Audit and Risk Committee – Terms of Reference

The Board has established an Audit and Risk Committee (“the Committee”) to support the Board, through a process of constructive challenge, in its responsibilities for matters of risk, control, governance and associated assurance.

Guidance on the principles and best practice for the organisation of Audit and Assurance Committees is contained in the Scottish Public Finance Manual.

The Committee will have at least three members of which at least two will be non-executive members of the Board. The Board may appoint up to two independent, external members for terms of up to three years (which may be renewed for total service of up to six years).

In addition, a co-opted member may be appointed by the Committee for a period not normally exceeding twelve months where the provision of specialist skills, knowledge or experience is necessary.

External members of the Audit and Risk Committee will be required to comply with the principles of the Code of Conduct for Members, in particular Section 4 relating to the Registration of Interests.

The Board will appoint one of the non-executive Board members as Chair of the Committee.

The current Committee members and their terms of appointment are set out in Appendix A.

As necessary, the Committee will be provided with induction and other relevant training.

The Committee will be provided with a secretariat function by the Operations team or as otherwise agreed by the Chair of the Committee and the Chief Executive.

The Audit and Risk Committee will report orally and/ or in writing to the Board after each meeting. A copy of the minutes of the meeting may form the basis of the report. In addition, the Chair of the Committee will report to the Board at least annually any matters of concern identified by the Audit and Risk Committee.

The Committee will provide the Board and Accountable Officer with an Annual Report, timed to support finalisation of the accounts and the governance statement, summarising its conclusions from the work it has done during the year.  The report will take into account any other relevant assurance reports.

The Committee should support the Accountable Officer and Board by reviewing the comprehensiveness and reliability of assurances on governance, risk management, the control environment and the integrity of financial statements and the annual report.

The scope of the Committee's work should be defined in its terms of reference and should encompass all the assurance needs of the Accountable Officer and Board. Within this, the Committee should have particular engagement with the work of Scottish Government Directorate for Internal Audit and Assurance, Deloitte LLP (external auditor), risk management, and financial management and reporting issues.

The Committee will advise the Board and Accountable Officer on:

• • the strategic processes in respect of risk, control and governance; and on the Governance Statement
  • the accounting policies, the Accounts, and the Annual Report of the organisation, including the process for review of the Accounts prior to submission for Audit, levels of error identified, and management's letter of representation to the External Auditors;
  • the planned activity and results of both Internal and External Audit;
  • the adequacy of management response to issues identified by audit activity, including External Audit's management letter/report
  • the effectiveness of the internal control environment
  • assurances relating to the corporate governance of the organisation
  • proposals for the provision of internal or external audit services or for purchase of non-audit services from contractors who provide audit services
  • corporate policies of the organisation including counter-fraud policies, whistle-blowing processes and arrangements for special investigations
  • any issues that should be escalated to the Board
  • anything else that is referred to the Committee by the Board and/or the Accountable Officer

The terms of reference should be reviewed annually alongside the performance of the Committee and the results of that review reported to the Board.

The Audit and Risk Committee may:

• • co-opt additional members for a period not exceeding one year, and with the approval of the organisation’s Chair and/or the Accountable Officer, to provide specialist skills, knowledge and experience
  • procure specialist ad-hoc advice, at the expense of the organisation, subject to budgets agreed by the Board and/or the Accountable Officer

There should be mutual rights of access between the Chair of the Audit and Risk Committee, the Accountable Officer, Head of Internal Audit and the External Auditor. Periodic discussions outside of the formal meeting help to ensure that expectations are managed and that there is mutual understanding of current risks and issues.

The procedures for meetings are:

• • the Committee will meet at least four times a year. The Chair of the Committee may convene additional meetings, as they deem necessary
  • at each meeting a minimum of two members of the Committee, including at least one member of the Committee who is also a member of the Board, will be present for the meeting to be deemed quorate
  • Committee meetings will normally be attended by the Chair of the Board, the Accountable Officer (Chief Executive), the Director of Operations, representative(s) of Scottish Government Directorate for Internal Audit and Assurance and representative(s) of Deloitte LLP (External Audit)
  • the Committee may require any other member of staff of the organisation to attend to assist it with its discussions on any particular matter
  • the Committee may ask any or all of those who normally attend but who are not members of the Committee to withdraw to facilitate open and frank discussion of particular matters
  • the Board or the Accountable Officer may ask the Committee to convene further meetings to discuss particular issues on which they seek the Committee's advice.

For each meeting the Committee will be provided with either in writing or orally:

• • a report summarising current year management accounts
  • a report summarising any significant changes to the organisation's Strategic Risk Register
  • a progress report from Scottish Government Directorate for Internal Audit and Assurance summarising:
    • work performed (and a comparison with work planned);
    • key issues emerging from Scottish Government Directorate for Internal Audit and Assurance work
    • management response to the Scottish Government Directorate for Internal Audit and Assurance’s recommendations
    • significant changes to the Scottish Government Directorate for Internal Audit and Assurance’s plan
    • any resourcing issues affecting the delivery of Scottish Government Directorate for Internal Audit and Assurance’s objectives

As and when appropriate, the Committee will also be provided with:

• • budget proposals for future years (when appropriate)
  • business update reports from the Chief Executive
  • Scottish Government Directorate for Internal Audit and Assurance’s
    • Memorandum of Understanding
    • Charter and Strategy
    • Annual Audit Plan
    • Annual Opinion and Report
    • quality assurance reports on its own function
  • the draft accounts of the organisation
  • the draft Annual Governance Statement
  • a report on any changes to accounting policies
  • Deloitte LLP’s (External Auditor) management letter/report
  • a report on any proposals to tender for Internal Audit functions
  • a report on counter fraud and bribery arrangements and performance reports from other sources within the “three lines of assurance” integrated assurance framework (e.g. Best Value self-assessment Reviews, Gateway Reviews, Health Check Reviews, ICT Assurance Reviews, Digital 1st Service Standard Reviews, Procurement Capability Reviews, Procurement Key Stage Reviews)
  • reports on matters identified as high risk to the organisation
  • proposed annual work programme for the Committee.
  • a progress report from Deloitte LLP (External Auditor) summarising work carried out and emerging findings.

Committee members as at 12 March 2025:

Angela Morgan

Appointed 19.04.2022 to 30.06.2024

Reappointed 12.03.2024 to 31.03.2029

James Walker

Appointed 19.04.2022 to 30.06.2024

Reappointed 12.03.2024 to 31.03.2028