Audit and Assurance committee handbook

Guidance on the principles and best practise for the organisation of Audit and Assurance committees.


Annex D: Model terms of reference

The Board (and/or Accountable Officer - delete as appropriate) has established an Audit and Assurance Committee as a Committee of the Board to support in their responsibilities for issues of risk, control and governance and associated assurance through a process of constructive challenge.

Membership

The members of the committee are:

  • non-executive directors: (List those who are appointed to the committee);
  • independent external members: (List those who are appointed to the Audit and Assurance Committee; in all cases indicate the date of appointment and when the appointment is due to end/become eligible for renewal).

The committee will be Chaired by ………….

The committee will be provided with a secretariat function by ……..

Reporting

  • The committee will formally report in writing to the Board and Accountable Officer after each meeting. A copy of minutes of the meeting may form the basis of the report.
  • The committee will provide the Board and Accountable Officer with an Annual Report, timed to support finalisation of the accounts and the governance statement, summarising its conclusions from the work it has done during the year.

Responsibilities

The committee will advise the Board and Accountable Officer on:

  • the strategic processes for risk, control and governance and the governance statement;
  • the accounting policies, the accounts, and the annual report of the organisation, including the process for review of the accounts prior to submission for audit, levels of error identified, and management's letter of representation to the external auditors;
  • the planned activity and results of both internal and external audit;
  • the adequacy of management response to issues identified by audit activity, including external audit's management letter/report;
  • the effectiveness of the internal control environment;
  • assurances relating to the corporate governance requirements for the organisation;
  • (where appropriate) proposals for tendering for either internal or external audit services or for purchase of non-audit services from contractors who provide audit services; and
  • anti-fraud policies, whistle-blowing processes, and arrangements for special investigations.

The Audit and Assurance Committee will also periodically review its own effectiveness and report the results of that review to the Board and Accountable Officer.

Rights

The committee may:

  • co-opt additional members for a period not exceeding a year to provide specialist skills, knowledge and experience; and
  • procure specialist ad-hoc advice at the expense of the organisation, subject to budgets agreed by the Board or Accountable Officer.

Access

The Head of Internal Audit and the representative of External Audit will have free and confidential access to the Chair of the Committee.

Meetings

The procedures for meetings are:

  • the committee will meet at least four times a year. The Chair of the Committee may convene additional meetings, as he/she deems necessary;
  • a minimum of (number) members of the committee will be present for the meeting to be deemed quorate;
  • committee meetings will normally be attended by the Accountable Officer, the Finance Director, the Head of Internal Audit, and a representative of External Audit (add any others who may routinely attend such as representatives of sponsoring/sponsored bodies);
  • the committee may ask any other officials of the organisation to attend to assist it with its discussions on any particular matter;
  • the committee may ask any or all of those who normally attend but who are not members to withdraw to facilitate open and frank discussion of particular matters;
  • the Board or Accountable Officer may ask the committee to convene further meetings to discuss particular issues on which they want the committee's advice.

Information requirements

For each meeting the committee will be provided with:

  • a report summarising any significant changes to the organisation's Risk Register;
  • a progress report from the Head of Internal Audit summarising:
    • work performed (and a comparison with work planned);
    • key issues emerging from Internal Audit work;
    • management response to audit recommendations;
    • significant changes to the audit plan;
    • any resourcing issues affecting the delivery of Internal Audit objectives;
  • a progress report from the External Audit representative summarising work done and emerging findings.

As and when appropriate, the committee will also be provided with:

  • business update reports from the Accountable Officer;
  • the Charter / Terms of Reference of the Internal Audit Directorate;
  • the Internal Audit Strategy;
  • the annual Internal Audit Plan
  • the Head of Internal Audit's Annual Opinion and Report;
  • quality assurance reports on the Internal Audit function;
  • the draft accounts of the organisation;
  • the draft governance statement;
  • a report on any changes to accounting policies;
  • External Audit's management letter/report;
  • a report on any proposals to tender for audit functions;
  • a report on co-operation between Internal and External Audit;
  • a report on the Counter Fraud and Bribery arrangements and performance;
  • reports from other sources within the "three lines of assurance" integrated assurance framework (eg Best Value self-assessment Reviews, Gateway Reviews, Health Check Reviews, ICT Assurance Reviews, Digital 1st Service Standard Reviews, Procurement Capability Reviews, Procurement Key Stage Reviews).

The above list suggests minimum requirements for the inputs which should be provided to the committee. In some cases more may be provided.

Contact

Email: DIAABusinessSupportHub@gov.scot

Back to top