WITNO0740111
WITNOO740111
POST OFFICE LIMITED
AUDIT, RISK AND COMPLIANCE COMMITTEE
TERMS OF REFERENCE
1. Purpose
The purpose of the Audit, Risk and Compliance Committee (“ARC or the “Committee”) is to assist the
Board of Directors in fulfilling its fiduciary responsibilities by:
e Contributing an independent view on the accounting, financial control and financial reporting
practices of the Company.
e Taking all reasonable steps to ensure accurate and informative corporate financial reporting and
disclosures which meet appropriate accounting and corporate governance standards.
e Providing oversight of the company’s risk management systems, operational controls and key
systems.
e The responsibilities undertaken by the ARC under delegated authority from the Board will be
subject always to the powers and duties of the Board, as set out in the Articles of Association.
2. Composition, Terms of Office and Governance.
21 Composition and Terms of Office
e The Committee shall serve as a standing committee of the Board. Its Chairman and members
will be appointed by the Board. It shall consist of at least two independent non-executive
directors.
e Only non-executive directors shall be eligible for membership of the Committee. Members of the
Committee will normally serve for a period of three years. Their appointment may be renewed
on an annual basis thereafter with the consent of the Chairman of the Committee but no
director shall serve for more than six years.
e The quorum shall be two directors, of whom one will have recent and relevant financial
experience.
« The Committee shall meet as often as required but at least three times per year.’
e = The Company Chairman and executive directors may be invited to attend any meeting, or any
part of any meeting, by the Committee Chairman.
' The Financial Reporting Council recommends a minimum of 3 meetings but suggests that more will be usually
required.
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 1 of 6
Approved by the Board 26 March 2014
WITNO0740111
WITNOO740111
e The CFO, the General Counsel, the Head of Risk Governance and the Head of Internal Audit (or
those holding positions with responsibility for such roles, howsoever named) will be permanent
invitees.
e The Company Secretary shall act as Secretary to the Committee and shall attend all meetings to
keep minutes and record actions.
e The Committee Chairman will report regularly to the Board. Minutes of each Committee
meeting will be circulated to all members of the Committee and, once agreed, to all members of
the Board
e The External Auditors may attend all or part of any Committee meeting at the invitation of the
Committee Chairman. As a minimum the External Auditors will attend to present their external
audit plan for approval and to present their reports.
e ~The Company will provide current and new Committee members with any training, briefings or
induction required. The Company Secretary, Head of Internal Audit and the External Audit
Partner will keep members informed of relevant published guidance as necessary.
2.2 Governance of Auditing Services
The Committee will:
e — Review and recommend to the Board the nomination or discharge of the independent external
auditors, the proposed fees (in consultation with management) and the acceptance of the scope
and general extent of the engagement.
e Formally review, challenge and approve the agreed annual external audit plans and approach.
e — Periodically review the scope, resourcing and capabilities of the Internal Audit function.
e — Review and re-approve the Internal Audit Charter on an annual basis.
e Approve each year in advance the Internal Audit plans and review both resources and any
proposed amendments that may occur through the following year. The review should include
methods employed by the internal auditors to assess risk and to prioritise the various audit
proposals identified in the annual plan.
e Assume a primary role in the appointment, assessment and if necessary the discharge of the
Head of Internal Audit.
e — Ensure the independence of the external and internal auditors including an annual review of any
non-audit services provided by either.
e Ensure free and effective communication between the Committee, external auditors and internal
auditors and hold separate sessions, or informal meetings and contact as required.
These meetings may discuss matters that any of these groups believes should be discussed
privately with or without management.
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 2 of 6
Approved by the Board 26 March 2014
WITNO0740111
WITNOO740111
« — Ensure lines of communication are maintained with the Board.
2.3 Governance - Meetings
e — Any member of the committee or the Company Secretary may convene a meeting. The External
and Internal auditors may request a meeting with or without management present.
e Meetings may be held in person or by telephone or other electronic means, so long as all
participants can contribute to the meeting simultaneously.
e Notice of each meeting shall be given to all those entitled to participate at least 2 working days
before the meeting.
e Meetings shall be planned in accordance with key reporting and financial planning dates.
2.4 Governance - Other
The Committee will:
e — Review and update its terms of reference annually.
e = Conduct an annual evaluation of the performance of its duties and responsibilities and of its
effectiveness, and discuss the results with the Board of directors.
e Prepare an annual report on its activities for inclusion in the Annual Report and shall review and
approve on behalf of the Board statements to be included in the Annual Report concerning
financial controls, internal control and risk management.
e In the absence of express authority from the Board, the Committee will not, without the
concurrence of both management and the auditors, have either the responsibility or authority
for altering the financial statements or the accounting procedures of the Company.
3. Accounting, Financial Control and Financial Reporting and Disclosure
The Committee will:
e — Review, discuss and consider with the external auditors their approach to risk assessment and
the scope and plan of their audits.
e Review the annual financial statements which are to be submitted to the Board, including
Management's explanatory notes. The review may include:
e Reports from the external auditors as to the results of their examination to date.
e Discussion of any problems regarding financial reporting which may need to be reported in
the annual report to the shareholders including any disagreements that may have arisen
between the auditors and management in any area.
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 3 of 6
Approved by the Board 26 March 2014
WITNO0740111
WITNOO740111
e Meeting(s) with the senior financial executives who shall outline any problems as to financial
policies, financial reporting or matters relating to internal control and any matters in
contention with or under consideration by the external or internal auditors;
e The appropriateness of existing accounting principles being employed and any change in
accounting policies or practices which the corporate auditors may refer to in their report to
the shareholders, and the impact on the Company's financial statements.
e Any proposed changes in the presentation of the financial statements or accompanying
notes which the auditors may recommend.
e Other matters related to the conduct of the audit communicated to the Committee under
generally accepted accounting standards.
e The Management Letter
e The Committee shall review with management any half yearly trading statements or
financial reports and the contents of any press release concerning the Company’s financial
performance or situation, before release to the public or to shareholders.
4. Risk Management, Operational Controls and Policies
4.1 Risk Management Framework
The Committee will:
e Review the overall risk management framework in place for the Company including its
appetite for risk.
. Oversee the Risk and Compliance Committee activities and receive summary reports as
appropriate
. Review the Company's overall risk position and periodically invite management to outline
risk management strategy and status within their specific business units.
. Review management's assessment of the degree of risk the Company prudently incurs in
achieving a reasonable balance between the cost of managing risk and control systems and
the benefits derived.
. Consider and review areas of specific risk as highlighted by the Risk and Compliance
committee. This should include, but is not limited to, sufficient coverage of strategic risk,
financial risk, operational risk, technology risk, reputation, regulatory, major change
initiatives and people risks
. Review legal, regulatory and any other matters that may have a material impact on the
financial statements, related Company compliance policies, and programmes and reports
prepared to manage and monitor Company compliance policies.
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 4 of 6
Approved by the Board 26 March 2014
WITNO0740111
WITNO0740111
4.2 Controls and Policies
The Committee will consider and review with the external auditors and the internal auditors:
. The adequacy of the Company's internal controls;
. Recommendations for the improvement of the Company's internal controls, processes and
systems.
. Significant findings (the “management letter” from external auditors) and recommendations
together with management's responses.
. Any reportable restrictions experienced regarding scope or access to required information
by either external or internal audit.
4.3 Fraud, Theft and Ethics
The Committee will
. Review with management their fraud assessment, detection measures and_ their
investigation of illegal acts, as appropriate.
. Review any summary of frauds, thefts and other irregularities of any size.
Review with the internal auditors and the external auditors the results of any review of the
compliance with the Company's codes of ethical conduct and similar policies including
whistleblowing.
4.4 Risk Management - Other
The Committee shall have the power to conduct or authorise investigations into any
company matters within the Committee's scope of responsibilities. The Committee shall be
empowered to obtain independentlegal advice, and engage counsel, accountants, or others
to assist it in the conduct of any investigation.
The Committee shall perform such other functions as may be assigned or delegated to it by
the Board, and may review other items of an internal control or risk management nature
which may from time to time be brought before the Committee.
5. Committee timetable.
A timetable shall be produced each year showing the current membership of the Committee and the major
annual activities of the Committee, in a similar format to that set out in the appendix.
6. Review
These terms of reference were last reviewed in November 2013
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 5 of 6
Approved by the Board 26 March 2014
APPENDIX?
ARC Membership November 2013
Chairman
Members
Company Secretary
External Audit
Head of Internal Audit
Alasdair Marnoch
Tim Franklin, Neil McCausland, Susannah Storey
Alwen Lyons
Ernst & Young
Malcolm Zack
WITNO0740111
WITNOO740111
Annual Timetable
April
June
Nov
Feb
1. Governance items
Annual review of terms of reference and IA
charter.
External Auditor
review/appointment/reappointment
Minutes and actions of previous meeting
Evaluation (annual)
XN
Private meetings with auditors/management
2. Financial reporting and disclosure
Review and approve external audit plan
Financial statements full year
Financial statements - half year
External audit management letter
Approval of Committee report for inclusion in
Annual Report
3. Risk management and control
Internal Audit update report
Risk and Compliance activity and highlights
Strategic risk update
Financial risk update
IT and systems risk update
Selected business risk review update
Insurance review
Annual Timetable
April
June
Nov
Feb
Other (Less frequent)
Fraud and Theft report
Security update
Ethics and Code of Conduct and Whistle-Blowing
policy
? The timetable sets out standing agenda items. It may be modified by the audit committee in light of specific
requests or actions arising from meetings. The months indicated are provisional and subject to change.
ARC ToR Approved by ARC 13 Nov 2012- Confirmed 19 November 2013 Page 6 of 6
Approved by the Board 26 March 2014