IIA training and events

Model audit committee charter

The model audit committee charter is designed to illustrate common or leading practices typically set out in an audit committee charter. The generic nature of this draft is intended to encourage customisation.

The document may not reflect all legal or regulatory requirements that exist in every jurisdiction. Additionally, stakeholder expectations may influence the inclusion or deletion of certain practices.

In drafting an audit committee charter, care should be exercised to customise the charter, including replacing bracketed text with language that accurately reflects the user’s situation.


Organisational principles

Introduction [Optional]

The audit committee plays an important role in providing oversight of the organisation's governance, risk management, and internal control practices. This oversight mechanism also serves to provide confidence in the integrity of these practices. The audit committee performs its role by providing independent oversight to the governing body eg board.

Background [Optional]

The audit committee was established on [date]. At that time, the charter for the committee was established. The charter, which governs the work of the committee, was reviewed and updated on [date].

Purpose

The purpose of the audit committee is to provide a structured, systematic oversight of the organisation's governance, risk management, and internal control practices. The committee assists the board and management by providing advice and guidance on the adequacy of the organisation's initiatives for:

  • Values and ethics. 
  • Governance structure. 
  • Risk management. 
  • Internal control framework. 
  • Oversight of the internal audit activity, external auditors, and other providers of assurance.
  • Financial statements and public accountability reporting.

In broad terms, the audit committee reviews each of the items noted above and provides the board with independent advice and guidance regarding the adequacy and effectiveness of management's practices and potential improvements to those practices.

Mandate [Optional]

The mandate  for the establishment of the audit committee was derived from [Insert text; the exact source of the mandate will vary among jurisdictions and depend on the location, government structure, type of public sector services, and relationship to other government entities. This section is typical for public sector organisations and may come in the form of laws, regulations, polices and procedures or bylaws.].

Authority

The audit committee charter sets out the authority of the audit committee to carry out the responsibilities established for it by the board as articulated within the audit committee charter.

In discharging its responsibilities, the audit committee will have unrestricted access to members of management, employees, and relevant information it considers necessary to discharge its duties. The committee also will have unrestricted access to records, data, and reports. If access to requested documents is denied due to legal or confidentiality reasons, the audit committee and/or chief audit executive CAE) will follow a prescribed, board approved mechanism for resolution of the matter.

The audit committee is entitled to receive any explanatory information that it deems necessary to discharge its responsibilities. The organisation's management and staff should cooperate with audit committee requests.

The audit committee may engage independent counsel and/or other advisors it deems necessary to carry out its duties.

The audit committee is empowered to:

  • Appoint, compensate, and oversee all audit and non-audit services performed by auditors, including the work of any registered public accounting firm employed by the organisation. [Note: This requirement may not be applicable in the public sector if the external auditor is established by legislation; for example an auditor general.] 
  • Resolve any disagreements between management and the auditor regarding financial reporting and other matters. 
  • Pre-approve all auditing and non-audit services performed by auditors. 

Composition of the audit committee 

The committee will consist of [Insert number; at least three] members that are independent of the organisation. The members should collectively possess sufficient knowledge of audit, finance, specific industry knowledge, IT, law, governance, risk and control. Because the responsibilities of the audit committee evolve in response to regulatory, economic, and reporting developments, it is important to periodically re-evaluate members' competencies and the overall balance of skills on the committee in response to emerging needs. 

The chair of the audit committee

The board will designate the chair of the audit committee and appointment committee members. 

Terms of office

The term of office for an audit committee member is [Insert number; typically three to four] years. Continuance of audit committee members will be reviewed annually. To ensure continuity within the audit committee, the appointment of members should be staggered. [Note: In some jurisdictions there are limits to the number of terms which independent members of the committee may serve, if this is the case such limits may be reflected in the charter.] 

Quorum

The quorum for the audit committee will be a majority of the members. 


Operational principles

Audit committee values

The audit committee will conduct itself in accordance with the code of values and ethics of the organisation and [Add reference to additional pertinent legislation/regulations/policies]. The audit committee expects that management and staff of the organisation will adhere to these requirements

Communications

The audit committee expects that all communication with management and staff of the organisation as well as with any external assurance providers will be direct, open and complete.

Work plan

The audit committee chair will collaborate with senior management and the CAE to establish a work plan to ensure that the responsibilities of the audit committee are scheduled and will be carried out.

Meeting agenda

The chair will establish agendas for audit committee meetings in consultation with audit committee members, senior management and the CAE.

Information requirements

The audit committee will  establish and communicate its requirements for information, which will include the nature, extent, and timing of information. Information will be provided to the audit committee at least one week prior to each audit committee meeting.

Executive sessions

The audit committee will schedule and hold if necessary, a private session with the chief executive officer (CEO), the chief financial officer (CFO), the CAE, external assurance providers, and with any other officials that the audit committee may deem appropriate at each of its meetings.

Preparation and attendance  

Audit committee members are obliged to prepare for and participate in committee meetings.

Conflict(s) of interest

Audit committee members should adhere to the organisations code of conduct and any values and ethics established by the organisation. It is the responsibility of audit committee members to disclose any conflict of interest or appearance of a conflict of interest to the committee. If there is any question as to whether audit committee member(s) should recuse themselves from a vote, the committee should vote to determine whether the member should recuse himself or herself.

Orientation and training

Audit committee members will receive formal orientation training on the purpose and mandate of the committee and on the organisation's objectives. A process of continuing education will be established.


 

Operational procedures

Meetings

The audit committee will meet at least [Insert number; at least four is generally recommended] times annually or more frequently as the committee deems necessary. The time frame between audit committee meetings should not exceed four months.

Minutes

Minutes will be prepared in accordance with applicable law, regulation, bylaw, policy, procedure, and/or other applicable requirements. Meeting minutes will be provided in draft format at least two weeks after the audit committee meeting.

Required attendance

The CAE and [Insert text; include the title of the person to whom the CAE reports and the title of the person responsible for managing the external audit relationship] are required to attend all audit committee meetings.

Secretariat services

The CAE (or another appropriate designee) will facilitate and coordinate meetings as well as provide ancillary support to the committee, as time and resources permit.

Remuneration of committee members

Committee members may be reimbursed for travel and committee related expenses. [If applicable, a policy should be established and  outlined in the legal basis and/or a formal travel policy that applies to all committee members.]

Payment rates and allowances for committee members' time and/or services are established formally in [Insert text regarding laws, regulations, or in written policy and procedures by the governing body].

Professional indemnity insurance: [Professional indemnity insurance arrangements that are suitable to both the member and the organisation should be established. Insert text regarding agreed upon arrangements].

Responsibilities

It is the responsibility of the audit committee to provide the board with independent, objective advice on the adequacy of management's arrangements with respect to the following aspects of the management of the organisation:

Values and ethics

To obtain reasonable assurance with respect to the organisation's values and ethics practices, the audit committee will:

  • Review and assess the policies, procedures, and practices established by the governing body to monitor conformance with its code of conduct and ethical policies by all managers and staff of the organisation.
  • Provide oversight of the mechanisms established by management to establish and maintain high ethical standards for all of the managers and staff of the organisation.
  • Review and provide advice on the systems and practices established by management to monitor compliance with laws, regulations, policies, and standards of ethical conduct and identify and deal with any legal or ethical violations.

Organisational governance

To obtain reasonable assurance with respect to the organisation's governance process, the audit committee will review and provide advice on the governance process established and maintained within the organisation and the procedures in place to ensure that they are operating as intended.

Risk management

To obtain reasonable assurance with respect to the organisation's risk management practices, the audit committee will:

  • Annually review the organisation's risk profile.
  • Obtain from the CAE an annual report on management's implementation and maintenance of an appropriate enterprise wide risk management process.
  • Provide oversight on significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.
  • Provide oversight of the adequacy of the combined assurance being provided.
  • Review and provide advice on the risk management process established and maintained by management and the procedures in place to ensure that they are operating as intended.

Fraud

To obtain reasonable assurance with respect to the organisation's procedures for the prevention and detection of fraud, the audit committee will:

  • Oversee management's arrangements for the prevention and deterrence of fraud.
  • Ensure that appropriate action is taken against known perpetrators of fraud.
  • Challenge management and internal and external auditors to ensure that the entity has appropriate anti-fraud programmes and controls in place to identify potential fraud and ensure that investigations are undertaken if fraud is detected.

Control 

To obtain reasonable assurance with respect to the adequacy and effectiveness of the organisation's controls in responding to risks within the organisation's governance, operations and information systems, the audit committee will:

  • Consider the effectiveness of the organisation's control framework, including information technology security and control.
  • Review and provide advice on the control of the organisation as a whole and its individual units.
  • Receive reports on all matters of significance arising from work performed by other providers of financial and internal control assurance to senior management and the board.

Compliance

The audit committee will:

  • Review the effectiveness of the system for monitoring compliance with laws and regulations and the results of management's investigation and follow-up (including disciplinary action) of any instances of noncompliance.
  • Review the observations and conclusions of internal and external auditors and the findings of any regulatory agencies.
  • Review the process for communicating the code of conduct to the organisation's personnel and for monitoring compliance.
  • Obtain regular updates from management and the organisation's legal counsel regarding compliance matters.

Oversight of the internal audit activity and other assurance providers

Internal audit activity

To obtain reasonable assurance with respect to work of the internal audit activity, the audit committee will provide oversight related to:

1. Internal audit charter and resources

Review and approve the internal audit charter at least annually. The charter should be reviewed to ensure that it accurately reflects the internal audit activity's purpose, authority, and responsibility, consistent with the mandatory guidance of the The IIA's International Professional Practices Framework and the scope and nature of assurance and consulting services, as well as changes in the financial, risk management, and governance processes of the organisation and reflects developments in the professional practice of internal auditing.

Advise the board about increases and decreases to the requested resources to achieve the internal audit plan. Evaluate whether any additional resources are needed permanently or should be provided through outsourcing.

2. CAE performance

Advise the board regarding the qualifications and recruitment, appointment, and removal of the CAE.

Provide input to management related to evaluating the performance of the CAE.

Recommend to management or the governing body the appropriate compensation of the CAE.

3. Internal audit strategy and plan

Review and provide input on the internal audit activity's strategic plan, objectives, performance measures and outcomes.

Review and approve proposed risk based internal audit plan and make recommendations concerning internal audit projects.

Review and approve the internal audit plan and engagements work programme, including reviewing internal audit resources necessary to achieve the plan.

Review the internal audit activity's performance relative to it audit plan.

4. Internal audit engagement and follow up

Review internal audit reports and other communications to management.

Review and track management's action plans to address the results of internal audit engagements.

Review and advise management on the results of any special investigations.

Inquire of the CAE whether any internal audit engagements or non audit engagements have been completed but not reported ot the committee; if so, inquire whether any matters of significance arose from such work.

Inquire of the CAE whether any evidence of fraud has been identified during internal audit engagements and evaluate what additional actions, if any, should be taken. 

5. Standards conformance

Inquire of the CAE about steps taken to ensure that the internal audit activity conforms with The IIA's International Standards for the Professional Practice of Internal Auditing (Standards).

Ensure that the internal audit activity has a quality assurance and improvement programme and that the results of these periodic assessments are presented to the audit committee.

Ensure that the internal audit activity has an external quality assurance review every five years.

Review the results of the independent and external quality assurance review and monitor the implementation of the internal audit activity's action plans to address any recommendations.

Advise the board about any recommendations for the continuous improvement of the internal audit activity.

External auditors

To obtain reasonable assurance with respect to work of the external assurance providers, the audit committee will meet with the external assurance providers during the planning phase of the engagement, the presentation of the audited financial statements, and the discussion of the results of engagements and recommendations for management.

The audit committee will:

  • Review the external auditors' proposed audit scope and approach, including coordination of audit effort with the internal audit activity. [Note: This may not be applicable in a public sector setting.]
  • Review the performance of the external auditors, and exercise final approval on the appointment or discharge of auditors. [Note: This may not be applicable in a public sector setting.]
  • Obtain statements from the external auditors about their relationships with the organisation, including non-audit services performed in the past, and discuss the information with the external auditors to review and confirm their independence.
  • Have regularly scheduled exclusive meetings with external auditors to discuss any sensitive matters.
  • Monitor management's progress on action plans.

To obtain reasonable assurance that management has acted on the results and recommendations of internal and external audit engagements, the audit committee will regularly review reports on the progress of implementing approved management action plans and audit recommendations resulting from completed audit engagements.

Financial statements and public accountability reporting

The audit committee is responsible for oversight of the independent audit of the government entity's financial statements, including but not limited to overseeing the resolution of audit findings in areas such as internal control legal, regulatory compliance, and ethics.

The audit committee will:

  • Review with management and the external auditors the results of audit engagements, including any difficulties encountered. 
  • Review significant accounting and reporting issues, including complex or unusual transactions and highly judgmental areas, and recent professional and regulatory pronouncements, and understand their impact on the financial statements.
  • Review the annual financial statements, and consider whether they are complete, consistent with information known to committee members, and reflect appropriate accounting principles. 
  • Review other sections of the annual report and related regulatory filings and consider the accuracy and completeness of the information before it is released. 
  • Review with management and the external auditors all matters required to be communicated to the audit committee under generally accepted external auditing standards. 
  • Understand strategies, assumptions and estimates that management has made in preparing financial statements, budgets, and investment plans.
  • Understand how management develops interim financial information and the nature and extent of internal and external auditor involvement in the process. 
  • Review interim financial reports with management and the external auditors before filing with regulators, and consider whether they are complete and consistent with the information known to committee members. 

Other responsibilities

In addition, the audit committee will:

  • Perform other activities related to this charter as requested by the governing body.
  • Institute and oversee special investigations as needed. 
  • Regularly evaluate its performance and that of its individual members. [Note: Annual assessments are recommended.]

Reporting on audit committee performance

The audit committee will report to the board annually, summarising the committee's activities and recommendations. The report may be delivered during an audit committee meeting attended by the board or during a regularly scheduled meeting of the board.

The report should also include:

  • A summary of the work the audit committee performed to fully discharge its responsibilities during the preceding year.
  • A summary of management's progress in addressing the results of internal and external audit engagement reports.
  • An overall assessment of management's risk, control, and compliance processes, including details of any significant emerging risks or legislative changes impacting the governing organisation.
  • Details of meetings including the number of meetings held during the relevant period and the number of meetings each member attended.
  • Provide information required, if any, by new or emerging corporate governance developments.
  • The committee may report to the governing body at any time regarding any other matter it deems of sufficient importance.

Approval/Signatures:

 

Chief Executive Officer: _______________________________________ Date: ______________

 

Audit Committee Chair: _______________________________________ Date: ______________

 

Chairman of the Board: _______________________________________ Date: ______________

Content reviewed: 7 October 2019
Download PDF

Technical question?

Name: Email: