Show download pdf controls
  • Audit and Risk Committee charter

    Introduction

    Overview

    The ATO Audit and Risk Committee (referred to as the committee) has a broad range of responsibilities and is a key part of the governance arrangements of the ATO. Its main purpose is to assist the Commissioner, by providing independent advice and assurance about the appropriateness of the four areas being:

    • financial reporting
    • performance reporting
    • system of risk oversight and management
    • system of internal control.

    The Commissioner of Taxation (Commissioner) has established the committee in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), and the committee performs its functions in accordance with the requirements prescribed by the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

    The committee is the Audit and Risk Committee for the:

    • ATO
    • Tax Practitioners Board (TPB)
    • Australian Charities and Not-for-profits Commission (ACNC).

    Whilst the TPB and the ACNC are independent statutory authorities, they are programs of the ATO and therefore their accountable authority is the Commissioner.

    The committee consists of at least five members who have the appropriate qualifications, knowledge, skills or experience to enable the committee to perform its functions. The majority of the members are external. The chair of the committee reports to the Commissioner.

    Role of the committee

    The committee provides independent assurance to the Commissioner in relation to the appropriateness of the ATO, TPB and ACNC’s above mentioned four areas of:

    • financial reporting
    • performance reporting
    • system of risk oversight
    • management and system of internal control.

    The committee is not responsible for the executive management of these functions. The committee will engage with management in a constructive and professional manner in discharging its advisory responsibilities and formulating its advice to the Commissioner.

    The role of the committee may be revised or expanded in consultation with, or as requested by, the Commissioner.

    Committee functions

    Financial reporting

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • annual financial statements
    • ATO information (other than annual financial statements) as requested by the Department of Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package
    • processes and systems for preparing financial reporting information
    • financial record keeping
    • response to matters raised by the Australian National Audit Office (ANAO)
    • processes for ensuring financial information included in the ATO’s annual report is consistent with the signed financial statements
    • processes in place to allow the ATO to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting.

    The committee will provide a statement to the Commissioner whether, in the committee’s view:

    • the annual financial statements (or other additional ATO information as requested), comply with the PGPA Act, the PGPA Rule, Accounting Standards and supporting guidance
    • reference to any specific areas of concern or suggestions for improvement.

    Performance and quality reporting

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • systems and procedures for assessing, monitoring and reporting on the achievement of the ATO’s performance – in particular, the committee will satisfy itself that
      • the ATO’s Portfolio Budget Statements and corporate plan contain appropriate details of how the ATO’s performance will be measured and assessed
      • the ATO’s approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and corporate plan is appropriate and in accordance with the Commonwealth performance framework
      • the ATO has appropriate systems and processes for the preparation of its annual performance statement and inclusion of the statement in its annual report
       
    • Annual performance statements and provide advice to the Commissioner in relation to their appropriateness to the ATO.

    The committee will provide a statement to the Commissioner setting out whether, in their view:

    • the ATO’s annual performance statements and performance reporting as a whole is appropriate
    • reference to any specific areas of concern or suggestions for improvement.

    System of risk oversight and management

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • enterprise risk management policy framework and the necessary internal controls for the effective identification and management of the ATO’s risks, in keeping with the Commonwealth Risk Management Policy External Link
    • approach to managing the ATO’s key risks, including those associated with individual projects and program implementation and activities
    • process for developing and implementing the ATO’s fraud control arrangements consistent with the fraud control frameworkExternal Link, and satisfy itself that the ATO has adequate processes for detecting, capturing and effectively responding to fraud risks
    • articulation of key roles and responsibilities relating to risk management and adherence to them by officials of the ATO.

    The committee will provide a statement to the Commissioner setting out whether in their view:

    • the ATO’s system of risk oversight and management as a whole is appropriate with reference to the Commonwealth Risk Management Policy
    • reference to any specific areas of concern or suggestions for improvement.

    System of internal control

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • internal control framework, by
      • reviewing management’s approach to maintaining an effective internal control framework
      • reviewing whether management has in operation relevant and current policies and procedures—such as Chief Executive Instructions and delegations, and whether appropriate processes are in place for assessing whether key policies and procedures are complied with
      • reviewing the Chief Internal Auditor’s annual report covering his/her view of the overall state of ATO’s internal controls
       
    • legislative and policy compliance, by:
      • reviewing the effectiveness of systems for monitoring the ATO’s compliance with laws, regulations and associated government policies with which the ATO must comply
      • determining whether management has adequately considered legal and compliance risks as part of the ATO’s enterprise risk management framework, fraud control framework and planning
      • reviewing management’s processes for identifying substantial breaches of the PGPA Act and the PGPA Rule and for reporting any such substantial breaches to the portfolio Minister and the Minister for Finance and including them in the ATO’s Annual Report
       
    • security compliance, by
      • reviewing management’s approach to maintaining an effective internal security system, including complying with the Protective Security Policy Framework and ICT security policy
       
    • internal audit function, by
      • reviewing the proposed internal audit coverage, ensuring that the coverage takes into account the ATO’s key risks, and recommending approval of the internal audit work plan by the Commissioner or the nominated delegate
      • reviewing all internal audit reports, providing advice to the Commissioner on major concerns identified in those reports, and recommending action on significant matters raised, including identification and dissemination of information on good practice
      • periodically reviewing the performance of internal audit
      • providing advice to the Commissioner on the appointment of the Chief Internal Auditor.
       

    The committee will provide a statement to the Commissioner setting out whether in their view:

    • the ATO’s system of internal control is appropriate
    • the performance of internal audit is adequate, including the appropriateness of the internal audit plan and completion of the approved Internal Audit Plan
    • reference to any specific areas of concern or suggestions for improvement.

    Other

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • business continuity, by
      • satisfying itself that an appropriate approach has been taken in establishing business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested
       
    • framework for ensuring ethical and lawful conduct, by
      • assessing whether management has taken steps to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct
       
    • parliamentary committee reports, external reviews and evaluations, by
      • satisfying itself that an appropriate mechanism for reviewing parliamentary committee reports, external reviews and evaluations, and implementing where appropriate, any resultant recommendations.
       
    Last modified: 23 Sep 2020QC 63737