Corporate report

HSE audit and risk assurance committee's terms of reference

Published 15 December 2023

Applies to England, Scotland and Wales

1. Constitution

The Audit and Risk Assurance Committee (ARAC) is constituted as a sub-committee of the HSE Board. The Committee is a non-executive committee and has no executive responsibilities nor is it charged with making any decisions unless delegated to it by the HSE Board, although it may make recommendations.

The Terms of Reference can only be amended with the approval of the HSE Board.

2. Purpose

The Committee’s purpose is to support the HSE Board to meet its obligations to ensure HSE has an effective framework of governance, risk management and internal control. It does this primarily by:

• Reviewing the comprehensiveness of assurances on governance, risk management and the control environment in meeting the Board and Accounting Officer’s assurance needs.
• Reviewing the reliability and integrity of these assurances.
• Reviewing the integrity of the financial statements and the annual report.
• Advising the HSE Board and Accounting Officer about how well assurances support them in decision-taking and in discharging their accountability obligations.

The ARAC is expected to fulfil its role using its collective skills and external experience. It is also expected to comply with HM Treasury’s Audit and Risk Assurance Committee handbook (GOV.UK) and the Corporate Governance Code of Good Practice (GOV.UK).

3. Authority

The Audit and Risk Assurance Committee is authorised by the HSE Board to:

• Investigate any activity within its terms of reference.
• Seek any information it requires from any HSE employee, that relates to activity falling within its terms of reference; all employees should co-operate with any such request made by the Committee.
• Obtain, with the HSE Board’s agreement, external, expert advice as it deems necessary to discharge its responsibilities. The cost of such advice will be met by the organisation, subject to budgets agreed by the Accounting Officer.
• Co-opt additional members for a period not exceeding a year to provide specialist skills, knowledge and experience.

4. Duties

The key duties of the Committee are:

Risk Control and Governance

• Review and assess HSE’s strategic processes for risk, internal control and governance.
• Critically review the risk management and assurance framework and supporting processes to provide assurance that arrangements are operating.
• Review the draft Annual Governance Statement to consider its completeness and alignment with assurances provided to the Committee.

4.1 Financial reporting

• Monitor the integrity of the financial statements of HSE, and report to the HSE Board and Accounting Officer on significant financial reporting issues and judgements which those statements contain having regard to matters communicated to it by the external auditor.
• Review and consider:
• the application of significant accounting policies and any changes to them
• the methods used to account for significant or unusual transactions where different approaches are possible
• whether HSE has adopted appropriate accounting policies and made appropriate estimates and judgements, taking into account the external auditor’s views on the financial statements
• the clarity and completeness of the disclosures in the financial statements and the context in which the statements are made.
• Where the Committee is not satisfied with any aspect of the proposed financial reporting, it shall report its views to the Accounting Officer and HSE Board.
• Consider the External Auditor’s reports, advice and findings to advise the Accounting Officer on signing the accounts and governance statement.

4.2 Integrated assurance

• Guide the development and direction of assurance activity (including but not limited to internal and external audit) through consideration of the integrated assurance plan, ensuring limited assurance resources are used to maximise coverage and avoid duplication.
• Review and consider the outcomes from assurance reviews (including internal audit reports) as reported in the Integrated Assurance Report, assessing the impact on the overall control environment.
• Review the adequacy and timeliness of the implementation of management actions to address issues highlighted through assurance reviews.

4.3 Counter fraud, bribery and corruption

• Review the adequacy of HSE’s arrangements for its employees, contractors and external parties to raise concerns, in confidence, about possible wrongdoing in financial reporting or other matters.
• Review HSE’s procedures for the prevention and detection of fraud, bribery and corruption.

4.4 Internal audit

• Review and assess where necessary matters pertaining to the provision of internal audit[1].
• Meet with the Head of Internal Audit without the presence of management, at least once a year to discuss the auditor’s remit and any issues arising.
• Agree the internal audit plan (and associated fee) as part of the Committee’s consideration of the integrated assurance plan.
• Review the outcomes from Internal Audit’s work as part of the Committee’s consideration of the Integrated Assurance Report.
• Review the performance of internal audit, including conformance with applicable standards, expected performance measures, and the results of both internal and external quality assurance assessments.

4.5 External audit (National Audit Office)

• Consider the planned external audit approach.
• Consider the ways in which external audit is cooperating with internal audit to maximise overall audit efficiency.
• Meet regularly with the external auditor and, at least once a year, meet with the external auditor without management being present, to discuss the auditor’s remit and any issues arising from the audit.
• Review the outcome of the audit (Audit Completion Report) with the External Auditor and consider the implications for any advice to the Accounting Officer in respect of signing the accounts. Any review shall include but not be limited to:
• a discussion of any major issues which arose during the audit
• key accounting and audit judgements
• levels of errors identified during the audit
• proposed External Audit opinion.
• Review any representation letter(s) requested by the external auditor before it is signed by management.
• Consider the quality of External Audit and their approach to their responsibilities.
• Review and consider the potential implications for HSE of wider work carried out by the External Auditor (for example, VFM reports or good practice findings)

The expected core work programme to enable the Committee to deliver its role effectively is attached at Annex A

5. Composition

5.1 Chair

A non-executive Director from the HSE Board shall act as the Chair of the Committee. In their absence, they shall nominate an individual to act as Chair.

Current Chair is Martin Esom.

5.2 Membership

The Committee shall be made up of 3 Board Members (including the Chair) and a minimum of one independent member.

5.3 Attendance

It is expected that the following officials will normally attend each meeting:

• Accounting Officer
• Director, Planning, Finance and Procurement
• Head of Business Assurance
• The designated Head of Internal Audit
• A representative of external audit (National Audit Office)
• A representative from HSE’s sponsoring department, Department for Work and Pensions.

Other officials may be invited to attend by the Chair to attend all or part of any meeting to assist with discussions on specific issues.

The Audit and Risk Assurance Committee may ask any or all of those who normally attend but who are not members to withdraw to facilitate open and frank discussion of particular matters.

5.4 Secretary

The Board secretary or their nominee shall act as the secretary of the Committee.

5.5 Quorum

The quorum for any meeting of the Committee shall be attendance of a minimum of three Committee Members, of which two must be HSE Board non-executive directors. A duly convened meeting of the Committee at which a quorum is present shall be competent to exercise all or any of the authorities, powers, and discretion vested in, or exercisable, by the Committee.

6. Proceedings of meetings

6.1 Frequency of meetings

The Audit and Risk Assurance Committee will meet a minimum of four times per annum. The Chair of the Committee may convene additional meetings, as they deem necessary. The HSE Board or Accounting Officer may ask the Committee to hold further meetings to discuss particular issues on which the Committee’s advice is wanted.

6.2 Notice of meetings

Unless otherwise agreed, notice of the meeting confirming the venue, time and date together with an agenda of items to be discussed and supporting papers shall be forwarded to each member of the Committee, and any person required to attend, no later than 5 working days prior to the date of the meeting.

6.3 Conflicts of interest

A Committee member or attendee who becomes aware of a potential or actual conflict of interest relating to matters being discussed by the Committee should give prior notification to the Chair or, if this is not possible, declare it at the meeting and, where necessary, withdraw during discussion of the relevant agenda item.

6.4 Output of meetings

The secretary shall minute the proceedings and actions of all meetings of the Committee, including recording the names of those present. Minutes of committee meetings shall be circulated promptly to all Committee members.

7. Access

The Head of Internal Audit and the representative of External Audit (National Audit Office) have free and confidential access to the Chair of the Audit and Risk Assurance Committee. There is a mutual right of access between each of the Chair of the Audit and Risk Assurance Committee, the Accounting Officer, Head of Business Assurance, Head of Internal Audit and External Auditor.

8. Reporting responsibilities

The Committee shall be directly accountable to the HSE Board.

The Chair of the Committee shall prepare a summary report or set of minutes for the HSE Board after each meeting, detailing items discussed, actions agreed and issued to be referred to the HSE Board.

The minutes of the Committee shall be formally recorded and submitted to the subsequent meeting of the HSE Board following the production of minutes. The Committee will provide the HSE Board and Accounting Officer with an Annual Report[2], timed to support the preparation of the Governance Statement. It will present the committee’s opinion and highlight any issues the Committee considers pertinent to the Governance Statement and long-term issues it thinks the Board and/or Accounting Officer should give attention to.

9. Effectiveness

The Committee shall:

• Consider the provision of induction, training and development on an on-going basis to maintain the Committee’s effectiveness.
• Advise the Board of any apparent deficiencies that it may from time to time identify in the collective skill set of its membership.
• Arrange for periodic independent external reviews of its own effectiveness as part of the Board effectiveness process.
• Annually consider its own effectiveness and report the outcome to the Board, including advice on ways in which it considers it needs to be strengthened or developed.
• At least annually, review its objectives and terms of reference to ensure it is operating at maximum effectiveness and recommend any changes it considers necessary to the HSE Board for approval.

The Chair will review members’ performance annually and the Chair of the Board will review the ARAC Chair’s performance annually.

10. Annex A

10.1 Audit and Risk Assurance Committee: Expected core work programme

	Spring meeting April	Summer meeting June	Autumn meeting Oct / Nov	Winter meeting Jan / Feb
Governance		Draft governance statement Draft for review	Final governance statement Final for review (and included in Annual Report and Accounts
Risk management	- ExCo risk register Report summarising any significant changes to risks and a copy of the ExCO Risk Register	- ExCo risk register	- ExCo risk register	- ExCo risk register
Integrated assurance including internal audit	Integrated assurance plan For forthcoming financial year (including GIAA plan and associated fee) - for consideration	Integrated assurance report (Q4) For review and consideration	Head of Internal Audit’s annual opinion Report (or exceptionally indicative opinion) for consideration	Integrated assurance report (mid-year) For review and consideration
	Integrated assurance report (Q3)[3] [4] For review and consideration	Head of Internal Audit’s annual opinion Report (or exceptionally indicative opinion) for consideration
	Internal audit charter For review	Internal audit performance and effectiveness For consideration
Financial statements	External audit - NAO audit planning report Outlining approach to current year’s accounts including fee	External audit – NAO update On audit and any matters arising	External audit – NAO audit completion report	External audit – NAO update
	Accounting policies update (if necessary)	Accounting policies update (if necessary)	Annual audit and accounts[5] - for consideration and to advise the AO on signing the accounts and Governance Statement	Accounting policies update (if necessary)
Other	Counter fraud, bribery and corruption update - for review	Counter fraud, bribery and corruption update - for review		Counter fraud, bribery and corruption update - for review
Committee effectiveness[6]	Effective review consider outcome and agree actions	Annual report of the committee – agree report with HSE Board and AO
	Review committee’s TOR

When appropriate

• External Quality Assessment on the internal audit function (as required by PSIAS as a minimum every 5 years).
• Any deep dives into governance, risk management or internal control arrangements pertaining to significant strategic priorities, Divisions or programmes as deemed appropriate by the Committee.

---

[1] As per the Audit Committee handbook, the Committee should consider the internal audit strategy; adequacy of resources available to internal audit; and the internal audit charter or terms of reference for internal audit

[2] The expected contents of the Annual Report are described within the Audit and Risk Assurance Committee Handbook (GOV.UK)

[3] The Integrated Assurance Report brings together the outcomes and issues emerging from 2nd and 3rd line assurance activity (irrespective of provider) together with a progress report on delivery. It also incorporates any overdue action arising from internal audit work. It includes a specific update from the designated Head of Internal Audit.

[4] A summary of each internal audit is included within the Integrated Assurance Report. However, to ensure there is prompt feedback to ARAC of emerging issues, ARAC members will receive a summary note of any GIAA audit reports as they are finalised. Should the audit report include a limited or unsatisfactory audit opinion, ARAC members will receive a full copy of the audit report, together with a note from the relevant ExCo member to provide further detail on action to be taken to improve the control environment in the audit area.

[5] The draft Annual Report and Accounts are reviewed by all HSE Board and ARAC members prior to this meeting. Any comments and suggestions are taken into consideration prior to the formal consideration of the ARA at this meeting.

[6] The Committee will meet with both the internal and external auditors privately, without officials present, at least once per annum.