Audit and Risk Committee Charter

The primary objectives of the Audit and Risk Committee are to: 

a)    Assist the Board in discharging its responsibilities by oversight and review of: 

• financial reporting; 
• risk management;    
• target capital structure;
• Board policies as outlined in section 6 below; 
• internal financial and risk controls;
• insurance program; 
• compliance with applicable laws and regulations;
• integrity and performance of the internal audit function; and
• sustainability policies & disclosures.

b)     Provide insights on key risk areas, including:

• business continuity planning and exercises;
• cyber security, resilience and preparedness; and
•  sustainability risks.

c)    Provide a forum for communication between the Board, Senior Management and both the internal and external auditors.
 

The Committee is authorised, within the scope of its responsibilities, to:

1. Seek information it requires from any Port Authority employee or contractor, the external/internal auditor and/or any external party; and
2. Obtain outside legal or other professional advice at Port Authority expense, and initiate special investigations as deemed necessary.

The Committee shall comprise no less than three and no more than five non-executive directors of the Board.    

Members shall be appointed by the Board. The Board shall appoint one of its members as Chair of the Committee, however the Chair of the Board shall not be appointed Chair of the Committee.

Members shall be appointed on the basis of their requisite business, technical and/or financial skills.

At least one member of the Committee shall have accounting or related financial management experience with an understanding of accounting and auditing standards. 

Regular attendees to Committee meetings shall include the Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, Chief Audit Executive, the Company Secretary, and the external and internal auditors.  Other members of the executive team and management will attend as required.

Any Director who is not a member of the Committee will have the right to attend any meeting of the Committee.
 

The Committee shall meet at least four times a year and such additional meetings as the Chair, or the Committee, shall decide in order to fulfil its duties;

A quorum shall consist of three Committee members;

All decisions of the Committee shall be determined on the basis of a majority vote of members.  In any instances of a tied vote, the matter shall be referred to the Board;

When the Committee must reach a decision between meeting dates, this decision may be made by circular resolution.  In carrying out a vote by circular resolution, the Company Secretary has an obligation to attempt to contact all Committee members. A circular resolution will be taken to be carried only when the majority of Committee members vote in the affirmative;

Prior to each meeting the Committee may convene privately with external auditors or specific members of management, without any other members of management in attendance, if requested. 
 

The Company Secretary shall be responsible for:

• preparing the agenda for each meeting, for approval by the Chair of the Committee;
• distributing the papers for each meeting, with the aim being to circulate papers 5 business days in advance of the meeting;
• keeping minutes of all meetings of the Committee.  Once the minutes of each meeting have been reviewed by the Chair of the Committee, they shall be circulated to other Committee members and routinely submitted to the Board for information.

The Committee shall consider any matters relating to the financial affairs and risk management issues of Port Authority that it determines to be relevant. In addition, the Committee shall examine any other matters referred to it by the Board.

The Committee shall maintain an annual Audit Committee Plan that defines the activities and timeframes for items to be considered by the Committee. The Audit Committee Plan shall incorporate:

• standing agenda items:
  • Internal Audit Report;
  • Enterprise Risk Management Report; 
  • Treasury Report; and
  • Cyber Security Resilience Report.
• on an annual basis: 
  • Audit Office reports and letters;
  • Port Authority financial statements;
  • Internal Audit plans and charter 
  • Port safety operating licence (PSOL) audit review;
  • Compliance register and policy;
  • Insurance renewals;
  • Board Risk Appetite Statement;
  • Fraud & corruption control and public interest disclosures;
  • environmental social and governance (ESG) compliance including proposed modern slavery statement; 
  • NIST/Essential 8 compliance; and
  • review the following policies, for recommendation to the Board, as and when they are due:
    • Fraud & Corruption Control Policy
    • Public Interest Disclosures Policy
    • Financial Capital, Treasury and Risk Management Policy;
    • Enterprise Risk Management Policy
    • Compliance Policy
    • Modern Slavery Policy

The activities of the Committee may include, but shall not be limited to the following;

External Auditors:

• to consider before an audit commences, the nature and scope of the audit;
• to determine with the external auditor the fees for the audit;
• to discuss issues arising from the interim and final audits, and any other matters the auditor may wish to raise; and
• to consider the external auditor’s management letter and management’s response.

Financial Control and Reporting:

• to examine the Annual Report financial statements before submission to the Board, focusing particularly on:
  • changes in accounting policies and practices;
  • major judgmental areas;
  • asset valuation;
  • significant adjustments resulting from the audit;
  • compliance with accounting standards;
  • compliance with Government and legal requirements;
  • reports prepared by management for release to stakeholders; and
  • sustainability reporting, including with respect to climate change, modern slavery and other material ESG matters.

Internal Audit:

• to consider the internal audit annual and three year work plan and ensure that the co-sourced internal audit function is adequately resourced and has appropriate standing within Port Authority;
• to promote co-ordination between management and internal and external auditors;
  to review any significant matters reported by the internal auditors and ascertain whether management’s response is appropriate; and
• to ensure that the internal auditors are independent of the activities that they audit.

Risk Management:

• Monitor and review processes for identifying and capturing internal and external risks;
• Monitor and review risk mitigation strategies and appropriate controls for managing identified risks effectively;
• Review reports on risk profile, including updates on the status of key risks, risk mitigation activities, and any significant changes in the risk landscape;
• Business continuity plan and exercise updates; and
• Promote a culture of risk awareness, supporting education and training on risk management principles and practices.
  oversight and review major & emerging risks to which the Port Authority is exposed and verify that the internal control systems are adequate and functioning effectively.

Insurance:

• to evaluate the performance of the Port Authority’s broker and to recommend appointment of the insurance broker to the Board recognising the recommendations of management; and
• to evaluate the adequacy and cost of insurance cover across the organisation and make recommendations to the Board.

Legal Compliance:

• to review compliance with relevant regulatory or statutory requirements; and
• to oversee significant cases of breach of relevant regulatory or statutory requirements. 

Compliance with the Port Authority Code of Conduct:

• to monitor and report on incidents of fraud and corruption.

Other

• to request and review special audits or investigations, as may be necessary; and
• to consider other matters, as referred to the Committee by the Board.
   

The Committee will regularly report to the Board on its operation, performance and activities during the year. This requirement can be satisfied by submission of Committee minutes and reports from the Committee Chair to the Board, on a regular basis. 

The Committee shall:

• record proceedings of each meeting and circulate them to the Board; and
• ensure that the Charter of the Audit & Risk Committee is posted on the Corporation’s website.

The Corporation’s Annual Report should include a statement describing the responsibilities and activities of the Committee.

 

Conduct and conflicts of interest:

• Members of the Committee agree to comply with the Port Authority of New South Wales (Port Authority) Board Charter and Code of Conduct.  
• The conflict of interest requirements are:
  • Committee members are required to disclose potential conflicts for recording in the Port Authority’s conflicts register.  Committee members are required to update this register on an ongoing basis as circumstances change; and
  • in relation to specific Committee decisions, the Committee complies with Clause 2, Schedule 10 of the Stated Owned Corporations Act 1989.  A Committee member cannot take part in discussions or vote on a matter in which that Committee member has a material personal interest; unless the Committee resolves that the interest does not disqualify the Committee member.

Review of Charter:

• This charter will be reviewed at least once a year. 

ESG means Environmental, Social and Governance
NIST means National Institute of Science and Technology
PID means Public Interest Disclosure
PSOL means Port Safety Operating Licence