Guidance

Audit and Risk Assurance Committee: terms of reference

Updated 9 June 2025

The Departmental Board (‘the Board’) establishes the Department for Business and Trade (DBT) Audit and Risk Assurance Committee (ARAC) (‘the Committee’) to support the Board and Accounting Officer in their responsibilities for issues of risk, control, and governance.

The committee reviews the comprehensiveness of assurances in meeting the Board and Accounting Officer’s assurance needs. The committee reviews the reliability and integrity of these assurances.

The purpose of the ARAC is to support the Departmental Board and Accounting Officer in their responsibility to ensure that DBT is a financially sound and efficient organisation which makes effective use of its resources in pursuit of its strategic objectives.

Specifically, the ARAC reviews the effectiveness of the risk management framework established by management to identify, assess, and manage risk; thereby playing an important role in supporting DBT’s reputation for excellent financial and risk management.

Membership

Members of the ARAC are non-executives and Independent Members appointed by the Permanent Secretary. The Chair should be a suitably experienced Non-Executive Board Member.

The Committee is considered quorate when at least 50% of members are present. Others may be invited to attend Committee meetings as and when subjects for which they are responsible are discussed.

The members of the ARAC are:

• John Latham, Chair of ARAC and Non-Executive Board Member
• David Sayer, Non-Executive Board Member
• Hanif Barma, Independent ARAC member
• Sharon Dean, Independent ARAC member

The following non-members also attend meetings on a regular basis:

• a representative of External Audit
• Head of Internal Audit
• Permanent Secretary
• Chief Finance Officer
• Deputy Director, Assurance, Partnerships and Financial Governance
• Deputy Director Financial Control

Appointments

Members will be appointed for periods of up to 3 years, extendable by no more than one additional 3-year period which is subject to approval by the DBT Accounting Officer in conjunction with the Chair.

Reporting

Reporting lines are:

• the ARAC will report to the Board and Accounting Officer
• the Chair of ARAC will report on the business of ARAC to the Board unless, in the opinion of the ARAC Chair, an earlier report is required
• the Chair will call on members of the committee to routinely declare any potential conflicts of interest to allow appropriate action to be taken
• the ARAC will provide the Board and Accounting Officer with an annual report, timed to support finalisation of the accounts and the governance statement, summarising its conclusions from the work it has done during the year
• the ARAC will periodically review its own effectiveness and report the results of that review to the Board

The ARAC terms of reference will be made publicly available on GOV.UK.

Responsibilities

The Committee operates in an independent advisory capacity, providing advice to the Board and Accounting Officer on:

• the effective operation of the overall control (including financial), risk and governance arrangements, including ensuring adequate assurance is available to the Accounting Officer for the annual governance statement
• the accounting policies, the accounts, and the annual report of the organisation, including the process for review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors
• the planned activity and results of both internal and external audit
• adequacy of management response to issues identified by audit activity, including external audit’s management letter
• assurances relating to the management of risk and corporate governance requirements for the organisation and for this to include ESG areas (for example, Diversity and Inclusion, Capability, Climate and Environmental targets) to be reported to the ARAC at a frequency to be agreed each year
• anti-fraud policies, whistle-blowing processes, and arrangements for special investigations
• effective enforcement of business appointment rules

Rights

The Committee may:

• co-opt additional members for a period not exceeding a year to provide specialist skills, knowledge and experience

• ask any other officials of the organisation to attend and/or provide it with a written report to assist it with its discussions on any particular matter

Access

The Head of Internal Audit and the representative of External Audit will have free and confidential access to the Chair of the ARAC.

Secretariat

The ARAC will be provided with a secretariat function by DBT governance team.

Conflicts of interest

A committee member or attendee, who becomes aware of a potential conflict of interest relating to matters being discussed by the committee, should give prior notification to the Chair.

If this is not possible, declare this at the meeting and, where necessary, withdraw during discussion of the relevant agenda item.

Frequency and timings of meetings

The ARAC:

• will meet at least 5 times a year – the Chair of the committee may convene additional meetings, as they deem necessary
• will normally be attended by:
  • the Chief Operating Officer or Chief Finance Officer
  • a Senior Civil Servant responsible for risk, assurance and control
  • representatives from Internal and External Audit
• may ask any other officials of the organisation to attend to assist it with its discussions on any particular matter
• may ask any or all of those who normally attend but who are not members to withdraw to facilitate open and frank discussion of particular matters
• may be asked by the Board or the Accounting Officer to convene further meetings to discuss particular issues on which they want the Committee’s advice
• business can be undertaken outside of a full meeting by for example email – all matters considered by this route should be reported to the committee at its next full meeting

Information requirements

The meeting will be provided with regular updates (on a quarterly basis unless otherwise stated) on the following:

• risk and assurance including:
  • a quarterly risk update summarising any significant changes to the organisation’s strategic risks
  • a copy of the strategic risk register
  • the organisation’s risk management strategy
  • risk management and assurance on strategic projects and initiatives
  • the organisation’s risk appetite
  • twice yearly reports on corporate assurance
  • annual cyber security and information risk management and assurance
• partner organisation risk management and assurance
• a business update from the Permanent Secretary
• progress report from the Head of Internal Audit summarising:
  • work performed (and a comparison with work planned)
  • key issues emerging from the work of internal audit
  • management response to audit recommendations
  • changes to the agreed internal audit plan
  • any resourcing issues affecting the delivery of the objectives of internal audit
• a progress report (written or verbal) from the External Audit representative summarising work done and emerging findings
• management assurance reports
• governance of business appointment rules
• serious incidents log
• internal audit tracker
• Dear Accounting Officer letters

As and when appropriate the committee will also be provided with:

• proposals for the terms of reference of internal audit and the internal audit charter
• the internal audit strategy
• the head of Internal Audit’s annual opinion and report
• quality assurance reports on the internal audit function
• the draft accounts of the organisation
• the draft governance statement
• a report on any changes to accounting policies
• External Audit’s management letter
• a report on any proposals to tender for audit functions
• a report on co-operation between internal and external audit
• an annual review of ARAC terms of reference
• directorate level assurance statement
• a portfolio and project delivery update
• the Senior Information Risk Owner (SIRO) annual review
• the ARAC effectiveness review or ARAC annual report
• DBT annual report and accounts
• strategic risk deep dives at a frequency agreed by the committee

The Secretariat will ensure to provide all information and papers at least 72 hours before formal ARAC meetings.

Conflicts of interest and code of conduct

Each member of the ARAC should take personal responsibility to declare pro-actively any potential conflict of interest:

• arising out of business undertaken by the department
• arising on the agenda
• from changes in the member’s personal circumstances

The Chair of the ARAC will then determine an appropriate course of action with the member. For example, the member might simply be asked to leave while a particular item of business is taken; or in more extreme cases the member could be asked to stand down from the committee.

If it is the Chair who has a conflict of interest, the Board should ask another member of the ARAC to lead in determining the appropriate course of action.

A key factor in determining the course of action will be the likely extent and duration of the conflict of interest. A conflict likely to endure for a long time is more likely to suggest that the member should stand down.  

Members should comply at all times with the code of conduct for board members of public bodies and other appropriate guidance including with the rules relating to the use of public funds and to have regard to the principles of public life:

• selflessness
• integrity
• objectivity
• accountability
• openness
• honesty
• leadership
• to act in the best interests of the department

Partner organisations

The committee will, in consultation with the department’s Accounting Officer and the directors of finance and commercial, establish appropriate arrangements to identify the partner organisations with the greatest potential to impact the department’s objectives and its consolidated financial statements.  

The committee will support the department’s Accounting Officer by establishing appropriate relationships with DBT partner organisations. The committee will endeavour to ensure that additional opportunities for communication exist for the sharing of good practice and issues of mutual concern, for example, ARAC Chair networking meetings.