Northern Ireland Audit Office (NIAO) Audit and Risk Assurance Committee Terms of Reference

  1. Constitution and Purpose

The Comptroller and Auditor General (C&AG), as the Accounting Officer of the Northern Ireland Audit Office (NIAO), is responsible for ensuring that there are effective arrangements for governance, risk management and internal control.  


The Advisory Board supports the C&AG in this role by reviewing the comprehensiveness and reliability of assurances on governance, risk management, the control environment and the integrity of financial statements and the annual report


To provide support in these functions, the Board shall establish an Audit and Risk Assurance Committee to review the comprehensiveness of assurances on systems of internal control, risk management and corporate governance. The Audit and Risk Assurance Committee is independent of all NIAO operational activities.

  1. Membership

The Audit and Risk Assurance Committee comprises three non-executive Board members of NIAO, excluding the NIAO Board Chairperson, who may attend by invitation, if required.


The Chairperson of this Committee will be appointed by the Board Chairperson.


A member of NIAO Corporate Services will provide the Audit and Risk Assurance Committee with a secretariat function.  


  1. Responsibilities

The Audit and Risk Assurance Committee will support the Board in advising the C&AG as Accounting Officer in the following areas:

  • the strategic processes for risk, control and governance and the Governance Statement;
  • the accounting policies, the annual report and accounts, including the process for review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors;
  • a summary of raising concerns, grievances, complaints and disciplinary cases;
  • the planned activity and results of both internal and external audit;
  • the adequacy of management response to issues identified by audit activity, including external audit’s management letter;
  • assurances relating to the management of risk and corporate governance requirements for the NIAO;
  • proposals for tendering for Internal Audit services (The External Auditor for NIAO is appointed by the Department of Finance in accordance with Schedule 2 of The Audit Northern Ireland Order 1987) or for purchase of non-audit services from contractors who provide audit services;
  • anti-fraud policies, Raising Concerns processes and arrangements for special investigations; and
  • the Audit and Risk Assurance Committee will also annually review its own effectiveness and report the results of that review to the Board.

On the advice of the Board, informed by the Audit and Risk Assurance Committee, the C&AG will be responsible for the appointment of the Internal Auditor.

  1. Resourcing

Subject to the budgets agreed by the C&AG with the Board, the Audit and Risk Assurance Committee may:

  • co-opt additional members for a period not exceeding a year to provide specialist skills, knowledge and experience;
  • select and appoint specialist ad-hoc advice at the expense of the NIAO; and
  • avail of suitable induction training and continuous professional development training for members.

The Committee is authorised to investigate any activity within its terms of reference and to seek any information it requires to carry out its duties.

  1. Access

Internal Audit and External Audit will have free and confidential access to the Chairperson of the Audit and Risk Assurance Committee.   

The Chairperson will report on the business of the Committee to the Advisory Board.


  1. Meetings

The Audit and Risk Assurance Committee will meet at least four times a year (potentially including a workshop).  The Chairperson of the Committee may convene additional meetings, as deemed necessary.


A minimum of two members of the Audit and Risk Assurance Committee must be present for the meeting to be deemed quorate.  


In the event of any member being unable to attend a meeting, the Chairperson will brief them on the business conducted.  If the Chairperson is unable to attend a Committee meeting, the two remaining members will decide who undertakes chairing duties for that meeting.


The C&AG may attend meetings of the Audit and Risk Assurance Committee.  The Chief Operating Officer, the Director of Corporate Services, and representatives from Internal and External Audit will normally attend meetings of the Committee.

The Committee may ask any other officials of the Office to attend to assist with its discussions on any particular matter.

The Committee will have a private meeting, at least annually, with Internal Audit and External Audit.

  1. Information Requirements

For each meeting of the Audit and Risk Assurance Committee, the Chairperson shall confirm the agenda with the secretariat.     

Standing agenda items are:

  • draft minutes from the previous meeting to be approved;
  • a schedule of matters arising and progress made since the previous meeting;
  • an opportunity for members to declare any conflicts of interest on agenda items;
  • a report summarising any significant changes to the organisation’s strategic risks and a copy of the Corporate Risk Register;
  • Internal Audit reports and any key issues emerging;
  • a progress report on implementing Internal Audit recommendations;
  • fraud and raising  concerns reports; and
  • a progress report (written/verbal) from External Audit summarising work done, emerging findings and progress on the implementation of external audit recommendations;

As and when appropriate the Committee will be provided with:

  • the draft Internal Audit strategy;
  • Internal Audit’s Annual Opinion and Report;
  • quality assurance reports on the internal audit function;
  • the draft annual report and accounts, including all appropriate assurance statements;
  • the draft Governance Statement;
  • a report on any changes to accounting policies;
  • the draft External Audit Strategy and plan;
  • External Audit’s management letter;
  • a report on proposals for tender for audit functions (as necessary);
  • the risk management strategy;
  • anti-fraud policies;
  • disaster recovery, contingency and crisis planning;
  • management assurance reports;
  • an annual report on the management of major incidents, “near misses” and lessons learned;
  • a report on the external quality assurance of NIAO (ISQC1 and Transparency Annual Report – financial and public reporting); and
  • any other papers or issues materially relevant to the work of the Audit and Risk Assurance Committee or deemed appropriate to be brought before the Committee.

An annual programme of work will be prepared which will define the frequency with which information should be reported.

The draft minutes will be circulated to Committee members within two weeks of the meeting and agreed formally at the next meeting of the Committee.  Papers required will be with members at least five working days in advance of the meeting.

  1. Conflicts of Interest and Conduct

Audit and Risk Assurance Committee members will apply the principles of public service as set out in the NIAO Code of Conduct.  This will include advising of any external interests which may conflict with duties and responsibilities in accordance with NIAO Code of Conduct arrangements

  1. Reporting

Once approved by the Committee, the Minutes of Audit and Risk Assurance Committee meetings will be provided to the Board and published on the NIAO website.


The Committee will provide an Annual Report to the Board, timed to support finalisation of the NIAO Annual Report and Accounts and the Governance Statement.  The Committee’s report will summarise its conclusions from the work it has done during the year. The report contents will align with best practice.

  1. Review and Approval

This Terms of Reference will be reviewed by the Audit and Risk Assurance Committee at least annually and presented to the Board for approval.