Accessibility Page Navigation
Style sheets must be enabled to view this page as it was intended.

Terms of Reference - Board Audit and Compliance Committee

1. The Committee shall comprise at least three non-executive directors under the chairmanship of a non-executive director appointed by the Board. It will be attended by the Chairman, Chief Executive and other Executives as appropriate for part of the meeting. The Internal Auditor shall attend the meeting. [The Board to ensure that it has at least one member of the Committee who has recent and relevant financial experience.] [C.3 Combined Code June 08] [The Combined Code Jun 08 contains the provision that the Board Chairman may be a member of the Committee, but not chair the Committee. The Committee determined that the present status quo be maintained and that the Chairman would continue to attend the Committee meetings but would not become a member of the Committee]

2. The Society's External Auditors and Secretary and Solicitor shall also attend as required with or without executives present, either at the request of the Committee or at any time they wish to do so. [They should attend meetings where year end accounts and systems are being discussed if dealt with by Audit Committee.]

3. The Audit Committee should at least annually meet the external and internal auditors without the Society's Managers to discuss matters relating to its remit and any issues arising from the audit to include the flow of relevant audit information. [Combined Code – Guidance on Audit Committees Oct 2008 para 2.9]

4. The Committee shall ensure that the Internal Auditor and Secretary have direct access to the Board Chairman and to the Audit Committee and are accountable to the Audit Committee. [Combined Code – Guidance on Audit Committees Oct 2008 para 4.15]

Meetings: Meetings shall be held quarterly prior to Board Meetings in April, July, September and January, and at any such other time as deemed necessary by the Committee.

Minutes: Minutes shall be circulated to all members of the Committee, those required to be in attendance, and the Society's External Auditors.

Reporting: Report to be made to the Board on a quarterly basis.

Terms of Reference For Audit:

1 Reports

To be responsible for controlling the work and receiving reports from Deloitte LLP. The reports should cover:

(i) area(s) covered;
(ii) significant matters arising;
(iii) recommendations; and
(iv) overall conclusions

To provide an independent assurance to the Committee of the integrity and effectiveness of the Society's systems and controls. [SYSC 4.1.11G].

Procedures should be introduced to ensure recommendations have been implemented, or if not implemented, validly justified.

2 Audit Plan

To establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the Society's systems, internal control mechanisms and arrangements.

3 Audit Committee – Review of Management Controls and Systems

The Audit Committee should consider the following in respect of the Society, taking a supervisory role in respect of the Society's subsidiary. Further, in accordance with PRIN 3.2.3R, to take reasonable care to organise and control its affairs responsibly and effectively with adequate risk management systems, taking account of the activities of the subsidiary and in respect of the purposes in Principle 3 - Management of Controls in a prudential context:

(i) the adequacy of the Society’s accounting records and accounting controls and to make recommendations for improvement when necessary;

(ii) the adequacy of the Society’s systems of business control and, in particular, its arrangements for evaluating risks in relation to its existing and future business, including fraud considerations and anti money laundering and related capital requirements, and to advise the Board on the adequacy of the Society’s systems of business controls and to make recommendations for improvement when necessary;

(iii) the effectiveness of the Society's internal audit function, including an assessment of the scope of work performed by internal audit, the nature and timing of internal audit reports and the adequacy of internal audit resources. This assessment must also cover a review of the financial strength of Deloitte LLP taking into account any relevant business and environmental changes in the overall context of the Society risk management programme. This assessment is carried out by the Executive for the Board's review;

(iv) the preparation and supervision of internal audit’s plan and programme;

(v) the receiving of reports from the internal auditor and reporting to the Board on the audit plan together with recommendations for improvements;

(vi) the review of the adequacy of management information and other reports made available to the Board;

(vii) becoming involved in an advisory capacity during the development of significant new IT systems to ensure that appropriate controls are in place.

(viii) the Audit Committee is the body responsible for overseeing the Society's relationship with the external auditors. [Combined Code – Guidance on Audit Committees Oct 2008 para 4.16]

(ix) to review the annual accounts prior to their approval by Board. [Dealt with by the Board of H&R]

4 Compliance

The Audit Committee must:-

  • Establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the Society, including its managers and employees, with its obligations under the regulatory system and for countering the risk that the Society might be used to further financial crime.
  • Taking into account the nature, scale and complexity of the Society's business, [and the nature and range of investment services and activities undertaken in the course of that business] establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the Society to comply with its obligations under the regulatory system, as well as associated risks, and put in place adequate measures and procedures designed to minimise such risks enabling the FSA to exercise its powers effectively under the regulatory system.
  • Ensure that the Society maintains a permanent and effective compliance function which has the following responsibilities:-

(1) monitors and, on a regular basis, assesses the adequacy and effectiveness of the measures and procedures put in place and the actions taken to address any deficiencies in the Society's compliance with its obligations;

(2) advises and assists the Senior Managers responsible for carrying out regulated activities to comply with the Society's obligations under the regulatory system.

  • In order that the compliance function discharges its responsibilities properly, ensures that it reviews whether the following conditions have been satisfied:-

(1) the compliance function has the necessary authority, resources, expertise and access to all relevant information;

(2) a Compliance Officer is appointed and must be responsible for the compliance function and for any reporting as to compliance required. [The Secretary and Solicitor is the Society's Compliance Officer responsible for the compliance function with the Compliance Manager reporting to him];

(3) the method of determining the remuneration of the relevant persons involved in the compliance function must not compromise their objectivity and is not likely to do so.

[The Board has determined that in accordance with the nature, scale and complexity of the Society's business, the requirement that the compliance function is independent shall not apply to the Society, therefore, enabling it to be involved in the performance of the services and activities that it monitors]

5 External Auditors

The Audit Committee should have primary responsibility for making a recommendation on the appointment, reappointment and removal of external auditors to include Terms of Engagement and remuneration to be paid. [Combined Code – Guidance on Audit Committees Oct 2008 para 4.17]

(i) The Audit Committee should ensure the independence and objectivity of the external auditor annually taking into consideration relevant UK law, professional and regulatory requirements. This assessment should involve a consideration of all relationships between the Society and the audit firm (including the provision of non-audit services) and any safeguards established by the external auditor. The Audit Committee should consider whether, taken as a whole and having regard to the views, as appropriate, of the external auditor, management and internal audit, those relationships appear to impair the auditor’s judgement or independence. [Combined Code – Guidance on Audit Committees Oct 2008 para 4.26]

(ii) The Audit Committee should seek reassurance that the external auditors and their staff have no family, financial, employment, investment or business relationship with the Society which could adversely affect the auditor's independence and objectivity, taking account of Ethical Standards. [Combined Code –Guidance on Audit Committees Oct 2008 para 4.27]

(iii) The Audit committee should seek from the audit firm, on an annual basis, information about policies and processes for maintaining independence and monitoring compliance with relevant requirements, including current requirements regarding the rotation of audit partners and staff. [Combined Code – Guidance on Audit Committees Oct 2008 para 4.27]

(iv) The Audit Committee should monitor the external audit firm’s compliance with relevant Ethical Standards relating to the rotation of audit partners, the level of fees that the Society pays in proportion to the overall fee income of the firm, or relevant part of it, and other related regulatory requirements. [Combined Code – Guidance on Audit Committees Oct 2008 para 4.29]

(v) The Audit Committee should consider whether the external auditor's overall work plan, including planned levels of materiality, and proposed resources to execute the audit plan appears consistent with the scope of the audit engagement, having regard also to the seniority, expertise and experience of the audit team. [Combined Code – Guidance on Audit Committees Oct 2008 para 4.36]

(vi) The Audit Committee should review, with the external auditors, the findings of their work. In the course of its review, the audit committee should:

• discuss with the external auditor major issues that arose during the course of the audit and have subsequently been resolved and those issues that have been left unresolved;

• review key accounting and audit judgements; and

• review levels of errors identified during the audit, obtaining explanations from management and, where necessary the external auditors, as to why certain errors might remain unadjusted. [Combined Code – Guidance on Audit Committees Oct 2008 para 4.37]

6 Internal Audit Function

6.1 Overall effectiveness of the Inspection Function 

The Committee should satisfy itself that the internal audit function is being properly carried out. To enable it to review the overall effectiveness of the inspection function it should ensure that the internal auditors:-

(i) issue recommendations based on the result of work carried out.

(ii) verify compliance with those recommendations.

6.2 Appropriate mechanism within Deloitte LLP to assess and monitor

To ensure that Deloitte LLP has appropriate mechanisms in place to assess and monitor the appropriateness and effectiveness of the Society's systems and controls to include consideration of:

(i) adequacy of resources, including number, experience and skills of staff within the internal audit function.

(ii) adequacy and scope of planning and work performed, including the allocation of audit effort to each area of the Society’s business.

(iii) frequency, quality and timeliness of reporting on matters arising from the work of the internal audit function.

(iv) resolution of points and recommendations raised, and reasons for any rejection of major points.

(v) review the overall effectiveness of the internal audit function.

(vi) adherence to and effectiveness of, as appropriate, its market, credit, liquidity, operational, insurance and group risk policies;

(vii) whether departures and variances from its documented systems and controls and risk policies have been adequately documented and appropriately reported, including whether appropriate pre-clearance authorisation has been sought for material departures and variances;

(viii) adherence to and effectiveness of its accounting policies, and whether accounting records are complete and accurate;

(ix) adherence to and effectiveness of its management reporting arrangements, including the timeliness of reporting, and whether information is comprehensive and accurate; and

(x) adherence to FSA Rules and regulatory prudential standards.

6.3 Impact of Outsourcing to Deloitte LLP

To ensure that the impact of outsourcing to Deloitte LLP on the Society’s overall risk policy and the Society's internal systems and controls have been assessed. This assessment must include:-

(i) clear and comprehensive terms of reference laid down. This should specify the anticipated total resources to be provided by the audit firm, including total number of man-weeks and staff grades and/or specialisms. The terms of reference should also make clear how, and under what circumstances, the audit firm would be involved in assignments which may not have been specifically contemplated when the annual internal audit plan was drawn up.

(ii) the timing and frequency of visits by the audit firm is appropriate for the level of assurance which the Board requires, which will also enable the audit firm to be fully up to date regarding business, control and developments.

This assessment will be carried out by the Executive for the Board's review.

6.4 System to identify any weaknesses in the Outsourced Function

To ensure that there is a system to identify and deal with any weaknesses in Deloitte LLP procedures which could have a material adverse impact on the service provided to the Society.

This assessment will be carried out by the Executive for the Board's review.

7 Systems of Control for Operational Risk

To manage the Society's Operational Risk Policy together with the Treasury and Lending Policy Statements with respect to credit and market risks to ensure that the systems of internal control are functioning effectively.

 Terms of Reference For Compliance

 1 To be responsible for reviewing the monitoring programme of the Compliance Officer to cover FSA regulatory requirements, Codes of Practice and implementation of new legislation or rules.

2 To be responsible for receiving the quarterly compliance monitoring reports and ensuring action is taken in relation thereto.

3. To ensure that the compliance monitoring programme adequately addresses the Society's procedures, controls and business issues.

Whistle Blowing

1 To review arrangements under the Society's Policy Statement on Whistle Blowing [Combined Code – Guidance on Audit Committees Oct 08 para 4.8] to enable staff to raise in confidence any concerns about possible improprieties in matters of financial reporting and other matters, to include arrangements for the proportionate and independent investigation of such matters and appropriate following action [Combined Code Jun 08 C.3.4].

General

1 The Terms of Reference should be reviewed annually together with the Committee's own effectiveness [to include scope and adequacy] and recommend any necessary changes to the main Board. [A6 Combined Code] [Combined Code – Guidance on Audit Committees Oct 2008 para 3.3] [See C.3.4 in the Jun 08 Combined Code for reference]

NB: Companies Act 1985 as Section 234ZA requires that:-

1. Directors are expected to make enquiries of fellow directors and of the company's auditors, and take such other steps (if any), to demonstrate they have acted with due care, skill and diligence. However, the knowledge, skill and experience that each director has, or could reasonably be expected to have to perform his/her particular duties, will be taken into account. This should be of comfort to non-executive directors, and directors not directly involved in the preparation of the accounts or the audit committee.

2. Specifically, the directors' report must state that each director has taken all steps that s/he ought to have taken in order to:-

  • make him or herself aware of any information relevant to audit; and
  • establish that the company's auditors are aware of that information, and that, as far as the director is aware, there is no information relevant to the audit of which the company's auditors are unaware.

3. Information Relevant to Audit

The Audit Committee should meet with the external auditors to discuss:-

(i) That in the areas of focus for the audit, the external auditors are made aware of relevant information that the Directors are aware exists.

(ii) To discuss with the external auditors, prior to signing the accounts, without management present, any issues concerning the flow of information to them.

The Combined Code

C.3 Audit Committee and Auditors

Main Principle

The board should establish formal and transparent arrangements for considering how they should apply the financial reporting and internal control principles and for maintaining an appropriate relationship with the Society’s auditors. Code provisions

C.3.1 The board should establish an audit committee of at least three, or in the case of smaller societies two, independent non-executive directors. In smaller societies the Board chairman may be a member of, but not chair, the committee in addition to the independent non-executive directors, provided he or she was considered independent on appointment as chairman. The board should satisfy itself that at least one member of the audit committee has recent and relevant financial experience.

C.3.2 The main role and responsibilities of the audit committee should be set out in written terms of reference and should include:

• to monitor the integrity of the financial statements of the Society, and any formal announcements relating to the Society’s financial performance, reviewing significant financial reporting judgements contained in them;

• to review the Society’s internal financial controls and, unless expressly addressed by a separate board risk committee composed of independent directors, or by the board itself, to review the Society’s internal control and risk management systems;

• to monitor and review the effectiveness of the Society’s internal audit function;

• to make recommendations to the board, for it to put to the members for their approval in general meeting, in relation to the appointment, re-appointment and removal of the external auditor and to approve the remuneration and terms of engagement of the external auditor;

• to review and monitor the external auditor’s independence and objectivity and the effectiveness of the audit process, taking into consideration relevant UK professional and regulatory requirements;

• to develop and implement policy on the engagement of the external auditor to supply non-audit services, taking into account relevant ethical guidance regarding the provision of non-audit services by the external audit firm; and to report to the board, identifying any matters in respect of which it considers that action or improvement is needed and making recommendations as to the steps to be taken.

C.3.3 The terms of reference of the audit committee, including its role and the authority delegated to it by the board, should be made available. A separate section of the annual report should describe the work of the committee in discharging those responsibilities.

C.3.4 The audit committee should review arrangements by which staff of the Society may, in confidence, raise concerns about possible improprieties in matters of financial reporting or other matters. The audit committee’s objective should be to ensure that arrangements are in place for the proportionate and independent investigation of such matters and for appropriate follow-up action.

C.3.5 The audit committee should monitor and review the effectiveness of the internal audit activities. Where there is no internal audit function, the audit committee should consider annually whether there is a need for an internal audit function and make a recommendation to the board, and the reasons for the absence of such a function should be explained in the relevant section of the annual report.

C.3.6 The audit committee should have primary responsibility for making a recommendation on the appointment, reappointment and removal of the external auditors. If the board does not accept the audit committee’s recommendation, it should include in the annual report, and in any papers recommending appointment or re-appointment, a statement from the audit committee explaining the recommendation and should set out reasons why the board has taken a different position.

C.3.7 The annual report should explain to members how, if the auditor provides non-audit services, auditor objectivity and independence is safeguarded.

June 2008 The Combined Code

Guidance on Audit Committees October 08 can be downloaded by clicking here.

MARCH 2010