Transparency data

BEIS Audit and Risk Assurance Committee: terms of reference

Published 5 July 2022

Last updated: January 2022

The purpose of the Audit and Risk Assurance Committee is to support the Departmental Board and Accounting Officer in their responsibility to ensure that BEIS is a financially sound and efficient organisation which makes effective use of its resources in pursuit of its strategic objectives.

Specifically, the Audit and Risk Assurance Committee reviews the effectiveness of the risk management framework established by management to identify, assess, and manage risk; thereby playing an important role in supporting BEIS’ reputation for excellent financial and risk management.

The Audit and Risk Assurance Committee will advise the Board and Accounting Officer on:

1. The effective operation of the overall control (including financial), risk and governance arrangements, including ensuring adequate assurance is available to the Accounting Officer for the annual Governance Statement.
2. The accounting policies, the accounts, and the annual report of the organisation, including the process for review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors.
3. The planned activity and results of both internal and external audit (including the NAO’s audit of the Resource Accounts) and their implications for BEIS.
4. The adequacy of management response to issues identified by audit activity, including calling Directors to account as necessary, and advising on how to promote effective learning of lessons emerging from them.
5. Proposals for tendering for Internal Audit services.
6. Anti-fraud policies, whistle-blowing processes, and arrangements for special investigations.
7. Effective enforcement of Business Appointment Rules.

The Audit and Risk Assurance Committee is not an executive committee of BEIS. As such it will endeavour to complement rather than duplicate the work of the Departmental Board and the other committees, through independent non-executive scrutiny. It will consider items remitted to it by the Departmental Board and report back on progress as appropriate.

Reporting

The Audit and Risk Assurance Committee will report to the Board and Accounting Officer after each meeting.

The Audit and Risk Assurance Committee will provide the Board and Accounting Officer with an annual report, timed to support finalisation of the accounts and the Governance Statement, summarising its conclusions from the work it has done during the year.

The Audit and Risk Assurance Committee will periodically review its own effectiveness and report the results of that review to the Board.

The ARAC terms of reference should be made publicly available on GOV.UK.

Membership

Members of the Audit and Risk Assurance Committee are non-executives appointed by the Permanent Secretary. The Chair should be a suitably experienced Non-Executive Board Member.

The Committee is considered quorate when at least 3 members are present. Others may be invited to attend Committee meetings as and when subjects for which they are responsible are discussed.

The following non-members also attend:

• National Audit Office representative
• Head of Internal Audit
• Permanent Secretary (as required)
• DG, Corporate Services
• Director, Finance
• Director, Implementation and Delivery
• Risk Manager
• Observers from BEIS Partner Organisations (annually)

The Audit and Risk Assurance Committee may:

• co-opt additional members for a period not exceeding a year to provide specialist skills, knowledge, and experience
• ask any other officials of the organisation to attend and/or provide it with a written report to assist it with its discussions on any particular matter
• ask any or all of those who normally attend but who are not members to withdraw to facilitate open and frank discussion of particular matters
• procure specialist ad-hoc advice at the expense of the organisation, subject to budgets agreed by the Board

Access

The Head of Internal Audit and the representative of External Audit will have free and confidential access to the Chair of the Audit and Risk Assurance Committee separately from management.

Secretariat

The Audit and Risk Assurance Committee will be provided with a secretariat function by BEIS Governance team.

Frequency and length of meetings

The Audit and Risk Assurance Committee will meet at least 4 times a year.

The Chair of the Audit and Risk Assurance Committee may convene additional meetings, as they deem necessary.

The Board or the Accounting Officer may ask the Audit and Risk Assurance Committee to convene further meetings to discuss particular issues on which they want the Committee’s advice.

Committee business can be undertaken outside of a full meeting, for example by email. All matters considered by this route should be reported to the Committee at its next full meeting.

Information requirements

For each meeting, the Audit and Risk Assurance Committee will be provided (1 week in advance of the meeting) with:

• a report summarising any significant changes to the organisation’s strategic risks and a copy of the strategic/corporate Risk Register, with the relevant performance report
• a progress report from the Head of Internal Audit summarising:
  • work performed (and a comparison with work planned)
  • key issues emerging from the work of internal audit including reports on the effectiveness of systems for governance, risk management and control
  • management response to audit recommendations
  • changes to the agreed internal audit plan
  • any resourcing issues affecting the delivery of the objectives of internal audit
• a progress report (written/verbal) from the External Audit representative summarising work done and emerging findings (this may include, where relevant to the organisation, aspects of the wider work carried out by the NAO, for example, Value for Money reports and good practice findings)
• a business update from the Permanent Secretary
• management assurance reports (Director General risk management reports on rotation)
• reports on the management of major incidents, ‘near misses’ and lessons learned
• any other report requested by the Committee

Additional material

As and when appropriate the Committee will be provided with additional material including:

Internal and external audit:

• any Internal Audit report with a ‘limited’ assurance
• proposals for the terms of reference of internal audit / the internal audit charter
• the internal audit strategy
• the Head of Internal Audit’s Annual Opinion and Report
• quality assurance reports on the internal audit function
• external audit’s management letter
• a report on any proposals to tender for audit functions
• a report on co-operation between internal and external audit

Risk and assurance:

• the organisation’s risk management strategy
• the organisation’s risk appetite
• twice yearly reports on corporate assurance
• cyber security and information risk management and assurance including:
  • risk mitigation strategies
  • governance
  • threat intelligence (third party and supply chain)
  • structure and resources
  • business continuity
  • incident response
  • people, training and awareness
• Partner Organisation risk management and assurance

Finance:

• progress updates on the preparation of the accounts of BEIS
• the draft and final accounts of BEIS
• key accounting judgements
• a report on any changes to accounting policies

Governance:

• the draft Governance Statement
• the organisation’s Single Departmental Plan
• twice yearly reports on the Business Appointment Rules process and data
• conflicts of interest policy and declarations
• anti-fraud and whistle-blowing policies
• annual review of ARAC terms of reference

Conflicts of Interest and Code of Conduct

Each member of the Audit and Risk Assurance Committee should take personal responsibility to declare pro-actively any potential conflict of interest arising out of business undertaken by the Department, arising on the agenda or from changes in the member’s personal circumstances.

The Chair of the Audit and Risk Assurance Committee will then determine an appropriate course of action with the member. For example, the member might simply be asked to leave while a particular item of business is taken; or in more extreme cases the member could be asked to stand down from the Committee.

If it is the Chair who has a conflict of interest, the Board should ask another member of the Audit and Risk Assurance Committee to lead in determining the appropriate course of action.

A key factor in determining the course of action will be the likely extent and duration of the conflict of interest: a conflict likely to endure for a long time is more likely to suggest that the member should stand down.

Members should comply at all times with the Code of Conduct for Board Members of Public Bodies and other appropriate guidance including with the rules relating to the use of public funds and to have regard to the principles of public life: selflessness, integrity, objectivity, accountability, openness, honesty and leadership and act in the best interests of the department.

Arm’s Length Bodies / Partner Organisations

The Committee will, in consultation with the department’s Accounting Officer and the Directors of Finance and Commercial, establish appropriate arrangements to identify the Arm’s Length Bodies and Partner Organisations with the greatest potential to impact the department’s objectives and its consolidated financial statements.

The Committee will support the department’s Accounting Officer by establishing appropriate relationships with BEIS Partner Organisations. This includes Committee members observing Partner Organisation ARAC meetings and feeding back to the Committee. Partner Organisation ARAC Chairs/members will also have the opportunity to annually observe a BEIS ARAC meeting. The Committee will endeavour to ensure that additional opportunities for communication exist for the sharing of good practice and issues of mutual concern, for example ARAC Chair’s conferences and networking meetings.