Audit and Risk Committee Terms of Reference

Audit and Risk Committee: Terms of Reference

January 2024

This Terms of Reference (TOR) updates the previous Terms of Reference as at October 2023.  It follows closely the guidance in DoF’s Audit and Risk Assurance Committee Handbook (NI) issued in April 2018, and especially the Example Terms of Reference at Annex D of that Handbook.

1. Preamble

The Office of the Police Ombudsman for Northern Ireland “the Office” was established under the Police (Northern Ireland) Act 1998.  It is an executive Non-departmental Public Body whose sponsor body is the Department of Justice and is accountable to the Northern Ireland Assembly through the Justice Minister.  The Office of the Police Ombudsman operates under a management framework governed by the Police (Northern Ireland) Act 1998 and the Police (Northern Ireland) Act 2000.  The Office of the Police Ombudsman for Northern Ireland does not have a Board but is headed by the Police Ombudsman who is a corporation sole under the Police (Northern Ireland) Act 1998 and appointed by Royal Warrant.  The Accounting Officer is the Chief Executive for the Office of the Police Ombudsman for Northern Ireland.

2. Constitution

The Audit and Risk Committee was established in 2003, to support the Police Ombudsman and Chief Executive in discharging their responsibilities in relation to issues of risk, control and governance, by reviewing the comprehensiveness, reliability and integrity of the risk, control and governance assurances available to the organisation.  As the Police Ombudsman is appointed under statute as a Corporation Sole and the Office does not have a Board, in consequence the role of the Committee has greater significance than for other Audit and Risk Committees, which operate in conjunction with a Board. 

3. Membership

The membership of the Audit and Risk Committee is as follows:

Independent Non-Executive Members:

• Two Independent External Members (the present members hold appointments from April 2020 and May 2023 for three years, extendable by a further two years). These members shall between them chair all Audit and Risk Committee Meetings. 
• It was formally agreed to secure a third Independent External Member in order to provide a greater range of expertise to the Audit and Risk Committee. Recruitment for this has been deferred until such time resources become available. 

4. Attendees

The following people will normally be expected to attend each meeting of the Audit and Risk Committee.

Internal
•    Police Ombudsman for Northern Ireland
•    Chief Executive (Accounting Officer) 
•    Director of HR and Corporate Services

External
•    Representative from Internal Auditor – NICS Internal Audit 
•    Representative from External Auditor – Northern Ireland Audit Office
•    Representative from Department of Justice

Other members of staff, on certain occasions may be invited to attend the Audit and Risk Committee to contribute to certain agenda items, such as risk, or as observers.

[The names of current members and attendees of the Audit and Risk Committee are shown at Appendix 1]

The Director of HR and Corporate Services shall arrange for the provision of secretarial services for the Audit and Risk Committee. 

5. Reporting

a) The Audit and Risk Committee will provide minutes to the Police Ombudsman and Accounting Officer after each meeting.

b) The Audit and Risk Committee will provide the Police Ombudsman and Accounting Officer with an Annual Report, timed to support finalisation of the accounts and the Governance Statement, summarising its conclusions.

6. Responsibilities

The Audit and Risk Committee will advise the Police Ombudsman and Accounting Officer on:

I. The strategic processes for risk, control and governance and the Governance Statement;

II. The accounting policies, the accounts and the annual report of the organisation, including the process of review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors;

III. The planned activity and results of both internal and external audit;

IV. Adequacy of management response to issues identified by audit activity, including external audit’s management letter;

V. Assurances relating to the corporate governance requirements of the organisation;

VI. Proposals for tendering for Internal Audit services or for purchase of non-audit services from contractors who provide audit services;

VII. Anti-fraud policies, whistle-blowing processes, and arrangements for special investigations, including Value for Money;

VIII. Review the operation of the Office’s Code of Ethics at least every three years;

IX. Consider any other matters where requested to do so by the Police Ombudsman;

X. The Audit and Risk Committee will also, at a minimum annually, review its own effectiveness and report the results of that review to the Police Ombudsman and to the Accounting Officer

7. Non-Executive Members

The Audit and Risk Committee has two independent non-executive members whose role is to provide: 

(i) Constructive challenge across the Office’s operational and corporate functions;

(ii) A fresh, objective perspective and new ideas;

(iii) Improved rigour to management processes;

(iv) Specific expertise and experience;

(v) A safe sounding board for new approaches; and

(vi) A balance to the mix of skills and experience on the Committee.

Independent Members should ensure all aspects of strategy and delivery of policy are scrutinised for effectiveness and efficiency.  In particular, they should:

(i) Be involved in the monitoring of performance and progress of the Office, including the use of human and financial resources;

(ii) Maintain a critical overview of the Office’s financial controls and procedures for assessing and managing risk, drawing on their wider experience; and

(iii) Depending on the current and future responsibilities of the Office, challenge the quality of the policy formulation process.

8. Rights

The Audit and Risk Committee may:

a) Co-opt additional members for a period not exceeding a year to provide specialist skills, knowledge and experience;

b) Procure specialist ad-hoc advice at the expense of the organisation, subject to budgets agreed by the Police Ombudsman and the Accounting Officer.

9. Access

The Head of Internal Audit and the representative of External Audit will have free and confidential access to the Chair(s) of the Audit and Risk Committee.

10. Meetings

a) The Audit and Risk Committee will meet at least four times a year.  The Chair(s) of the Committee may convene additional meetings, as they deem necessary;

b) Both independent non-executive members of the Audit and Risk Committee will normally be present for the meeting to be deemed quorate. However, in exceptional circumstances, the Audit and Risk Committee may proceed with one non-executive member present.  The non-executive members of the Committee will co-chair the meetings.

c) Audit and Risk Committee meetings will normally be attended by the Police Ombudsman, the Accounting Officer/Chief Executive, the Director of HR and Corporate Services, the Head of Internal Audit, a representative of External Audit, and a representative of the Sponsor Department;

d) The Audit and Risk Committee may ask any other officials of the organisation to attend to assist it with its discussions on any particular matter;

e) The Audit and Risk Committee may ask any or all of those who normally attend but who are not members to withdraw to facilitate open and frank discussion of particular matters.

f) At least one Audit and Risk Committee meeting per year will be held with the internal and external auditors in closed session.

g) The Police Ombudsman or the Accounting Officer may ask the Audit and Risk Committee to convene further meetings to discuss particular issues on which they want the Committee’s advice.

11. Information Requirements

For each meeting the Audit and Risk Committee will normally be provided with:

• A report summarising any significant changes to the organisation’s Risk Register or proposed changes to the Corporate Governance arrangements;
• A progress report from the Head of Internal Audit summarising 
• Work performed (and a comparison with work planned);
• Key issues emerging from Internal Audit work;
• Management response to audit recommendations;
• Changes to the Internal Audit Plan;
• Any resourcing issues affecting the delivery of Internal Audit objectives;
• A progress report from the External Audit representative summarising work done and emerging findings;
• A progress report from management providing an update in relation to the implementation of internal and external audit recommendations;
• Any management assurance reports, including but not limited to: fraud or theft, data breaches, direct award contracts, whistleblowing;
• Reports on the management of major incidents or “near misses” and lessons learned;  
• As and when appropriate, the Committee will also be provided with;
• Proposals for the Terms of Reference of Internal Audit / Internal Audit Charter;
• The Internal Audit Strategy;
• The Head of Internal Audit’s Annual Opinion and Report;
• Quality Assurance Reports on the Internal Audit function;
• The draft accounts of the organisation;
• The draft Governance Statement;
• A report on any changes to accounting policies;
• External Audit’s Management Letter;
• A report on any proposals to tender for audit functions;
• A report on co-operation between Internal and External Audit;
• The Risk Management Strategy;
• End Year and Mid-Year Accounting Officer Stewardship Statements;
• End Year Directorate Stewardship Statements – and mid-year if required.

 Appendix 1

Membership of the Audit and Risk Committee. Effective October 2023