Red X iconGreen tick iconYellow tick icon

Terms of Reference

Role of the Audit and Risk Committee

  • The Audit and Risk Committee is a Committee of the University Council. Its role is to strengthen the University’s control environment and management of risks and to assist Council to discharge its leadership and control responsibilities for financial reporting, legal compliance and risk management.

Primary functions

  • The primary functions of the Audit and Risk Committee are to promote accountability, support measures to improve management performance and internal controls, oversee and monitor the internal audit and the risk functions, oversee the integrity of the University’s financial reporting systems, oversee the University's strategic risk management plan, and ensure effective liaison between senior management and the University’s external auditors.
  • The Audit and Risk Committee achieves these primary functions through exercise of the following responsibilities:


  1. Monitor the functioning and adequacy of the University’s internal control systems and processes.
  2. Oversee the University's plan for the management of strategic risk.
  3. Review policies related to audit and risk management.
  4. Monitor compliance with the University’s Fraud Policy and investigations and outcomes relating to the policy.
  5. Assist in promoting a culture of compliance and take an active interest in ethical issues associated with the University’s business activities.
  6. Advocate for information management maturity and legal compliance across the University.

Internal audit

  1. Review reports of the Head of Internal Audit on activities undertaken by Internal Audit.
  2. Oversee and monitor the work of Internal Audit.
  3. Oversee the appointment of an external firm as a co-sourced provider of internal audit services to the University.
  4. Approve the annual Internal Audit plan and monitor progress against the plan in consultation with the Vice-Chancellor.
  5. Monitor action plans in respect of reviews conducted by the Internal Audit and management’s responses.
  6. Monitor the internal audit arrangements of all controlled entities.
  7. Receive reports on special projects or investigations undertaken by Internal Audit and monitor actions arising out of the reports.

External audit

  1. Approve the University's external audit arrangements.
  2. Liaise with the external auditors to consider risks and issues as part of the external audit planning process.
  3. Examine issues raised by the external auditors.
  4. Assess the performance of the external audit in the context of statutory obligations.
  5. Monitor the external audit arrangements of all controlled entities.

Risk management

  1. Approve the University’s Risk Management Framework setting out the University’s expectations and internal accountabilities for the management of risk and approve material changes to the Framework.
  2. Monitor the adequacy of arrangements in place to ensure that risks are effectively managed across the University.
  3. Receive reports on the status of risks and issues considered to be of high risk to the reputation and operations of the University.
  4. Receive and review the annual report on the University’s consolidated risk profile.
  5. Receive minutes and reports from meetings of the University’s Health & Safety and Ethics Compliance Committee.
  6. Review valuations for insurance purposes and approve assumptions used as provided by management as a basis for annual insurance cover.  Review options for annual insurance cover as provided by management and approve.
  7. Receive reports on the status of information management at the University, including the creation of the information asset register to assist with compliance opportunities, mitigate risk and cost reduction for the University.

Legal compliance

  1. Monitor the effectiveness of the University’s processes for ensuring compliance with relevant laws, regulations, industry codes and organisational standards.
  2. Receive reports on the outcome of the annual legal compliance survey.
  3. Receive reports on legal compliance breaches, the risks of non-compliance and strategies to manage any breaches and risks effectively.


  1. Monitor any legal proceedings involving potential or contingent liability for the University.

Annual Financial Statements and Statement of Service Performance

  1. Consider the form and content of the Annual Financial Statements and Statement of Service Performance and make recommendations to the Council.
  2. Determine whether accounting policies adopted by the University are appropriate.

Business Continuity

  1. Oversight of business continuity processes across the University and its related entities and monitoring the implementation of appropriate testing and exercise programmes.
  2. Reporting at least annually to the University Council on the performance and status of business continuity processes.


  • Three lay members of the University Council, one of whom shall be appointed Convener by Council
  • The Convener of the Health and Safety and Ethics Compliance Committee (lay member of Council)
  • Two members appointed for their expertise in the area of financial management, audit and risk.

In attendance

  • Acting Vice-Chancellor
  • Chief Operating Officer
  • Chief Financial Officer
  • Head, Risk, Assurance and Compliance
  • Chief Digital Officer
  • Registrar and Secretary to the Council

(Last amended 20 June 2023)

Meeting dates

View the meeting dates for the University of Otago Council and Council Committee

Back to top