HUBIFY LIMITED (ASX:HFY)
RISK MANAGEMENT AND AUDIT COMMITTEE CHARTER 1 Purpose This charter is designed to clearly set out the Risk Management and Audit Committee’s role and responsibilities, composition, structure and membership requirements and the procedures for inviting non-committee members to attend meetings. 1.1 Objective The Committee is a committee established by the board of directors (Board) of (Hubify Ltd “HFY” or Company) to assist the Board in discharging its corporate governance duties in relation to:
- (a) implementing and maintaining appropriate policies and procedures in relation to risk management and auditing
- (b) financial reporting, internal control structure and internal and external audit functions; and
- (c) establishing a sound system of risk oversight and management and internal controls.
- (a) create a structure of review and authorisation designed to ensure the truthful and factual presentation of The Company’s financial position and identify issues relevant to the integrity of the Company’s financial reporting and the risk profile; and
- (b) establish and implement policies and procedures for oversight and management of material business risks and risk management and auditing in compliance with the Australian Securities Exchange (ASX) Corporate Governance Principles and Recommendations.
- (a) The Committee should review the integrity of the Company’s financial reporting and oversee the independence of the external auditors of the Company.
- (b) The Committee should ensure the Board reviews the Company’s policies on risk oversight and management and satisfies itself that management has developed and implemented a sound system of risk management and internal control.
- 2.1 Members
- 2.2 Appointment and Removal
- The Committee Members may be appointed and removed by ordinary resolution of the Board.
- 2.3 Chairman The chairman of the Committee must be a Committee Member who is an independent or non executive director, not the chairman of the Board, and who has been appointed by ordinary resolution of the Committee to hold the position of chairman (Chairman).
- 2.4 ExpertiseThe Committee should include members who are:
- (a) all financially literate (that is, be able to read and understand financial statements);
- (b) at least one member should have relevant qualifications or experience (that is, should be a qualified accountant or other finance professional with experience of financial and accounting matters); and
- (c) some members should have an understanding of the industry in which the Company operates.
- (a) The Committee has rights of access to management, rights to seek explanations and additional information and access to auditors, internal and external, without management present.
- (b) In fulfilling its duties, any Committee Member may:
- (1) access any document, report, material or information in the possession of an employee or external adviser of the Company, including without limitation the External Auditor and any members of the Board;
- (2) at the direction of the Committee or the Board, conduct an investigation or formal review of an aspect of the Company’s financial or business operations;
- (3) at the cost of the Company and in accordance with the Board Charter, obtain independent professional advice to assist in the proper exercise of its powers;
- (4) request the assistance of any employee, Board member or external adviser of the Company; and
- (5) any other thing or action reasonably necessary to enable the Committee to fulfil its duties.
- (c) For the avoidance of doubt, the Committee does not have the power to enter into transactions on behalf of the Company, or bind the Company in any other way or form.
- 4.1 Convening of Meetings The Committee must meet as required to undertake its role effectively and fulfil its duties set out in paragraph 5, but must convene a minimum of two meetings in each financial year.
- 4.2 Quorum A quorum will comprise of two (2) Committee Members. In the absence of the Chairman, the Committee Members may elect a Committee Member present at the meeting to take the chair.
- 4.3 Voting Each Committee Member has one vote and the Chairman does not have a deciding vote.
- 4.4 Minutes The Committee should keep minutes of its meetings and these should ordinarily be included in the papers for the next full Board meeting after each Committee meeting.
- 4.5 Attendance Any member of the Board, the Chief Executive Officer, Chief Financial Officer, External Auditor or Internal Auditor may only attend meetings of the Committee by invitation. Where such persons are invited to attend, the Committee must set aside time during the meeting for discussion without any executives of the Company present, unless the business of the meeting does not require this to occur.
- (a) Prior to the Board granting its approval, the Committee must review:
- (1) all published financial statements, including without limitation, half-yearly and year-end audited statements, statements in any official documents including, annual reports, prospectuses and explanatory memorandums and any other statements required by regulatory authorities;
- (2) any statement on the internal control systems of the Company;
- (3) any statement or report from the Board or management which is to accompany financial statements; and
- (4) changes to the Company’s formal accounting policies.
- (a) The Committee will be responsible for developing and monitoring a risk management policy for the Board that reflects the Company’s risk profile and should clearly describe all elements of the risk management and internal control system and any internal audit functions. In developing the risk management policy, the Company should take into account its legal obligations and consider the reasonable expectation of its stakeholders. Stakeholders can include shareholders, employees, customers, suppliers, creditors, consumers and the broader community in which the Company operates.
- (b) The Committee will oversee and monitor the implementation of processes and an annual risk management plan to identify, manage and report on the risks which may have an impact on the Company’s financial position or its business and activities as a whole.
- (c) The Committee will review:
- (1) all risk management policies developed by the Company, and if necessary propose amendments;
- (2) the compliance with risk management policies by the Board, management and employees of the Company;
- (3) identified risks of the Company and consider whether the response to such risks is adequate; and
- (4) significant or related party transactions which are not within the ordinary course of business for the Company.
- (d) The Committee must follow up any weaknesses or risks identified in the Company’s internal or external control and audit processes to ensure the required action has been taken.
- (a) The Committee will as required establish and implement processes to capture and identify any issues or weaknesses in the risk management, internal control mechanisms and financial reporting of the Company.
(b) The Committee will as necessary review, assess and update:
- (1) the risk profile of the Company, including material financial and non-financial risks;
- (2) the Company’s protection of ownership in non-physical assets such as intellectual property;
- (3) the adequacy and effectiveness of internal controls and programs used by management to monitor and ensure compliance with laws, regulations and other requirements relating to external reporting of financial information;
- (4) compliance with internal and external monitoring systems;
- (5) the adequacy of the Company’s insurance program and its risk management strategies; and
- (6) new or proposed professional or regulatory requirements which may impact on the Company’s accounting policies or financial reporting obligations.
- (a) The Committee will consider the need for and if necessary recommend the implementation of an internal auditing process as a mechanism of the internal control systems of the Company.
(b) An internal audit function will generally carry out the analysis and independent appraisal of the adequacy and effectiveness of the Company’s risk management and internal control system.
(c) The internal audit function should be independent of the external auditor. The internal audit function and the Committee should have direct access to each other and should have all necessary access to management and the right to seek information and explanations.
(d) Where an internal audit process is required, the Committee must:
- (1) approve the appointment of the Internal Auditor and their terms of engagement;
- (2) review the results of any internal audits;
- (3) review the internal audit plan with particular attention to the adequacy of the plan to address fraud and other weaknesses in internal controls;
- (4) meet with the Internal Auditor (without management present) to obtain a report on findings and communicate such findings to management, including any requirement to implement changes; and
- (5) review management’s response to findings and the implantation of any changes.
- (a) The Committee will over time develop, implement and maintain a policy setting out the principles for the appointment of External Auditors. The Appointment of External Auditor policy will provide an appropriate framework for the Committee to make a recommendation to the Board as to the appointment, removal and/or replacement of the External Auditor to the Company.
(b) In relation to the external audit process the Committee must:
- (1) review the terms of engagement, remuneration and performance of the External Auditor;
- (2) review the results of all external audits;
- (3) monitor the independence and objectivity of the External Auditor, considering amongst other things, the level of any non-auditing services provided by the External Auditor, and changing legal or professional requirements relating to ‘independence’;
- (4) together with the External Auditor, regularly review the external audit plan including the scope to ensure that it adequately addresses changes in the Company and any identified weaknesses in internal controls;
- (5) ensure that the External Auditor makes regular disclosures to the Committee;
- (6) meet with the External Auditor (without management present) to obtain a report on findings and communicate such findings to management, including any requirement to implement changes; and
- (7) review management’s response to findings and the implantation of any changes.
- (a) assessment of whether external reporting is consistent with Committee Members’ information and knowledge and is adequate for shareholder needs;
(b) assessment of the management processes supporting external reporting;
(c) procedures for the selection and appointment of the external auditor and for the rotation of external audit engagement partners;
(d) recommendations for the appointment or, if necessary, the removal of the external auditor;
(e) assessment of the performance and independence of the external auditors. Where the external auditor provides non-audit services, the report should state whether the Committee is satisfied that the provision of those services has not compromised the auditor’s independence;
(f) assessment of the performance and objectivity of the internal audit function;
(g) the results of the Committee’s review of risk management and internal control systems;
(h) recommendations for the appointment, or if necessary, the dismissal of the head of internal audit;
(i) names of all members of the Committee and whether they were independent directors;
(j) the number of meetings held, including the attendees at each meeting, and the minutes of each meeting;
(k) a summary of the risk management processes and policies, identifying any areas for improvement;
(l) a summary of the activities and performance of the Committee; and
(m) any other information the Committee considers appropriate to bring to the attention of the Board in the performance of its functions including:
- (1) assessment of the management processes supporting external reporting;
- (2) procedures for the selection and appointment of the external auditor and the rotation of external audit engagement partners;
- (3) recommendations for the appointment or removal of an auditor;
- (4) assessment of the performance and independence of the external auditors and whether the Audit Committee is satisfied that independence of this function has been maintained having regard to the provision of non-audit services;
- (5) assessment of the performance and objectivity of the internal audit function; the results of its review of risk management and internal compliance and control systems;
- (6) written statements from the Chief Executive Officer and the Chief Financial Officer as recommended by Recommendations contained in the ASX Corporate Governance Principles and Recommendations; and
- (7) details of the annual performance review and its achievement under this Charter.