Skipped to content
1. Objectives

The primary objectives of the Audit and Risk Committee are to:

  1. Assist the Board in discharging its responsibilities by oversight and review of:
    financial reporting;
      • risk management;
      • target capital structure;
      • accounting & Board policies;
      • internal financial and risk controls;
      •  insurance program;
      • compliance with applicable laws and regulations;
      • integrity and performance of the internal audit function;
      •  sustainability policies & disclosures; and
      • monitoring critical and emerging trends.
  2. Provide insights on key strategic risk areas, including:
      • strategic project initiation and monitoring progress;
      • business continuity planning and exercises;
      • cyber security, resilience and preparedness;
      • sustainability risks, opportunities and overall strategy; and
      • USP compliance.
  3. Provide a forum for communication between the Board, Senior Management and both the internal and external auditors.
2. Authority

The Committee is authorised, within the scope of its responsibilities, to:

  1. Seek information it requires from any Port Authority employee or contractor, the external auditor and/or any external party; and
  2. Obtain outside legal or other professional advice at Port Authority expense, and initiate special investigations as deemed necessary.
3. Membership

The Committee shall comprise no less than three and no more than five non-executive directors of the Board.

Members shall be appointed by the Board. The Board shall appoint one of its members as Chair of the Committee, however the Chair of the Board shall not be appointed Chair of the Committee.

Members shall be appointed on the basis of their requisite business, technical and/or financial skills.

Regular attendees to Committee meetings shall be the Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, Chief Audit Executive, the Company Secretary, the external and internal auditors. Other members of the executive team and management will attend as required.

Any Director who is not a member of the Committee will have the right to attend any meeting of the Committee.

4. Meetings

The Committee shall meet at least four times a year and such additional meetings as the Chair, or the Committee, shall decide in order to fulfil its duties;

A quorum shall consist of three Committee members;

All decisions of the Committee shall be determined on the basis of a majority vote of members. In any instances of a tied vote, the matter shall be referred to the Board;

When the Committee must reach a decision between meeting dates, this decision may be made by circular resolution. In carrying out a vote by circular resolution, the Company Secretary has an obligation to attempt to contact all Committee members. A circular resolution will be taken to be carried only when the majority of Committee members vote in the affirmative;

Prior to each meeting the Committee may convene privately without any members of management in attendance, for meetings with:

  • the External Auditor;
  • the Internal Auditor;
  • the Chief Financial Officer;
  • the Company Secretary; or
  • The Chief Risk Officer.
5. Organisation

The Company Secretary shall be responsible for:

  • preparing the agenda for each meeting, for approval by the Chair of the Committee;
  • distributing the papers for each meeting, with the aim being to circulate papers 5 business days in advance of the meeting;
  • keeping minutes of all meetings of the Committee. Once the minutes of each meeting have been reviewed by the Chair of the Committee, they shall be routinely submitted to the Board for information; and
  • notifying Port Authority staff, the auditors and any external parties who are required to attend any meeting for specific agenda items.
6. Duties and responsibilities

The Committee shall consider any matters relating to the financial affairs and risk management issues of Port Authority that it determines to be relevant. In addition, the Committee shall examine any other matters referred to it by the Board.

The Committee shall maintain an annual Audit Committee Plan that defines the activities and timeframes for items to be considered by the Committee. The Audit Committee Plan shall incorporate:

  • at every meeting, unless the meeting is for a specific purpose:
    • Internal Audit Report;
    • Enterprise Risk Management Report; and
    • Treasury Report.
  • on a quarterly basis:
    • Fraud & Corruption and PID Report.
  • on an annual basis:
    • Audit Office annual engagement plan;
    • Audit Office early close procedures;
    • Audit Office management letter;
    • Port Authority financial statements;
    • Review of 3-year internal audit plan (updated as required to maintain relevance);
    • Compliance register – annual compliance update & policy review;
    • Insurance renewals, including the adequacy and cost of cover;
    • Audit & Risk Committee report to the Board (refer Section 8);
    • Board Risk Appetite Statement;
    • Review of Internal Audit charter;
    • Fraud & corruption control and public interest disclosure policies review;
    • Port safety operating licence (PSOL) audit review;
    • Monitor and review the annual update of the Financial Capital, Treasury and Risk Management Policy;
    • Monitor and review of environmental social and governance (ESG) compliance including proposed modern slavery statement; and
    • Monitor and review NIST/Essential 8 compliance.
7. Activities of the Committee

The activities of the Committee may include, but shall not be limited to the following;

External Auditors:

  • to consider before an audit commences, the nature and scope of the audit;
  • to determine with the external auditor the fees for the audit;
  • to discuss issues arising from the interim and final audits, and any other matters the auditor may wish to raise; and
  • to consider the external auditor’s management letter and management’s response.

Financial Control and Reporting:

  • to examine the Annual Report financial statements before submission to the Board, focusing particularly on:
    • changes in accounting policies and practices;
    • major judgmental areas;
    • asset valuation;
    • significant adjustments resulting from the audit;
    • compliance with accounting standards;
    • compliance with Government and legal requirements;
    • reports prepared by management for release to stakeholders; and
    • sustainability reporting, including with respect of climate change, modern slavery and other material ESG matters.
  • oversight and review major & emerging risks to which the Port Authority is exposed and verify that the internal control systems are adequate and functioning effectively.

Internal Audit:

  • to appoint the Internal Auditor on the basis of no more than a three year period which may be extended at the discretion of the Committee;
  • to consider the internal audit annual work plan and ensure that the internal audit function is adequately resourced and has appropriate standing within Port Authority;
  • to promote co-ordination between management and internal and external auditors;
  • to review any significant matters reported by the internal auditors and ascertain whether management’s response is appropriate; and
  • to ensure that the internal auditors are independent of the activities that they audit.

Risk Management:

  • Monitor and review processes for identifying and capturing internal and external risks;
  • Monitor and review risk mitigation strategies and appropriate controls for managing identified risks effectively;
  • Review reports on risk profile, including updates on the status of key risks, risk mitigation activities, and any significant changes in the risk landscape;
  • Business continuity plan and exercise updates; and
  • Promote a culture of risk awareness, supporting education and training on risk management principles and practices.


  • to evaluate the performance of the Port Authority’s broker and to recommend appointment of the insurance broker to the Board recognising the recommendations of management; and
  • to evaluate the adequacy and cost of insurance cover across the organisation and make recommendations to the Board.

Legal Compliance:

  • to review compliance with relevant regulatory or statutory requirements; and
  • to oversee significant cases of breach of relevant regulatory or statutory requirements.

Compliance with the Port Authority Code of Conduct:

  • to monitor and report on Fraud, non financial compliance and misappropriation matters.

Work, Health and Safety (WHS):

  • Monitor and report on the WHS Risk Framework.


  • to monitor Port Authority exposure to fraud and corruption;
  • to request and review special audits or investigations, including WHS investigations as may be necessary; and
  • to consider other matters, as referred to the Committee by the Board.
8. Reporting

The Committee will regularly, but at least once a year, report to the Board on its operation, performance and activities during the year. The report should include:

  • a self-assessment of the performance of the Committee against and compliance with the NSW Treasury Commercial Policy Framework: Guidelines for Governing Boards of Government Businesses (TPP 17-10).

The Committee shall:

  • record proceedings of each meeting and circulate them to the Board; and
  • ensure that the Charter of the Audit & Risk Committee is posted on the Corporation’s website.

The Corporation’s Annual Report should include a statement describing the responsibilities and activities of the Committee.

9. Administrative Arrangements

Conduct and conflicts of interest:

  • Members of the Committee agree to comply with the Port Authority of New South Wales (Port Authority) Board Charter and Code of Conduct.
  • The conflict of interest requirements are:
    • Committee members are required to disclose potential conflicts for recording in the Port Authority’s conflicts register. Committee members are required to update this register on an ongoing basis as circumstances change; and
    • in relation to specific Committee decisions, the Committee complies with Clause 2, Schedule 10 of the Stated Owned Corporations Act 1989. A Committee member cannot take part in discussions or vote on a matter in which that Committee member has a material personal interest; unless the Committee resolves that the interest does not disqualify the Committee member.

Review of Charter:

  • At least once a year the Committee will review this Charter. This review will include consultation with the Board. Any substantive changes to this Charter will be recommended by the Committee and formally approved by the Board.

ESG means Environmental, Social and Governance
NIST means National Institute of Science and Technology
PID means Public Interest Disclosure
PSOL means Port Safety Operating Licence
USP means Unsolicited Proposal