance, taking into account related ethical standards, and the Governance Statement
  • the accounting policies, the accounts, and the Annual Report, including the process for review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors
  • the planned activity and results of both internal and external audit
  • adequacy of management response to issues identified by audit activity
  • assurances relating to the management of risk and corporate governance requirements for Dstl
  • proposals for tendering for external audit services or for purchase of non-audit services from contractors who provide audit services
  • anti-fraud policies, whistle-blowing processes, and arrangements for special investigations
  • its own effectiveness through periodic review, and reporting the results of those reviews to the Board.

The Audit Committee’s schedule of responsibilities and matters reserved for its decisions are at Annex A. This schedule should be viewed in conjunction with the terms of reference of the committee, and is not meant to be exhaustive.

3. Membership

The Dstl Board establishes an Audit and Risk Assurance Committee of at least three members who are non-executive members (NEMs) of the Board. The Chair of the Board, in consultation with the Chair of the Audit and Risk Assurance Committee, ensures that there is a range of skills and experience relevant to various aspects of risk, governance and control among the membership of the Audit and Risk Assurance Committee; at least one member will have recent and relevant financial experience.

The Dstl Board Chair appoints the Chair of the Audit and Risk Assurance Committee, who will be a suitably experienced non-executive board member.

Only members of the committee have the right to attend committee meetings. The Chair of the Dstl Board is not a member of the committee.

The Chief Executive, as Accounting Officer, is invited to attend committee meetings, supported by Dstl’s Chief Finance Officer, Dstl’s Head of Finance, Dstl’s Chief Operating Officer, and Dstl’s Head of Risk, Assurance and Governance. However, the Audit and Risk Assurance Committee may sit privately without any non-members present for all or part of the meeting is they so wish. Other attendees will be on regular standby to attend meetings at the behest of the committee, e.g. Chief Science & Technology Officer, Chief Delivery Officer and Dstl’s Senior Information Risk Owner. The Head of Internal Audit and the National Audit Office (NAO), and any external auditors appointed by NAO, attend meetings by invitation.

4. Chair of the Audit and Risk Assurance Committee

The Chair is responsible for ensuring that the work of the Audit and Risk Assurance Committee is effective, that the committee is appropriately resourced, and that it is maintaining effective communication with stakeholders.

The Chair’s key activities, beyond committee meetings, should include:

  • agreeing, with the Audit and Risk Assurance Committee Secretary, the business for meetings of the Committee;
  • communicating appropriately with the Board about Audit and Risk Assurance Committee business;
  • ensuring that a suitable Annual Report is prepared and endorsed for approval by the Board;
  • meeting individually, at least annually, with the Accounting Officer, the Dstl Board Chair, the Head of Internal Audit and the National Audit Office;
  • ensuring that all committee members have access to appropriate and timely training, both in the form of a tailored induction programme for new members and on an ongoing basis for all members, to help them understand Dstl, its objectives, its business needs and its priorities;
  • ensuring that a process exists for actions points arising from committee business to be appropriately pursued, including the briefing of members unable to attend a meeting on business conducted in their absence;
  • taking the lead in ensuring Committee members are provided with an appropriate appraisal of their performance and that training needs are identified and addressed;
  • ensuring that the overall effectiveness / performance of the Audit and Risk Assurance Committee and its Terms of Reference are reviewed at least once a year and any changes considered necessary are recommended to the Board for approval;
  • involvement in the appointment by the Board of new committee members, including providing advice on the skills and experience being sought by the Committee when a new member is being appointed.

5. Secretariat

The Audit and Risk Assurance Committee Secretary (appointed by Dstl Risk, Assurance and Governance) is responsible for agreeing the agenda with the Chair. Any member who wishes to table an agenda item should discuss the matter with the Audit and Risk Assurance Committee Secretary.

6. Quorum

The quorum necessary for the transaction of Audit and Risk Assurance Committee business is two NEMs (including the Chair). No proposal can be voted upon unless quoracy is achieved. All members have one vote each with a casting vote made by the Chair in the event of an equally split decision.

Where there are potential conflicts of interest, either recorded in the register of committee member’s interests, or identified during the meeting, then the Chair will make a decision as to whether that Committee Member should be involved. In the event that the Chair has a conflict of interest, another independent NEM acts as Chair for that section of the agenda.

7. Frequency of meetings

The Audit and Risk Assurance Committee will meet four times a year at appropriate times in the reporting and audit cycle. The Chair may convene additional meetings if they deem necessary.

8. Information requirements

For each meeting the Audit and Risk Assurance Committee will be provided with:

  • a report summarising any significant changes to the organisation’s strategic risks and a copy of the strategic / corporate Risk Register
  • a progress report from the Head of Internal Audit summarising:
    • work performed (and a comparison with work planned)
    • key issues emerging from the work of internal audit
    • management response to audit recommendations
    • changes to the agreed internal audit plan; and
    • any resourcing issues affecting the delivery of the objectives of internal audit
  • a progress report (written/verbal) from the external audit representative summarising work done and emerging findings (this may include, where relevant to the organisation, aspects of the wider work carried out by the NAO, for example, value for money reports and good practice findings)
  • management assurance reports; and
  • reports on the management of major incidents, “near misses” and lessons learned.

As and when appropriate the Committee will also be provided with:

  • proposals for the terms of reference of internal audit / the internal audit charter
  • the internal audit strategy
  • the Head of Internal Audit’s Annual Opinion and Report
  • the draft accounts of the organisation
  • the draft Governance Statement
  • a report on any changes to accounting policies
  • external audit’s management letter
  • a report on any proposals to tender for audit functions
  • a report on co-operation between internal and external audit; and
  • the organisation’s Risk Management strategy

9. Notice of meetings and receipt and distribution of papers

Meetings of the Audit and Risk Assurance Committee are convened by the Committee Secretary, on behalf of the Chair. The meeting dates will be issued prior to the beginning of each calendar year, earlier if at all possible, and ideally set two years in advance.

Notice of each meeting confirming the date, venue and time of the meeting are provided to members as far in advance as possible.

Papers should be provided to the Committee Secretary no later than 15 working days before the date of the meeting. The Audit and Risk Assurance Committee Secretary, in consultation with the Chair, reserves the right to decline papers received after the deadline.

The agenda and links to supporting material are electronically circulated to committee members, and to other attendees as appropriate, one week before the meeting date. Printed packs will be supplied if required. Members should advise the Audit and Risk Assurance Committee Secretary if they require hard copy packs on an ongoing basis.

10. Minutes of meetings

The Committee Minuting Secretary minutes the proceedings of the Audit and Risk Assurance Committee, including recording the names of those present and in attendance.

The Secretary and Chair will aim to agree draft minutes as soon as possible after each meeting and then to circulate them to all other Audit Committee members.

Once the minutes have been approved as a correct record in-committee, the Audit and Risk Assurance Committee Secretary arranges for a soft copy to be maintained for the record.

Actions will be recorded on Q-Pulse and outstanding actions will be reviewed at each meeting. Closure of actions will be formally recorded by the Secretary in the minutes.

11. Reporting responsibilities

The Audit and Risk Assurance Committee Chair reports formally to the Board on its proceedings after each meeting on all matters within its duties and responsibilities.

The Audit and Risk Assurance Committee provides the Board and Accounting Officer with an Annual Report, timed to support finalisation of the accounts and the Governance Statement summarising its conclusion from the work it has done during the year.

The Audit and Risk Assurance Committee makes whatever recommendations to the Dstl Board it deems appropriate on any area within its remit where action or improvement is needed.

The Audit and Risk Assurance Committee reviews the Governance Statement by the Accounting Officer prior to its inclusion in Dstl’s Annual Report and Accounts.

12. Other matters

The Audit and Risk Assurance Committee will give due consideration to laws and regulations, including all guidance for Executive Agencies from HM Treasury, and the provisions of the Combined Code where these are appropriate.

The Audit and Risk Assurance Committee will encourage co-ordination between internal and external auditors and will oversee any investigation of activities that are within its terms of reference.

If an NEM has a direct or indirect interest in any proposed discussion, they have a duty to declare both the nature and extent of that interest to the other committee members. NEMs are required to update their Declarations of Interest forms as and when they change, and annually when approached by Dstl Risk, Assurance and Governance. Declarations of Interests should include any general interests in a standing register of interests, as per the Code of Conduct.

Audit and Risk Assurance Committee meetings are either held at Dstl Porton Down, Dstl Portsdown West, or, when necessary, via secure telephone or video.

13. Authority

The Audit and Risk Assurance Committee is authorised to:

  • seek any information it requires from any employee of Dstl or its subsidiaries in order to perform its duties
  • obtain, at Dstl’s expense, outside legal or other professional advice on any matter, within its terms of reference
  • call any employee to be questioned at a meeting of the Audit and Risk Assurance Committee as and when required
  • co-opt additional members for a period not exceeding a year to provide specialist skills, knowledge, and experience as necessary