Audit and Risk Committee Charter 2023

Committee authority

The Commissioner of Taxation (Commissioner) is the Accountable Authority under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

The Commissioner has established the ATO Audit and Risk Committee (committee) in compliance with section 45 of the PGPA Act.

The committee performs its functions in accordance with section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

The committee is the audit and risk committee for the:

• ATO
• Australian Charities and Not-for-profits Commission (ACNC)
• Tax Practitioners Board (TPB).

Whilst the ACNC and the TPB are independent statutory authorities, they are ATO programs and therefore their accountable authority is the Commissioner.

The Commissioner is also Registrar of the Australian Business Register (ABR) and the Australian Business Registry Services (ABRS). The Registrar is accountable for administering director identification numbers and assisting the Australian Securities and Investment Commission (ASIC) perform its registry functions and associated reporting

Role of the committee

The committee has a broad range of responsibilities and is a key part of the governance arrangements of the ATO.

Consistent with subsection 17(2) of the PGPA Rule, its main purpose is to help the Commissioner by providing independent advice and assurance about the appropriateness of 4 areas:

• financial reporting
• performance reporting
• system of risk oversight and management
• system of internal control.

The committee:

• is not responsible for the executive management of the above areas
• will engage with management in a constructive and professional manner to form and give advice to the Commissioner
• may have its role revised or expanded in consultation with, or as requested by, the Commissioner
• consists of a minimum of 3 independent members who have the appropriate qualifications, knowledge, skills or experience to enable the committee to perform its functions – the Chair reports to the Commissioner.

For the remainder of this Charter, references to the ‘ATO’ refers to all ATO programs including the ACNC and TPB.

Committee functions

Financial reporting [PGPA Rule 17(2)(a)]

The committee will review and provide advice on the appropriateness of the ATO's:

• annual financial statements
• information (other than annual financial statements) as requested by the Department of Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package
• processes and systems for preparing financial reporting information
• financial record keeping
• response to matters raised by the Australian National Audit Office (ANAO)
• processes for ensuring financial information included in the ATO’s annual report is consistent with the signed financial statements
• processes in place to allow the ATO to stay informed throughout the year of any changes or additional requirements in relation to the financial reporting

The committee will give a statement to the Commissioner:

• determining whether the annual financial statements (or other additional ATO information as requested), comply with the PGPA Act, the PGPA Rule, Accounting Standards and supporting guidance
• referencing any specific areas of concern or suggestions for improvement.

Performance and quality reporting [PGPA Rule 17(2)(b)]

The committee will review and provide advice on the appropriateness of the ATO’s systems and procedures for assessing, monitoring and reporting on the achievement of the ATO’s performance.

In particular, the committee will ensure that the ATO's:

• Portfolio Budget Statements and corporate plan contain appropriate details of how the ATO’s performance will be measured and assessed
• approach to measuring its performance throughout the financial year against the performance measures included in its Portfolio Budget Statements and corporate plan is appropriate and in accordance with the Commonwealth performance framework
• has appropriate systems and processes for the preparation of its annual performance statement and inclusion of the statement in its annual report.

The committee will give a statement to the Commissioner:

• determining whether ATO’s annual performance statements and performance reporting is appropriate
• referencing any specific areas of concern or suggestions for improvement.

System of risk oversight and management [PGPA Rule 17(2)(c)]

The committee will review and provide advice on the appropriateness of the ATO’s:

• enterprise risk management framework and the necessary internal controls for the effective identification and management of the ATO’s risks, in keeping with the Commonwealth Risk Management Policy
• approach to managing their key risks, including those associated with individual projects and program implementation and activities
• process for developing and implementing their fraud control arrangements consistent with the Commonwealth Fraud Control Framework, and ensure that the ATO has adequate processes for detecting, capturing and effectively responding to fraud risks
• articulation of key roles and responsibilities relating to risk management and adherence to them by ATO officials.

The committee will give a statement to the Commissioner:

• determining whether the ATO’s system of risk oversight and management is appropriate with reference to the Commonwealth Risk Management Policy
• referencing to any specific areas of concern or suggestions for improvement.

System of internal control [PGPA Rule 17(2)(d)]

The committee will review and provide advice on the appropriateness of the ATO’s

• internal control framework, by reviewing
  • management’s approach to maintaining an effective internal control framework
  • whether management has in operation relevant and current policies and procedures—such as Chief Executive Instructions and delegations, and whether appropriate processes are in place for assessing whether key policies and procedures are complied with
  • the Chief Internal Auditor’s annual report covering their view of the overall state of ATO’s internal controls.
• legislative and policy compliance, by  
  • reviewing the effectiveness of systems for monitoring the ATO’s compliance with laws, regulations and associated government policies which the ATO must comply
  • determining whether management has adequately considered legal and compliance risks as part of the ATO’s enterprise risk management framework, fraud control framework and planning
  • reviewing management’s processes for identifying substantial breaches of the PGPA Act and the PGPA Rule and for reporting any such substantial breaches to the portfolio Minister and the Minister for Finance and including them in the ATO annual report
• security compliance, by
  • management’s approach to maintaining an effective security system through review of the agency’s maturity against the Protective Security Policy Framework and the ICT security policy.
• internal audit function, by
  • reviewing the proposed internal audit coverage, ensuring that the coverage considers the ATO’s key risks, and recommending approval of the internal audit work plan by the Commissioner
  • reviewing all internal audit reports, providing advice to the Commissioner on major concerns identified in those reports, recommending action on significant matters raised, including identifying and disseminating information on good practice
  • periodically reviewing the performance of internal audit
  • reviewing the implementation of agreed actions relating to recommendations from internal audits and external audits that relate to ATO
  • internal audit charter by reviewing to see that it includes appropriate authority, access and reporting arrangements
  • providing advice to the Commissioner on the appointment of the Chief Internal Auditor.

The committee will give a statement to the Commissioner:

• determining whether the ATO’s system of internal control is appropriate
• determining whether the performance of internal audit is adequate, including the appropriateness of the internal audit plan and completion of the approved Internal Audit Plan
• referencing any specific areas of concern or suggestions for improvement.

Additional functions

The committee will review and provide advice on the appropriateness of the ATO’s:

• business continuity, by ensuring that an appropriate approach has been taken to establish business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested
• ethical and lawful conduct, by assessing whether management has taken steps to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct
• parliamentary committee reports, external reviews and evaluations by ensuring that the appropriate mechanism for reviewing parliamentary committee reports, external reviews and evaluations are followed and implementing, where appropriate, any resultant recommendations

Membership and structure

Committee independence

In accordance with Subsection 17(3) and Subsection 17(4) of the PGPA Rule, membership of the committee must consist of at least 3 persons who are not officials of the entity and most of the members must be persons who are not officials of any Commonwealth entity.

The committee members will be appointed for an initial period determined by the Commissioner. Members may be reappointed after a formal review of their performance, for further periods as specified by the Commissioner. Members and Chairs should be appointed for 3 years, with an option to extend approved by the Commissioner. The committee will comprise of a minimum of 3 independent (external) members, appointed by the Commissioner.

The following people may attend meetings as advisers or observers as determined by the Chair but will not be members of the committee:

• the Commissioner
• Chief Finance Officer
• Chief Operating Officer
• Chief Information Officer
• Chief Internal Auditor
• Assistant Commissioner of Fraud Prevention and Internal Investigations
• Chief Risk Officer
• Chief Service Delivery Officer
• other management representatives.

New members shall receive relevant information and briefings on their appointment to help them to meet their responsibilities.

Chair

The Commissioner will appoint a Chair for the committee from the committee members.

A committee member will be nominated to act as Chair in the absence of the Chair in advance of each meeting on a rotating basis.

The Chair is responsible for:

• ensuring committee members remain focused on achieving outcomes
• setting the agenda for the matters to be considered by the committee
• ensuring that the information provided to the committee is relevant and sufficient to keep the committee appropriately informed
• facilitating open and constructive discussion amongst committee members
• encouraging committee members’ contributions in deliberations.

Conduct of the committee

The committee members, taken collectively, will have a broad range of qualifications, skills and experience relevant to the operations of the ATO.

At least one member of the committee will have accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment.

All attendees will conduct themselves in a professional, ethical, courteous and appropriate manner. This includes contributing to a constructive environment where all attendees, where relevant, can participate and focus on issues relevant to achieving the purpose of the committee.

Members are expected to:

• understand and observe the legal requirements of the PGPA Act and PGPA Rule
• act in the best interests of the ATO
• prepare for committee meetings and review materials provided prior to each meeting
• not use or disclose information obtained by the committee except in meeting the committee’s responsibilities, or unless expressly agreed by the Commissioner
• apply good analytical skills, objectivity and good judgment
• express opinions constructively and openly
• raise issues that relate to the committee’s responsibilities
• contribute the time required to meet their responsibilities.

Conflicts of Interest (COI)

The ATO Chief Executive Instruction (CEI) on Conflicts of Interest (CEI 2014/06/10) sets out responsibilities for identifying, reporting and managing conflicts of interest.

All members, advisers, observers and the secretariat are to comply with the CEI 2014/06/10 and where a COI (real, perceived or potential) is identified, complete a COI form that will be documented in the ATO Integrity Register. 

The key test for identifying whether a COI exists is whether an impartial observer would reasonably question if the person’s interests might influence the way they behave or carry out their duties.

Members, advisers and observers are required to proactively manage conflicts of interest, declaring them as they arise.

Re-declaration is required as circumstances change. An opportunity will be provided to state any COI at the start of each meeting and responses will be recorded in the minutes.

A committee member who has a material personal interest in any matters due for consideration must give the other committee members notice of the interest.

The notice must give details of:

• the nature and extent of the interest
• the relation of the interest.

The Chair, or nominated chair, will make the decision on the appropriate mitigation regarding any COI.

At least once each year or when otherwise required, members will complete and submit a formal COI declaration. The declaration requires members to declare any potential, perceived or actual conflicts of interest they may have about their responsibilities. This includes notifying other positions held by members.

Members are responsible for taking an active role in considering the impact that any personal or financial interests may have on the performance of their ATO obligations. This includes considering whether existing commitments and committee memberships may appear to, are likely to, or do in fact influence their performance as a member of the committee.

Decisions must be made, and be perceived to be made, on proper grounds, for legitimate reasons and without bias. Community and government confidence in the ATO depends on this. In situations where a conflict of interest exists, decisions must be made by another non-conflicted person.

Details of material personal interests declared by the Chair, other committee members, advisers or observers. Any actions taken, will be appropriately recorded in the outcomes of the minutes.

Audit and Risk Subcommittee

The committee has established a subcommittee to help in meeting its responsibilities. Membership will include all independent members of the committee.

The Subcommittee helps the committee manage its workload in meeting its responsibilities. Presentations may be scheduled at the subcommittee to help with members’ continuity and on-going education.

The committee stipulates that the subcommittee:

• will meet quarterly with additional meetings at the end of the financial year to consider the financial statements and the performance statements
• will be chaired by an independent member on a rotating basis to ensure best practice.

The Tax Practitioners Board and Australian Charities and Not-for-profits Commission

There is no legislative requirement for ACNC and TPB to have separate audit committees. As the accountable authority, the Commissioner must ensure that the financial activities undertaken by the ACNC and the TPB comply with the PGPA Act.

On a rotating basis, the ATO committee members attend the ACNC and the TPB Audit and Risk Committees as observers.

Australian National Audit Office

Representatives of the Australian National Audit Office (ANAO) will be invited to attend meetings of the committee, as observers.

In undertaking its role, the committee will engage with the ANAO, as the external auditor, in relation to the ANAO’s financial statement and performance audit coverage.

In particular, the committee will:

• review ATO specific and relevant cross-entity external performance audit reports and monitor management’s response and implementation of audit recommendations
• review management’s responses to all ANAO Financial Statements Management Letters, including implementation of Audit Recommendations
• provide advice to the Commissioner on action to be taken on significant issues raised in relevant ANAO reports and ANAO Audit Insights
• meet privately with the ANAO at least once per year.

Administrative arrangements

Charter

This Charter will be updated annually or as needed to reflect changes to the ATO’s operating context, new circumstances and the Commissioner’s changing needs.

Annual program of work

The committee will prepare a work plan that outlines the activities to be undertaken to achieve the committee’s functions as outlined in this Charter.

Meetings

The committee and subcommittee will each meet at least 4 times per year.

Additional arrangements include:

• additional special meetings may be held to review the ATO’s annual financial statements and performance statements or to meet other specific responsibilities of the committee as required
• the Chair is required to call a meeting if asked to do so by the Commissioner, and decide if a meeting is required if requested by another member, adviser or the ANAO
• closed meetings will be arranged with internal advisers and ANAO once a year or as deemed appropriate by the Chair
• the committee may, at any time, report to the Commissioner any other matter it deems of sufficient importance to do so. In addition, at any time an individual committee member may request a meeting with the Commissioner
• items may be considered out-of-session by exception at the Chair’s discretion.

A quorum will consist of at least 3 committee members, one of whom must be the Chair or the member acting as Chair for that meeting. The quorum must always be in place during the meeting.

Access to and use of information

The Commissioner authorises the committee, to:

• obtain any information it requires from any official or external party (subject to any legal obligation to protect information)
• discuss any matters with the ANAO, or other external parties (subject to confidentiality considerations)
• request the attendance of any official, including the Commissioner, at committee meetings
• obtain legal or other professional advice, as considered necessary to fulfil its role, at the ATO’s expense, subject to approval by the Commissioner or delegate
• committee members must not use or disclose information obtained by the committee except in meeting the committee’s responsibilities, or unless expressly agreed by the Commissioner
• outside meetings committee members wishing to engage with ATO management staff and advisers will do so through the secretariat who will record and share information with other members as appropriate.

Secretariat

The committee is supported by the secretariat that facilitates meetings and provides support to the committee and Subcommittee. The secretariat will:

• develop agendas for each meeting and ensure they are approved by the Chair
• circulate agenda and meeting papers at five working days before a meeting
• ensure the minutes of the meetings are prepared, reviewed, circulated and maintained
• coordinate and maintain the forward work program and the action item register
• support succession planning
• perform contract management duties as required.

ARC Annual Reporting to the Commissioner

The committee will, as often as necessary, and at least once a year, report to the Commissioner on its operation and activities during the year and confirm to the Commissioner that all functions outlined in this Charter have been satisfactorily addressed.

The committee may, at any time, report to the Commissioner any other matter it deems of sufficient importance to do so.

Annual Reporting requirement

Section 17AG of the PGPA Rule establishes that the following information is to be included in the Annual Report:

• a direct electronic address (hyperlink) of the Charter determining the functions of the audit committee for the entity
• the name of each member of the audit committee during the period
• the qualifications, knowledge, skills or experience of those members
• information about each of those members’ attendance at meetings of the audit committee during the period
• the remuneration of each of those members.

Reviewing and assessing committee performance

The Chair of the committee will initiate a review of the performance of the committee biennially.

The review will be conducted on a self-assessment basis (unless otherwise determined by the Commissioner) with appropriate input sought from:

• the Commissioner
• internal auditors
• regular advisers
• senior management
• any other relevant stakeholders, as determined by the Chair.

The review of the committee will also encompass a review of this Charter and will assure its compliance with all relevant corporate policies and guidelines.

Any material changes to the Charter will be recommended by the committee and formally approved by the Commissioner.