Terms of Reference: Audit and Risk Committee

This document sets out the Terms of Reference of the HSE Audit and Risk Committee, including matters prescribed in legislation and additional responsibilities allocated to the Audit and Risk Committee as approved by the Board of the Health Service Executive in XX October 2023.

The Audit Committee is established and maintained in accordance with Section 40H of the Health Act 2004 as amended by Section 23 of the Health Service Executive (Governance) Act 2019 and subsequent legislation. The legislation recognises that the Audit Committee has a role to provide oversight and advice on risk management. Therefore, its title has been expanded to the ‘Audit and Risk Committee’ to reflect the full nature of its remit.

The Committee works in concert with, and takes comfort and assurance from, the work of other Board Committees, each of which has a specific remit as documented in their own Terms of Reference.

Under legislation, the Audit and Risk Committee (the Committee) shall advise the HSE Board (the Board) and the HSE Chief Executive (the Chief Executive) on financial matters relating to their respective functions and a number of compliance matters related to same.

It also has a number of specified roles identified in legislation including advising on the appropriateness, effectiveness and efficiency of the HSE’s procedures relating to: public procurement; seeking sanction for expenditure and complying with that sanction; the acquisition, holding and disposal of assets; risk management; financial reporting, and internal audits.

The Committee’s role extends to the following areas, which are further detailed in the Responsibilities section below:

1. Advising the Board and the Chief Executive on financial matters and carrying out related reporting activities, including compliance reporting to the Board and the Minister for Health as required; (section 4.1 below).
2. Reviewing the appropriateness of HSE’s accounting policies, annual financial statements, annual report and required corporate governance assurances and any matters and advice relating to making a satisfactory recommendation of same to the Board. (section 4.2 below).
3. Providing oversight to the operation of HSE internal controls and, in particular, advising on the appropriateness, effectiveness and efficiency of the HSE’s procedures relating to public procurement and the acquisition, holding and disposal of assets. (section 4.3 below).
4. Providing oversight and advice in relation to the HSE Internal Audit function; (section 4.4 below).
5. Providing oversight and advice with regard to the operation of the HSE Risk Management framework and related activities within the function of risk management (subject to agreed scope modifications below relating to patient safety and quality risks); (section 4.5 below).
6. Providing oversight and advice relating to anti-fraud policies, oversight of the operation of protected disclosure policies and processes, and arrangements for special investigations; scrutiny of contracts, property dealing and the estates function; oversight of compliance functions. (section 4.6 below).
7. Reviewing the arrangements for, and results of, internal and external audits and management’s response to the recommendations and points arising from same; (section 4.7 below).
8. Any other roles and responsibilities devolved to the Committee by the HSE Board. (section 4.8 below).

The scope of the Committee’s authority extends to:

• the HSE and anything it directly controls
• as legally and contractually appropriate, all service providers in receipt of HSE funding under section 38 of the Health Act 2004 (as amended) and persons or bodies in receipt of assistance of any type as defined in section 39 of the Health Act 2004 (as amended)
• public monies held in trust by any of the above

In addition to its statutory authority to provide oversight and advice and make certain reports, the Board extends the Audit and Risk Committee’s authority to:

• investigate any activity within the Terms of Reference set out in this document
• seek any information or explanations that it requires from any HSE employee or agency totally or partially funded by the HSE and all employees and agencies funded are directed to cooperate with any request made by the Committee
• obtain independent legal or other independent professional advice, at the HSE’s expense and in accordance with the HSE’s procurement policy, and secure the attendance of persons with relevant experience and expertise at the Audit and Risk Committee meeting, if it considers this necessary
• investigate any matter it deems relevant to its scope brought to its attention by whomsoever, including, but not limited to, reports in relation to financial and risk management matters

With regard to risk management, the Audit and Risk Committee will retain overall oversight of operation, maintenance and development of the risk management framework and underlying risk methodologies (and for the avoidance of doubt will retain overall committee responsibility for the oversight of the HSE’s principal risks and reviewing the financial impact of claims experience on the HSE) but the Board has agreed that certain other committees of the Board will provide the detailed consideration, oversight and advice relating to risks within their agreed scopes.

Accordingly, consideration and oversight of risks, and related management actions, in patient safety and quality and other clinical areas are transferred to, and are within the scope of, the Patient Safety and Quality Committee.

The Audit and Risk Committee, having regard to the efficient and effective oversight of risk management processes, may transfer the consideration and oversight of risks, and related management actions, to other committees of the Board.

The Chair of the Audit & Risk Committee will coordinate with the Chairs of these other Committees to ensure that there is sufficient Board oversight of all risks within HSE under this approach.

4.1 Relating to financial matters generally

The statutory duties of the Audit Committee, as set out in Section 40I of the Health Act 2004 as amended by Section 25 of the Health Service Executive (Governance) Act 2019 require the Committee to advise on financial matters relating to:

• the proper implementation by the HSE of Government guidelines on financial issues; (Section 40I(3)(a) of the Health Act 2004 as amended by Section 25 of the Health Service Executive (Governance) Act 2019)
• compliance by the HSE with:
  1. Its obligations (under Section 33 of the Health Act 2004 as amended by Section 10 of the Health Service Executive (Financial Matters) Act 2014) to manage the services set out in an approved service plan so that the services are delivered in accordance with the plan and so that the net non-capital expenditure incurred for the financial year or part of financial year to which the plan relates does not exceed the amount specified in the Government’s Letter of Determination.
  2. its obligation (under Section 33B of the Health Act 2004 as amended by Section 11 of the Health Service Executive (Financial Matters) Act 2014) to submit an annual capital plan.
  3. Any other obligations imposed on it by law relating to financial matters; (Section 40I(3)(b)(ii) of the Health Act 2004 as amended by Section 25 of the Health Service Executive (Governance) Act 2019).
• compliance by the CEO with his obligations under Section 34A of the Health Act 2004 as amended by Section 19 of the Health Service Executive (Governance) Act 2019 to ensure that the HSE’s net non-capital and capital expenditures do not exceed the amounts allocated by government for a financial year or part of a financial year (and to inform the Minister if such allocations might be breached)
• (Section 40I(3)(b)(ii) of the Health Act 2004 as amended by Section 25 of the Health Service Executive (Governance) Act 2019) to advise on the appropriateness, efficiency and effectiveness of the HSE’s procedures relating to:
  1. Public procurement
  2. Seeking sanction for expenditure and complying with that sanction.
  3. The acquisition, holding and disposal of assets.
  4. Risk management.
  5. Financial reporting.
  6. Internal audits.

With regard to oversight of the delivery of the Annual Service Plan, and Capital Plan the Audit and Risk Committee will coordinate its activities and work programme with the Performance and Delivery Committee so that the Performance and Delivery Committee will provide the detailed consideration, oversight and advice relating to the achievement of the non-financial commitments in the Annual Service Plan and Capital Plan and provide sufficient communication and assurance relating to same to allow the Audit and Risk Committee to fulfil its statutory remit and focus its activities, in the main, on financial aspects of these plans.

4.2 Relating to accounting policies, annual financial statements, annual report and required corporate governance assurances

As set out above, the Committee is required under legislation to advise on the appropriateness, efficiency and effectiveness of the HSE’s procedures relating to financial reporting. There are also a number of Corporate Governance requirements in this area that arise from the application of the Code of Practice for the Governance of State Bodies (2016).

The Committee is therefore responsible for reviewing the appropriateness of HSE’s accounting policies, annual financial statements, annual report and required corporate governance assurances and any matters and advice relating to making a satisfactory recommendation of same to the Board.

The Audit and Risk Committee has a responsibility to promote good accounting practice, to include the adoption of appropriate accounting policies, improved and more informed financial decision-making with a focus on timeliness, reliability and value for money throughout the HSE.

Section 36 of the Health Act 2004 outlines the procedures for adoption of Annual Financial Statements. The HSE shall adopt the annual financial statements on or before the 1st day of April in the year following the financial year to which they relate and these are submitted to the C&AG for audit and to the Minister at the same time.

The Audit and Risk Committee will review and scrutinise, where necessary, the estimates, actions and judgements of management of the HSE in relation to the Annual Financial Statements and any other related financial statements, before recommending the financial statements to the Board for adoption.

Particular attention should be paid by the Committee to:

• critical accounting policies and treatments and any changes in those policies or treatments
• completeness of financial statements and that they present fairly the financial performance and position of the HSE
• financial reporting decisions requiring a significant element of judgement
• the extent to which the Annual Financial Statements are affected by any unusual transactions in the year and how these are disclosed
• clarity of disclosure
• compliance with relevant accounting standards and practices
• compliance with other legal obligations relating to financial matters
• any other aspects of financial reporting as identified by the Committee or requested by the Board

4.3 Relating to HSE Internal Controls

As set out above, the Committee is required under legislation to advise on the appropriateness, efficiency and effectiveness of the HSE’s internal control system. There are also a number of Corporate Governance requirements in this area that arise from the application of the Code of Practice for the Governance of State Bodies (2016).

The Committee is therefore responsible for providing oversight to the operation of HSE internal controls and, in particular, advising on the appropriateness, effectiveness and efficiency of the HSE’s procedures relating to:

• public procurement
• the acquisition, holding and disposal of assets
• seeking sanction for expenditure and complying with that sanction

The Committee will have responsibility to:

• ensure that HSE maintains and promotes a control culture that enables compliance with best practice in corporate governance
• review reports, at least annually, produced by management and Internal Audit on the effectiveness of Value for Money management
• review and approve the Chairman’s Annual Comprehensive Report to the Minister regarding HSE’s system of internal control
• review the Statement on Internal Control in the annual report and accounts on the HSE’s internal controls and risk management framework; as required under the Code of Practice for the Governance of State Bodies, report its outcome to the Board and make appropriate recommendations
• review the HSE’s insurance strategy and to propose any changes in light of claims experience and financial risk parameters
• assess the scope and effectiveness of the systems established by management to identify, assess, manage and monitor financial and related matters

4.4 Relating to HSE Internal Audit function

As set out above, the Committee is required under legislation to advise on the appropriateness, efficiency and effectiveness of the HSE’s Internal Audit function.

The Committee has responsibility to:

• oversee and advise on matters relating to the operation and development of the HSE’s Internal Audit division
• review and recommend for approval to the Board he Annual Internal Audit Plan having given guidance regarding risks and problem areas that the audit plan should address and ensuring that Internal Audit has due regard for value for money principles in its audits
• review and monitor the adequacy of the annual Internal Audit programme and ensure that the Internal Audit function is adequately resourced and has appropriate standing within the HSE to allow it to highlight and to audit significant risk areas within the HSE
• monitor implementation of the Internal Audit Plan throughout the year and to receive a report on the results of the National Director of Internal Audit’s work on a periodic basis
• to make recommendations to the Board for the appointment or termination of the National Director of Internal Audit
• review the significant findings and recommendations of Internal Audit and monitor actions taken by management to resolve any issues identified
• request special reports from Internal Audit as the Committee considers appropriate or as requested by the Committee Chair, the Chair of the Board or the CEO
• ensure that the National Director of Internal Audit has direct access to the Chair of the Audit & Risk Committee, the Board Chairperson and the Audit & Risk Committee and is accountable to the Audit & Risk Committee
• to monitor and assess the role and effectiveness of the Internal Audit function and activities, and to consider internal audit’s independence, expertise, experience and adherence to professional standards and make any recommendations pertaining to the Internal Audit function that the Committee considers necessary or appropriate, including as regards organisation, resources, training, use of technology.

4.5 Relating to HSE Risk Management framework and related activities

As set out above, the Committee is required under legislation to advise on the appropriateness, efficiency and effectiveness of the HSE’s risk management processes. In relation to risk management, the Committee has responsibility for oversight and advice relating to the scope and effectiveness of the systems and processes related to the identification, measurement, assessment and management of risk in the HSE, and the promotion and embedding of a risk management culture throughout the health system.

In particular, the Committee will:

• advise the Board on the HSE’s overall risk appetite, tolerance and strategy, taking account of the current and prospective macroeconomic and healthcare environment and drawing on authoritative sources relevant to the HSE’s risk policies
• advise executive management about the maintenance and promotion of a culture that enables integrated management of all risks
• review annually compliance with the HSE Risk Management Framework and make any recommendations thereon to the Board as considered necessary
• keep under continuing review HSE’s procedures for identifying, assessing and reporting and controlling risks, especially in relation to:
  - Principal (‘top’) risks
  - emerging risks
  - any failure to implement, on a timely basis, recommendations arising from investigated and other incidents/reports
  - healthcare-sector-wide risks
• review and advise the Board on all HSE Divisional risk management plans and on the HSE corporate risk register
• through its close liaison with the Patient Safety and Quality Committee (who will have responsibility to provide oversight of certain clinical and patient related risks as agreed from time to time between the Chairs of these Committees)
  - have regard to the reports of the Patient Safety & Quality Committee in relation to its assessment of the reports of the National Director of Quality and Patient Safety on the effectiveness of the systems established by management to identify, assess, manage, monitor and report on risks
• review material risk incidents and claims and provide feedback on management’s actions
• review assurance provided by internal and external audit in relation to risk management and advise the Board accordingly; and
• oversee periodic external review of the effectiveness of the risk management framework to consider its expertise, experience and make any recommendations pertaining to the risk management function that the Committee considers necessary or appropriate, including as regards organisation, resources, training and use of technology

4.6 Relating to anti-fraud, protected disclosure and special investigations, scrutiny of contracts and property dealing, oversight of compliance functions.

The Audit & Risk Committee will provide oversight and advice relating to anti-fraud policies, oversight of the operation of protected disclosure policies and processes, and arrangements for special investigations as well as pre-Board scrutiny of material contracts and property dealings and oversight of the estates and compliance functions.

The responsibility of the Audit & Risk Committee is to:

• review the HSE’s procedures for detecting and reporting fraud, corruption and waste
• ensure that appropriate arrangements are in place by which employees may, in confidence, raise concerns about possible improprieties in matters of financial reporting, financial control, taxation, Value-for-Money, waste, corruption or any other matters of potential waste or wrongdoing
• receive reports, on a timely basis, of concerns raised under the Protected Disclosures of Information in the Workplace Policy and exercise oversight of management to ensure that appropriate action is taken in order to maintain the highest standards of probity and honesty throughout the health services
• periodically review and, if necessary, propose changes to the HSE’s Code of Standards and Behaviour; Policy on Fraud and Policy on Protected Disclosures
• ensure that HSE meets its statutory obligations, including reporting obligations, in relation to Protected Disclosures and other matters related to this area
• exercise oversight to ensure that the HSE’s control functions (such as Internal Audit or Compliance) monitor the operation of the Protected Disclosure procedures on an ongoing basis and report to the Audit Committee on their findings - such monitoring should not be conducted by the same person/area that has responsibility for the operation of the procedures; senior management and the Audit & Risk Committee will carry out a periodic review, at least annually, to evaluate the procedures
• conduct pre-Board scrutiny of material contracts and property dealings
• provide oversight to the Compliance related functions within HSE

4.7 Relating to external audit results and responses

The Audit and Risk Committee is responsible for reviewing the arrangements for, and results of, external audits and management’s response to the recommendations and points arising from same.

External audit of aspects of the HSE is carried out by both the C&AG and external Audit Firms. As required, the HSE appoints external auditors to audit monies other than public monies (e.g. Patient Private Property accounts). The Chief Financial Officer under the Committee’s supervision is responsible for maintaining a register of who carries out the external audit of all agencies under the scope of the Committee.

The Audit & Risk Committee will, in relation to external audit carried out (including the audit by the C&AG):

• oversee the HSE’s relations with the external auditors
• consider, and make recommendations to the Board on the appointment, reappointment and removal of any external auditor(s) other than the C&AG (who is appointed by statute)
• review and approve the terms of engagement and fees in respect of audit services provided
• discuss with the auditor, before the audit commences, the nature and scope of the audit, including the nature and extent of Value for Money auditing
• discuss with the auditor the staffing of the audit and assess the qualification, expertise, resources, effectiveness and independence of the external auditors annually by:
  - seeking reassurance that the auditors and their employees have no family, financial, employment, investment or business relationship with the HSE (other than in the normal course of business)
  - seeking from auditors, on an annual basis, information about policies and processes for maintaining independence and monitoring compliance with relevant requirements, including current requirements regarding the rotation of audit partners and employees
  - monitoring any external audit firm’s compliance with applicable ethical guidance relating to the rotation of audit partners, the level of fees paid in proportion to the overall fee income of the firm, office and partner and other related regulatory requirements
• review with the auditors, the findings of their work, including any major issues that arose during the course of the audit which have subsequently been resolved and those issues that have been left unresolved; key accounting and audit assumptions underlying the audit; levels of errors identified during the audit, obtaining explanations from management and, where necessary other external auditors, as to why certain errors might remain unadjusted
• review the audit representation letters before consideration by the Board, giving particular consideration to matters that relate to non-standard issues
• assess, at the end of the audit cycle, the level of assurance provided to the HSE Board by the audit process and the effectiveness of the audit process
• evaluate the cooperation received by auditors, including access to records, data and information
• obtain feedback about the conduct of the audit from key personnel involved
• review and monitor the content of the management letter from the auditors, in order to assess whether it is based on a good understanding of the HSE’s role and establish whether recommendations have been acted upon and, if not, the reasons why they have not been acted upon
• develop and recommend to the Board the HSE’s policy in relation to the provision of any non-audit services by the auditor and ensure that the provision of such services does not impair the auditor’s independence or objectivity

The Audit & Risk Committee will review on an annual basis the planned scope of audit work done by all auditors together with internal audit work with a view to maximising the efficiency and effectiveness of the audit process. This does not, in any way, restrict the statutory right of the C&AG to pursue any matter as he/she sees fit.

4.8 Relating to other roles and responsibilities devolved by the HSE Board

The Audit and Risk Committee may have responsibility for any other roles and responsibilities devolved to the Committee by the HSE Board.

5.1 Membership and quorum

The Audit and Risk Committee will be appointed by the Board and will consist of:

• not fewer than three members of the HSE Board
• not fewer than four other persons who, in the opinion of the Board, have the relevant skills and experience to perform the functions of the committee, at least one of whom will hold a professional qualification in accountancy or auditing.

Further provisions:

• neither the HSE Board Chairperson nor the Chief Executive or the Chief Financial Officer may be a member of the Audit and Risk Committee. Other than the members of the Board appointed to the Committee, a person is not eligible for appointment to the Audit and Risk Committee if that person is an employee of the HSE
• the Board will designate one of the Audit and Risk Committee Board members (to be the Chairperson of the Audit and Risk Committee
• a quorum will consist of three members, one of whom will be a member of the HSE Board and, in the absence of the Chairperson from a meeting of the Committee, an acting chairperson will be selected from amongst the Board members attending
• the Committee will normally operate on the basis of consensus. In the event of a vote being required on any matter a simple majority of all members present, including the Chairperson, will carry the motion with the Chairperson of the meeting having a casting vote in the event of a tie
• the Chairperson will provide Committee members as necessary with an appraisal of their performance as Committee members
• the Committee and the Chairperson will make recommendations to the Board as appropriate on the Committee’s and individual members’ training needs.

5.2 Relevant Skills and Experience

The Audit and Risk Committee members should collectively possess an appropriate range of skills to perform its functions to the required standard. At least one member should have recent, relevant financial experience and other members should have experience in the core areas of the Committee’s scope and an understanding of the public sector environment, in particular the accountability structures, and current public sector reform initiatives.

New members of the Committee should benefit from a formal induction process and, if necessary, individually tailored training. The Audit and Risk Committee and Chairperson should make recommendations to the Board on the Committee’s and individual member’s training needs. The Audit and Risk Committee should keep up to date with best practice and developments in corporate governance.

5.3 Chairperson of the Audit and Risk Committee

The Chairperson of the Audit & Risk Committee has particular responsibility for ensuring:

• that the Committee fulfils its role and responsibilities
• that the Committee is appropriately resourced
• reports to the Committee contain relevant information and are provided at the right time in an appropriate format
• absent Committee members are briefed on meetings and attendance records are maintained and reviewed annually
• that he/she ensures that a report is made at Board meetings and submit regular written reports to the Board containing relevant information
• matters arising are reported on at each subsequent meeting
• he/she is involved in the appointment of new Committee members.

The Chairperson of the Audit and Risk Committee or any member will have the right of access to the CEO and any senior personnel of the Health Service Executive. The Chairperson of the Audit and Risk Committee will have the right of access to the National Director of Internal Audit and the Chief Financial Officer on any matter relating to the business of the Audit and Risk Committee.

Where disagreements between the Committee and either the Board or the CEO cannot be resolved, the Committee will report the issue to the Minister for Health and the C&AG.

5.4 Secretariat to the Audit and Risk Committee

The secretariat to the Audit & Risk Committee should:

• commission papers as necessary and support the Chairperson in preparing reports
• circulate documents and prepare and circulate minutes of meetings to Committee members and to internal and external audit as necessary 5 working days in advance of meetings
• for any agreed actions, document the owner, deadline and any advice given by stakeholders and monitor between meetings
• keep the Committee abreast of developments in the HSE
• maintain a record of members’ appointments and termination/renewal dates and ensure that appropriate appointment procedures are initiated when necessary.

5.5 Indemnification

The CEO will arrange for each external member of the Audit and Risk Committee to receive an indemnification in accordance with the conditions laid out in the appendix to the General Council Report 1357 of the Civil Service, against liabilities which may arise from his or her membership of the Audit & Risk Committee.

5.6 Tenure

A member of the Audit and Risk Committee will hold office for the period determined by the Board when appointing that person. A member of the Audit and Risk Committee may resign from the committee by letter addressed to the Chairperson of the Board or may at any time be removed as a member of the Committee by the Board for stated reasons. Members of the Audit & Risk Committee will hold office on such terms and conditions as determined by the Board with the consent of the Minister for Health and the Minister for Public Expenditure and Reform.

5.7 Conflicts of Interest

Committee members are required to advise the Chairperson of any potential conflicts of interest on appointment and make annual declarations under the Ethics in Public Office Acts.

Each member of the Committee should take personal responsibility to declare any potential conflict of interest arising in relation to any items on the agenda for Audit and Risk Committee meetings.

A register of Audit and Risk Committee members’ interests will be maintained by the Secretary. Where a conflict of interest arises, the relevant member should bring this to the attention of the Chairperson and, where necessary, leave the room for the duration of the discussion and not take part in any decisions relating to the discussion.

Similar arrangements will apply in relation to meeting documentation, where such documentation will not be made available to the member. This will be noted in the minutes of the meeting.

5.8 Meetings

• the Audit and Risk Committee will meet as required, determined at its own discretion, but not less than four times a year (to coincide with key dates in the HSE’s financial reporting cycle)
• the National Director of Internal Audit or the C&AG may request a meeting if either consider that one is necessary
• the agenda for each meeting will be finalised by the Chairperson of the Audit and Risk Committee and circulated with all relevant papers by the Secretary to all members of the Audit & Risk Committee (and other attendees, as appropriate) 5 working days in advance of each meeting - papers provided to the Committee should clearly communicate all relevant information
• no person other than the Audit & Risk Committee members will be entitled to attend Audit & Risk Committee meetings - the Audit and Risk Committee may invite a person who has responsibility within the HSE for internal audits or for any financial matters or any other person it considers appropriate (whether that person is or is not an employee of the Executive) to attend specific meetings
• all members of the Audit and Risk Committee will be expected, whenever possible, to attend its meetings whether by physical attendance, by video conference/remote technological platform or by telephone connection so long as this will allow live exchange of views by the members of the Audit & Risk Committee
• the National Director of Internal Audit, Chief Financial Officer and Chief Risk Officer will normally be expected to attend meetings, and such other officials from the HSE as the Audit and Risk Committee may require will also attend from time to time. The Committee will meet separately with the National Director of Internal Audit at least once a year
• a representative of the Comptroller and Auditor General may be invited to attend any meeting of the Audit and Risk Committee, if the Audit and Risk Committee considers this necessary, and will be invited at least once a year to meet separately with the Committee
• the Chairperson or Secretary of the Committee will ensure that members who have missed a meeting are appropriately briefed on the business conducted in their absence
• the information requirements of the ARC are outlined in Appendix A.

5.9 Minutes

The Secretary will circulate draft minutes of meetings of the Audit and Risk Committee to members as soon as possible after each meeting. The minutes will be presented for formal approval at the next Audit and Risk Committee meeting.

Once approved by the Audit & Risk Committee, the minutes will be circulated to the Board and to the CEO and made available to the Comptroller & Auditor General.

5.10 KPIs

In the early part of each year the Committee will prepare a set of key performance indicators and measures for itself and, in terms of the operation of the Committee, for the executive functions with which in interacts for the forthcoming year.

The Audit and Risk Committee will provide its advice to the Board and CEO principally by way of its minutes.

The Chairperson of the Audit & Risk Committee may be invited to attend meetings of the Board, or meetings with the CEO, in order to report in relation to the matters under the Committee’s remit.

The Audit and Risk Committee will communicate with the Board and CEO as appropriate in relation to any significant shortfalls in the control environment, compliance and/or risk management environments that come to the attention of, and are of concern to, the Audit and Risk Committee.

In accordance with statute (Section 40I of the Health Act 2004 as amended by Section 25 of the Health Service Executive (Governance) Act 2019), the Audit & Risk Committee will send a report in writing at least once a year to the CEO and separately to the Board on financial matters relating to their functions and on the Committee’s activities in the previous year, providing a copy of that report to the Board and to the Minister.

At the end of each year the Committee will also prepare an annual report to the Board on its role and responsibilities, and the actions it has taken to discharge those responsibilities.

Such a report should specifically include:

• a summary of the role of the Audit and Risk Committee
• its performance against key performance indicators set for the year
• the names and qualifications of all members of the Committee during the period
• the number of Committee meetings and attendance by each member
• the way the Committee has discharged its responsibilities.

The CEO will ensure that the Audit and Risk Committee is provided with all of the Executive’s internal and external audit reports, internal and external audit plans and the HSE’s monthly reports on expenditure.

The CEO will report to the Audit and Risk Committee as soon as practicable where he or she has reason to suspect that any material misappropriation of the HSE’s money, or any fraudulent conversion or misapplication of its property, may have taken place.

The CEO will ensure that the Audit and Risk Committee is provided at its request with information on any financial matter or procedure necessary for performing its functions, including details relating to:

• any contract that the HSE proposes to enter into and that involves the expenditure of more than an amount in excess of a threshold specified by the Audit and Risk Committee
• any legal action taken or threatened against the Executive that may give rise to a potential financial liability

The Audit and Risk Committee will review its Terms of Reference annually and report the results of that review to the Board. Any changes recommended will be presented to the Board for approval.

The Audit and Risk Committee will undertake an annual self-assessment evaluation of its performance and report the results of that review to the Board.

The Audit ad Risk Committee will request the views of the C&AG on the work and effectiveness of the Committee.

An external evaluation of the performance of the Audit & Risk Committee will be undertaken at least every three years as part of the recommended triennial review of the effectiveness of the Board and its Committees.

For each meeting the ARC will be provided 5 working days in advance of meetings with:

1. A report summarising any significant changes to the HSE’s strategic risks and a copy of the Corporate Risk Register (CRR).

2. A progress report from the National Director of Internal Audit summarising:

• work performed (and a comparison with work planned)
• key issues emerging from the work of internal audit
• management response to audit recommendations
• changes to the agreed internal audit plan
• any resourcing issues affecting the delivery of the objectives of internal audit.

3. A progress report (written/verbal) from the external audit representative summarising work done and emerging findings (this may include, where relevant to the organisation, aspects of the wider work carried out by the Comptroller and Auditor General, for example, Value for Money reports and good practice findings).

4. Management assurance reports.

5. Reports on the management of major incidents, “near misses”, “need to knows” and lessons learned.

As and when appropriate the Committee will also be provided with:

• proposals for the terms of reference of internal audit / the internal audit charter
• the internal audit strategy; (Annual Internal Audit Plan)
• the National Director of Internal Audit’s annual opinion and report
• quality assurance reports on the Internal Audit Unit
• the draft financial statements of the organisation
• the draft governance statement
• Statement on Internal Control and the Chairman’s Annual Comprehensive Report to the Minister
• a report on any changes to accounting policies
• external audit’s management letter
• a report on any proposals to tender for audit functions, where appropriate
• a report on co-operation between internal and external audit
• the organisation’s risk management strategy
• report on Protected Disclosures