Audit and Risk Management Committee Composition and Terms of Reference | UniSC | University of the Sunshine Coast, Queensland, Australia

Accessibility links

Search

Pro tip: To search, just start typing - at any time, on any page.

Searching {{ model.searchType }} for returned no results.

News

More news

Staff

More

Audit and Risk Management Committee Composition and Terms of Reference
1. Introduction

The Terms of Reference of the Audit and Risk Management Committee (‘the Committee’; ‘ARMC’) are established to assist and advise UniSC Council (‘Council’) and the Vice-Chancellor and President (VCP), as accountable officers, on the discharge of their functions and duties in accordance with the University of the Sunshine Coast Act 1998, the Financial Accountability Act 2009, the Financial and Performance Management Standard 2019, the Higher Education Standards Framework (Threshold Standards) 2021, and other relevant legislation and prescribed requirements. 

This document sets out the Committee’s key objectives, authority, composition and tenure, roles and responsibilities, reporting and administrative arrangements. 

The Committee does not have authority to implement actions over which the VCP or nominee has responsibility; it does not have any delegated financial powers, and it does not have any management function. 

The Committee plays a critical role in ensuring that UniSC, including its controlled entities and significant commercial ventures, fulfills its strategic objectives, operates within its stated risk appetite, and retains its social licence and the support and trust of students, staff, regulators, industry partners, and the community, to ensure the University maintains legitimacy and public confidence. 

The Committee reports the minutes of meetings together with any relevant reports and information directly to the next meeting of the Council. This includes, as soon as practicable after the end of UniSC’s financial year, providing Council with a report about the Committee’s operations for the year.  

The Committee shall immediately escalate to Council, via the Committee Chair and the VCP, any significant or material matters of concern. This includes any safety, wellbeing and risk matters that could materially affect the University’s reputation or operations. 

2. Terms of Reference 

Under its Terms of Reference, the Committee has seven major areas of responsibility, these are:   

  1. Monitoring Internal Control and Risk and Compliance Management; 
  2. Monitoring of Internal Audit Activities; 
  3. Monitoring of External Audit Activities; 
  4. Oversight of compliance with legislative requirements 
  5. Oversight and appraisal of Financial and Performance Reporting and providing annual assurance to Council;  
  6. Oversight of any Fraud or Ethics Issues; and 
  7. Oversight of social licence and ensuring governance and risk management practices ensure the University maintains legitimacy and public confidence. 
3. Objective

Taking into account the financial and operational environment and the University’s performance management framework, the Committee’s main functions are to: 

  • oversee the processes for the identification and assessment of the University’s current and emerging risks, including of those related to controlled entities and significant commercial ventures, including: 
    • Strategic Risks 
    • Academic and Research Risks 
    • Financial Risks 
    • Health, Safety and Wellbeing Risks, including Gender-Based Violence 
    • Operational Risks, including People, Fraud and Corruption, Cyber Security, Privacy, Business Continuity and Third Party Vendor related risks. 
  • evaluate whether processes are in place to address key roles and responsibilities in relation to risk and compliance management; 
  • evaluate the adequacy and effectiveness of the control environment to provide reasonable assurance that the systems of internal control are of a high standard and functioning as intended;   
  • to review University policies and procedures relating to these Terms of Reference;  
  • provide oversight of the University’s compliance with industrial and employment law obligations (including enterprise agreements) 
  • to consider financial delegations and recommend to Council for approval; 
  • review and appraise the financial statements to ensure the integrity and transparency of the financial reporting process;  
  • monitor the effectiveness of performance information and compliance with performance reporting requirements; 
  • evaluate the quality of the internal audit function, particularly in the areas of planning, monitoring and reporting; 
  • engage with external audit and assess the adequacy of management response to issues identified by audit;  
  • review the effectiveness of how the University monitors compliance with relevant legislative and regulatory requirements and promotes a culture committed to lawful and ethical behaviour;  
  • review relevant internal and external reviews and reports;  
  • review the Annual Report disclosure; and 
  • review the appropriateness of management’s handling of matters relating to (alleged) fraud or unethical conduct and evaluate the adequacy of measures taken to avoid similar conduct occurring in the future.  

The operations of the Committee may require interaction with or referral to other Committees of Council such as the Planning and Resources Committee (PRC) and Academic Board and do not diminish the statutory duties and responsibilities imposed on the VCP, the Council, or the internal and external auditors in the proper execution of their activities.  

The Committee will be cognisant of, and maintain the distinction between, governance matters and the role of management. 

More specific details regarding these responsibilities are provided in Appendix 1 – Terms of Reference, below. 

4. Delegations/Authorities 

Delegated authority to approve:  

  • the Fraud and Corruption Control Plan 

Delegated authority to review, endorse and recommend to Council for approval the: 

  • Internal Audit Strategic and Operational Plans 
  • appointment of the Internal Audit Co-Source Provider 
  • Audit and Assurance Governing Policy and the Internal Audit Charter 
  • Risk Appetite Statement of the University 
  • University’s Risk and Compliance Management Framework. 
  • University’s Annual Modern Slavery Statement under the Modern Slavery Act 2018 (Cth) 
  • University’s annual financial statements, including of those related to controlled entities and significant commercial ventures, for compliance with prescribed accounting and other requirements; 
5. Composition   

The membership shall be comprised of:  

  • a minimum of four independent members (external to the University) and a maximum of six persons (excluding co-opted members). 
  • at least one member should also be a member of Council.  Council members shall be appointed until their term on Council expires or as otherwise determined by Council. If the appropriate skills and experience cannot be found from within the Council, the appointment of one (or more) independent member(s) who is/are external to the University will be considered.  
  • at least one committee member must be a member of the professional accounting bodies or audit bodies in Australia.   
  • at least one member should possess expertise within the higher education sector. 

 Collectively, the Committee shall possess: 

  • a thorough understanding of core activities of the University and the Higher Education Sector; 
  • a commitment to the continual improvement of the University’s financial and non-financial performance management information;   
  • strong business acumen and management skills; 
  • a high level of understanding of best practice internal control, risk management, compliance obligations and corporate governance; 
  • a sound knowledge of information systems and emerging technology; 
  • a high level of competency in financial reporting and the ability to analyse complex financial reports; 
  • an inquiring attitude, objectivity and independence; and 
  • a strong, demonstrated sense of probity and ethical conduct. 

The Committee Chairperson and the VCP may make recommendations on the filling of ARMC positions to the Nominations Committee and Executive Committee of Council (NC&ECC). 

The NC&ECC will develop recommendations to Council on the filling of positions on the Committee (unless otherwise specified).  

The initial term of office of members will be for a period not exceeding three years and can be extended for further terms subject to the composition and skill requirements of the Committee. 

The Committee Chairperson will be a Council member external to the University and will be nominated by the Chancellor after consultation with the VCP and appointed by Council, taking into account the experience, skills, qualifications and leadership of nominees. 

The Chancellor, in consultation with the Chairperson of the Committee and the VCP, may co-opt up to two additional members, with full rights, for a specified period to facilitate succession planning and access to specific expertise. 

6. Responsibilities of Members  

Members of the Committee are expected to understand and observe the legal requirements of the University of the Sunshine Coast Act (1998) (Qld) and the Financial and Performance Management Standard 2019.  

Members of the Committee will at all times in the discharge of their duties and responsibilities:  

  • act in the best interests of the University as a whole 
  • exercise honesty, objectivity, probity and confidentiality, and not knowingly engage in activities that have the potential to bring discredit to the University   
  • disclose and avoid conflicts of interest 
  • not improperly use their position to gain an advantage for themselves or someone else 
  • refrain from entering into any activity that may prejudice their ability to carry out their duties and responsibilities objectively. 
  • maintain the confidentiality of information obtained in the course of their duties.  Information should not be used for personal benefit.   

If there is any doubt over the conveying of information to a person for reasons other than University purposes, the Committee Chair and the VCP are to be notified. 

Member involvement with the University Executive and Senior Staff is limited to receiving and providing comment on meeting agenda submissions or presentations related to these terms of reference. Any interactions between Committee Members and Management outside of a Committee Meeting require prior consultation with and agreement from the Committee Chair and the VCP.  

7. Meetings 

  • Meeting attendance 

In attendance (having participatory, but not voting rights): 

  • Vice-Chancellor and President 
  • Chief Operating Officer 
  • Chief Financial Officer  
  • Council Secretary and Director, Governance and Risk Management  
  • Internal Audit representative/s 
  • External Audit representative/s 

 The Council Secretariat will provide Secretarial support to the Committee.  

  •  Frequency of meetings 

Meetings will be held at least four times per year. In addition, the Chairperson may call such additional meetings as may be necessary to address any matters referred to the Committee or in respect of matters that the Committee wishes to pursue. 

Council members will be provided with access to Committee papers and may attend Committee meetings after consultation with the Committee Chair and advising the Secretariat of their planned attendance. 

The Committee or the Chair may meet privately in-camera with the VCP, Internal Audit and External Audit at least once per year, or as required, as scheduled by the Council Secretary in consultation with the Committee Chair. 

  • Quorum 

A quorum consists of at least one half of the members, of which at least three must be independent.    

8. Authority, Access and Engagement 

Authority is granted for full, free and unrestricted access to any and all of the University’s documents, records, physical properties, and relevant personnel (subject to the above), to allow the discharge of the Committee’s duties and responsibilities. 

All employees in attendance at meetings are requested to provide frank, truthful and meaningful answers to any questions raised by the Committee in fulfilling its function.  

9. Interaction with the Academic Board and the Planning and Resources Committee (PRC) 

The Committee will liaise closely with the Academic Board and PRC to ensure there is no material overlap between the respective functions.  It will also ensure that there is a frank and meaningful exchange of information between the committees where this is necessary or desirable. 

10. Reporting by the Committee

The Committee reports the minutes of meetings together with any relevant reports and information directly to the UniSC Council (Council). This includes, as soon as practicable after the end of the UniSC’s financial year, providing Council with a report about the Committee’s operations for the year.  

11. Evaluation and Review

To enable the Committee to operate effectively and fulfil its functions, it will: 

  • undertake a review of its Terms of Reference at least once every two years. 
  • undertake a self-assessment of its performance at least once every two years.   

Appropriate action will be taken where a need for improvement has been identified. The results of all self-assessments and reviews will be provided to Council.  

12. Audit and Assurance
  • Internal Audit 

The Committee will oversee the planning, monitoring and reporting processes of Internal Audit, ensuring they are in compliance with the Internal Audit Charter.  This process will form part of the governance processes that ensure the University’s internal audit function operates effectively, efficiently and economically. 

Management, via the Senior Internal Audit Manager (SIAM), shall develop and maintain a register of internal audit actions and an audit response database so that progress on recommendations concerning internal audit and performance can be tracked easily. 

  • External Audit 

The Queensland Auditor-General or delegate holds statutory appointment as auditor of the University and is responsible for reporting independently to Parliament on the discharge of that statutory obligation.  The Auditor-General or delegate is empowered under the Financial Accountability Act 2009 to undertake audits in any way that the Auditor-General or delegate considers appropriate, taking into account the character of the relevant internal control systems of the University, including the internal audit function. 

The Committee has no power of direction over the external auditors or the manner in which the external audit is planned or undertaken.  However, the Committee will act as a forum for the consideration of external audit findings and will ensure that they are balanced with the views of the VCP and relevant managers.  

The Chief Financial Officer will provide the administration link with the external auditors and shall develop and maintain an audit response database so that progress on recommendations concerning external audit and performance can be tracked easily. 

The external auditors and the Committee will meet formally at least once per year. 

Approved:      Council C04/49, 5 October 2004 

Revised:         Council C15/1, 3 March 2015 

Revised:         Council C18/76, 6 December 2018 

Revised:         Council C21/06, 22 February 2021 

Revised:         Council C24/28, 15 October 2024 

Last revised:  Council C26/12, 20 April 2026

 

Appendix 1: Terms of Reference  
i) Monitoring of Internal Control and Risk and Compliance Management 
  • to oversee the processes for the identification and assessment of the University’s current and emerging risks, including of those related to controlled entities and significant commercial ventures, including: 
    • Strategic Risks, including Regulatory and Compliance 
    • Academic and Research Risks 
    • Financial Risks 
    • Health, Safety and Wellbeing Risks, including Gender-Based Violence, Equity and Inclusion  
    • Operational Risks, including People, Fraud and Corruption, Cyber Security, Privacy, Business Continuity and Third Party Vendor related risks. 
  • to assess and contribute to the enhancement of the University’s governance of its systems of internal control, risk and compliance management, and internal audit activities and to ensure it operates within risk appetite; 
  • to oversee the management of and ensure compliance with legislative requirements; 
  • to monitor and provide comment on the University’s Risk Profile; 
  • to review the process for the management of risk, including identification of risk areas and the adequacy of internal controls to partially or fully mitigate risk and/or reach target risk ratings (in accordance with the Risk and Compliance Management Framework), taking into account the views of the VCP and relevant managers; and 
  • to review the University’s insurance arrangements and form a view whether they are appropriate for the University.  
ii) Monitoring of Internal Audit Activities 
  • to evaluate the quality and facilitate the discharge of the internal audit function, particularly with regard to planning, monitoring and reporting; 
  • to monitor that there is appropriate coordination with external audit; 
  • to monitor progress and compliance with the Internal Audit Annual Operational Plan and Internal Audit Charter; 
  • to monitor that internal audit has complied with the professional standards issued by The Institute of Internal Auditors – Australia; 
  • to receive and review finalised internal audit reports and provide comment to Council; and 
  • to review the actions taken by management in response to findings raised in internal audit reports. 
iii) Monitoring of External Audit Activities 
  • to act as a formal channel of communication, with advice from the VCP, between the Council and the University’s external auditors; 
  • to receive and consider external audit findings and the response to them by management; 
  • to review the actions taken by management in response to findings raised in external audit reports; and 
  • to consider external audit plans and review the adequacy of the overall audit (external and internal) coverage, with a view to ensuring that key areas are covered and that material overlaps between internal and external audit are minimised. 
iv) Oversight and Appraisal of Financial Reporting 
  • to review the appropriateness of accounting policies; 
  • to review the appropriateness of significant assumptions made by management in preparing the financial statements; 
  • to monitor that the VCP and Chief Financial Officer provide assurance with respect to the accuracy and completeness of financial statements and recommend their adoption to Council; and 
  • to review with management and the external auditors, the results of the external audit and any significant issues identified. 
 v) Oversight of Fraud and Ethics Issues 
  • to monitor that all matters relating to (alleged) fraud or unethical conduct are dealt with appropriately. 
vi) Oversight of Social Licence 
  • to monitor that all matters relating to social licence and maintaining the support and trust of students, staff, regulators, industry partners, and the community, are identified and considered. 
  • to monitor that the University’s governance, risk management, and compliance frameworks adequately support the maintenance of its social licence to operate. 
  • to review risks and controls associated with social licence, including reputational, ethical, and community trust considerations. 
  • to receive and consider reports on significant issues or developments that may impact UniSC’s social licence, including stakeholder engagement and sustainability commitments. 
  • to monitor that social licence obligations are integrated into the UniSC’s risk and compliance management framework and reflected in internal audit and assurance planning. 
  • to advise Council on any emerging risks or compliance matters that could affect the UniSC’s social licence.