Show download pdf controls
  • Audit and Risk Committee Charter

    2022 Audit and Risk Committee Charter outlines committee roles, membership and structure, administrative arrangements.

    Committee authority

    The Commissioner of Taxation (Commissioner) is the Accountable Authority under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

    The Commissioner has established the ATO Audit and Risk Committee (committee) in compliance with section 45 of the PGPA Act.

    The committee performs its functions in accordance with section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

    The committee is the audit and risk committee for the:

    • ATO
    • Australian Charities and Not-for-profits Commission (ACNC)
    • Tax Practitioners Board (TPB).

    Whilst the ACNC and the TPB are independent statutory authorities, they are ATO programs and therefore their accountable authority is the Commissioner.

    The Commissioner is also Registrar of the Australian Business Register (ABR) and the Australian Business Registry Services (ABRS). The Registrar is accountable for administering director identification numbers and assisting the Australian Securities and Investment Commission (ASIC) perform its registry functions and associated reporting. Until ASIC registers are migrated to the new registry system, the Registrar will assume primary responsibility for registry functions and associated reporting.

    Role of the committee

    The committee has a broad range of responsibilities and is a key part of the governance arrangements of the ATO.

    Consistent with subsection 17(2) of the PGPA Rule, its main purpose is to help the Commissioner by providing independent advice and assurance about the appropriateness of 4 areas:

    1. financial reporting
    2. performance reporting
    3. system of risk oversight and management
    4. system of internal control.

    The committee:

    • is not responsible for the executive management of the above areas
    • will engage with management in a constructive and professional manner to form and give advice to the Commissioner
    • may have its role revised or expanded in consultation with, or as requested by, the Commissioner
    • consists of a minimum of 3 independent members who have the appropriate qualifications, knowledge, skills or experience to enable the committee to perform its functions – the Chair reports to the Commissioner.

    For the remainder of this Charter, references to the ‘ATO’ refers to all ATO programs including the ACNC and TPB.

    Committee functions

    Financial reporting [PGPA Rule 17(2)(a)]

    The committee will review and provide advice on the appropriateness of the ATO's:

    • annual financial statements
    • information (other than annual financial statements) as requested by the Department of Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package
    • processes and systems for preparing financial reporting information
    • financial record keeping
    • response to matters raised by the Australian National Audit Office (ANAO)
    • processes for ensuring financial information included in the ATO’s annual report is consistent with the signed financial statements
    • processes in place to allow the ATO to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting

    The committee will give a statement to the Commissioner:

    • determining whether the annual financial statements (or other additional ATO information as requested), comply with the PGPA Act, the PGPA Rule, Accounting Standards and supporting guidance
    • referencing any specific areas of concern or suggestions for improvement.

    Performance and quality reporting [PGPA Rule 17(2)(b)]

    The committee will review and provide advice on the appropriateness of the ATO’s systems and procedures for assessing, monitoring and reporting on the achievement of the ATO’s performance.

    In particular, the committee will ensure that:

    • the ATO’s Portfolio Budget Statements and corporate plan contain appropriate details of how the ATO’s performance will be measured and assessed
    • the ATO’s approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and corporate plan is appropriate and in accordance with the Commonwealth performance framework
    • the ATO has appropriate systems and processes for the preparation of its annual performance statement and inclusion of the statement in its annual report.

    The committee will give a statement to the Commissioner:

    • determining whether ATO’s annual performance statements and performance reporting is appropriate
    • referencing any specific areas of concern or suggestions for improvement.

    System of risk oversight and management [PGPA Rule 17(2)(c)]

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • enterprise risk management framework and the necessary internal controls for the effective identification and management of the ATO’s risks, in keeping with the Commonwealth Risk Management Policy
    • approach to managing their key risks, including those associated with individual projects and program implementation and activities
    • process for developing and implementing their fraud control arrangements consistent with the Commonwealth Fraud Control Framework, and ensure that the ATO has adequate processes for detecting, capturing and effectively responding to fraud risks
    • articulation of key roles and responsibilities relating to risk management and adherence to them by ATO officials.

    The committee will give a statement to the Commissioner:

    • determining whether the ATO’s system of risk oversight and management is appropriate with reference to the Commonwealth Risk Management Policy
    • referencing to any specific areas of concern or suggestions for improvement.

    System of internal control [PGPA Rule 17(2)(d)]

    The committee will review and provide advice on the appropriateness of the ATO’s

    • internal control framework, by reviewing
      • management’s approach to maintaining an effective internal control framework
      • whether management has in operation relevant and current policies and procedures—such as Chief Executive Instructions and delegations, and whether appropriate processes are in place for assessing whether key policies and procedures are complied with
      • the Chief Internal Auditor’s annual report covering their view of the overall state of ATO’s internal controls.
    • legislative and policy compliance, by
      • reviewing the effectiveness of systems for monitoring the ATO’s compliance with laws, regulations and associated government policies which the ATO must comply
      • determining whether management has adequately considered legal and compliance risks as part of the ATO’s enterprise risk management framework, fraud control framework and planning
      • reviewing management’s processes for identifying substantial breaches of the PGPA Act and the PGPA Rule and for reporting any such substantial breaches to the portfolio Minister and the Minister for Finance and including them in the ATO annual report
    • security compliance, by
      • management’s approach to maintaining an effective security system through review of the agency’s maturity against the Protective Security Policy Framework and the ICT security policy.
    • internal audit function, by
      • reviewing the proposed internal audit coverage, ensuring that the coverage considers the ATO’s key risks, and recommending approval of the internal audit work plan by the Commissioner
      • reviewing all internal audit reports, providing advice to the Commissioner on major concerns identified in those reports, recommending action on significant matters raised, including identifying and disseminating information on good practice
      • periodically reviewing the performance of internal audit
      • reviewing the implementation of agreed actions relating to recommendations from internal audits and external audits that relate to ATO
      • internal audit charter by reviewing to see that it includes appropriate authority, access and reporting arrangements
      • providing advice to the Commissioner on the appointment of the Chief Internal Auditor.

    The committee will give a statement to the Commissioner:

    • determining whether the ATO’s system of internal control is appropriate
    • determining whether the performance of internal audit is adequate, including the appropriateness of the internal audit plan and completion of the approved Internal Audit Plan
    • referencing any specific areas of concern or suggestions for improvement.

    Additional functions

    The committee will review and provide advice on the appropriateness of the ATO’s:

    • business continuity, by ensuring that an appropriate approach has been taken to establish business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested
    • ethical and lawful conduct, by assessing whether management has taken steps to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct
    • parliamentary committee reports, external reviews and evaluations by ensuring that the appropriate mechanism for reviewing parliamentary committee reports, external reviews and evaluations are followed and implementing, where appropriate, any resultant recommendations

    Membership and structure

    Committee independence

    In accordance with Subsection 17(3) and Subsection 17(4) of the PGPA Rule, membership of the committee must consist of at least 3 persons who are not officials of the entity and most of the members must be persons who are not officials of any Commonwealth entity.

    The committee members will be appointed for an initial period determined by the Commissioner. Members may be reappointed after a formal review of their performance, for further periods as specified by the Commissioner. Members and Chairs should be appointed for 3 years, with an option to extend approved by the Commissioner. The committee will comprise of a minimum of 3 independent (external) members, appointed by the Commissioner.

    The following people may attend meetings as advisers or observers as determined by the Chair but will not be members of the committee:

    • the Commissioner
    • Chief Finance Officer
    • Chief Operating Officer
    • Chief Information Officer
    • Chief Internal Auditor
    • Assistant Commissioner of Fraud Prevention and Internal Investigations
    • Chief Risk Officer
    • Chief Service Delivery Officer
    • other management representatives.

    New members shall receive relevant information and briefings on their appointment to help them to meet their responsibilities.


    The Commissioner will appoint a Chair for the committee from the committee members.

    A committee member will be nominated to act as Chair in the absence of the Chair in advance of each meeting on a rotating basis.

    The Chair is responsible for:

    • ensuring committee members remain focused on achieving outcomes
    • setting the agenda for the matters to be considered by the committee
    • ensuring that the information provided to the committee is relevant and sufficient to keep the committee appropriately informed
    • facilitating open and constructive discussion amongst committee members
    • encouraging committee members’ contributions in deliberations.

    Conduct of the committee

    The committee members, taken collectively, will have a broad range of qualifications, skills and experience relevant to the operations of the ATO.

    At least one member of the committee will have accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment.

    All attendees will conduct themselves in a professional, ethical, courteous and appropriate manner. This includes contributing to a constructive environment where all attendees, where relevant, can participate and focus on issues relevant to achieving the purpose of the committee.

    Members are expected to:

    • understand and observe the legal requirements of the PGPA Act and PGPA Rule
    • act in the best interests of the ATO
    • prepare for committee meetings and review materials provided prior to each meeting
    • not use or disclose information obtained by the committee except in meeting the committee’s responsibilities, or unless expressly agreed by the Commissioner
    • apply good analytical skills, objectivity and good judgment
    • express opinions constructively and openly
    • raise issues that relate to the committee’s responsibilities
    • contribute the time required to meet their responsibilities.

    Conflicts of Interest (COI)

    The ATO Chief Executive Instruction (CEI) on Conflicts of Interest (CEI 2014/06/10) sets out responsibilities for identifying, reporting and managing conflicts of interest.

    All members, advisers, observers and the secretariat are to comply with the CEI 2014/06/10 and where a COI (real, perceived or potential) is identified, complete a COI form that will be documented in the ATO Integrity Register. 

    The key test for identifying whether a COI exists is whether an impartial observer would reasonably question if the person’s interests might influence the way they behave or carry out their duties.

    Members, advisers and observers are required to proactively manage conflicts of interest, declaring them as they arise.

    Re-declaration is required as circumstances change. An opportunity will be provided to state any COI at the start of each meeting and responses will be recorded in the minutes.

    A committee member who has a material personal interest in any matters due for consideration must give the other committee members notice of the interest.

    The notice must give details of:

    • the nature and extent of the interest
    • the relation of the interest.

    The Chair, or nominated chair, will make the decision on the appropriate mitigation regarding any COI.

    At least once each year or when otherwise required, members will complete and submit a formal COI declaration. The declaration requires members to declare any potential, perceived or actual conflicts of interest they may have about their responsibilities. This includes notifying other positions held by members.

    Members are responsible for taking an active role in considering the impact that any personal or financial interests may have on the performance of their ATO obligations. This includes considering whether existing commitments and committee memberships may appear to, are likely to, or do in fact influence their performance as a member of the committee.

    Decisions must be made, and be perceived to be made, on proper grounds, for legitimate reasons and without bias. Community and government confidence in the ATO depends on this. In situations where a conflict of interest exists, decisions must be made by another non-conflicted person.

    Details of material personal interests declared by the Chair, other committee members, advisers or observers. Any actions taken, will be appropriately recorded in the outcomes of the minutes.

    Audit and Risk Subcommittee

    The committee has established a subcommittee to help in meeting its responsibilities. Membership will include all independent members of the committee.

    The Subcommittee helps the committee manage its workload in meeting its responsibilities. Presentations may be scheduled at the subcommittee to help with members’ continuity and on-going education.

    The committee stipulates that the subcommittee:

    • will meet quarterly with additional meetings at the end of the financial year to consider the financial statements and the performance statements
    • will be chaired by an independent member on a rotating basis to ensure best practice.

    The Tax Practitioners Board and Australian Charities and Not-for-profits Commission

    There is no legislative requirement for ACNC and TPB to have separate audit committees. As the accountable authority, the Commissioner must ensure that the financial activities undertaken by the ACNC and the TPB comply with the PGPA Act.

    On a rotating basis, the ATO committee members attend the ACNC and the TPB Audit and Risk Committees as observers.

    Australian National Audit Office

    Representatives of the Australian National Audit Office (ANAO) will be invited to attend meetings of the committee, as observers.

    In undertaking its role, the committee will engage with the ANAO, as the external auditor, in relation to the ANAO’s financial statement and performance audit coverage.

    In particular, the committee will:

    • review ATO specific and relevant cross-entity external performance audit reports and monitor management’s response and implementation of audit recommendations
    • review management’s responses to all ANAO Financial Statements Management Letters, including implementation of Audit Recommendations
    • provide advice to the Commissioner on action to be taken on significant issues raised in relevant ANAO reports and ANAO Audit Insights
    • meet privately with the ANAO at least once per year.
    Last modified: 07 Nov 2022QC 63737