a
POL00423344
POL00423344
POST OFFICE LIMITED
AUDIT, RISK AND COMPLIANCE COMMITTEE
TERMS OF REFERENCE
Purpose
The purpose of the Audit, Risk and Compliance Committee (“ARC” or the
“Committee”) is to assist the Board of Directors in fulfilling its
fiduciary responsibilities by:
Contributing an independent view on the accounting, financial
control and financial reporting practices of the Company.
Taking all reasonable steps to ensure accurate and informative
corporate financial reporting and disclosures which meet
appropriate accounting and corporate governance standards.
Providing oversight of the company’s risk management systems,
operational controls and key systems.
The responsibilities undertaken by the ARC under delegated
authority from the Board will be subject always to the powers and
duties of the Board, as set out in the Articles of Association.
Composition, Terms of Office and Governance
Composition and Terms of Office
The Committee shall serve as a standing committee of the Board.
Its Chairman and members will be appointed by the Board. It shall
consist of at least two independent non-executive directors.
Only non-executive directors shall be eligible for membership of
the Committee. Members of the Committee will normally serve for a
period of three years. Their appointment may be renewed on an
annual basis thereafter with the consent of the Chairman of the
Committee but no director shall serve for more than six years.
The quorum shall be two directors, of whom one will have recent
and relevant financial experience.
The Committee shall meet as often as required but at least three
times per year.?
! The Financial Reporting Council recommends a minimum of 3 meetings but suggests that more will be usually
required.
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 1 of 7
Approved by the Board 26 March 2014
POL00423344
POL00423344
e The Company Chairman and executive directors may be invited to
attend any meeting, or any part of any meeting, by the Committee
Chairman.
. The CFO, the General Counsel, the Head of Risk Governance and the
Head of Internal Audit (or those holding positions with
responsibility for such roles, howsoever named) will be permanent
invitees.
e The Company Secretary shall act as Secretary to the Committee and
shall attend all meetings to keep minutes and record actions.
e The Committee Chairman will report regularly to the Board.
Minutes of each Committee meeting will be circulated to all
members of the Committee and, once agreed, to all members of the
Board.
e The External Auditors may attend all or part of any Committee
meeting at the invitation of the Committee Chairman. As a minimum
the External Auditors will attend to present their external audit
plan for approval and to present their reports.
e The Company will provide current and new Committee members with
any training, briefings or induction required. The Company
Secretary, Head of Internal Audit and the External Audit Partner
will keep members informed of relevant published guidance as
necessary.
2.2 Governance of Auditing Services
The Committee will:
e Review and recommend to the Board the nomination or discharge of
the independent external auditors, the proposed fees (in
consultation with management) and the acceptance of the scope and
general extent of the engagement.
e Formally review, challenge and approve the agreed annual external
audit plans and approach.
e Periodically review the scope, resourcing and capabilities of the
Internal Audit function.
e Review and re-approve the Internal Audit Charter on an annual
basis.
e Approve each year in advance the Internal Audit plans and review
both resources and any proposed amendments that may occur through
the following year. The review should include methods employed by
the internal auditors to assess risk and to prioritise the various
audit proposals identified in the annual plan.
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 2 of 7
Approved by the Board 26 March 2014
POL00423344
POL00423344
e Assume a primary role in the appointment, assessment and if
necessary the discharge of the Head of Internal Audit.
e Ensure the independence of the external and internal auditors
including an annual review of any non-audit services provided by
either.
e Ensure free and effective communication between the Committee,
external auditors and internal auditors and hold _ separate
sessions, or informal meetings and contact as required.
These meetings may discuss matters that any of these groups
believes should be discussed privately with or without management.
e Ensure lines of communication are maintained with the Board.
2.3Governance - Meetings
e Any member of the committee or the Company Secretary may convene a
meeting. The External and Internal auditors may request a meeting
with or without management present.
e Meetings may be held in person or by telephone or other electronic
means, so long as all participants can contribute to the meeting
simultaneously.
e Notice of each meeting shall be given to all those entitled to
participate at least 2 working days before the meeting.
e Meetings shall be planned in accordance with key reporting and
financial planning dates.
2.4Governance - Other
The Committee will:
e Review and update its terms of reference annually.
e Conduct an annual evaluation of the performance of its duties and
responsibilities and of its effectiveness, and discuss the results
with the Board of directors.
e Prepare an annual report on its activities for inclusion in the
Annual Report and shall review and approve on behalf of the Board
statements to be included in the Annual Report concerning
financial controls, internal control and risk management.
. In the absence of express authority from the Board, the Committee
will not, without the concurrence of both management and the
auditors, have either the responsibility or authority for altering
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 3 of 7
Approved by the Board 26 March 2014
POL00423344
POL00423344
the financial statements or the accounting procedures of the
Company.
3. Accounting, Financial Control and Financial Reporting and Disclosure
The Committee will:
e Review, discuss and consider with the external auditors their
approach to risk assessment and the scope and plan of their
audits.
e Review the annual financial statements which are to be submitted
to the Board, including Management’s explanatory notes. The review
may include:
e Reports from the external auditors as to the results of their
examination to date.
e Discussion of any problems regarding financial reporting which
may need to be reported in the annual report to _ the
shareholders including any disagreements that may have arisen
between the auditors and management in any area.
e Meeting(s) with the senior financial executives who shall
outline any problems as to financial policies, financial
reporting or matters relating to internal control and any
matters in contention with or under consideration by the
external or internal auditors.
e The appropriateness of existing accounting principles being
employed and any change in accounting policies or practices
which the corporate auditors may refer to in their report to
the shareholders, and the impact on the Company’s financial
statements.
e Any proposed changes in the presentation of the financial
statements or accompanying notes which the auditors may
recommend.
e Other matters related to the conduct of the audit communicated
to the Committee under generally accepted accounting standards.
e The Management Letter.
e The Committee shall review with management any half yearly
trading statements or financial reports and the contents of any
press release concerning the Company’s financial performance or
situation, before release to the public or to shareholders.
4. Risk Management, Operational Controls and Policies
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 4 of 7
Approved by the Board 26 March 2014
POL00423344
POL00423344
4.1Risk Management Framework
The Committee will:
. Review the overall risk management framework in place for the
Company including its appetite for risk.
. Oversee the Risk and Compliance Committee activities and
receive summary reports as appropriate.
. Review the Company’s overall risk position and periodically
invite management to outline risk management strategy and
status within their specific business units.
. Review management’s assessment of the degree of risk the
Company prudently incurs in achieving a reasonable balance
between the cost of managing risk and control systems and the
benefits derived.
. Consider and review areas of specific risk as highlighted by
the Risk and Compliance committee. This should include, but is
not limited to, sufficient coverage of strategic risk,
financial risk, operational risk, technology risk, reputation,
regulatory, major change initiatives and people risks
. Review legal, regulatory and any other matters that may have a
material impact on the financial statements, related Company
compliance policies, and programmes and reports prepared to
manage and monitor Company compliance policies.
4.2Controls and Policies
The Committee will consider and review with the external auditors and the
internal auditors:
. The adequacy of the Company’s internal controls.
. Recommendations for the improvement of the Company’s internal
controls, processes and systems.
. Significant findings (the “management letter” from external
auditors) and recommendations together with management’s
responses.
. Any reportable restrictions experienced regarding scope or
access to required information by either external or internal
audit.
4.3 Fraud, Theft and Ethics
The Committee will:
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 5 of 7
Approved by the Board 26 March 2014
POL00423344
POL00423344
Review with management their fraud assessment, detection
measures and their investigation of illegal acts, as
appropriate.
Review any summary of frauds, thefts and other irregularities
of any size.
Review with the internal auditors and the external auditors the
results of any review of the compliance with the Company’s
codes of ethical conduct and similar policies including
whistleblowing.
4.4Risk Management - Other
The Committee shall have the power to conduct or authorise
investigations into any company matters within the Committee’s
scope of responsibilities. The Committee shall be empowered to
obtain independent legal advice, and engage counsel,
accountants, or others to assist it in the conduct of any
investigation.
The Committee shall perform such other functions as may be
assigned or delegated to it by the Board, and may review other
items of an internal control or risk management nature which
may from time to time be brought before the Committee.
5. Committee Timetable
A timetable shall be produced each year showing the current membership of
the Committee and the major annual activities of the Committee, in a
similar format to that set out in the appendix.
6. Review
These terms of reference were last reviewed in November 2013
APPENDIX?
ARC Membership November 2013
Chairman Alasdair Marnoch
Members Tim Franklin, Neil McCausland, Susannah
Storey
Company Secretary Alwen Lyons
External Audit Ernst & Young
Head of Internal Audit Malcolm Zack
Annual Timetable April June Nov Feb
1. Governance items
? The timetable sets out standing agenda items. It may be modified by the audit committee in light of specific
requests or actions arising from meetings. The months indicated are provisional and subject to change.
ARC ToR
Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 6 of 7
Approved by the Board 26 March 2014
POL00423344
POL00423344
Annual review of terms of reference v
and IA charter.
External Auditor v
review/appointment/reappointment
Minutes and actions of previous v v v
meeting
Evaluation (annual) v
Private meetings with v v v v
auditors/management
as Financial reporting and
disclosure
Review and approve external audit v
plan
Financial statements full year
Financial statements - half year v
External audit management letter v
Approval of Committee report for v
inclusion in Annual Report
3. Risk management _and_ control
Internal Audit update report v v v v
Risk and Compliance activity and v v v v
highlights
Strategic risk update v v
Financial risk update v
IT and systems risk update v
Selected business risk review v
update
Insurance review v
Annual Timetable April June Nov Feb
Other (Less frequent)
Fraud and Theft report v
Security update v
Ethics and Code of Conduct and v
Whistle-Blowing policy
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 7 of 7
Approved by the Board 26 March 2014