The National Health and Medical Research Council's (NHMRC) Audit and Risk Committee (the Committee) provides independent advice to the Chief Executive Officer on NHMRC's financial and performance reporting responsibilities, risk oversight and management, and system of internal controls.

On this page:

The Committee is established under section 45 of the Public Governance, Performance and Accountability Act 2013 and in accordance with section 17 (Audit Committees for Commonwealth Entities) of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

In accordance with the PGPA Rule, the Committee's functions include reviewing the appropriateness of NHMRC's:

  • financial reporting – annual financial statements, financial record keeping and processes
  • performance reporting – systems and procedures for assessing, monitoring and reporting on achievement of the entity's performance
  • system of risk oversight and management – enterprise risk management and fraud control activities
  • system of internal control – internal control, security compliance and policy and legislation compliance for the entity.

Audit and Risk Committee Charter

The NHMRC Chief Executive Officer (CEO) has established an Audit and Risk Committee (the Committee) as required under section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and in accordance with section 17 (Audit Committees for Commonwealth Entities) of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

Role

The role of the Committee is to provide independent advice to the CEO on NHMRC’s financial and performance reporting responsibilities, risk oversight and management, and systems of internal control.

Members of the Committee are expected to understand and observe the legal requirements of the PGPA Act and PGPA Rule. Members are also expected to:

  • act in the best interests of the entity as a whole
  • apply good analytical skills, objectivity and good judgment
  • express opinions constructively and openly, raise issues that relate to the Committee’s responsibilities and pursue independent lines of enquiry
  • maintain a good understanding of the entity’s operating context.

Committee Members must not use or disclose information obtained though the Committee except in meeting the Committee’s responsibilities, or unless expressly agreed by the CEO.

Membership

The Committee comprises the Chair, and between three and five other Members appointed by the CEO.

Appointment terms will be not less than three years to preserve an appropriate level of knowledge and experience on the Committee. Appointment terms may be staggered and/or extended at the discretion of the CEO. Appointment terms may be extended when there are extenuating (and documented) circumstances that would justify maintaining a Member for a period longer than the initial appointment. A Member may only serve on the committee for up to ten consecutive years.

Members are appointed for their individual skills, qualifications and experience. Taken collectively, Members will have a broad range of skills and experience relevant to the operations of NHMRC. At least one Member of the Committee must have accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment, whilst another Member will have performance reporting expertise.

The Committee is authorised to appoint a Member to act for the Chair as needed.

Advisors and Observers

The General Manager and Chief Audit Executive1 have a standing invitation to attend Committee meetings as Advisors.

The CEO and Chief Financial Officer have a standing invitation to attend Committee meetings as Observers.

Executive Directors, other management representatives, the Australian National Audit Office (ANAO) and the Internal Audit Manager may attend meetings as Observers at the invitation of the Chair.

Functions2

In accordance with PGPA Rule subsection 17(1), the Committee’s functions must include reviewing the appropriateness of NHMRC’s:

  • financial reporting—annual financial statements, financial record keeping and processes
  • performance reporting—systems and procedures for assessing, monitoring and reporting on achievement of the entity’s performance
  • system of risk oversight and management—enterprise risk management and fraud and corruption control activities
  • system of internal control—internal control, security compliance and policy and legislation compliance for the entity (subsection 17(2)).

A detailed list of Committee activities relating to the above functions is at Attachment A – Audit and Risk Committee Activities.

Annual Work Plan

The Committee will prepare an annual work plan that outlines when activities will be undertaken each year in order to deliver against the Committee’s functions.

Reporting

The Committee will, as often as necessary and at least once a year, report to the CEO on its operation and activities and confirm to the CEO that all functions outlined in this Charter have been satisfactorily performed.

The Committee may, at any time, report to the CEO on any other matter related to its functions, as it deems of sufficient importance to do so. In addition, at any time an individual Member may request a meeting with the CEO.

Administrative Arrangements

Meetings

The Committee will meet at least three times per year. The Chair is required to call a meeting if asked to do so by the CEO and may decide if a meeting is required if requested by another Member, an internal audit provider or the ANAO.

Quorum

A quorum for meetings is fifty percent plus one of all Members eligible to participate.

Secretariat

NHMRC will provide secretariat support, including coordination and circulation of papers, minute taking and record keeping.

Disclosures of Interest

Members are required to disclose material personal interests, including pecuniary and non-pecuniary interests, whether actual or perceived, that may be relevant to this appointment and the activities of the Committee throughout the life of their appointment. Specifically, Members are to disclose any interests that could be viewed by others as weakening either the individual’s or the Committee’s actual or perceived independence.

The Committee will determine whether the Member who has disclosed an interest can participate in discussions and/or advice formulation. The Chair will ask the Committee to make a determination, following a disclosure of interest. The Chair will determine if a Member may remain present while the determination is made. Details of material personal interests declared and actions taken will be appropriately recorded in the minutes.

Induction

New Members will receive relevant information and briefings on their appointment to assist them to meet their responsibilities on the Committee. Senior executives will also ensure Members are briefed and kept up to date on major and emerging issues and risks within NHMRC as part of the Management Update.

Assessment Arrangements

The Chair will oversee a review of Committee performance at least once every two years. The review will be conducted on a self-assessment basis (unless otherwise determined by the CEO) with input also sought from Advisors and Observers.

The assessment will review delivery against Committee’s functions, as detailed in this Charter, taking into account the timelines documented in the annual work plan. It will identify quality improvement opportunities in governance arrangements and areas where Committee guidance to Management may strengthen agency outcomes, as well as emerging strategic risks and areas for Committee focus on in the following two years.

Review of Charter

The Committee will review this Charter annually. Substantive changes will be endorsed by the Committee prior to approval by the CEO.

Attachment A Audit and Risk Committee Activities

Financial reporting

The PGPA Rule requires that the Audit and Risk Committee review the appropriateness of the Accountable Authority’s financial reporting for the entity. This includes the Audit and Risk Committee reviewing compliance with the mandatory requirements of the PGPA Act, the PGPA (Financial Reporting) Rule and the Accounting Standards and also considering advice given in supporting guidance.

The Audit and Risk Committee reviews and provides advice on the appropriateness of the entity’s:

  • annual financial statements
  • information (other than annual financial statements) requested by the Department of Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package
  • processes and systems for preparing financial reporting information
  • financial record keeping
  • processes in place to allow the entity to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting.

The Audit and Risk Committee provides a statement to the Accountable Authority as to:

  • whether the annual financial statements, in the Committee’s view, comply with the PGPA Act, the PGPA (Financial Reporting) Rule, the Accounting Standards and supporting guidance
  • whether additional entity information (other than financial statements) required by the Department of Finance for the purpose of preparing the Australian Government consolidated financial statements (including the supplementary reporting package) complies with the PGPA Act, the PGPA (Financial Reporting) Rule, the Accounting Standards and supporting guidance
  • the appropriateness of the entity’s financial reporting as a whole, with reference to any specific areas of concern or suggestions for improvement.

Performance reporting

The PGPA Rule requires that the Audit and Risk Committee review the appropriateness of the Accountable Authority’s performance reporting for the entity. This includes the Audit and Risk Committee reviewing the mandatory requirements of the PGPA Act, the PGPA Rule, and the Commonwealth Performance Framework and also considering advice given in supporting guidance. The review will include information provided in the Portfolio Budget Statements, the Corporate Plan and the annual performance statements.

The Audit and Risk Committee reviews and provides advice on the appropriateness of the entity’s systems and procedures for assessing, monitoring, evaluating and reporting on the entity’s performance. In particular the Audit and Risk Committee will consider if:

  • the Portfolio Budget Statements and Corporate Plan contain appropriate details of how the entity’s performance will be measured and assessed
  • the approach to measuring the entity’s performance is appropriate and in accordance with the Commonwealth Performance Framework
  • the systems and processes for preparation of the annual performance statements are appropriate and will allow an accurate assessment of the entity’s performance in the period.

The Audit and Risk Committee is to provide a statement to the CEO as to whether, in the Committee’s view, the entity’s annual performance statements and performance reporting as a whole are appropriate, with reference to any specific areas of concern or suggestions for improvement.

System of risk oversight and management

The PGPA Rule requires that the Committee review the appropriateness of the Accountable Authority’s system of risk oversight and management for the entity. This includes the Audit and Risk Committee gaining a sufficient understanding of the Accountable Authority’s risk appetite and the entity’s operating environment, and reviewing the mandatory requirements of the PGPA Act, the PGPA Rule and the Commonwealth Risk Management Policy, and also considering advice given in supporting guidance.

The Audit and Risk Committee reviews and provides advice on the appropriateness of the entity’s:

  • enterprise and strategic risk management, including the policy framework and internal controls for the effective identification and management of the entity’s risks
  • approach to managing day-to-day risks—including those associated with individual projects and program implementation and activities
  • process for developing and implementing the entity’s fraud and corruption control arrangements consistent with the Commonwealth Fraud and Corruption Control Framework, including satisfying itself that the entity has adequate processes for detecting, capturing and effectively responding to fraud and corruption risks
  • articulation of key roles and responsibilities relating to risk management and mechanisms to support adherence by officials of the entity.

The Audit and Risk Committee is to provide a statement to the CEO about whether NHMRC’s system of risk oversight and management as a whole is in line with the Commonwealth Risk Management Policy and any specific areas of concern or suggestions for improvement.

System of internal control

The PGPA Rule requires that the Audit and Risk Committee reviews the appropriateness of the Accountable Authority’s system of internal control for the entity. This includes an Audit and Risk Committee gaining a sufficient understanding of the entity’s operating context and governance requirements, reviewing the mandatory requirements of the PGPA Act and the PGPA Rule, and also considering advice given in supporting guidance. The Audit and Risk Committee’s responsibilities in each area are outlined below.

Internal control framework:

  • Review whether the entity’s approach to maintaining an effective internal control framework, including in relation to functions performed by external parties such as contractors and advisers, is sound and supports adherence to relevant policies and procedures
  • Review whether the entity has in place relevant policies and procedures, including Accountable Authority Instructions, and that these are periodically reviewed and updated.
  • Business continuity management:
  • Satisfy itself that a sound approach has been followed in establishing NHMRC’s business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically tested and updated.

Ethical and lawful behaviour:

  • Assess whether the entity has taken steps to embed a culture that promotes the proper use of Commonwealth resources and is committed to ethical and lawful behaviour.

Internal audit:

  • Review the proposed internal audit coverage, ensure the coverage takes into account NHMRC’s key risks, and recommend approval of the internal audit work plan by the CEO or General Manager
  • Review all audit reports and provide advice to the CEO on significant issues identified in audit reports and recommend action on significant issues raised, including identification and dissemination of good practice.

External Audit:

  • Review external reports (Auditor-General, JCPAA and other parliamentary committees, Royal Commissions etc.) and the relevance of recommendations to the entity
  • Review the implementation of agreed recommendations from ANAO audits or JCPAA and other parliamentary committee reports directed to the entity.

Legislative and policy compliance:

  • Review the effectiveness of the system for monitoring NHMRC’s compliance with those laws, regulations and associated government policies with which NHMRC must comply
  • Determine whether the entity has appropriately considered legal and compliance risks as part of the entity’s enterprise risk management framework, fraud and corruption control framework and planning.

Security Compliance:

  • Review the entity’s approach to maintaining an effective internal security system—including complying with the Protective Security Policy Framework and ICT Security Policy
  • Provide a statement to the CEO on whether, in the Committee’s view, NHMRC’s system of internal control is appropriate for the entity, with reference to any specific areas of concern or suggestions for improvement.

Committee members

  • Mr Geoff Knuckey (Chair)
  • Professor Anthony Lawler
  • Professor Eleanor Milligan
  • Ms Fran Raymond
  • Ms Cathryn Ryan

Contact

For further information regarding the NHMRC Audit and Risk Committee, please contact the secretariat team at NAC.secretariat@nhmrc.gov.au

1 The Chief Audit Executive is the senior executive officer responsible for the entity’s audit and risk governance and for maintaining an effective internal audit program. Currently this responsibility sits with the Executive Director, Research Quality and Advice.

2 PGPA Rule 2014, section 17 states that the functions of an Audit Committee must include reviewing the appropriateness of the Accountable Authority’s: financial reporting; performance reporting; system of risk oversight and management; and system of internal control.

Downloads

File type
Size
NHMRC Audit and Risk Committee Charter148.14 KB
pdf
0.14 MB
Download
pdf / 0.14 MB Download

NHMRC aims to follow and meet the Web Content Accessibility Guidelines (WCAG 2.2 AA). Despite our best efforts to ensure accessibility of NHMRC’s website, we publish documents received from third parties. These documents may not meet the WCAG 2.2 AA. If you have any difficulties in accessing our content, contact us by emailing: webrequest@nhmrc.gov.au.