WITNO0740112
WITNO0740112
Exhibit WITNO0740112
Audit and Risk Committee Terms of Reference Post Office Management Services Limited
POST OFFICE MANAGEMENT SERVICES LIMITED
AUDIT AND RISK COMMITTEE
TERMS OF REFERENCE
1 Purpose
1.1 The purpose of the Audit and Risk Committee (the “committee”) is to assist the board of
directors in fulfilling its fiduciary responsibilities by:
(a) contributing an independent view on the accounting, financial control and financial
reporting practices of the company:
(b) taking all reasonable steps to ensure accurate and informative corporate financial
reporting and disclosures which meet appropriate accounting and corporate
governance standards;
(c) providing oversight of the company’s risk management systems, operational controls
and key systems; and
(d) ensuring all accounting and financial information of the company complies with any
regulatory standards of the Financial Conduct Authority (FCA) as may be required from
time to time.
1.2. The responsibilities undertaken by the committee under delegated authority from the board
will be subject always to the powers and duties of the board, as set out in the articles of
association.
2 Membership
2.1 The committee shall comprise at least three members. The chairman of the committee shall
be appointed by the Board and other members of the committee shall be appointed by the
board, in consultation with the chairman of the committee.
2.2 All members of the committee shall be non-executive directors, at least one of whom shall
have recent and relevant financial experience, ideally with a professional qualification from
one of the professional accountancy bodies.
2.3. The chairman of the board may be a member of the committee, but may not chair the
committee.
2.4 In the absence of the committee chairman, the remaining members present shall elect one
of themselves to chair the meeting.
2.5 Only members of the committee have the right to attend committee meetings. However, the
external auditor, finance director and head of internal audit will be invited to attend meetings
Page 1 of 8 Effective from 27 April 2015
WITNO0740112
WITNO0740112
Exhibit WITNO0740112
Audit and Risk Committee Terms of Reference Post Office Management Services Limited
of the committee on a regular basis and other non-members may be invited to attend all or
part of any meeting as and when appropriate and necessary.
2.6 Appointments to the committee shall be for a period of up to three years extendable by no
more than one additional three year period, subject to the Board's annual review of
committee membership.
3 Secretary
3.1. The company secretary, or his or her nominee, shall act as the secretary of the committee
and will ensure that the committee receives information and papers in a timely manner to
enable full and proper consideration to be given to issues.
4 Quorum
4.1 The quorum necessary for the transaction of business shall be two members.
5 Frequency of meetings
5.1 The committee shall meet at least three times a year at appropriate intervals in the financial
reporting and audit cycle and otherwise as required.
5.2 Outside the formal meeting programme, the committee chairman will maintain a dialogue
with key individuals involved in the company’s governance, including the board chairman, the
chief executive, the finance director, the external audit lead partner and the head of internal
audit.
6 Notice of meetings
6.1 Meetings of the committee shall be convened by the secretary of the committee at the
request of any of its members or at the request of the external audit lead partner or head of
internal audit if they consider it necessary.
6.2. Unless otherwise agreed, notice of each meeting confirming the venue, time and date
together with an agenda of items to be discussed, shall be forwarded to each member of the
committee, any other person required to attend and all other non-executive directors, in
good time for the agenda and supporting papers to be considered by meeting attendees and
no later than three working days before the date of the meeting. Supporting papers shall be
sent to committee members and to other attendees as appropriate, at the same time.
7 Minutes of meetings
7.1 The secretary shall minute the proceedings and decisions of all meetings of the committee,
including recording the names of those present and in attendance.
Page 2 of 8 Effective from 27 April 2015
WITNO0740112
WITNO0740112
Exhibit WITNO0740112
Audit and Risk Committee Terms of Reference Post Office Management Services Limited
7.2 Draft minutes of committee meetings shall be circulated promptly to all members of the
committee. Once the draft is approved for circulation, minutes should be circulated to all
other members of the board unless it would be inappropriate to do so in the opinion of the
committee chairman.
8 Duties
Financial reporting
8.1 The committee shall monitor the integrity of the financial statements of the company,
including its annual and half-yearly reports, interim management statements, and any other
formal announcement relating to its financial performance, reviewing and reporting to the
board on significant financial reporting issues and judgements which they contain having
regard to matters communicated to it by the auditor.
8.2 In particular, the committee shall review and challenge where necessary:
(a) the consistency of, and any changes to, significant accounting policies both on a year on
year basis and across the company/group;
(b) the methods used to account for significant or unusual transactions where different
approaches are possible;
(c)_ whether the company has followed appropriate accounting standards and and/or FCA
requirements and made appropriate estimates and judgements, taking into account the
views of the external auditor;
(d) the clarity and completeness of disclosure in the company’s financial reports and the
context in which statements are made; and
(e) all material information presented with the financial statements, such as the business
review and the corporate governance statements relating to the audit and to risk
management.
8.3. Where the committee is not satisfied with any aspect of the proposed financial reporting by
the company, it shall report its views to the board.
Narrative reporting
8.4 Where requested by the board, the committee should review the content of the annual
report and accounts and advise the board on whether, taken as a whole, it is fair, balanced
and understandable and provides the information necessary for shareholders to assess the
company's performance, business model and strategy.
Internal controls and risk management systems
8.5 In respect of the internal controls and risk management systems, the committee shall:
Page 3 of 8 Effective from 27 April 2015
WITNO0740112
WITNO0740112
Exhibit WITNO0740112
Audit and Risk Committee Terms of Reference Post Office Management Services Limited
(a) keep under review the adequacy and effectiveness of the company’s internal financial
controls and internal control and risk management systems;
(b) review and approve the statements to be included in the annual report concerning
internal controls and risk management;
(c) review the overall risk management framework in place for the company including its
appetite for risk;
(d) receive summary reports from the Risk and Compliance Committee as appropriate;
(e) review the Company's overall risk position and periodically invite management to outline
risk management strategy and status within their specific business units;
(f) review management's assessment of the degree of risk the Company prudently incurs in
achieving a reasonable balance between the cost of managing risk and control systems
and the benefits derived;
(g) consider and review areas of specific risk as highlighted by the Risk and Compliance
committee. This should include, but is not limited to, sufficient coverage of strategic risk,
financial risk, operational risk, technology risk, reputation, regulatory, major change
initiatives and people risks; and
(h) review legal, regulatory and any other matters that may have a material impact on the
financial statements, related company compliance policies, and programmes and reports
prepared to manage and monitor company compliance policies.
Compliance, whistleblowing and fraud
8.6 Twice a year, the committee shall:
(a) review the adequacy and security of the company’s arrangements for its employees and
contractors to raise concerns, in confidence, about possible wrongdoing in financial
reporting, FCA breaches or other matters. The committee shall ensure that these
arrangements allow proportionate and independent investigation of such matters and
appropriate follow up action:
(b) review the company’s procedures for detecting fraud;
(c) review the company’s systems and controls for offers of gifts and hospitality and the
prevention of bribery and will receive reports on any non-compliance;
(d) review the adequacy and effectiveness of the company’s anti-money laundering systems
and controls; and
(e) review regular reports from the FCA compliance officer and keep under review the
adequacy and effectiveness of the company’s compliance function.
Internal audit
8.7 The committee shall:
Page 4 of 8 Effective from 27 April 2015
WITNO0740112
WITNO0740112
Exhibit WITN00740112
Audit and Risk Committee Terms of Reference Post Office Management Services Limited
8.8
(a) review and approve the charter of the internal audit function and ensure the function
has the necessary resources and access to information to enable it to fulfil its mandate,
and is equipped to perform in accordance with appropriate professional standards for
internal auditors;
(b) ensure the internal auditor has direct access to the board chairman and to the
committee chairman, and is accountable to the committee;
(c)_ review and assess the annual internal audit work plan;
(d) receive a report on the results of the internal auditor's work on a periodic basis;
(e) review and monitor management's responsiveness to the internal auditor's findings and
recommendations;
(f) meet with the head of internal audit at least once a year without the presence of
management; and
(g) monitor and review the effectiveness of the company’s internal audit function, in the
context of the company’s overall risk management system.
External audit
The committee shall:
(a) consider and make recommendations to the board, to be put to shareholders for
approval, in relation to the appointment, re-appointment and removal of the company's
external auditor;
(b) ensure that at least once every ten years the audit services contract is put out to tender
to enable the committee to compare the quality and effectiveness of the services
provided by the incumbent auditor with those of other audit firms; and in respect of
such tender oversee the selection process and ensure that all tendering firms have such
access as is necessary to information and individuals during the duration of the
tendering process;
(c) if an auditor resigns, investigate the issues leading to this and decide whether any
action is required;
(d) oversee the relationship with the external auditor including (but not limited to):
i. recommendations on their remuneration, including both fees for audit and non-
audit services, and that the level of fees is appropriate to enable an effective and
high quality audit to be conducted;
ii. approval of their terms of engagement, including any engagement letter issued at
the start of each audit and the scope of the audit;
iii. assessing annually their independence and objectivity taking into account relevant
UK professional and regulatory requirements and the relationship with the auditor
as a whole, including the provision of any non-audit services;
Page 5 of 8 Effective from 27 April 2015
WITNO0740112
WITNO0740112
Exhibit WITNO0740112
Audit and Risk Committee Terms of Reference Post Office Management Services Limited
iv. satisfying itself that there are no relationships (such as family, employment,
investment, financial or business) between the auditor and the company (other
than in the ordinary course of business) which could adversely affect the auditor's
independence and objectivity;
v. agreeing with the board a policy on the employment of former employees of the
company’s auditor, and monitoring the implementation of this policy:
vi. monitoring the auditor's compliance with relevant ethical and professional guidance
on the rotation of audit partner, the level of fees paid by the company compared to
the overall fee income of the firm, office and partner and other related
requirements;
vii. assessing annually the qualifications, expertise and resources of the auditor and the
effectiveness of the audit process, which shall include a report from the external
auditor on their own internal quality procedures;
viii. seeking to ensure co-ordination with the activities of the internal audit function;
and
ix. evaluating the risks to the quality and effectiveness of the financial reporting
process and consideration of the need to include the risk of the withdrawal of their
auditor from the market in that evaluation.
(e) meet regularly with the external auditor (including once at the planning stage before the
audit and once after the audit at the reporting stage) and at least once a year, without
management being present, to discuss the auditor's remit and any issues arising from
the audit;
(f) review and approve the annual audit plan and ensure that it is consistent with the scope
of the audit engagement, having regard to the seniority, expertise and experience of the
audit team; and
(g) review the findings of the audit with the external auditor. This shall include but not be
limited to, the following:
i. a discussion of any major issues which arose during the audit;
ii. key accounting and audit judgements;
iii. levels of errors identified during the audit; and
iv. the effectiveness of the audit process.
8.9 The committee shall also:
(a) review any representation letter(s) requested by the external auditor before they are
signed by management;
(b) review the management letter and management's response to the auditor's findings
and recommendations; and
Page 6 of 8 Effective from 27 April 2015
WITNO0740112
WITNO0740112
Exhibit WITNO0740112
Audit and Risk Committee Terms of Reference Post Office Management Services Limited
(c) develop and implement policy on the supply of non-audit services by the external
auditor to avoid any threat to auditor objectivity and independence, taking into account
any relevant ethical guidance on the matter.
9 Reporting responsibilities
9.1. The committee chairman shall report formally to the Audit and Risk Committee of the parent
company, and to the board, on its proceedings after each meeting on all matters within its
duties and responsibilities and on how it has discharged its responsibilities.
9.2 This report shall include:
(a) the significant issues that it considered in relation to the financial statements (required
under paragraph 8.1) and how these were addressed;
(b) its assessment of the effectiveness of the external audit process (required under
paragraph 8.8(d)vii) and its recommendation on the appointment or reappointment of
the external auditor; and
(c) any other issues on which the board has requested the committee's opinion.
9.3. The committee shall make whatever recommendations to the board it deems appropriate on
any area within its remit where action or improvement is needed.
9.4 The committee shall compile a report on its activities to be included in the company’s annual
report. The report should include an explanation of how the committee has addressed the
effectiveness of the external audit process; the significant issues that the committee
considered in relation to the financial statements and how these issues were addressed,
having regard to matters communicated to it by the auditor; and all other information
requirements set out in the UK Corporate Governance Code (the Code).
9.5 In compiling the reports referred to in 9.1 and 9.4, the committee should exercise judgement
in deciding which of the issues it considers in relation to the financial statements are
significant, but should include at least those matters that have informed the board's
assessment of whether the company is a going concern. The report to shareholders (if
required) need not repeat information disclosed elsewhere in the annual report and
accounts, but could provide cross-references to that information.
10 Other matters
10.1 The committee shall have access to sufficient resources in order to carry out its duties,
including access to the company secretariat for assistance as required.
10.2 The committee shall be provided with appropriate and timely training, both in the form of an
induction programme for new members and on an ongoing basis for all members.
10.3 The committee shall give due consideration to laws and regulations, the provisions of the
Code, any FCA requirements and any other applicable rules, as appropriate.
Page 7 of 8 Effective from 27 April 2015
WITNO0740112
WITNO0740112
Exhibit WITNO0740112
Audit and Risk Committee Terms of Reference Post Office Management Services Limited
10.4 The committee shall be responsible for co-ordination of the internal and external auditors.
10.5 The committee shall oversee any investigation of activities which are within its terms of
reference.
10.6 The committee shall work and liaise as necessary with all other board committees.
10.7 The committee shall arrange for periodic reviews of its own performance and, at least
annually, review its terms of reference to ensure it is operating at maximum effectiveness
and then recommend to the board any changes it considers necessary.
11. Authority
11.1 The committee is authorised to:
(a) seek any information it requires from any employee of the company in order to perform
its duties;
(b) obtain, at the company’s expense, independent legal, accounting or other professional
advice on any matter it believes it necessary to do so; and
(c) call any employee to be questioned at a meeting of the committee as and when
required.
11.2 The committee has the right to publish in the company’s annual report, details of any issues
that cannot be resolved between the committee and the board.
These terms of reference were reviewed and approved by the Board on 27 April 2015
Page 8 of 8 Effective from 27 April 2015