Audit & Risk Committee (ARC) Terms of Reference
Audit & Risk Committee (ARC) Terms of Reference
1 Financial reporting
1.1 The Audit & Risk Committee shall monitor the integrity of the Annual Report and Financial Statements of the LLP, including the non-financial elements, and review and report to the Governance Council on significant financial and non-financial issues and judgements contained therein, including having regard to matters communicated to it by the LLP's external auditor. In particular, the Audit & Risk Committee shall review and challenge where necessary:
(a) the application of significant accounting policies and any changes to them;
(b) the methods used to account for significant or unusual transactions where different approaches are possible;
(c) whether the LLP has adopted appropriate accounting policies and made appropriate estimates and judgements, taking into account the LLP's external auditor’s views on the financial statements; and
(d) all material information presented with the financial statements, including the strategic report and the corporate governance statements relating to the audit and to risk management.
2 External audit
2.1 The Audit & Risk Committee is responsible for:
(a) considering the appointment, re-appointment or removal of the LLP's external auditor and to oversee the selection process for a new external auditor of the LLP where required;
(b) with the Ethics Partner, establishing and maintaining an Auditor Independence Policy;
(c) annually challenging and assessing the performance, independence and objectivity of the LLP's external auditor, discussing issues they raise in the audit and monitoring the effectiveness of the audit process and reviewing their quality control procedures and steps taken to respond to regulatory, professional and other changes;
(d) approving the terms of engagement in respect of the statutory audit, developing and implementing policy on engaging the LLP's external auditor for non-audit services and approving in advance the fees for both audit and non-audit services;
(e) approving the nature and scope of the audit with the LLP's external auditor before the audit commences and reviewing the findings of the audit, as well as management’s response on completion;
(f) reviewing management representation letters in relation to financial reporting requested by the LLP's external auditor prior to signature by the Executive;
(g) monitoring the effectiveness of the relationship between the LLP's external auditor and the LLP's internal audit function;
(h) resolving disagreements between management and the LLP's external auditor regarding financial reporting; and
(i) meeting regularly with the LLP's external auditor (including at least once a year without other attendees of the Audit & Risk Committee or management present), to discuss the LLP's external auditor’s remit and any issues arising from the audit.
3 Internal control and risk management
3.1 The Audit & Risk Committee is responsible for:
(a) reviewing:
(i) the LLP’s quality and risk management framework and its linkage to the enterprise risk management strategy;
(ii) the robustness of the LLP’s risk management policies and processes and their fitness for purpose when tested against the Executive’s enterprise risk management strategy and risk appetite;
(iii) regular assurance reports from management, the quality and risk management function, the LLP's General Counsel and the LLP's internal audit function covering service quality and risk management, regulatory compliance, business resilience, contentious matters and other ad hoc reports covering such other matters relating to risk management and internal control as the Executive may request from time to time; and
(iv) the timeliness of, and reports on, the effectiveness of corrective action taken.
(b) undertaking deep-dive reviews into significant Enterprise Risk Management (ERM) risks at the request of the Governance Council or where, in the Audit & Risk Committee’s view, further scrutiny is required;
(c) considering the major findings of any relevant internal investigations into control weaknesses, fraud or misconduct and management’s response (in the absence of management where necessary); and
(d) providing input and recommendations to the Executive on the firm’s strategy for ERM, including appropriate mitigations and risk appetite.
4 Internal audit
4.1 The Audit & Risk Committee is responsible for:
(a) approving the internal audit programme, budget and resource plan, requesting where appropriate that the LLP's internal audit function undertake specific work, and monitoring the significant internal audit findings, including management’s response to them;
(b) reviewing the effectiveness and performance of the service provided by the LLP's internal audit function, including annual review; and
(c) ensuring that the LLP's internal audit function is adequately resourced and free from constraint, and has the appropriate standing within the LLP.