Audit and Risk Committee Charter

This charter sets out the Committee’s role, authority, responsibilities, composition and tenure, reporting, and administrative arrangements.

March 2026

1. Introduction

1.1.  The Secretary of the Department of the Prime Minister and Cabinet (PM&C) has established the Audit and Risk Committee (the Committee) in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) (Audit Committee for Commonwealth entities).

1.2.  This Charter sets out the Committee’s role, authority, responsibilities, composition and tenure, reporting, and administrative arrangements.

2. Role

2.1.  Consistent with Subsection 17(2) of the PGPA Rule, the role of the Committee is to provide independent advice to the Secretary and the Executive on the appropriateness of PM&C’s financial and performance reporting, system of risk oversight and management, and system of internal control.

2.2.  The Committee is not responsible for the executive management of these functions. The Committee will engage with management in a constructive and professional manner in discharging its advisory responsibilities and formulating its advice to the Secretary.

2.3.  The Committee will be assisted by PM&C’s Governance, Performance and Audit Branch (GPA Branch), who will be responsible for delivering an internal audit plan aligned with the Committee’s guidance, and subject to the approval of the Executive Board.

3. Functions

Financial Reporting [PGPA Rule 17(2)(a)]

3.1.  The Committee will review the financial statements and provide independent advice to the Secretary on its view of the appropriateness of PM&C’s:

  1. annual financial statements, specifically that they comply with the PGPA Act, PGPA Rules, Accounting Standards and supporting guidance.
  2. action in response to any issues raised by the external auditor, including financial statements adjustments or revised disclosures.
  3. processes to ensure that financial information included in PM&C’s annual report is consistent with the signed financial statements. 
  4. financial reporting, with reference to any specific areas of concern or suggestions for improvement.

Performance Reporting [PGPA Rule 17(2)(b)]

3.2.  The Committee will review the performance information, systems and framework, and provide independent advice to the Secretary on its view of the appropriateness of the department’s:

  1. systems and procedures for measuring, assessing, monitoring and reporting the achievement of PM&C’s performance, and determine that: 
  • the Portfolio Budget Statements and corporate plan contain appropriate details of how PM&C will achieve its purposes and measure and assess its performance; 
  • the approach to measuring performance covers the whole performance reporting lifecycle and is appropriate and in accordance with the Commonwealth performance framework guidance; 
  • appropriate records are maintained to enable the preparation of the annual performance statements and systems and processes are in place for inclusion of the statements in PM&C’s annual report; and
  • action being taken in response to any issues raised by the external and internal auditors is appropriate.
  • Annual performance statements and performance reporting, with reference to any specific areas of concern or suggestions for improvement.

System of Risk Oversight and Management [PGPA Rule 17(2)(c)]

3.3. The Committee will review the system of risk oversight and management and provide independent advice to the Secretary on its view of the appropriateness of the department’s:

  1. enterprise risk management policy framework and the necessary internal controls for the identification and management of PM&C’s key risks, including emerging risks and risks associated with significant projects, in accordance with the Commonwealth Risk Management Policy;
  2. risk management capability and whether key roles, responsibilities and authorities relating to risk management are clearly articulated and adhered to;
  3. approach for reporting on the management of risks to support the Secretary’s role in oversight of risk management; 
  4. processes for developing and implementing PM&C’s fraud and corruption control arrangements, including preventing, detecting, capturing and responding to fraud and corruption risk, in accordance with the Commonwealth Fraud and Corruption Control Framework; 
  5. approach to business continuity and disaster recovery management, including its ongoing maintenance and periodic testing; and
  6. systems for risk oversight and risk management, with reference to the Commonwealth Risk Management Policy and any specific areas of concern or suggestions for improvement.

System of Internal Control [PGPA Rule 17(2)(d)]

3.4.  The Committee will review the internal control framework and provide independent advice to the Secretary on its view of the appropriateness of the department’s:

  1. approach to maintaining an effective internal control framework; 
  2. processes for ensuring relevant policies and procedures - such as accountable authority instructions, delegations and other key policies - are reviewed regularly and kept up to date;
  3. approach to implementing controls and systems to ensure compliance with, as well as monitoring compliance performance in relation to, significant and enabling legislation, regulations and Government policies and Commonwealth Fraud and Corruption Control Framework;
  4. consideration of legislative compliance risks within the internal control framework, fraud and corruption control framework and planning; 
  5. steps taken to embed a culture that promotes the proper use and management of public resources and is committed to ethical and lawful conduct;
  6. approach to maintaining an effective internal security system, including complying with the Protective Security Policy Framework, and its management of cyber risks;
  7. internal audit planning to ensure coverage and alignment with PM&C’s key risks, reporting on major concerns identified in internal audit reports, and recommending action on significant matters raised, and dissemination of information on good practice; 
  8. processes for monitoring the implementation of external reports and recommendations of relevance to the department; particularly those of Parliamentary Committees and the ANAO; and
  9. systems for internal control, with reference to any specific areas of concern or suggestions for improvement.

3.5.  As far as is practicable, the Committee will indicate which matters it will consider during any given year in a forward plan, noting that it may consider other additional matters in response to changes in the entity’s operating environment.

3.6.  Section 17(2) of the PGPA Rule establishes mandatory functions for audit committees. The functions must include reviewing the appropriateness of the department’s:

  1. financial reporting
  2. performance reporting
  3. system of risk oversight and management; and
  4. system of internal control.

4. Authority

4.1.  The Secretary authorises the Committee, within its responsibilities, to:

  1. obtain any information it requires from any employee or external party (subject to any legal obligation to protect information)
  2. discuss any matters with the external auditor, or other external parties (subject to confidentiality considerations)
  3. request the attendance of any official, including the Secretary, at Committee meetings
  4. obtain legal or other professional advice, as considered necessary to meet its responsibilities, at PM&C’s expense, subject to approval by the Secretary, or delegate.

5. Membership

5.1.  In accordance with Subsection 17(3) and Subsection 17(4) of the PGPA Rule, the Committee comprises at least three members appointed by the Secretary. All members must not be officials of PM&C, and a majority of the members be persons who are not officials of any Commonwealth entity. 

5.2.  The Secretary will appoint the Chair of the Committee. 

5.3.  The Chair will appoint another member to act as Chair in their absence.

5.4.  The members, taken collectively, will have a broad range of skills and experience relevant to the operations of PM&C. At least one member of the Committee will have accounting or related financial management experience with an understanding of accounting and auditing standards in a public sector environment. 

5.5.  Members will be appointed for an initial period not exceeding 3 years. Members may be re‑appointed after a formal review of their performance, for a further period not exceeding 2 years, unless agreed to by the Secretary.

Senior Advisers and Observers 

5.6.  Senior Executive Service officer/s will be appointed as Senior Adviser/s to the Committee by the Chief Operating Officer / First Assistant Secretary Corporate. The Adviser/s will receive all papers and attend all meetings.

5.7.  The Secretary, Deputy Secretary Governance and Corporate Group, Chief Operating Officer/ First Assistant Secretary Corporate, First Assistant Secretary Digital, Security and Workplace Operations, Chief Financial Officer, and Head of Internal Audit may attend meetings as observers, as determined by the Chair.

5.8.  Representatives from the Australian National Audit Office (ANAO) will be invited to attend meetings of the Committee, as observers.

6. Responsibilities of Committee Members 

6.1.  Members of the Committee are expected to understand and observe the legal requirements of the PGPA Act and Rule. Members are also expected to:

  1. act in the best interests of PM&C
  2. apply good analytical skills, objectivity, and good judgement
  3. express opinions constructively and openly, raise issues that relate to the Committee’s responsibilities and pursue independent lines of enquiry
  4. contribute the time needed to review the papers provided and meet their responsibilities
  5. Committee members must not use or disclose information obtained by the Committee except in meeting the Committee’s responsibilities, or unless expressly agreed by the Secretary. 

7. Sub-Committees

7.1.  The Committee may establish one or more sub-committee/s to assist the full Committee in meeting its responsibilities. 

7.2.  The responsibilities, membership and reporting arrangements for each sub-committee shall be documented and approved by the full Committee. The Committee stipulates that:

  1. a member of the full Committee is appointed as Chair of the sub-committee; the membership of sub-committees could extend beyond members of the full Committee if additional expertise on particular matters is required
  2. the Chair of the sub-committee will provide a report on the sub-committee, including an update on processes and issues, at each full Committee meeting
  3. important issues that may require consideration by the full Committee are brought to the attention of the Chair immediately following a sub-committee meeting so that the Chair is in a position to decide what action to take.

7.3.  Sub-committees should not assume any management functions nor should management exert inappropriate influence over the work of sub-committees. 

Financial Statements Adviser role

7.4.  The Committee may appoint a member of the Committee in an adviser role to oversee, review, report and advise the Committee on the planning, management and finalisation of the department’s annual financial statements and compliance assurance processes. The Financial Statements Adviser may also be the Chair. 

7.5.  The Financial Statements Adviser will report to the Committee each meeting and out-of-session to the Committee Chair, if not the Chair, for any issue of significance that needs to be addressed.

8. Reporting

8.1.  The Committee will as often as necessary, and at least once a year, report to the Secretary on its operation and activities during the year including:

  1. financial reporting
  2. performance reporting
  3. system of risk oversight and management, and
  4. system of internal control.

8.2.  The Chair of the Committee will summarise the outcomes of each meeting in a brief to the department’s Executive Board and may, at any time, report to the Secretary any other matter they deem of sufficient importance to do so. In addition, at any time an individual Committee member may request a meeting with the Secretary, via the Chair. 

9. Annual Reporting Requirements

9.1.  Section 17AG of the PGPA Rule establishes that the following information is to be included in the Annual Report.

The annual report must include the following:

  1. a direct electronic address of the charter determining the functions of the audit committee for the entity;
  2.  the name of each member of the audit committee during the period;
  3. the qualifications, knowledge, skills or experience of those members;
  4. information about each of those members’ attendance at meetings of the audit committee during the period;
  5. the remuneration of each of those members.

9.2.  The Secretariat will liaise with members where necessary to facilitate the provision of this information.

10. Administrative Arrangements 

Meetings

10.1.  The Committee will meet at least four times per year. Additional meetings may be held to review PM&C’s annual financial statements and annual performance statements. With approval from the Chair, the Committee can also agree items out of session by email communication.

10.2.  The Chair is required to call a meeting if asked to do so by the Secretary, and decide if a meeting is required if requested by another Committee member.

10.3.  The Chair or members may be asked to attend other PM&C executive committees as observers or presenters.

Planning

10.4.  The Committee will develop a forward work plan that includes the dates, location and proposed agenda items for each meeting for the forthcoming year, and that covers all the responsibilities outlined in this Charter.

Attendance at meetings and quorums

10.5.  A quorum will consist of a majority of Committee members.

Engagement across the department 

10.6.  The Committee will engage with the department’s senior managers and other key stakeholders in order to fulfil its functions. To assist the Committee with receiving up-to-date information on the department's key activities and risks, the Committee may request for business briefings to be included within meetings. A schedule of business briefings is included in the Committee forward work plan. 

Secretariat

10.7.  The GPA Branch will provide secretariat support to the Committee. The Secretariat will ensure the agenda for each meeting and supporting papers are circulated at least 5 working days before the meeting, and ensure the minutes of the meeting are prepared and maintained. Minutes must be reviewed by the Chair after the meeting, and distributed within ten business days to each member and Committee observers, as appropriate. The Secretariat will maintain records in accordance with PM&C’s obligations under the Archives Act 1983 and Section 37 of the PGPA Act.

Conflicts of interest

10.8.  Members of the Committee must annually provide written declarations for provision to the Secretary or their delegate declaring any actual or perceived conflicts of interest they may have in relation to their responsibilities. Members should consider past employment, consultancy arrangements and related party issues in making these declarations and the Chair should be satisfied that there are sufficient processes and plans in place to actively manage any conflicts. Declarations will be provided to the Secretary or their delegate and shared with the Chair.

10.9.  At the beginning of each Committee meeting, members are required to declare any actual or perceived conflicts of interest that may apply to specific matters on the meeting agenda. Where required by the Chair, the member will be excused from the meeting or from the Committee’s consideration of the relevant agenda item(s). Details of actual or perceived conflicts of interest declared by members and action taken will be appropriately minuted and stored centrally in a register maintained by the Head of Internal Audit.

Induction and security clearance

10.10.  New members will receive relevant information and briefings on their appointment to assist them to meet their Committee responsibilities. The GPA Branch will provide this support.

10.11.  Members will be required to undertake (and maintain) a national security clearance to the level of Negative Vetting Level One.

Assessment arrangements

10.12.  The Chair of the Committee will initiate a review of the performance of the Committee at least once every two years. The outcome will be reported to the Secretary. The review will be conducted on a self-assessment basis, with appropriate input sought from the Secretary, Committee Members, senior management, the internal and external auditors, and any other relevant stakeholders, as determined by the Secretary or their delegate.

Review of charter

10.13.  The Committee will review the appropriateness of this Charter annually and recommend any substantive changes for consideration by the Secretary.