Corporate report

UKHSA Advisory Board: audit and risk committee terms of reference

Updated 3 November 2022

© Crown copyright 2022

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/ukhsa-board-meeting-papers-september-2022/ukhsa-advisory-board-audit-and-risk-committee-terms-of-reference

Title of paper: Audit and Risk Committee Terms of Reference
Date: Thursday 29 September 2022
Sponsor: Ian Peters
Presenter: Andrew Sanderson

Purpose of the paper

The purpose of the paper is to provide the Advisory Board with the Terms of Reference for the UKHSA Audit and Risk Committee.

The Terms of Reference were agreed by the Audit and Risk Committee at its first meeting, held on Monday 11 July 2022.

Recommendation

The Advisory Board is asked to endorse the terms of Reference for the Audit and Risk Committee.

Background

The Terms of Reference have been developed and are based on the guidance as set out in Annex D of HM Treasury’s Audit and Risk Committee Handbook with some additions by UKHSA to ensure the arrangements reflect the Framework Document with the Department of Health and Social Care (DHSC).

Purpose

The UKHSA Advisory Board has established an Audit and Risk Committee (ARC) of the Advisory Board to support the Chief Executive and Accounting Officer in their personal responsibility for issues of risk, control and governance by reviewing the comprehensiveness of assurances in meeting the Accounting Officer’s assurance needs and reviewing the reliability and integrity of these assurances.

The ARC will provide advice and assurance on the development and maintenance of appropriate corporate governance and internal control arrangements, including assurance of UKHSA’s strategic risk management, finances, and major capital projects.

Constitution

The Committee is a mandatory requirement as set out in paragraph 5.16 of the UKHSA Framework Document signed by the Secretary of State for Health and Social Care and the Terms of Reference of the UKHSA Advisory Board.

The ARC is an advisory and assurance committee with no executive powers; it is not the duty of the ARC to carry out any function that properly belongs to the Executive.

Membership

The members of the ARC are:

  • non-executive chair
  • non-executive member
  • associate non-executive member

The Audit and Risk Committee will be chaired by the Chair of the Advisory Board, as an interim measure agreed with DHSC pending the appointment by Ministers of an Advisory Board member whose prime role will be to chair the ARC.

The Audit and Risk Committee will be provided with a secretariat function by the UKHSA Governance, Risk and Assurance Team.

Reporting

The ARC will formally report in writing to the UKHSA Advisory Board and Accounting Officer after each meeting. This will be by the issuing of minutes and any other report that the Chair may deem appropriate. Minutes will be provided to the Chair for review in time for presentation to the next meeting of the UKHSA Advisory Board and not later than the end of the week following the meeting.

The ARC will provide the UKHSA Advisory Board and Accounting Officer with an Annual Report of its activities, timed to support finalisation of the accounts and the Governance Statement, summarising its conclusions from the work it has done during the year.

As set out in paragraph 6.18 of the Framework Document, the ARC Chair shall also escalate any risk concerns to DHSC’s Senior Departmental Sponsor and may be asked to attend DHSC’ s Audit and Risk Committee to explain risks.

Responsibilities

The ARC will advise the UKHSA Advisory Board and Accounting Officer on:

  • the strategic processes for risk, control and governance and the governance statement
  • the accounting policies and the annual report and accounts of the organisation, including the process for review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors
  • the planned programme and results of both internal and external audit
  • the adequacy of management’s response to issues identified by audit activity, including the external auditor’s management letter
  • assurances relating to the management of risk and corporate governance requirements for the organisation
  • (where appropriate) proposals for tendering for either Internal or External Audit services or purchase of non-audit services from contractors who provide audit service
  • anti-fraud policies, whistle-blowing processes (the policy in UKHSA is known as ‘Freedom to Speak Up’) and arrangements for special investigations
  • periodically review its own effectiveness and report the results of that review to the UKHSA Advisory Board

The Chair of the Audit and Risk Committee will provide independent advice to the Chief Executive on risk and ensure that the DHSC Audit and Risk Committee is provided with assurances with escalation of any significant limitations or concerns.

Rights

The Audit and Risk Committee may:

  • co-opt additional independent members, who, for the avoidance of doubt, shall not be members of UKHSA staff, for a period not exceeding a year to provide specialist skills, knowledge and experience
  • procure specialist ad-hoc advice at the expense of the organisation, subject to budgets agreed by the Advisory Board and in discussion with the Director General, Finance, Commercial and Corporate Services

The ARC has the authority to require any member of staff to attend its meetings through the Chief Executive.

Access

The Head of Internal Audit and representatives of External Audit will have free and confidential access to the Chair.

Meetings

Meetings of the ARC are chaired by the appointed Chair, who shall not be the Chair of the UKHSA Advisory Board, unless in exceptional circumstances which shall be discussed and agreed in writing with DHSC. The ARC Chair must be a non-executive member of the Advisory Board appointed by Ministers specifically to undertake the role.

The ARC will meet at least 4 times a year. The Chair may convene additional meetings, as they deem necessary.

ARC meetings will not be held in public but agreed minutes from meetings will be put on the agenda for public sessions of the UKHSA Advisory Board and published on UKHSA’s website with Advisory Board papers (subject to any redactions in line with exemptions under the Freedom of Information Act 2000).

Unless otherwise agreed, notice of each meeting confirming the venue, time and date together with an agenda of items to be discussed, shall be forwarded to each member of the Committee no later than seven days before the date of the meeting.

A minimum of 2 members of the Audit and Risk Committee will be present for the meeting to be deemed quorate.

Audit and Risk Committee meetings will normally be attended by the Accounting Officer, the Director General Finance, Commercial & Corporate Services, Risk Manager, Head of Internal Audit, and a representative of External Audit [add any others who may routinely attend such as representatives of sponsoring or sponsored bodies]

The ARC may ask any other staff of the organisation to attend to assist it with its discussions on any particular matter.

The ARC may ask any or all of those who normally attend but who are not members to withdraw to facilitate open and frank discussion of particular matters.

The UKHSA Advisory Board or the Accounting Officer may ask the ARC to convene further meetings to discuss particular issues on which they want the ARC’s advice.

Information requirements

For each meeting the ARC will be provided at least one week ahead of the meeting with:

  • a report summarising any significant changes to the organisation’s strategic risks, a copy of the Strategic Risk Register; the ARC can propose new strategic risk items for inclusion, subject to the agreement of the Chief Executive
  • a progress report from the Head of Internal Audit summarising:
    • work performed (and a comparison with work planned)
    • key issues emerging from the work of internal audit
    • management response to audit recommendations
    • changes to the agreed internal audit plan
    • any resourcing issues affecting the delivery of the objectives of internal audit
  • a progress report (written or oral) from the External Audit representative summarising work done and emerging findings (this may include, where relevant, aspects of the wider work carried out by the NAO such as Value for Money reports and good practice findings
  • management assurance reports, including issues such as health and safety, information governance, major investment programmes and quality and clinical governance
  • reports on the management of major incidents, ‘near misses’ and lessons learned

As and when appropriate, the ARC will also be provided with:

  • proposals for the terms of reference of internal audit or the internal audit charter
  • the internal audit strategy
  • the Head of Internal Audit’s Annual Opinion and Report
  • quality assurance reports on the internal audit function
  • the draft annual accounts of UKHSA
  • the draft governance statement
  • a report on any changes to accounting policies
  • external Audit’s management letter
  • a report on any proposals to tender for audit functions
  • a report on co-operation between internal and external audit
  • the organisation’s Risk Management strategy
  • presentation by the Executive Director or other risk owner of operational risk registers of each directorate, on a rotating basis
  • a Board Assurance Framework

Competency Framework

All members of the ARC shall have, or acquire as soon as possible after appointment:

  • understanding of the objectives of UKHSA, and current significant issues it faces, and emerging significant risks
  • understanding of the Agency’s structure, including key relationships such as that with a sponsoring department or major partners
  • understanding of the Agency’s culture
  • understanding of any relevant legislation or other rules governing the Agency
  • broad understanding of the government environment, particularly Accountability structures and current major initiatives

Members will have a balance of skills and experience appropriate to UKHSA’s business, including knowledge, skills and/or experience (as appropriate and required) in:

  • accounting
  • risk management
  • audit
  • experience of managing similar sized organisations
  • technical or specialist issues pertinent to the organisation’s business
  • an understanding, to be informed during the work of the ARC, of the wider relevant environments in which the Agency operates
  • an understanding, to be informed during the work of the ARC, of the government environment and accountability structures

Date agreed by UKHSA Audit and Risk Committee: Monday 11 July 2022

Back to top