tem 29.1.6.6 ARC Terms of Reference Revi
UKGI00044331
UKGI00044331
ppendices
Post Office Limited
(“the Company”)
Terms of Reference of the Audit, Risk and Compliance Committee
The Audit, Risk and Compliance Committee (the “Committee”) is a Committee of
the Post Office Limited Board (“the Board”) from which it derives its authority and
to which it reports after each meeting. Its authority is always subject to the powers
and duties of the Board, as set out in the Articles of Association.
A.
1.
PURPOSE
The purpose of the Committee is to assist the Board of Directors in fulfilling
its fiduciary responsibilities by:
i. Contributing an independent view on the accounting, financial control
and financial reporting practices of the Group’;
ii. Taking all reasonable steps to ensure accurate and informative
corporate financial reporting and disclosures which meet appropriate
accounting and corporate governance standards; and
iii. Providing oversight of the Group’s risk management systems,
operational controls and key systems, including monitoring
exposures to the Group Risk Appetite.
DUTIES AND RESPONSIBILITIES
Financial Reporting
The Committee shall:
Monitor the integrity of the financial statements of the Company, including
its annual report and half yearly reports and any other formal statements
relating to its financial performance, and review and report to the board on
significant financial reporting issues and judgements which those statements
contain having regard to matters communicated to it by the auditor.
Review and approve for recommendation to the Board the Annual
Report and Accounts, including but not limited to:
i. Reports of the External Auditor;
ii. any proposed changes in presentation of the financial statements or
accompanying notes which the auditors may recommend; and
iii. the Management letter.
Review and approve for recommendation to the Board the half year
financial report or trading statement for publication’.
undertakings: Post Office Management Services
PUBLIC 1
jumn A-
tem 29.1.6.6 ARC Terms of Reference Revi
UKGI00044331
UKGI00044331
ppendices
Post Office Limited
Terms of Reference of the Audit, Risk and Compliance Committee
5.
10.
11.
Review and report to the Board on significant financial reporting issues,
including, but not limited to:
i. the consistency of, and any changes to, significant accounting policies
both on a year on year basis and across the Company/Group;
ii. the methods used to account for significant or unusual transactions
where different approaches are possible;
iii. whether the Company has followed appropriate accounting standards
and made appropriate estimates and judgements, taking into account
the views of the External Auditor;
iv. the clarity and completeness of disclosure in the Company’s financial
reports and the context in which statements are made;
v. all material information presented with the financial statements, such as
the business review and the corporate governance statements relating
to the audit and to risk management; and
vi. an overview of the extent to which the Annual Report and Accounts are
fair balanced and provide the information necessary to the Shareholder?
to assess the Company's performance, business model and strategy.
Report to the Board where the Committee is not satisfied with any aspects
of the proposed financial reporting by the Company;
Approve the Group Treasury policy, including methods of mitigating against
foreign currency exposure and any use of financial derivatives.
Approve for recommendation to the Board any changes to the
accounting reference date, practice or policy by any Group Company, if
different from those previously adopted by the Group, unless required by law
or generally accepted accounting principles.
Approve any changes to accounting policies required by law or generally
accepted accounting policies.
Internal Controls and Risk Management Systems
The Committee shall:
Along with the external and internal auditors, monitor the adequacy and
effectiveness of the Company’s internal financial controls and other internal
control and risk management systems.
Review recommendations for the improvement of the Company’s internal
controls, processes and systems.
> The Department for Business, Energy and Industrial Strategy
PUBLIC 2
jumn A-
UKGI00044331
UKGI00044331
Item 29.1.6.6 ARC Terms of Reference Review Appendices
Post Office Limited
Terms of Reference of the Audit, Risk and Compliance Committee
12. Review and approve the statements to be included in the Annual Report
concerning internal controls and risk management.
13. Review the overall risk management framework and strategy in place for
the Group including its risk appetites and tolerance and approve risk
appetite statements for different risk groupings developed under the Risk
Policy.
14. Review the Company’s overall risk position and periodically invite
management to outline risk management strategy and status within their
specific business units.
15. Review management’s assessment of the degree of risk the Company
prudently incurs in achieving a reasonable balance between the cost of
managing risk and control systems and the benefits derived.
16. Review areas of specific risk as highlighted by management, including
enterprise and business risk.*
17. Monitor the Risk and Compliance Committee activities and receive summary
reports as appropriate.
18. Review legal, regulatory and any other matters that may have a material
impact on the financial statements, related Group compliance policies, and
programmes and reports prepared to manage and monitor Group compliance
policies and approve Group Key Policies as required under the Group Key Policy
Framework as amended from time to time by the Committee, including the Tax
Strategy.
19. Review, in conjunction with the Remuneration Committee, whether any
remuneration policy adopted by either the Company or its subsidiaries, or
the implementation of any such policy is consistent with the risk appetite
particularly in relation to conduct risk.
20. Monitor the impact of any new legislative, regulatory, market or other
developments which could materially or adversely affect the Group.
21. Receive reports on specific breaches and incidents and review management
plans for resolution. The Committee will also review management plans for
root cause analysis resulting from breaches and issues.
Exchange Serv Idings Limited), technology and cyber s
s of existing and new pension sch
eputational risk, regulatory risk, ma:
and funding requi
and future employ
The Board shall prov of (and direction on ey strategic business risks that
Office's str ommittee advising the Board of
the key strategic risks it should have regard to
PUBLIC 3
Column A-
Item 29.1.6.6 ARC Ter
UKGI00044331
UKGI00044331
ms of Reference Review Appendices
Post Office Limited
Terms of Reference of the Audit, Risk and Compliance Committee
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
The review in
6 The
Approve the overall levels of insurance for the Group, including directors’
and officers’ liability insurance and any arrangements for indemnity of
directors.
Compliance, Whistleblowing and Fraud
The Committee shall:
Review with the internal auditors and the external auditors the results of
any review of the compliance with the Company’s codes of ethical conduct
and similar policies including whistleblowing>.
Review at least annually the adequacy and security of the Company’s
arrangements for its employees and contractors to raise concerns, in
confidence, about possible wrongdoing in financial reporting, regulatory
breaches or other matters. The Committee shall determine that these
arrangements allow proportionate and independent investigation of such
matters and appropriate follow up action
Review the Group’s procedures for detecting fraud and the systems and
controls for prevention of bribery and any non-compliance.
Review any summary of frauds, thefts and other irregularities of any size.
Review the regular reports from the Money Laundering Officer and monitor
the adequacy and effectiveness of the Group’s anti-money laundering
systems and controls.
Review regular reports from the Director of Compliance and monitor
adequacy and effectiveness of the Group’s compliance function.
Review late statutory filings and the circumstances around such lateness.
Internal Audit
The Committee shall:
Approve the appointment or termination of appointment of the Head of
Internal Audit.
Approve the Internal Audit Charter every two years®.
es monitoring the company’s supply chain and proc
es/procedures for compliance with
Modern Slavery Act 2015
Internal Audit
Column A-
tem 29.1.6.6 ARC Terms of Reference Revi
UKGI00044331
UKGI00044331
ppendices
Post Office Limited
Terms of Reference of the Audit, Risk and Compliance Committee
32.
33.
34.
35.
36.
37.
38.
39.
Review and approve the annual Internal Audit Plans, including any
changes to these plans, to ensure they are aligned to the key risks of the
business and review reports on work carried out. The review should include
methods employed by the internal auditors to assess risk and to prioritise
the various audit proposals identified in the annual plan.
Ensure internal audit has unrestricted scope, the necessary resources and
access to information to fulfil its mandate.
Ensure the Internal Auditor’ has direct access to the Board Chair and to
the Committee Chair, and is accountable to the Committee.
Monitor and review the effectiveness of the internal audit function in the
context of the Group’s overall risk management system and the work of
compliance, finance and the external auditor and as part of this
assessment:
i. Meet with the Head of Internal Audit without the presence of
management
ii. Review the annual internal audit plan work and results
iii. Determine whether it is satisfied that the quality, experience and
expertise of internal audit is appropriate for the business
iv. Review actions taken by management to implement the
recommendations of internal audit and to support the effective working
of the function.
Ensure the independence of the internal auditor including an annual review
of any non-audit services provided by internal audit.
Determine whether an independent, third party review of processes is
appropriate.
External Audit
The Committee shall:
Approve for recommendation to the Board the appointment,
reappointment or removal of the independent external auditors, the
proposed fees (in consultation with management) and the acceptance of
the scope and general extent of the engagement.
Review and approve the selection procedure for the appointment of the
audit firm in accordance with applicable regulatory requirements, ensuring
that all tendering firms have access to all necessary information and
individuals during the tendering process.
‘al Auditor include the Head of Internal Audit (0
al
ternal Audit function should be carried out at least once
PUBLIC 5
jumn A-
tem 29.1.6.6 ARC Terms of Reference Revi
6 of 10
UKGI00044331
UKGI00044331
ppendices
Post Office Limited
Terms of Reference of the Audit, Risk and Compliance Committee
40.
41.
42.
43.
44,
45.
46.
47.
48.
49.
c.
50.
If an Auditor resigns, review the issues leading to this and determine
whether any action is required.
Review and approve the agreed annual external audit plans and approach
to risk assessment and the scope and plan of their audits.
Review the findings of the audit with the external auditor. This shall include
discussing any major issues which arose during the audit including (but not
limited to) key accounting and audit judgement and the levels of error
identified.
Review any representation letter(s) requested by the External Auditor
before they are signed by management.
Review the management letter and management’s response to the
auditor’s findings and recommendations.
Monitor and review annually the independence of the external auditors
including level of fees paid, an annual review of any non-audit services
provided by the external auditors and auditor’s processes for maintaining
independence.
Approve the Group’s policy on non-audit services by the auditor.
Meet regularly with the external auditor (including once at the planning
stage before the audit and once after the audit at the reporting stage) and,
at least once a year, meet the external auditor without management being
present, to discuss the auditor’s remit and any issues arising from the audit.
Review annually the qualifications, expertise and resources of the external
auditor and the effectiveness of the audit process, which shall include a
report from the external auditor on their own internal quality procedures,
an assessment of the quality of the audit, handling of key judgement by the
auditor and the auditor’s response to questions from the Committee.
Ensure co-ordination of the external audit with the activities of the internal
audit function.
REPORTING RESPONSIBILITIES
The Chair shall report formally to the Board on its proceedings after each
meeting on all matters within its duties and responsibilities and shall also
formally report to the Board on how it has discharged its responsibilities.
This report shall include:
PUBLIC 6
jumn A-
UKGI00044331
UKGI00044331
Item 29.1.6.6 ARC Terms of Reference Review Appendices
Post Office Limited
Terms of Reference of the Audit, Risk and Compliance Committee
i. the significant issues that it considered in relation to the financial
statements (required under paragraph 5) and how these were
addressed;
ii. its assessment of the effectiveness of the external audit process
(required under paragraph 48), the approach taken to the
appointment or reappointment of the external auditor, length of
tenure of audit firm, when a tender was last conducted and advance
notice of any retendering plans; and
iii. any other issues on which the board has requested the Committee’s
opinion.
51. Advise the Board on any area it deems appropriate within its remit where
action or improvement is needed.
52. Report on its activities in the Group’s annual report. The report should
describe the work of the Committee, including:
i. the significant issues that the Committee considered in relation to
the financial statements and how these issues were addressed;
ii. an explanation of how the Committee has assessed the
independence and effectiveness of the external audit process and
the approach taken to the appointment or reappointment of the
external auditor, information on the length of tenure of the current
audit firm, when a tender was last conducted and advance notice
of any retendering plans; and
iii. an explanation of how auditor independence and objectivity are
safeguarded if the external auditor provides non-audit services,
having regard to matters communicated to it by the auditor.
53. The Company's Subsidiary Companies shall provide reports to the
Committee on a regular basis and as requested by the Committee!®.
D. AUTHORITY
The Committee is authorised to:
54. Seek any information it requires from any employee of the Company in
order to perform its duties.
The Committee s ues it considers in relation to the
financial stat ant, but should include at least those matters that have informed the Board’s
asses: ether the company is a going concern ‘9 the board's viability statement.
Guidanc jed by external auth: making these disclosures
For Post Of r of the Post Office Insura ee shall
provide a report regularly to the Company's Audit, Risk and Compliz yments
Limited, matters relating to audit, ris! jance shall be report he standing reports
g the Group's business lines.
PUBLIC 7
Column A-
tem 29.1.6.6 ARC Terms of Reference Revi
UKGI00044331
UKGI00044331
ppendices
Post Office Limited
Terms of Reference of the Audit, Risk and Compliance Committee
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
PUBLIC
Obtain, at the company’s expense, independent legal, accounting or other
professional advice on any matter if it believes it necessary to do so.
Call any employee to be questioned at a meeting of the Committee as and
when required.
Have the right to publish in the company’s annual report, details of any
issues that cannot be resolved between the committee and the board. If
the board has not accepted the committee’s recommendation on the
External Auditor appointment, reappointment or removal, the annual
report should include a statement explaining the Committee’s
recommendation and the reasons why the board has taken a different
position.
Conduct or authorise investigations into any Group matters within the
Committee’s cope of responsibilities.
In the absence of express authority from the Board, the Committee will
not, without the concurrence of both management or discharge of the
independent auditors, have either the responsibility or authority for the
altering of the financial statements or the accounting procedures of the
Group.
COMPOSITION AND GOVERNANCE
Membership
The Chair and members of the Committee will be appointed by the Board,
acting on the recommendation of the Nominations Committee.
The Committee shall consist of at least two independent non-executive
directors. The Chair of the Board shall not be a member of the Committee.
The Committee Chair shall be appointed by the Board. In the absence of
the Committee Chair and/or an appointed deputy at a Committee meeting,
the remaining members present shall elect one of themselves to chair the
meeting.
The Chair of the Company and Executive Directors may be invited to
attend any meeting, or any part of any meeting, by the Committee Chair.
The Group Chief Executive, Group Chief Financial Officer, the Group
General Counsel, the Head of Risk, the Director of Compliance and the
Head of Internal Audit (or those holding positions with responsibility for
such roles, howsoever named) will be permanent invitees.
The External Auditors and any Internal Audit co-source partners may
attend all or part of any Committee meeting at the invitation of the Chair.
jumn A-
UKGI00044331
UKGI00044331
tem 29.1.6.6 ARC Terms of Reference Review Appendices
Post Office Limited
Terms of Reference of the Audit, Risk and Compliance Committee
As a minimum the External Auditors will attend to present their external
audit plan for approval and to present their reports.
Quorum
66. Quorum shall be two members, of whom one will have recent and relevant
financial experience.
Committee Secretary
67. The Company Secretary, or his or her nominee, shall act as Secretary to
the Committee and shall attend all meetings to keep minutes and record
actions.
Frequency
68. The Committee shall meet as often as required but at least three times per
year.
Governance
69. Meetings may be held in person or by telephone or other electronic means,
so long as all participants can contribute to the meeting simultaneously.
70. Notice of each meeting shall be given to all those entitled to participate at
least three working days before the meeting. Meetings shall be planned in
accordance with key reporting and financial planning dates.
71. Meetings for the Committee will be convened by the Secretary, at the
request of Chair or any of the members and the External Auditor or Head
of Internal Audit, if they consider it necessary. The Secretary will be
responsible for setting the venue date and time of meetings in consultation
with the Chair. All papers supporting the meeting will be issued in good
time, one week in advance of the meeting date.
72. The Chair will report regularly to the Board. Minutes of each Committee
meeting will be circulated to all members of the Committee and, once
agreed, to all members of the Board.
73. The Company will provide current and new Committee members with any
training, briefings or induction required. The Group Company Secretary
(or his/her nominee), the Group Chief Financial Officer, the Group General
Counsel, the Head of Risk, the Director of Compliance, the Head of Internal
Audit (or those holding positions with responsibility for such roles,
howsoever named) and the External Audit Partner will keep members
informed of relevant published guidance as necessary.
PUBLIC 9
jumn A- Qoft
tem 29.1.6.6 ARC Terms of Reference Review Appendices
10 of 10
Post Office Limited
UKGI00044331
UKGI00044331
Terms of Reference of the Audit, Risk and Compliance Committee
F. ANNUAL REVIEW AND APPROVAL
74. The Committee will undertake an annual review of its performance and the
Terms of Reference. The outcome of these review will be recommended to
the Board for approval (notwithstanding amendments approved by the
Committee whenever so required).
Approved by: Date: Version: Effective from:
Post Office Limited Board I 23/01/2013 11 23/01/2013
Post Office Limited Board I 26/03/2014 1.2 26/03/2014
Post Office Limited Board I 22/09/2015 1.3 22/09/2015
Post Office Limited Board I 08/04/2020 2.0 09/04/2020
Post Office Limited Board I 03/06/2021 2.1 04/06/2021
PUBLIC
10