Show download pdf controls
  • Audit and Risk Committee Charter

    The Commissioner of Taxation (the Commissioner) has established the ATO Audit and Risk Committee (committee) in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act). The committee performs its functions in accordance with the section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

    On this page

    Role of the committee

    The committee has a broad range of responsibilities and is a key part of the governance arrangements of the ATO. Its main purpose is to assist the Commissioner, by providing independent advice and assurance about the appropriateness of four areas:

    • financial reporting
    • performance reporting
    • system of risk oversight and management
    • system of internal control.

    The committee is the Audit and Risk Committee for the:

    • ATO
    • Australian Charities and Not-for-profits Commission (ACNC)
    • Tax Practitioners Board (TPB).

    While the ACNC and the TPB are independent statutory authorities, they are programs of the ATO and therefore their accountable authority is the Commissioner.

    The committee is not responsible for the executive management of the above areas. The committee will engage with management in a constructive and professional manner to form and give advice to the Commissioner.

    The role of the committee may be revised or expanded in consultation with, or as requested by, the Commissioner.

    The committee consists of a minimum of three independent members who have the appropriate qualifications, knowledge, skills or experience to enable the committee to perform its functions. The Chair of the committee reports to the Commissioner.

    Committee functions

    Financial reporting

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • annual financial statements
    • information (other than annual financial statements) as requested by the Department of Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package
    • processes and systems for preparing financial reporting information
    • financial record keeping
    • response to matters raised by the Australian National Audit Office (ANAO)
    • processes for ensuring financial information included in the ATO’s annual report is consistent with the signed financial statements
    • processes in place to allow the ATO to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting.

    The committee will give a statement to the Commissioner:

    • determining whether the annual financial statements (or other additional ATO information as requested), comply with the PGPA Act, the PGPA Rule, Accounting Standards and supporting guidance
    • referencing any specific areas of concern or suggestions for improvement.

    Performance and quality reporting

    The committee will review and provide advice on the appropriateness of the ATO’s systems and procedures for assessing, monitoring and reporting on the achievement of the ATO’s performance. In particular, the committee will ensure that:

    • the ATO’s Portfolio Budget Statements and corporate plan contain appropriate details of how the ATO’s performance will be measured and assessed
    • the ATO’s approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and corporate plan is appropriate and in accordance with the Commonwealth performance framework
    • the ATO has appropriate systems and processes for the preparation of its annual performance statement and inclusion of the statement in its annual report.

    The committee will give a statement to the Commissioner:

    • determining whether the ATO’s annual performance statements and performance reporting as a whole is appropriate
    • referencing any specific areas of concern or suggestions for improvement.

    System of risk oversight and management

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • enterprise risk management framework and the necessary internal controls for the effective identification and management of the ATO’s risks, in keeping with the Commonwealth Risk Management Policy
    • approach to managing their key risks, including those associated with individual projects and program implementation and activities
    • process for developing and implementing their fraud control arrangements consistent with the Commonwealth Fraud Control Framework, and ensure that the ATO has adequate processes for detecting, capturing and effectively responding to fraud risks
    • articulation of key roles and responsibilities relating to risk management and adherence to them by ATO officials.

    The committee will give a statement to the Commissioner:

    • determining whether the ATO’s system of risk oversight and management as a whole is appropriate with reference to the Commonwealth Risk Management Policy
    • referencing any specific areas of concern or suggestions for improvement.

    System of internal control

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • internal control framework, by reviewing
      • management’s approach to maintaining an effective internal control framework
      • whether management has in operation relevant and current policies and procedures—such as Chief Executive Instructions and delegations, and whether appropriate processes are in place for assessing whether key policies and procedures are complied with
      • the Chief Internal Auditor’s annual report covering their view of the overall state of ATO’s internal controls
       
    • legislative and policy compliance, by
      • reviewing the effectiveness of systems for monitoring the ATO’s compliance with laws, regulations and associated government policies with which the ATO must comply
      • determining whether management has adequately considered legal and compliance risks as part of the ATO’s enterprise risk management framework, fraud control framework and planning
      • reviewing management’s processes for identifying substantial breaches of the PGPA Act and the PGPA Rule and for reporting any such substantial breaches to the portfolio Minister and the Minister for Finance and including them in the ATO’s Annual Report
       
    • security compliance, by
      • reviewing management’s approach to maintaining an effective internal security system, including complying with the Protective Security Policy Framework and ICT security policy
       
    • internal audit function, by
      • reviewing the proposed internal audit coverage, ensuring that the coverage considers the ATO’s key risks, and recommending approval of the internal audit work plan by the Commissioner or the nominated delegate
      • reviewing all internal audit reports, providing advice to the Commissioner on major concerns identified in those reports, and recommending action on significant matters raised, including identification and dissemination of information on good practice
      • periodically reviewing the performance of internal audit
      • providing advice to the Commissioner on the appointment of the Chief Internal Auditor.
       

    The committee will give a statement to the Commissioner:

    • determining whether the ATO’s system of internal control is appropriate
    • determining whether the performance of internal audit is adequate, including the appropriateness of the internal audit plan and completion of the approved Internal Audit Plan
    • referencing any specific areas of concern or suggestions for improvement.

    Additional functions

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • business continuity, by
      • ensuring that an appropriate approach has been taken to establish business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested
       
    • framework for ensuring ethical and lawful conduct, by
      • assessing whether management has taken steps to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct
       
    • parliamentary committee reports, external reviews and evaluations, by
      • ensuring that an appropriate mechanism for reviewing parliamentary committee reports, external reviews and evaluations, and implementing where appropriate, any resultant recommendations.
       

    Membership and structure

    Committee independence

    The Public Governance, Performance and Accountability Amendment (2020 Measures No.1) Rule 2020 was registered on 27 February 2020 to amend the PGPA Rule.

    The amendments include membership changes in relation to an audit committee for a Commonwealth entity. From 1 July 2021, all audit committee members of a non-corporate Commonwealth entity must be persons who are not officials of the entity, and a majority of the members must be persons who are not officials of any Commonwealth entity (subsection 17(4)).

    The committee will comprise of a minimum of three independent (external) members, appointed by the Commissioner.

    The following people may attend meetings as advisers or observers as determined by the Chair, but will not be members of the committee:

    • the Commissioner
    • Chief Finance Officer
    • Chief Operating Officer
    • Chief Information Officer
    • Chief Internal Auditor
    • Assistant Commissioner of Fraud Prevention and Internal Investigations
    • Chief Risk Officer
    • Chief Service Delivery Officer
    • other management representatives.

    Conduct of the committee

    Committee members, taken collectively, will have a broad range of qualifications, skills and experience relevant to the operations of the ATO. At least one member of the committee will have accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment.

    All attendees will conduct themselves in a professional, ethical, courteous and appropriate manner. This includes contributing to a constructive environment where all attendees, where appropriate, can participate and focus on issues relevant to achieving the purpose of the committee.

    Members are expected to:

    • understand and observe the legal requirements of the PGPA Act and PGPA Rule
    • act in the best interests of the ATO
    • prepare for committee meetings and review materials provided prior to each meeting
    • not use or disclose information obtained by the committee except in meeting the committee’s responsibilities, or unless expressly agreed by the Commissioner
    • apply good analytical skills, objectivity and good judgment
    • express opinions constructively and openly
    • raise issues that relate to the committee’s responsibilities
    • contribute the time required to meet their responsibilities.

    Conflicts of interest (COI)

    The ATO Chief Executive Instruction (CEI) on Conflicts of Interest (CEI 2014/06/10) sets out responsibilities for identifying, reporting and managing conflicts of interest. All members, advisers, observers and the secretariat are to comply with the CEI 2014/06/10 and where a COI (real, perceived or potential) is identified, complete a COI form that will be documented in the ATO Integrity Register.

    The key test for identifying whether a COI exists is whether an impartial observer would reasonably question if the person’s interests might influence the way they behave or carry out their duties.

    Members, advisers and observers are required to proactively manage conflicts of interest, declaring them as they arise. Re-declaration is required as circumstances change. An opportunity will be provided to state any COI at the commencement of each meeting and responses will be recorded in the minutes. A decision will be made by the Chair regarding appropriate handling of any COI at that time. If the member stating a conflict of interest is the Chair, then the decision will be made by the member nominated to act as Chair in the absence of the Chair for that meeting.

    At least once each year and when otherwise required, members will complete and submit a formal COI declaration, requiring members to declare any potential, perceived or actual conflicts of interest they may have in relation to their responsibilities. This includes notifying other positions held by members. Members will be required to verify every three months that their most recent formal COI declaration remains current and valid.

    Members are responsible for taking an active role in considering the impact that any personal or financial interests may have on the performance of their ATO obligations. This includes considering whether existing commitments and/or committee memberships may appear to, are likely to, or do influence their performance as a member of the Committee. Decisions must be made, and be perceived to be made, on proper grounds, for legitimate reasons and without bias. Community and government confidence in the ATO depends on this.

    Rotation of committee members

    Committee members will be appointed for an initial period determined by the Commissioner. Members may be reappointed after a formal review of their performance, for further periods as specified by the Commissioner.

    New members

    New members will receive relevant information and briefings on their appointment to help them meet their responsibilities.

    Chair

    The Commissioner will appoint a Chair for the committee from the committee members.

    A committee member will be nominated to act as Chair in the absence of the Chair in advance of each meeting, on a rotating basis.

    From 1 July 2021, section 17(4) of the PGPA Rule requires that for non-corporate Commonwealth entities, all members of the audit committee must not be persons who are officials of the entity, and a majority must be persons who are not officials of any Commonwealth entity. This means that all committee members, including the Chair of the committee must be an independent member. The sub-committee will be chaired by an independent member to ensure best practice.

    The committee members will act as Chair for the sub-committee and attend the ACNC and the TPB Audit and Risk Committees on a rotating basis.

    Audit and Risk Sub-committee

    The committee has established a sub-committee to assist in meeting its responsibilities. The sub-committee helps the committee manage its workload in meeting its responsibilities. Presentations may be scheduled at the sub-committee to assist with members’ continuity and ongoing education. The committee stipulates that:

    • membership of the sub-committee will include all independent members of the committee and could extend beyond these members if additional expertise on particular assurance matters is required
    • the sub-committee will meet quarterly with additional meetings at the end of the financial year to consider the financial statements and the performance statements
    • minutes of all sub-committee meetings are taken, distributed to all members of the sub-committee and permanent advisers
    • relevant items are discussed at the next committee meeting
    • important issues that may require consideration by the committee are brought to the attention of the Chair immediately following a sub-committee meeting so that the Chair is in a position to decide what action to take.

    The Tax Practitioners Board and Australian Charities and Not-for-profits Commission

    The ACNC and the TPB are independent statutory authorities, however the Commissioner is the accountable authority for the ATO, the ACNC and the TPB.

    There is no legislative requirement for these two statutory authorities to have separate audit committees. As the accountable authority, the Commissioner must ensure that the financial activities undertaken by the ACNC and the TPB comply with the PGPA Act.

    Currently, the ACNC and the TPB Audit and Risk Committees are considered as sub-committees of the committee, and committee members will attend the ACNC and the TPB Audit and Risk Committees on a rotating basis.

    Australian National Audit Office

    Representatives of the Australian National Audit Office (ANAO) will be invited to attend meetings of the committee, as observers. In undertaking its role, the committee will engage with the ANAO, as the external auditor, in relation to the ANAO’s financial statement and performance audit coverage. In particular, the committee will:

    • review ATO specific and relevant cross-entity external performance audit reports and monitor management’s response and implementation of audit recommendations
    • review management’s responses to all ANAO Financial Statements Management Letters, including implementation of Audit Recommendations
    • provide advice to the Commissioner on action to be taken on significant issues raised in relevant ANAO reports and ANAO Audit Insights
    • meet privately with the ANAO at least once per year.
    Last modified: 23 Nov 2021QC 63737