Risk Assurance and Audit Committee Charter 1
Purpose
The primary purpose of the Risk Assurance and Audit Committee is to assist the Board of Mercury to fulfil its risk assurance and audit responsibilities relating to Mercury and each of its subsidiaries. The Committee will conduct this purpose by overseeing and monitoring Mercury’s risk management framework, reviewing key business risks and opportunities, and providing advice to the Board on Mercury’s: > > > > >
Risk Management policy and processes, which includes oversight of Health & Safety assurance functions internal control mechanisms internal and external audit functions for both financial and climate-related disclosures policies and processes adopted to ensure compliance with applicable legislation, regulations, codes of practice, NZX and ASX listing rules and government requirements as they relate to financial and non-financial disclosure financial information including climate-related risks and opportunities prepared by management for publication to shareholders, regulators, and the general public.
Management retains responsibility for the implementation and operation of adequate risk assurance, internal control, and audit systems within the Mercury. The Committee has delegated authority from the Board to oversee and monitor these activities. This Risk Assurance and Audit Committee Charter (Charter) sets out the role, responsibilities, composition, structure, and procedures of the Committee. The Charter provides guidance for the effective oversight of risk assurance and audit matters by the Committee on behalf of the Board.
2
Committee Composition
The Committee will comprise a minimum of three directors, with at least one member having an accounting or financial background as that term is described in the NZX Listing Rules. The Committee will be structured to ensure that, as a collective group, it has the skills, experience, and knowledge to fulfil its purpose and responsibilities. All members shall be non-executive, independent directors. The Chair of the Board shall not be eligible to be Chair of the Committee. Without limiting the requirement that the Chair of the Committee shall be a non-executive and independent director, the Chair must not have a long-standing association with Mercury’s external audit firm as a current, or retired, audit partner or senior manager at the firm. The Chair of the Committee will generally be perceived to be independent for this purpose if there has been a period of at least three years between previously being employed by the external audit firm and services as the Chair. The Committee Chair and members will be appointed by the Board and will hold office until replaced by resolution of the Board. The Committee may, from time to time, co-opt external experts if it believes this would assist the Committee to discharge its responsibilities.
3
Committee Secretary
The Committee will appoint a Committee Secretary (the Secretary) who will be either the Company Secretary or another Mercury employee nominated by the Committee. The Secretary, in conjunction with the Committee Chair and the Risk Assurance Officer, will be responsible for the co-ordination of all Committee business including meeting scheduling, agendas, scheduling policy reviews, distribution of papers, minutes and communication with the Board and internal and external auditors.
4
Risk Assurance Officer
The Risk Assurance Officer has a dual reporting line to the Chief Financial Officer and the Committee Chair. The Risk Assurance Officer has direct access to the Chief Executive as required to enable the Chief Executive to fulfil their risk management responsibility delegated from the Board. The Risk Assurance Officer shall have the authority to determine the effectiveness of risk management, assurance, and audit. Such determinations are to be objective and cognisant of the culture, management practices, structure, and policies of Mercury.
Risk Assurance and Audit Committee Charter | Reviewed by Board of Directors | 18 September 2023 | Page 1 of 4
The Committee will give clear guidance to the Risk Assurance Officer with respect to risk management and audit policy. The Committee will task the Risk Assurance Officer with ensuring healthy and robust debate and interaction between management and risk assurance and audit providers. The Committee will be provided with regular reviews of risk management, assurance, and audit processes by the Risk Assurance Officer.
5
Role and Responsibilities
To enable it to achieve its primary purpose, the Committee will have the following specific responsibilities.
5.1 >
> > > >
>
Ensure that effective audit, risk management, and compliance systems are in place and monitored to protect Mercury’s assets and to minimise the possibility of Mercury operating beyond legal or regulatory requirements or acceptable risk parameters; Enquire of management, the internal auditor and external auditor regarding significant risks or exposures and assessing Mercury’s compliance with policies and procedures to effectively manage risk; Evaluate the steps management has taken to identify and manage risks and exposures and review the extent to which management has instilled an effective risk management culture throughout Mercury; Review the adequacy of Mercury’s internal controls, including information system controls, physical and cyber security, conflicts of interest, and prevention and identification of fraud in consultation with the internal auditor and external auditor; Review annually Mercury’s Risk Management Framework (encompassing our Risk Management Policy, RAAC Charter, Risk Appetite Statements and Risk Classification Matrix) and recommend to the Board for approval and adoption, along with any material changes; Review at least two-yearly the following key policies and recommend to the Board any material changes: • • • •
> > >
> > >
Delegations Policy Market Disclosure Policy (compliance with listing rules and disclosure requirements) Energy Markets Risk Management Policy (wholesale markets operation) Treasury Policy (finance and funding arrangements)
Review policies and procedures with respect to officers’ and employees’ expense claims and prerequisites, including their use of corporate assets and consider the results of any review of these areas by the internal or external auditors; Review and reporting to the Board on the effectiveness of Mercury’s insurance policies; Report to the Board on the state, nature and effectiveness of Mercury’s risk assurance policies and practices, including Health & Safety assurance.
5.2 >
Assurance
Financial reporting
Consider, and make recommendations for Board approval, on all major accounting policies and practices, including any proposed changes and their application during the reporting period; Consider and make recommendations on the methods used to account for significant unusual transactions or transactions in emerging areas for which there may be no specific accounting standard; Review legal and regulatory matters that may have a material impact on the financial statements; Review with management and the external auditor the interim and annual financial statements and all other financial statements prepared by Mercury for release to the market including: • • •
the content of the relevant financial statements; discussing with the external auditor any material matters relating to the financial statements, and considering their views as to the accuracy of such financial statements where they are unaudited; meeting with the external auditor without management present as part of the review of Mercury’s financial statements;
and, if the financial statements are audited: • • • >
the external auditor’s audit of the financial statements and their formal audit opinion; any serious difficulties or disputes encountered during the course of the audit; any other matters related to the conduct of the audit that are to be communicated to the Committee under generally accepted auditing standards;
Review the truth and fairness of financial statements prepared by Mercury and obtaining explanations from management and internal and external auditors on whether: •
financial results varied significantly from budgeted or projected results;
Risk Assurance and Audit Committee Charter | Reviewed by Board of Directors | 18 September 2023 | Page 2 of 4
• • • > > >
Review that the financial statements are prepared in accordance with all legal requirements, accepted accounting practices and provide a fair presentation of Mercury’s financial position and results; Review and discuss with management Mercury’s external financial reporting and announcements and ensuring compliance with applicable legal requirements, regulations, NZX and ASX Listing Rules and codes of practice; Require annual certification by the Chief Executive and the Chief Financial Officer that: • •
>
significant or unusual events or transactions are adequately disclosed; Mercury’s financial and operating controls are functioning effectively; and, all annual and interim financial statements and announcements contain adequate and appropriate disclosures;
the financial statements present fairly, in all material respects, Mercury’s financial condition and operational results and are in accordance with applicable accounting standards; and the above statement was based on a sound system of risk management and internal control and compliance which implements the policies adopted by the Board;
Consider and recommend for Board approval, draft financial statements, reports and company announcements regarding financial matters which must be disclosed to the NZX and ASX and any regulatory body.
5.3
Climate Related reporting
The Board has delegated certain responsibilities to the Risk Assurance and Audit Committee in relation to the preparation and publication of climate related documents. Specifically, the Committee has been delegated responsibility to: > > >
review all Climate Related Disclosures (CRDs) and engage with management and the assurance provider in relation to the same; ensure an appropriate system of controls and management exists in relation to climate related risks and the keeping of proper CRD records; recommend the annual CRD for approval to the full Board,
5.4 > >
>
> >
Advise the Board as to whether the Committee is satisfied as to the competency of any firm of Chartered Accountants to whom the Controller and Auditor-General proposes to delegate the external audit of Mercury; Confirm the independence of the external auditor in line with Mercury’s Audit Independence Policy, including reviewing the non-audit services provided by the external auditor and their related fees, conflicts of interest and rotation of the Key Audit Partner; Meet with the external auditor at the beginning of the planning phase to discuss areas of mutual interest and concern, including consideration of the levels of materiality to be adopted by the auditor in respect of Mercury and to review and approve the annual audit plan; Consider and review with the external auditor any significant audit findings, together with management’s responses and recommend appropriate actions; Require the external auditor to confirm annually in writing that it has complied with all professional regulations in relation to auditor independence.
5.5 > > > > > >
Internal audit and assurance review
Endorse the appointment, replacement, reassignment or dismissal of internal auditors and reviewers; Review and agree the nature, scope and objectives of Mercury’s Risk Assurance Plan with management and internal auditors, and review and approve any planned changes during the year; Review with management the internal audit budgets for the year ahead, including ensuring adequate resourcing; Consider and review with internal auditors and the Risk Assurance Officer any significant findings of internal audits and risk assurance reviews, together with management’s responses and recommending appropriate actions; Consider and review with management and internal auditors, any difficulties encountered in the course of internal audits and risk assurance reviews, including any restrictions on the scope of the work or access to required information; Meet with internal auditors at least annually without management present.
5.6 > > > >
External audit
General
Provide an open avenue for communication between the internal auditor, the external auditor and the Board; Identify and direct any special projects or investigations it deems necessary to achieve the Committee’s objectives; Report actions to the Board with such recommendations as deemed appropriate; Prepare a statement for inclusion in the annual report that describes the Committee’s composition and meeting dates, the Committee’s responsibilities and how these were discharged;
Risk Assurance and Audit Committee Charter | Reviewed by Board of Directors | 18 September 2023 | Page 3 of 4
6
Meetings
Proceedings of Committee meetings will be in accordance with Mercury’s Constitution and otherwise as determined by the Committee Chair. A quorum for meetings shall be two. The Committee will hold at least three meetings a year and will meet at other times as required to fulfil its obligations. The Committee Chair shall call a meeting if requested by any member of the Committee, the external auditor, or as requested by the Board. Written notice of Committee meeting dates, times and locations will be prepared by the Secretary. The agenda and supporting documentation will be circulated to the members within a reasonable period in advance of each meeting. Each Committee member is expected to participate fully in meeting discussions, having read all briefing papers provided. The papers will be provided sufficiently in advance of the meeting to allow adequate reading time. Open and constructive discussion is encouraged to ensure decisions are taken that benefit from the diverse range of skills, knowledge, and experience. Management, internal and external auditors, and any other person approved by the Committee Chair may be invited to attend meetings. Meeting minutes will be taken by the Secretary. Following approval by the Committee, these shall be signed by the Committee Chair as a correct record of the proceedings of the meeting. The Committee Chair shall report the findings and recommendations to the Board after each meeting and will ensure copies of the minutes are provided. All discussions, papers and records of Committee meetings will remain confidential to Mercury unless there is a specific direction from the Committee, or the Board or disclosure is required by law. Mercury’s Executive Management Team have an express right of direct access to the Committee Chair in relation to any matters of material concern that have been raised through normal management processes but have not been advised to the Committee.
7
Access and independent advice
The Committee and its individual members are entitled to: > >
>
8
have access to any officer, employee, consultant or advisor of Mercury at any time to request additional information or explanations; have access to internal and external auditors without management present, to request additional information or explanations. Despite the existence of the Committee, the external auditor and internal auditor have direct access to the full Board if required; with the Committee Chair’s consent, seek independent professional advice at Mercury’s expense.
Review of Charter
This Charter has been approved by the Committee and the Board and will be reviewed as required, and at least every two years, to ensure that the Charter remains consistent with the Committee’s objectives and responsibilities.
Risk Assurance and Audit Committee Charter | Reviewed by Board of Directors | 18 September 2023 | Page 4 of 4