Financials & Governance

Back

Audit & Risk Committee Charter

I. Purpose of Committee

The Audit and Risk Committee (the “Committee”) is a committee of the Corporation’s Board of Directors (the “Board”). The purpose of the Committee is to support the Board in fulfilling its responsibilities for: (1) monitoring the Corporation’s internal control processes and the integrity of the financial statements of the Corporation; (2) evaluating the qualifications and independence of the Corporation’s independent auditors; (3) monitoring the performance of the independent auditors and the internal audit function; (4) ensuring the Corporation has effective enterprise risk management processes, (5) overseeing the Corporation’s compliance with legal and regulatory requirements, and (6) establishing and monitoring certain policies, including the Conflict of Interest Policy, delegated to the Committee for oversight and all related-party transactions and CEO-involved transactions.

II. Committee Membership

The Committee shall have at least three (3) members at all times. All members of the Committee shall be members of the Board and shall meet independence standards as defined in the Bylaws. Members of the Committee and the Committee Chair are appointed by the Board and may be subject to removal by the Board in accordance with the Corporation’s Bylaws. The Committee may elect a Vice Chair from among its members to have such authority and responsibility as the Committee shall determine.

The Committee shall have at least one member of the Committee who is a “financial expert” defined as someone with: (1) an understanding of generally accepted accounting principles (GAAP) and financial statements; (2) the ability to assess the general application of such principles in connection with the accounting for estimates, accruals, and reserves; (3) experience preparing, auditing, analyzing or evaluating financial statements that present a breadth and level of complexity of accounting issues that can reasonably be expected to be raised by the Corporation’s financial statements or experience actively supervising one or more persons engaged in such activities; (4) an understanding of internal controls and procedures for financial reporting; and (5) an understanding of audit committee functions.

III. Committee Authority and Responsibilities

The Committee shall have the authority and responsibilities set forth below:

A. Financial Statements and Internal Controls    

  1. Review and discuss with the independent auditors and management the Corporation’s annual audited financial statements and other audit reports (including Uniform Guidance), any significant issues regarding accounting principles, practices and judgments, any restrictions on the scope of the independent auditors’ activities or access to requested information, any significant disagreements with management, any management letters provided by the independent auditors and management’s responses including certain matters required to be communicated to the Committee in accordance with AICPA professional standards. 
  2. Review and discuss with the independent auditor any material risks and weaknesses in internal controls identified by the auditor and the adequacy of the Corporation’s accounting and financial reporting processes in accordance with AICPA professional standards.    
  3. Bring to the attention of the Board any noteworthy findings or potentially damaging circumstances related to the Corporation’s internal controls or financial statements that may adversely affect the reputation of the Corporation.

B. Independent Auditors

  1. Recommend appointment, retention and termination of the independent auditor to the Board on an annual basis. On behalf of the Board, the Committee shall oversee the Corporation’s independent auditor, including the terms of engagement. The independent auditor shall report directly to the Committee.    
  2. Prior to commencement of work, review the independent auditor’s compensation, the terms of its engagement, its independence, and the scope of the audit to be conducted.
  3. Pre-approve all audit and non-audit services performed by the independent auditor.
  4. Annually, confirm with the independent auditor its independence delineating all its relationships and professional services with the Corporation (verbal or in writing). In addition, review with the independent auditor the nature and scope of any disclosed relationships or professional services and take appropriate action to ensure the continuing independence of the independent auditor. 
  5. Ensure there are policies for hiring employees or former employees of the independent auditor such that there shall be a one‑year cooling‑off period for key roles. Any exceptions to this one‑year cooling‑off period would require Committee approval.

C. Internal Audit

  1. Oversee the internal audit function of the Corporation as provided in the Internal Audit Services charter approved by the Committee. Provide oversight of the Chief Legal and Risk Officer’s annual performance evaluation of the Vice President of Internal Audit Services and ensure the compensation for that position is appropriate. 
  2. Annually approve the risk-based internal audit plan, including resourcing to determine whether there are inappropriate scope or resource limitations. Review the results of Internal Audit Services quality assurance and improvement program efforts. 
  3. Regularly review the following with the Vice President of Internal Audit Services (including in executive session as deemed appropriate): (a) the results of internal audits and any significant findings, (b) any reports made to the Committee by the Vice President of Internal Audit Services including assessments of the Corporation’s internal controls or enterprise risk management processes, and (3) any difficulties encountered in the course of the internal audits such as restrictions on the scope of the internal audit function’s work or access to required information.

D. Enterprise Risk Management

  1. Provide oversight of risk management policies and processes established by management.
  2. Regularly review, advise on, and monitor the key enterprise risks identified and consider the appropriate risk appetite or risk parameters for each.
  3. Discuss with the Chief Executive Officer, and other members of management, including the independent auditors and the VP, Internal Audit Services any significant enterprise risks or exposures, management’s assessment of those risks or exposures and steps management has taken or should consider taking to minimize such risks or exposures, and any changes needed to the Corporation’s underlying policies with respect to risk assessment and risk management.
  4. Review the Corporation’s privacy, cybersecurity, and data security risk exposures, including (i) the potential impact of those exposures on the Corporation’s business, operations, and reputation; (ii) the steps taken to monitor and mitigate such exposures; (iii) the Corporation’s information governance policies and programs; and (iv) major legislative and regulatory developments that could materially impact the Corporation’s privacy, cybersecurity, and data security risk exposure.
  5. Request reports and follow-up from management on high-risk areas or topics of current interest.

E. Legal and Regulatory Compliance

  1. Ensure the Corporation has sufficient compliance processes, including the effectiveness of systems for monitoring compliance with applicable laws and regulations and meet with the Chief Legal and Risk Officer and other employee officers or employees as the Committee deems appropriate.
  2. Review the procedures for the receipt, retention and treatment of complaints received regarding accounting, internal controls or audit matters; and the confidential anonymous submission by staff and volunteers of concerns regarding questionable activity related to financial internal controls, audit, illegal activity, accounting issues and related matters.
  3. Institute and oversee any special investigatory work as needed and ensure responses to investigations.
  4. Review legal and regulatory matters that may have a material impact on the Corporation’s financial statements, corporate compliance programs, and reports received from regulatory agencies and any observations of the independent auditors or the Vice President, Internal Audit Services, regarding compliance matters.

F. Policies, Related-Policy Transactions and CEO-Involved Transactions

  1. Oversee the adoption, implementation of, and compliance with the Corporation’s Code of Ethics Policy, the Whistleblower Protection Policy, and the Conflict of Interest Policy that is applicable to the Board and senior staff as defined in that policy, and recommend revisions to such policies for approval by the Board as needed.
  2. Review and monitor all disclosed Related Party Transactions, including “CEO-Involved Transactions” referred to the Committee, in accordance with the Conflict of Interest Policy. The Chair of the Audit Committee will be provided with copies of all annual disclosure statements completed by officers and directors. In addition, a full list of other transactions involving senior staff that have been reviewed by the CLRO (in accordance with the Conflict of Interest Policy) in between Committee meetings will be provided to the Committee at each meeting for disclosure purposes.

G. Reporting Responsibilities

  1. Regularly report to the Board any issues that may arise with respect to the quality or integrity of the Corporation’s financial statements, its compliance with legal or regulatory requirements, the qualifications, performance and independence of the independent auditors and the performance of the Vice President, Internal Audit Services.
  2. Present to the Board such reports as are requested by the Board or required by the Corporation’s Bylaws or this Charter or are deemed advisable by the Committee.

H. Other Authority and Responsibilities:

  1. Have such other authority and responsibilities as may be provided in the Corporation’s Bylaws or may otherwise be delegated to the Committee by the Board.
  2. Perform any other activities consistent with this Charter, the Corporation’s Bylaws and applicable law, as the Committee or the Board deems necessary or advisable or as required by law or regulation.
  3. Retain such outside counsel, experts, or other advisors as the Committee may deem advisable in its sole discretion to provide advice or other support to the Committee. The Committee Chair may invite external experts to participate in Committee meetings or work groups. Such external experts are advisory only and are not considered voting Committee members.
  4. The Committee has the authority to conduct any investigation appropriate to fulfill its responsibilities, and it may maintain direct access to the independent auditor as well as any staff member, Corporation volunteer or outside vendor of the Corporation. The Committee will have the resources and authority it deems appropriate to discharge its duties and responsibilities, including the sole authority to select, retain, terminate, and approve the fees and other retention terms of special or independent counsel, accounting experts or other advisors without seeking approval of the Board or management, any such engagement to be reported to the Board. In carrying out its responsibilities, the Committee may rely upon reasoned written opinions of legal counsel and of qualified legal, accounting, compensation, and valuation experts. Legal counsel may be in-house or independent.

IV. Committee Meetings

The Committee will meet at least annually and as often as it deems necessary or appropriate in accordance with this charter and the Bylaws.

If Committee meetings include external experts or resource advisors, the Committee will ensure that only independent directors participate in any Committee deliberations or voting.

As necessary, the Committee will meet in a joint session with other committees regarding items of concern to both committees.

V. Committee Minutes

The Committee will keep minutes of its meetings and shall report its actions to the Board at the next meeting of the Board.

VI. Committee Evaluation

As directed by the Governance and Nominating Committee, at least every two years, the Committee will conduct a performance evaluation to review the performance of the Committee in relation to the requirements of this Charter and shall report the results of such review to the Board.