The model audit committee charter is designed to illustrate common or leading practices typically set out in an audit committee charter. The generic nature of this draft is intended to encourage customisation.
The document may not reflect all legal or regulatory requirements that exist in every jurisdiction. Additionally, stakeholder expectations may influence the inclusion or deletion of certain practices.
In drafting an audit committee charter, care should be exercised to customise the charter, including replacing bracketed text with language that accurately reflects the user’s situation.
The audit committee plays an important role in providing oversight of the organisation's governance, risk management, and internal control practices. This oversight mechanism also serves to provide confidence in the integrity of these practices. The audit committee performs its role by providing independent oversight to the governing body eg board.
The audit committee was established on [date]. At that time, the charter for the committee was established. The charter, which governs the work of the committee, was reviewed and updated on [date].
The purpose of the audit committee is to provide a structured, systematic oversight of the organisation's governance, risk management, and internal control practices. The committee assists the board and management by providing advice and guidance on the adequacy of the organisation's initiatives for:
In broad terms, the audit committee reviews each of the items noted above and provides the board with independent advice and guidance regarding the adequacy and effectiveness of management's practices and potential improvements to those practices.
The mandate for the establishment of the audit committee was derived from [Insert text; the exact source of the mandate will vary among jurisdictions and depend on the location, government structure, type of public sector services, and relationship to other government entities. This section is typical for public sector organisations and may come in the form of laws, regulations, polices and procedures or bylaws.].
The audit committee charter sets out the authority of the audit committee to carry out the responsibilities established for it by the board as articulated within the audit committee charter.
In discharging its responsibilities, the audit committee will have unrestricted access to members of management, employees, and relevant information it considers necessary to discharge its duties. The committee also will have unrestricted access to records, data, and reports. If access to requested documents is denied due to legal or confidentiality reasons, the audit committee and/or chief audit executive CAE) will follow a prescribed, board approved mechanism for resolution of the matter.
The audit committee is entitled to receive any explanatory information that it deems necessary to discharge its responsibilities. The organisation's management and staff should cooperate with audit committee requests.
The audit committee may engage independent counsel and/or other advisors it deems necessary to carry out its duties.
The audit committee is empowered to:
The committee will consist of [Insert number; at least three] members that are independent of the organisation. The members should collectively possess sufficient knowledge of audit, finance, specific industry knowledge, IT, law, governance, risk and control. Because the responsibilities of the audit committee evolve in response to regulatory, economic, and reporting developments, it is important to periodically re-evaluate members' competencies and the overall balance of skills on the committee in response to emerging needs.
The board will designate the chair of the audit committee and appointment committee members.
The term of office for an audit committee member is [Insert number; typically three to four] years. Continuance of audit committee members will be reviewed annually. To ensure continuity within the audit committee, the appointment of members should be staggered. [Note: In some jurisdictions there are limits to the number of terms which independent members of the committee may serve, if this is the case such limits may be reflected in the charter.]
The quorum for the audit committee will be a majority of the members.
The audit committee will conduct itself in accordance with the code of values and ethics of the organisation and [Add reference to additional pertinent legislation/regulations/policies]. The audit committee expects that management and staff of the organisation will adhere to these requirements
The audit committee expects that all communication with management and staff of the organisation as well as with any external assurance providers will be direct, open and complete.
The audit committee chair will collaborate with senior management and the CAE to establish a work plan to ensure that the responsibilities of the audit committee are scheduled and will be carried out.
The chair will establish agendas for audit committee meetings in consultation with audit committee members, senior management and the CAE.
The audit committee will establish and communicate its requirements for information, which will include the nature, extent, and timing of information. Information will be provided to the audit committee at least one week prior to each audit committee meeting.
The audit committee will schedule and hold if necessary, a private session with the chief executive officer (CEO), the chief financial officer (CFO), the CAE, external assurance providers, and with any other officials that the audit committee may deem appropriate at each of its meetings.
Audit committee members are obliged to prepare for and participate in committee meetings.
Audit committee members should adhere to the organisations code of conduct and any values and ethics established by the organisation. It is the responsibility of audit committee members to disclose any conflict of interest or appearance of a conflict of interest to the committee. If there is any question as to whether audit committee member(s) should recuse themselves from a vote, the committee should vote to determine whether the member should recuse himself or herself.
Audit committee members will receive formal orientation training on the purpose and mandate of the committee and on the organisation's objectives. A process of continuing education will be established.
The audit committee will meet at least [Insert number; at least four is generally recommended] times annually or more frequently as the committee deems necessary. The time frame between audit committee meetings should not exceed four months.
Minutes will be prepared in accordance with applicable law, regulation, bylaw, policy, procedure, and/or other applicable requirements. Meeting minutes will be provided in draft format at least two weeks after the audit committee meeting.
The CAE and [Insert text; include the title of the person to whom the CAE reports and the title of the person responsible for managing the external audit relationship] are required to attend all audit committee meetings.
The CAE (or another appropriate designee) will facilitate and coordinate meetings as well as provide ancillary support to the committee, as time and resources permit.
Committee members may be reimbursed for travel and committee related expenses. [If applicable, a policy should be established and outlined in the legal basis and/or a formal travel policy that applies to all committee members.]
Payment rates and allowances for committee members' time and/or services are established formally in [Insert text regarding laws, regulations, or in written policy and procedures by the governing body].
Professional indemnity insurance: [Professional indemnity insurance arrangements that are suitable to both the member and the organisation should be established. Insert text regarding agreed upon arrangements].
It is the responsibility of the audit committee to provide the board with independent, objective advice on the adequacy of management's arrangements with respect to the following aspects of the management of the organisation:
To obtain reasonable assurance with respect to the organisation's values and ethics practices, the audit committee will:
To obtain reasonable assurance with respect to the organisation's governance process, the audit committee will review and provide advice on the governance process established and maintained within the organisation and the procedures in place to ensure that they are operating as intended.
To obtain reasonable assurance with respect to the organisation's risk management practices, the audit committee will:
To obtain reasonable assurance with respect to the organisation's procedures for the prevention and detection of fraud, the audit committee will:
To obtain reasonable assurance with respect to the adequacy and effectiveness of the organisation's controls in responding to risks within the organisation's governance, operations and information systems, the audit committee will:
The audit committee will:
To obtain reasonable assurance with respect to work of the internal audit activity, the audit committee will provide oversight related to:
1. Internal audit charter and resources
Review and approve the internal audit charter at least annually. The charter should be reviewed to ensure that it accurately reflects the internal audit activity's purpose, authority, and responsibility, consistent with the mandatory guidance of the The IIA's International Professional Practices Framework and the scope and nature of assurance and consulting services, as well as changes in the financial, risk management, and governance processes of the organisation and reflects developments in the professional practice of internal auditing.
Advise the board about increases and decreases to the requested resources to achieve the internal audit plan. Evaluate whether any additional resources are needed permanently or should be provided through outsourcing.
2. CAE performance
Advise the board regarding the qualifications and recruitment, appointment, and removal of the CAE.
Provide input to management related to evaluating the performance of the CAE.
Recommend to management or the governing body the appropriate compensation of the CAE.
3. Internal audit strategy and plan
Review and provide input on the internal audit activity's strategic plan, objectives, performance measures and outcomes.
Review and approve proposed risk based internal audit plan and make recommendations concerning internal audit projects.
Review and approve the internal audit plan and engagements work programme, including reviewing internal audit resources necessary to achieve the plan.
Review the internal audit activity's performance relative to it audit plan.
4. Internal audit engagement and follow up
Review internal audit reports and other communications to management.
Review and track management's action plans to address the results of internal audit engagements.
Review and advise management on the results of any special investigations.
Inquire of the CAE whether any internal audit engagements or non audit engagements have been completed but not reported ot the committee; if so, inquire whether any matters of significance arose from such work.
Inquire of the CAE whether any evidence of fraud has been identified during internal audit engagements and evaluate what additional actions, if any, should be taken.
5. Standards conformance
Inquire of the CAE about steps taken to ensure that the internal audit activity conforms with The IIA's International Standards for the Professional Practice of Internal Auditing (Standards).
Ensure that the internal audit activity has a quality assurance and improvement programme and that the results of these periodic assessments are presented to the audit committee.
Ensure that the internal audit activity has an external quality assurance review every five years.
Review the results of the independent and external quality assurance review and monitor the implementation of the internal audit activity's action plans to address any recommendations.
Advise the board about any recommendations for the continuous improvement of the internal audit activity.
To obtain reasonable assurance with respect to work of the external assurance providers, the audit committee will meet with the external assurance providers during the planning phase of the engagement, the presentation of the audited financial statements, and the discussion of the results of engagements and recommendations for management.
The audit committee will:
To obtain reasonable assurance that management has acted on the results and recommendations of internal and external audit engagements, the audit committee will regularly review reports on the progress of implementing approved management action plans and audit recommendations resulting from completed audit engagements.
The audit committee is responsible for oversight of the independent audit of the government entity's financial statements, including but not limited to overseeing the resolution of audit findings in areas such as internal control legal, regulatory compliance, and ethics.
The audit committee will:
In addition, the audit committee will:
The audit committee will report to the board annually, summarising the committee's activities and recommendations. The report may be delivered during an audit committee meeting attended by the board or during a regularly scheduled meeting of the board.
The report should also include:
Chief Executive Officer: _______________________________________ Date: ______________
Audit Committee Chair: _______________________________________ Date: ______________
Chairman of the Board: _______________________________________ Date: ______________