WITNO0740110
WITNO0740110
Exhibit WITNO0740110
TERMS OF REFERENCE FOR THE AUDIT, RISK AND COMPLIANCE COMMITTEE
1. Purpose
The purpose of the Audit, Risk and Compliance Committee (“ARC” or the “Committee”) is to
assist the Board of Directors in fulfilling its fiduciary responsibilities by:
etriting an independent view on the accounting, financial control and financial
reporting practices of the Company.
eakihg all reasonable steps to ensure accurate and informative corporate financial
reporting and disclosures which meet appropriate accounting and corporate governance
standards.
eovitting oversight of the company’s risk management systems, operational controls and
key systems.
eheTesponsibilities undertaken by the ARC under delegated authority from the Board will
be subject always to the powers and duties of the Board, as set out in the Articles of
Association.
2. Composition, Terms of Office and Governance.
2.1 Composition and Terms of Office
ehe Committee shall serve as a standing committee of the Board. Its Chairman and
members will be appointed by the Board. It shall consist of at least two independent non-
executive directors.
ely @mn-executive directors shall be eligible for membership of the Committee.
Members of the Committee will normally serve for a period of three years. Their
appointment may be renewed on an annual basis thereafter with the consent of the
Chairman of the Committee but no director shall serve for more than six years.
ehe Guorum shall be two directors, of whom one will have recent and relevant financial
experience.
ehe Committee shall meet as often as required but at least three times per year.
' The Financial Reporting Council recommends a minimum of 3 meetings but suggests that more will be usually
required.
ARC ToR Approved by ARC 13 Nov 2012 Page 1 of 8
Approved by the Board 23 Jan 2013
WITNO0740110
WITNO0740110
Exhibit WITNO0740110
TERMS OF REFERENCE FOR THE AUDIT, RISK AND COMPLIANCE COMMITTEE
e The Company Chairman and executive directors may be invited to attend any meeting, or
any part of any meeting, by the Committee Chairman.
e The CFO, the General Counsel, the Head of Risk Governance and the Head of Internal
Audit (or those holding positions with responsibility for such roles, howsoever named) will
be permanent invitees.
e The Company Secretary shall act as Secretary to the Committee and shall attend all
meetings to keep minutes and record actions.
e The Committee Chairman will report regularly to the Board. Minutes of each Committee
meeting will be circulated to all members of the Committee and, once agreed, to all
members of the Board
e The External Auditors may attend all or part of any Committee meeting at the invitation
of the Committee Chairman. As a minimum the External Auditors will attend to present
their external audit plan for approval and to present their reports.
e The Company will provide current and new Committee members with any training,
briefings or induction required. The Company Secretary, Head of Internal Audit and the
External Audit Partner will keep members informed of relevant published guidance as
necessary.
2.2 Governance of Auditing Services
The Committee will:
e Review and recommend to the Board the nomination or discharge of the independent
external auditors, the proposed fees (in consultation with management) and the
acceptance of the scope and general extent of the engagement.
e Formally review, challenge and approve the agreed annual external audit plans and
approach.
e Periodically review the scope, resourcing and capabilities of the Internal Audit function.
e Review and re-approve the Internal Audit Charter on an annual basis.
e Approve each year in advance the Internal Audit plans and review both resources and any
proposed amendments that may occur through the following year. The review should
include methods employed by the internal auditors to assess risk and to prioritise the
various audit proposals identified in the annual plan.
ARC ToR Approved by ARC 13 Nov 2012 Page 2 of 8
Approved by the Board 23 Jan 2013
WITNO0740110
WITNO0740110
Exhibit WITNO0740110
TERMS OF REFERENCE FOR THE AUDIT, RISK AND COMPLIANCE COMMITTEE
e Assume a primary role in the appointment, assessment and if necessary the discharge of
the Head of Internal Audit.
e Ensure the independence of the external and internal auditors including an annual review
of any non-audit services provided by either.
e Ensure free and effective communication between the Committee, external auditors and
internal auditors and hold separate sessions, or informal meetings and contact as
required.
These meetings may discuss matters that any of these groups believes should be
discussed privately with or without management.
« — Ensure lines of communication are maintained with the Board.
2.3. Governance — Meetings
e Any member of the committee or the Company Secretary may convene a meeting. The
External and Internal auditors may request a meeting with or without management
present.
«Meetings may be held in person or by telephone or other electronic means, so long as all
participants can contribute to the meeting simultaneously.
e Notice of each meeting shall be given to all those entitled to participate at least 2 working
days before the meeting.
e Meetings shall be planned in accordance with key reporting and financial planning dates.
2.4 Governance — Other
The Committee will:
e Review and update its terms of reference annually.
e = Conduct an annual evaluation of the performance of its duties and responsibilities and of
its effectiveness, and discuss the results with the Board of directors.
e Prepare an annual report on its activities for inclusion in the Annual Report and shall
review and approve on behalf of the Board statements to be included in the Annual
Report concerning financial controls, internal control and risk management.
ARC ToR Approved by ARC 13 Nov 2012 Page 3 of 8
Approved by the Board 23 Jan 2013
WITNO0740110
WITNO0740110
Exhibit WITNO0740110
TERMS OF REFERENCE FOR THE AUDIT, RISK AND COMPLIANCE COMMITTEE
e In the absence of express authority from the Board, the Committee will not, without the
concurrence of both management and the auditors, have either the responsibility or
authority for altering the financial statements or the accounting procedures of the
Company.
3. Accounting, Financial Control and Financial Reporting and Disclosure
The Committee will:
e Review, discuss and consider with the external auditors their approach to risk assessment
and the scope and plan of their audits
e Review the annual financial statements which are to be submitted to the Board, including
Management’s explanatory notes. The review may include:
e Reports from the external auditors as to the results of their examination to date.
e Discussion of any problems regarding financial reporting which may need to be
reported in the annual report to the shareholders including any disagreements that
may have arisen between the auditors and management in any area.
¢ Meeting(s) with the senior financial executives who shall outline any problems as to
financial policies, financial reporting or matters relating to internal control and any
matters in contention with or under consideration by the external or internal auditors;
e The appropriateness of existing accounting principles being employed and any change
in accounting policies or practices which the corporate auditors may refer to in their
report to the shareholders, and the impact on the Company’s financial statements.
e Any proposed changes in the presentation of the financial statements or
accompanying notes which the auditors may recommend.
¢ Other matters related to the conduct of the audit communicated to the Committee
under generally accepted accounting standards.
e The Management Letter
e The Committee shall review with management any half yearly trading statements or
financial reports and the contents of any press release concerning the Company’s
financial performance or situation, before release to the public or to shareholders.
ARC ToR Approved by ARC 13 Nov 2012 Page 4 of 8
Approved by the Board 23 Jan 2013
WITNO0740110
WITNO0740110
Exhibit WITNO0740110
TERMS OF REFERENCE FOR THE AUDIT, RISK AND COMPLIANCE COMMITTEE
4. Risk Management, Operational Controls and Policies
4.1 Risk Management Framework
The Committee will:
. Review the overall risk management framework in place for the Company including
its appetite for risk.
. Oversee the Risk and Compliance Committee activities and receive summary reports
as appropriate
. Review the Company’s overall risk position and periodically invite management to
outline risk management strategy and status within their specific business units.
. Review management’s assessment of the degree of risk the Company prudently
incurs in achieving a reasonable balance between the cost of managing risk and
control systems and the benefits derived.
. Consider and review areas of specific risk as highlighted by the Risk and Compliance
committee. This should include, but is not limited to, sufficient coverage of strategic
risk, financial risk, operational risk, technology risk, reputation, regulatory, major
change initiatives and people risks
. Review legal, regulatory and any other matters that may have a material impact on
the financial statements, related Company compliance policies, and programmes and
reports prepared to manage and monitor Company compliance policies.
4.2 Controls and Policies
The Committee will consider and review with the external auditors and the internal auditors:
. The adequacy of the Company’s internal controls;
. Recommendations for the improvement of the Company’s internal controls,
processes and systems.
. Significant findings (the “management letter” from external auditors) and
recommendations together with management’s responses.
ARC ToR Approved by ARC 13 Nov 2012 Page 5 of 8
Approved by the Board 23 Jan 2013
WITNO0740110
WITNO0740110
Exhibit WITNO0740110
TERMS OF REFERENCE FOR THE AUDIT, RISK AND COMPLIANCE COMMITTEE
. Any reportable restrictions experienced regarding scope or access to required
information by either external or internal audit.
4.3 Fraud, Theft and Ethics
The Committee will
. Review with management their fraud assessment, detection measures and their
investigation of illegal acts, as appropriate.
. Review any summary of frauds, thefts and other irregularities of any size.
. Review with the internal auditors and the external auditors the results of any review
of the compliance with the Company’s codes of ethical conduct and similar policies
including whistleblowing.
4.4 Risk Management — Other
. The Committee shall have the power to conduct or authorise investigations into any
company matters within the Committee’s scope of responsibilities. The Committee
shall be empowered to obtain independentlegal advice, and engage counsel,
accountants, or others to assist it in the conduct of any investigation.
. The Committee shall perform such other functions as may be assigned or delegated
to it by the Board, and may review other items of an internal control or risk
management nature which may from time to time be brought before the Committee.
5. Committee timetable.
A timetable shall be produced each year showing the current membership of the Committee and the
major annual activities of the Committee, in a similar format to that set out in the appendix.
ARC ToR Approved by ARC 13 Nov 2012 Page 6 of 8
Approved by the Board 23 Jan 2013
WITNO0740110
WITNO0740110
Exhibit WITNO0740110
TERMS OF REFERENCE FOR THE AUDIT, RISK AND COMPLIANCE COMMITTEE
APPENDIX?
ARC Membership November 2012
Chairman Alasdair Marnoch
Members Tim Franklin, Neil McCausland, Susannah Storey
Company Secretary Alwen Lyons
External Audit Ernst & Young
Head of Internal Audit Malcolm Zack
Annual Timetable April June Nov Feb
1. Governance items
Annual review of terms of reference and IA v
charter.
External Auditor v
review/appointment/reappointment
Minutes and actions of previous meeting v v v v
Evaluation (annual) v
Private meetings with auditors/management v v v v
2. Financial reporting and disclosure
Review and approve external audit plan v
Financial statements full year v
Financial statements — half year v
External audit management letter v
Approval of Committee report for inclusion in v
Annual Report
3. Risk management and control
Internal Audit update report v v v v
Risk and Compliance activity and highlights v v v v
Strategic risk update v v
Financial risk update v v
IT and systems risk update v
Selected business risk review update v v
Insurance review v
> The timetable sets out standing agenda items. It may be modified by the audit committee in light of specific
requests or actions arising from meetings. The months indicated are provisional and subject to change.
ARC ToR Approved by ARC 13 Nov 2012 Page 7 of 8
Approved by the Board 23 Jan 2013
WITNO0740110
WITNO0740110
Exhibit WITNO0740110
TERMS OF REFERENCE FOR THE AUDIT, RISK AND COMPLIANCE COMMITTEE
Annual Timetable April June Nov Feb
Other (Less frequent
Fraud and Theft report v
Security update v
Ethics and Code of Conduct and Whistle- v
Blowing policy
ARC ToR Approved by ARC 13 Nov 2012 Page 8 of 8
Approved by the Board 23 Jan 2013