Audit and Risk Committee charter/Draft

From Wikimedia UK
Jump to navigation Jump to search
This page is kept as an archival reference.
If you want to raise a point about it, please start a discussion thread on the community forum.

The Wikimedia UK Audit & Risk Committee (“the Committee”) is committee formed by the Board of Trustees (“the Board”) to monitor and advise on the charity's external audit and internal audit functions, on the effectiveness of its financial control systems and procedures, and on all aspects of risk-mitigation.

The Committee operates under the Charter set out below.

Constitution and Composition[edit | edit source]

  1. The Committee is a standing committee of the Board.
  2. The Committee consists of at least three trustees including the Treasurer who is a member ex officio. Membership of the Committee is determined by the Board, and will be reviewed at least annually.
  3. The Committee chooses its own Chair, subject to ratification by the Board. Failing a Committee decision, the Chair will be appointed by the Board.
  4. The Board may appoint observers (who must be members of the charity). If observers are appointed:
    1. They may attend and participate in meetings of the Committee, but they may not vote.
    2. The number of observers must be fewer than the number of trustees serving on the Committee.
    3. Each observer's appointment will be reviewed at least annually by the Board.

Remit[edit | edit source]

The remit of the Committee is:

  1. To review and advise on the management of major risks of interest to the Board;
  2. To review and make recommendations on the charity’s annual report and accounts and regulatory returns (including the Summary Information Return to the Charity Commission), also any non-statutory annual reviews, with particular reference to:
    1. their integrity and the implications of any significant financial reporting issues and judgements therein; and
    2. compliance with legal and regulatory requirements;
  3. To review and advise on the Board’s internal control systems and procedures and provide assurance to the Board on these matters annually, with particular reference to:
    1. the effectiveness of Board and senior management decision-making processes within the framework of Board policy;
    2. the adequacy of the charity’s technical expertise and policies and processes for ensuring compliance with relevant quality standards;
    3. the adequacy of the charity’s handling of any issues raised internally under its whistleblowing policy, including any fundraising complaints or issues raised by volunteers and compliance with regulatory reporting requirements in respect of any serious incidents coming to notice;
    4. its controls over grant-awards and their proper application;
    5. budgetary control and internal financial management reporting; and
    6. any matter arising that is seen as a threat to the probity of the charity;
  4. To review and make recommendations to the Board concerning the appointment, removal, remuneration, terms of engagement and independence of the charity’s external auditors, and on their effectiveness and value-for-money, and in particular:
    1. to advise the Board annually on their audit findings or management letter and on the appropriate response to the auditors by the Board;
    2. to agree the terms of any engagement of the auditors to supply non-audit services, taking into account relevant ethical guidance regarding the provision of such services;
    3. to review and agree the auditors’ annual audit plan and any extension of their work to cover further investigations into any specific aspects arising; and
    4. to recommend to the Board any action needed to concerns arising from any of the above tasks.

The Committee has delegated powers under Article 21 to provide expert advice and assurance to the Board on all audit matters, on the effective working of the charity's financial control systems and procedures, including budgetary controls, and on all aspects of the proper management of major risks to the charity as a company and as the UK Chapter of Wikimedia. It also has delegated powers to approve certain expenditure as set out in the Scheme of Delegation.

Meetings and reporting[edit | edit source]

  1. The Committee shall meet in person at least three times each year, such meetings to coincide with key dates within the financial reporting and audit cycle and in liaison with the Chief Executive;
  2. Meetings will be called by the Chair of the Committee;
  3. Attendance of non-Committee members or observers at the Committee's meetings is at the discretion of the Chair;
  4. The Chief Executive and Finance Manager and other senior staff will be in attendance as and when required by the Committee;
  5. The Committee will be serviced by the Company Secretariat;
  6. The Committee shall report to the Board at least annually and whenever else needed.

Authority[edit | edit source]

  1. The Committee is authorised to obtain any information it may reasonably require from any employee, volunteer or trustee of the charity in order to perform its duties, and all employees, volunteers, trustees and agents of the charity are directed to cooperate with any such request made by the Committee (if any information is considered of a deeply personal nature, this should only be made available to the Chair of the Committee);
  2. The Committee is authorised to obtain at the charity’s expense any legal or other professional advice it may reasonably need for its tasks; and
  3. The Committee can take to the relevant regulator any major concerns that are not being adequately addressed by the Board;
  4. The Committee should be able to challenge the Board and the Chief Executive on any matter within the above terms of reference.

Skills needed by the Committee[edit | edit source]

The Committee is required ensure that it has the following skills commensurate with the tasks it is asked to take on from time to time:

  1. Public accountability and audit assurance under charity and company law;
  2. Financial Controls systems and procedures;
  3. Risk-management;
  4. Quality Controls systems and procedures;
  5. Internet protocols and data protection requirements.