WITNO0740113
WITNO0740113
Exhibit WITN00740113
TERMS OF REFERENCE OF THE AUDIT & RISK COMMITTEE
Purpose
1. The purpose of the Audit, Risk and Compliance Committee (“ARC” or the
“Committee”) is to assist the Board of Directors in fulfilling its fiduciary
responsibilities by:
(a) Contributing an independent view on the accounting, financial
control and financial reporting practices of the Company;
(b) Taking all reasonable steps to ensure accurate and informative
corporate financial reporting and _ disclosures which meet
appropriate accounting and corporate governance standards; and
(c) Providing oversight of the company’s risk management systems,
operational controls and key systems.
2. The responsibilities undertaken by the ARC under delegated authority from
the Board will be subject always to the powers and duties of the Board, as
set out in the Articles of Association
Composition and Terms of Office
3. The Committee shall serve as a standing committee of the Board. Its
Chairman and members will be appointed by the Board. It shall consist of
at least two independent non-executive directors.
4. Only non-executive directors shall be eligible for membership of the
Committee. Members of the Committee will normally serve for a period of
three years. Their appointment may be renewed on an annual basis
thereafter with the consent of the Chairman of the Committee but no
director shall serve for more than six years.
5. The quorum shall be two directors, of whom one will have recent and
relevant financial experience.
6. The Committee shall meet as often as required but at least three times per
year.’
7. The Company Chairman and executive directors may be invited to attend
any meeting, or any part of any meeting, by the Committee Chairman.
8. The CFO, the General Counsel, the Head of Risk Governance and the Head
of Internal Audit (or those holding positions with responsibility for such
roles, howsoever named) and the Director, Financial Services will be
permanent invitees.
9. The Company Secretary shall act as Secretary to the Committee and shall
attend all meetings to keep minutes and record actions.
10. The Committee Chairman will report regularly to the Board. Minutes of
each Committee meeting will be circulated to all members of the
Committee and, once agreed, to all members of the Board.
The Financial nore will be usually
orting Council recommends a minimum of 3 meetings but suggests th
WITNO0740113
WITNO0740113
Exhibit WITN00740113
11. The External Auditors may attend all or part of any Committee meeting at
the invitation of the Committee Chairman. As a minimum the External
Auditors will attend to present their external audit plan for approval and to
present their reports.
12. The Company will provide current and new Committee members with any
training, briefings or induction required. The Company Secretary, Head of
Internal Audit and the External Audit Partner will keep members informed
of relevant published guidance as necessary.
Meetings
13. Any member of the committee or the Company Secretary may convene a
meeting. The External and Internal auditors may request a meeting with or
without management present.
14. Meetings may be held in person or by telephone or other electronic means,
so long as all participants can contribute to the meeting simultaneously.
15. Notice of each meeting shall be given to all those entitled to participate at
least 2 working days before the meeting.
16. Meetings shall be planned in accordance with key reporting and financial
planning dates.
Other Governance Responsibilities
17. The Committee will:
(a) Review and update its terms of reference annually.
(b) Conduct an annual evaluation of the performance of its duties and
responsibilities and of its effectiveness, and discuss the results with
the Board of directors.
(c) Prepare an annual report on its activities for inclusion in the Annual
Report and shall review and approve on behalf of the Board
statements to be included in the Annual Report concerning financial
controls, internal control and risk management.
(d) In the absence of express authority from the Board, the Committee
will not, without the concurrence of both management and the
auditors, have either the responsibility or authority for altering the
financial statements or the accounting procedures of the Company.
Auditing Services
18. The Committee will:
(a) I Review and recommend to the Board the nomination or discharge
of the independent external auditors, the proposed fees (in
consultation with management) and the acceptance of the scope
and general extent of the engagement.
(b) Formally review, challenge and approve the agreed annual external
audit plans and approach.
(c) Periodically review the scope, resourcing and capabilities of the
Internal Audit function.
WITNO0740113
WITNO0740113
Exhibit WITN00740113
(d) Review and re-approve the Internal Audit Charter on an annual
basis.
(e) Approve each year in advance the Internal Audit plans and review
both resources and any proposed amendments that may occur
through the following year. The review should include methods
employed by the internal auditors to assess risk and to prioritise the
various audit proposals identified in the annual plan.
(f) Assume a primary role in the appointment, assessment and if
necessary the discharge of the Head of Internal Audit.
(g) Ensure the independence of the external and internal auditors
including an annual review of any non-audit services provided by
either.
(h) Ensure free and effective communication between the Committee,
external auditors and internal auditors and hold separate sessions,
or informal meetings and contact as required. These meetings may
discuss matters that any of these groups believes should be
discussed privately with or without management.
(i) Ensure lines of communication are maintained with the Board.
Accounting, Financial Control and Financial Reporting and Disclosure
19. The Committee will:
(a) Review, discuss and consider with the external auditors their
approach to risk assessment and the scope and plan of their audits.
(b) Review the annual financial statements which are to be submitted
to the Board, including Management’s explanatory notes. The
review may include:
e Reports from the external auditors as to the results of their
examination to date.
e Discussion of any problems regarding financial reporting which
may need to be reported in the annual report to the
shareholders including any disagreements that may have arisen
between the auditors and management in any area.
e Meeting(s) with the senior financial executives who shall outline
any problems as to financial policies, financial reporting or
matters relating to internal control and any matters in
contention with or under consideration by the external or
internal auditors.
e The appropriateness of existing accounting principles being
employed and any change in accounting policies or practices
which the corporate auditors may refer to in their report to the
shareholders, and the impact on the Company’s financial
statements.
e Any proposed changes in the presentation of the financial
statements or accompanying notes which the auditors may
recommend.
e reviewing the annual report and accounts and advising the board
on whether, taken as a whole, it is fair, balanced and
WITNO0740113
WITNO0740113
Exhibit WITN00740113
understandable and provides the information necessary for the
Company’s shareholders to assess the company’s performance,
business model and strategy
e Other matters related to the conduct of the audit communicated
to the Committee under generally accepted accounting
standards.
e The Management Letter.
(c) The Committee shall review with management any half yearly
trading statements or financial reports and the contents of any
press release concerning the Company’s financial performance or
situation, before release to the public or to shareholders.
Risk Management, Operational Controls and Policies
Risk Management Framework
20. The Committee will:
(a) I Review the overall risk management framework in place for the
Company including its appetite for risk.
(b) Oversee the Risk and Compliance Committee activities and receive
summary reports as appropriate.
(c) Review the Company’s overall risk position; regularly review the
risk register for the Post Office and its subsidiaries, and periodically
invite management to outline risk management strategy and status
within their specific business units.
(d) Review management's assessment of the degree of risk the
Company prudently incurs in achieving a reasonable balance
between the cost of managing risk and control systems and the
benefits derived.
(e) Consider and review areas of specific risk as highlighted by the Risk
and Compliance committee. This should include, but is not limited
to, sufficient coverage of strategic risk, financial risk, operational
risk, technology risk, cyber security risk, risk relating to the
investment strategy and funding requirements of existing and new
pensions schemes established for the benefit of previous, current
and future employees, conduct risks relating to the financial
services businesses operated by both Post Office Limited and its
subsidiaries and joint ventures, reputation, legal and regulatory
risks, major change initiatives and people risks.
(f) Review legal, regulatory and any other matters that may have a
material impact on the financial statements, related Company
compliance policies, and programmes and reports prepared to
manage and monitor Company compliance policies.
(g) Consider whether any remuneration policy adopted by either Post
Office or its subsidiaries, or the implementation of any such policy is
consistent with Post Office risk appetite particularly in relation to
conduct risk.
(h) Consider the impact of any new legislative, regulatory, market or
other developments which could materially or adversely affect Post
Office and its subsidiaries.
WITNO0740113
WITNO0740113
Exhibit WITN00740113
(i)
Controls and Policies
21. The Committee will consider and review with the external auditors and the
internal auditors:
(a) The adequacy of the Company’s internal controls.
(b) Recommendations for the improvement of the Company’s internal
controls, processes and systems.
(c) Significant findings (the “management letter” from external
auditors) and recommendations together with management’s
responses.
(d) Any reportable restrictions experienced regarding scope or access to
required information by either external or internal audit.
Fraud, Theft and Ethics
22. The Committee will:
(a) Review with management their fraud assessment, detection
measures and their investigation of illegal acts, as appropriate.
(b) Review any summary of frauds, thefts and other irregularities of
any size.
(c) Review with the internal auditors and the external auditors the
results of any review of the compliance with the Company's codes
of ethical conduct and similar policies including whistleblowing.
Risk Management - Other
23. The Committee shall specify from time to time the reports and
management information which it requires in order to discharge its
responsibilities. The minutes of the POMS ARC will be provided to the
Committee for noting.
24. The Committee shall have the power to conduct or authorise investigations
into any company matters within the Committee’s scope of responsibilities.
The Committee shall be empowered to obtain independent legal advice, and
engage counsel, accountants, or others to assist it in the conduct of any
investigation.
25. The Committee shall perform such other functions as may be assigned or
delegated to it by the Board, and may review other items of an internal
control or risk management nature which may from time to time be
brought before the Committee.
September 2015