Our Audit Committee assists the Commissioner to discharge her responsibilities in relation to the OAIC’s finances and performance, risk oversight and management, and system of internal control. 

Audit Committee charter 

Legislative requirement

The Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires that the Office of the Australian Information Commissioner (OAIC) has an audit committee (subsection 45(1)) and that committee is constituted and performs functions in accordance with any requirements prescribed by the associated rules (subsection 45(2)).

Under the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), the accountable authority of the OAIC must determine the functions of the audit committee by written charter (the charter) (subsection 17(1)).

These functions must include reviewing the appropriateness of the accountable authority’s:

  • financial reporting,
  • performance reporting,
  • system of risk oversight and management, and
  • the system of internal control, for the entity (subsection 17(2)).

Purpose

The Audit Committee (the committee) is established to assist the Australian Information Commissioner (or a person Acting in that role) to discharge responsibilities under the Australian Information Commissioner Act 2010 (AIC Act), Privacy Act 1988 (Privacy Act) and Freedom of Information Act 1982 (FOI Act) in respect of financial reporting, performance reporting, risk oversight and management, internal control and compliance with relevant laws and policies.

The committee is not responsible for the executive management of these functions. The committee will engage with management in a constructive and professional manner in discharging its responsibilities and formulating its advice to the Australian Information Commissioner.

Authority

The Australian Information Commissioner authorises the committee, within its responsibilities, to:

  • obtain any information it requires from any official or external party (subject to any legal obligation to protect information)
  • discuss any matters with the Australian National Audit Office (ANAO), or other external parties (subject to confidentiality considerations)
  • request the attendance of any official, including the Australian Information Commissioner, at committee meetings, and
  • obtain legal or other professional advice at the OAIC's expense, as considered necessary to meet its responsibilities.

Membership

The Audit Committee comprises three members, appointed by the Australian Information Commissioner of which the majority of the members of the committee will not be officials of the OAIC.

The Australian Information Commissioner will appoint the Chair of the committee. The Chair shall not be the Australian Information Commissioner.

The committee is authorised to appoint a Deputy Chair who will act as chair in the absence of the Chair.

The Australian Information Commissioner may attend committee meetings and when they elect to do so will require copies of committee papers.

The Australian Information Commissioner, the OAIC's Chief Financial Officer, the Partner and Senior Audit Manager of the firm appointed as Internal Audit and representatives of the ANAO may attend meetings as observers, as determined by the Chair, but will not be members of the committee.

Membership of the committee will be reviewed periodically (at least every three years) by the Australian Information Commissioner with the aim of ensuring an appropriate balance between continuity of membership, the contribution of fresh perspectives and a suitable mix of appropriate qualifications, knowledge, skills and experience to assist the committee to perform its functions.

The committee will adopt and maintain a program of induction, training and awareness-raising for its members, with the objective of enabling the committee to keep abreast of contemporary developments and leading practices in relation to its functions.

Audit committee functions

The following responsibilities to be undertaken by the committee in respect of its functions has been determined by the Australian Information Commissioner in consultation with the Chair.

Financial reporting

The committee to review the appropriateness of the OAIC’s financial reporting.

Responsibilities:
  • Review and provide advice on the appropriateness of:
    1. the OAIC’s financial statements
    2. information (other than the annual financial statements) requested by the Department of Finance in preparing the Australian Government’s consolidated financial statements, including the supplementary reporting package
    3. processes and systems for preparing financial reporting information
    4. financial record keeping
    5. compliance with the relevant accounting standards and the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 requirements
    6. accounting policies and disclosures, including any significant changes to accounting policies
    7. areas of significant judgement and financial statement balances that require estimation
    8. significant or unusual transactions
    9. internal controls and compliance
    10. the adequacy of the accounting policies and the quality of the processes for the preparation of the annual financial statements, through discussions with the ANAO
    11. whether appropriate management action has been taken in response to any issues raised by the ANAO, including financial statement adjustments or revised disclosures.
  • Act as a forum for communication between OAIC management and the ANAO.
  • Review processes to ensure that financial information included in the OAIC annual report is consistent with the signed financial statements.

Performance reporting

The committee to review and provide advice on the appropriateness of the OAIC’s performance reporting. This includes reviewing the mandatory requirements of the PGPA Act, the PGPA Rule and information provided in the OAIC’s Corporate Plan, Portfolio Budget Statement and Annual Performance Statement.

  • The Committee will satisfy itself that:
    1. the OAIC’s Portfolio Budget Statement and Corporate Plan include details of how the OAIC's performance will be measured and assessed
    2. the OAIC’s approach to measuring its performance throughout the financial year against the performance measures included in the Portfolio Budget Statement and Corporate Plan is appropriate and in accordance with the Commonwealth performance framework, and has considered guidance issued by the Department of Finance
    3. the OAIC has appropriate systems and processes in place for preparation of its Annual Performance Statement and the inclusion of the Statement in its annual report.
  • Review the Annual Performance Statement and provide advice on appropriateness to the OAIC.

Risk oversight and management

The committee to review the appropriateness of the OAIC’s system of risk oversight and management. This includes reviewing the mandatory requirements of the PGPA Act, the PGPA Rule and the Commonwealth Risk Management Policy.

  • Review and provide advice on the appropriateness of:
    1. the OAIC’s risk management framework and associated internal controls for the effective identification and management of the OAIC’s risks
    2. the OAIC’s approach to managing key risks, including those associated with legislative change, program implementation and other activities
    3. the process for developing and implementing the OAIC’s fraud control arrangements consistent with the fraud control framework and satisfy itself that the OAIC has adequate processes for detecting, capturing and effectively responding to fraud risks.

System of internal control

The committee to review the appropriateness of the OAIC’s system of internal control. This includes understanding the OAIC’s operating context, governance requirements, and reviewing the mandatory requirements of the PGPA Act and PGPA Rule.

  • Review and provide advice on the appropriateness of the internal control framework:
    1. review management’s approach to maintaining an effective internal control framework and whether processes are in place for assessing whether key policies and procedures are complied with
    2. review whether management has in place relevant policies and procedures, such as Accountable Authority Instructions, delegations, a business continuity management plan and that these are periodically reviewed and updated.
  • Review and provide advice on the appropriateness of legislative and policy compliance:
    1. review the effectiveness of systems for monitoring the OAIC’s compliance with laws, regulations and associated government policies
    2. whether the OAIC has adequately considered legal and compliance risks as part of the enterprise risk management framework, fraud control framework and planning.
  • Review and provide advice on the appropriateness of security compliance:
    1. review the OAIC’s approach to an effective internal security system including complying with the Protective Security Policy Framework.
  • Review and provide advice on the appropriateness of the internal audit coverage:
    1. review the OAIC’s proposed internal audit coverage, ensuring the coverage considers the OAIC’s primary risks, and recommending approval of the internal work plan
    2. review all internal audit reports, providing advice to the Accountable Authority on major concerns identified in those reports, and recommending action on significant matters raised.
  • Provide a statement to the OAIC’s Accountable Authority as to whether the OAIC’s system if internal control is appropriate, referring to any specific areas of concern or suggestions for improvement.

Reporting

The committee will regularly update the Australian Information Commissioner on its activities and make recommendations, as appropriate.

The Chair of the committee will report to the Australian Information Commissioner following a meeting of the committee on any matters that the committee considers should be brought to the attention of the Australian Information Commissioner.

The committee will at least once annually confirm to the Australian Information Commissioner that all functions/responsibilities outlined in this charter have been carried out and comply with any other reporting requirements specified by the Australian Information Commissioner from time to time.

Administrative arrangements

Meetings

The committee will meet at least four times per year. One or more special meetings may be held to review annual financial statements and performance statements, or to meet other responsibilities of the committee.

All committee members are expected to attend each meeting, in person or via tele or video conference.

The Chair is required to call a meeting if asked to do so by the Australian Information Commissioner and decide if a meeting is required if requested by another member, the Partner of the firm appointed as internal auditor or the ANAO.

Planning

The committee will develop a forward meeting schedule that includes the dates, location, and proposed agenda items for each meeting for the forthcoming year, and that covers all the responsibilities outlined in this charter.

Quorum

A quorum will consist of a majority of committee members. The quorum must be in attendance at all times during the meeting.

Secretariat

The secretariat will ensure the agenda for each meeting is approved by the Chair and the agenda and supporting papers are circulated at least one week before the meeting, as well as ensure the minutes of the meetings are prepared and maintained. Minutes must be reviewed by the Chair and circulated within two weeks of the meeting to each member and committee observers, as appropriate.

Conflicts of interest

Once each year, members of the committee will provide written declarations, through the Chair, to the Australian Information Commissioner declaring any material personal interests they may have in relation to their responsibilities. External members should consider past employment, consultancy arrangements and related party issues in making these declarations and the Australian Information Commissioner, in consultation with the Chair, should be satisfied that there are sufficient processes in place to manage any real or perceived conflict.

At the beginning of each committee meeting, members are required to declare any material personal interests that may apply to specific matters on the meeting agenda. Where required by the Chair, the member will be excused from the meeting or from the committee's consideration of the relevant agenda item(s). The Chair is also responsible for deciding if they should excuse themselves from the meeting or from the committee's consideration of the relevant agenda item(s). Details of material personal interests declared by the Chair and other members, and actions taken, will be appropriately recorded in the minutes.

Induction

New committee members will receive relevant information and briefings on their appointment to assist them to meet their committee responsibilities.

Assessment arrangements

The Chair of the committee will initiate a self-assessment of the performance of the committee at least once every two years. The review will involve input from the Australian Information Commissioner, each committee member, and any other relevant stakeholders, as determined by the committee.

Review of charter

At least once every three years the committee will review this charter. This review will include consultation with the Australian Information Commissioner.

Any substantive changes to the charter will be recommended by the committee and formally approved by the Australian Information Commissioner.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au