View Current

Governance (Audit and Risk Committee) Rule 2021

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Introduction

Name of Rule

(1) This Rule is the Governance (Audit and Risk Committee) Rule 2021.


(2) This Rule commences on 2 August 2021 under resolution CNL161/2.


(3) This Rule is enacted to establish the Audit and Risk Committee and to confer on that Committee certain functions under the Charles Sturt University Act 1989.


(4) This Rule is made pursuant to authority granted to the Council under clause 4(1) of Schedule 1 of the Act, and sections 20 and 32 of the Act.

Notes: Clause 4(1) of Schedule 1 of the Act states that the Council may establish committees to assist it in the exercise of its functions and may delegate to the Committee, under section 20 of the Act, all or any of its functions. Section 32 of the Act states that the Council may make rules with respect to the functions, processes and procedures of committees of the Council.


(5) In this Rule, unless the contrary intention appears:

  1. Act – means the Charles Sturt University Act 1989.
  2. By-law - means the Charles Sturt University By-law 2005.
  3. Committee - means the Audit and Risk Committee established under this Rule in accordance with clause 4(1) of Schedule 1 of the Act.
  4. Council - means the University Council established under Part 3 of the Act.
  5. External person - means a person other than a member of the academic or general staff of the University or an undergraduate or graduate student of the University, as set out in section 8A of the Act. The University Governance Framework further provides that the person may not be an executive, employee or student of the University’s controlled entities, and must be free from any business or other relationship which could materially interfere with the unfettered and independent exercise of their judgement (refer clause 76).
  6. University Secretary - means the Secretary appointed under the By-law and includes a person or persons appointed to act on behalf of the Secretary from time to time.

(6) In this Rule, unless the contrary intention appears:

  1. a word or term that has not been deļ¬ned in this Rule has the same meaning attributed to that word or term in the Act or By-law,
  2. a reference to an officer of the University includes any person acting in that position, and
  3. headings and notes do not form part of this Rule.
Top of Page

Section 2 - Committee

Establishment of committee

(7) There is to be an Audit and Risk Committee.

Delegated authority

(8) The Council authorises the Committee to exercise the functions specified in clause 10 and any functions delegated to the Committee by the Council listed in the Delegations and Authorisations Policy and the delegation schedules.

(9) The Committee has such other functions as may be necessary to enable it to exercise the functions specified in clause 10.

Terms of reference

(10) The principal functions of the Committee are:

  1. with respect to internal audit activities:
    1. to provide assurance to the Council by monitoring, reviewing and providing advice and guidance about the University’s governance processes, risk management and control frameworks and external accountability obligations,
    2. to provide relevant advice to the Council on the appointment of the internal auditors, and any subsequent changes to the internal auditors,
    3. to review the annual internal audit program (for recommendation to the Council), monitor its scope and progress, and approve any significant changes to the program,
    4. to review the reports of the internal auditor (as well as those of internal audit contractors), including implementation, and
    5. to evaluate the performance and effectiveness of the internal audit functions by reference to the University’s audit program and strategy,
  2. with respect to compliance activities:
    1.  to approve the compliance policy for the University,
    2. to approve and oversee the processes necessary to support a compliance framework in the context of best practice corporate governance as it relates to adherence to law, University policies, and accepted procedures,
    3. to receive and review reports on compliance (including whistleblower activities) and make recommendations to management and/or the Council,
    4. to follow-up on, and obtain regular updates about, issues of material non-compliance that may have a substantive impact on the University’s operations,
    5. to review findings of any compliance investigations or audits carried out by regulatory agencies,
    6. to review the effectiveness of the University’s compliance monitoring framework, and
    7. to review any matter that the Committee reasonably feels may impact on the risk or compliance profile of the University,
  3. with respect to risk activities:
    1. to approve the risk framework and policy for the University,
    2. to review risks within the University (including academic risk) and the internal control systems in place to underpin this assessment including the University Principal Risk document, risk management framework and policies, risk appetite, risk mitigation and reputation management, as well as associated documentation, and make recommendations to management and/or the Council,
    3. to review and assess the University’s risk framework for third parties, and report to Council on findings and recommendations of this review,
    4. to review the University’s business continuity, disaster recovery plans and critical incident management processes to ensure these processes are adequate, and
    5. to receive the University Insurances Report, including Directors and Other Officers insurance policies,
  4. to advise the Council on any other matter relating to risk or compliance in relation to the University, and
  5. to provide an annual assurance statement to the Council on the matters within the scope of its responsibility.


(11) The Committee shall comprise at least four members including:

  1. at least two external members of the Council (i.e not a member of staff or a student of the University), and
  2. up to two external independent persons.

(12) The Council will appoint a suitably qualified external independent person to act as chair of the Committee. To the extent practicable, the chair should be a person with skills and experience at a senior level relevant to the functions of the Committee.

(13) Members will be appointed at a meeting of the Council for a term not exceeding four years or their term on the Council. Members may be re-appointed at the end of a term for a maximum of three consecutive terms, unless otherwise determined by resolution of the Council.

(14) Members should collectively develop, possess and maintain a broad range of skills and experience relevant to the operations, governance and financial management of the University, the environment in which the University operates and the contribution that the Committee makes to the University.

(15) At least one member of the Committee shall have accounting or related financial management experience with an understanding of accounting and auditing standards in a public sector environment.

(16) Notwithstanding clauses 11 to 15, the following persons may not be members of the Audit and Risk Committee:

  1. a member of the Finance Committee,
  2. a member of the Investment Committee,
  3. the Chancellor,
  4. the Vice-Chancellor, or
  5. a member of the staff of the University.


(17) The chair may approve for the whole, or any part, of a meeting of the Committee, the attendance of:

  1. the Chancellor,
  2. a member of the Council,
  3. the Vice-Chancellor,
  4. the Chief Financial Officer,
  5. the Internal Auditor,
  6. an external auditor engaged to conduct an internal audit, and
  7. an employee or contractor of the University or any external persons, for the purpose of providing advice or consultation to the Committee.

(18) The Committee shall meet at least four times per year.

(19) The Committee may meet at other times in accordance with the Governance (Council Meetings) Rule 2007 No. 3. [note – rule to be consolidated into the Governance Framework Procedure].

Consultation with the Internal Auditor

(20) The Committee and the Internal Auditor should meet in-camera once per year, or as required, as scheduled by the University Secretary in consultation with the Chair.