Terms of Reference

The Board of Governors By-Law No. 1, section 15, sub-section 3 (a) states:

The Audit and Risk Committee shall be composed of the Chair and the Vice-Chair(s) of the Board, and a minimum of three other members of the Board. The Chair of the Committee shall be appointed by the Board on the recommendation of the Nominating Committee. Notwithstanding any other provisions in the By-laws, in any event, every Audit and Risk Committee member shall be an independent, external and unrelated Governor (not employed by the University nor enrolled in a course of study at the University). Members of the Audit and Risk Committee shall be financially literate, with the ability to read and understand financial statements of the breadth and complexity comparable to those of the University. Optimally, at least one member of the Committee a professional accounting designation.

One half of the membership of the Committee shall constitute a quorum.

The following individuals will normally be invited to attend Audit and Risk Committee meetings: the President, the Provost, the Vice-President (Operations and Finance), the Associate Vice-President and Chief Financial Officer, the Chief Internal Auditor, and the Chief Risk Officer.

Meetings shall be held as required or upon the request of a member of the Audit and Risk Committee or of the University’s internal or external auditors. The Committee Chair shall review an agenda in advance of each meeting.

The Audit and Risk Committee assists the Board in fulfilling its oversight responsibilities for the financial reporting process, the system of internal control, the audit process, the risk profile of the University and the University’s processes for monitoring compliance with laws, regulations and University policies.

The primary responsibilities of the Committee are:

1. Financial Statements: to oversee the system of internal control and the financial reporting process. In fulfilling this responsibility, the Committee shall:

1. 1. meet with the external auditors and review the results of the annual financial statement audit and approve such statements for recommendation to the Board;
   2. review other sections of the annual report, including Management’s Discussion and Analysis, and any report or opinion that the auditors propose to render, and consider the accuracy and completeness of the information;
   3. review and discuss with management and the external auditors significant variances, estimates and accruals, judgments, changes in accounting policies and standards, issues concerning litigation or contingencies and any difficulties encountered;
   4. review any recent and relevant professional and regulatory pronouncements to understand their impact on the financial statements;
   5. review and discuss with management whether adequate procedures and processes are in place to ensure the integrity of the financial statements;
   6. review the appropriateness of significant accounting principles and practices, reporting issues, unusual or extraordinary items, transactions with related parties and the adequacy of disclosures; and
   7. consider whether the financial statements are complete and consistent with information known to Committee members.

2. Internal Control: to oversee the internal control structure and processes, the Committee shall:

1. 1. review with management and the internal and external auditors, their evaluation of the University’s internal controls and processes, including internal controls over financial reporting, compliance with University policies and any material weaknesses or fraud and assess the steps management has taken to minimize significant risks or exposures; and
   2. consider the effectiveness of the internal control system, including information technology security and control.

3. External Audit: to oversee the external audit process, the Committee shall:

1. 1. select and recommend annually the public accountants for appointment as auditors for the ensuing fiscal year and, in consultation with the administration, the basis of their compensation;
   2. approve the engagement letter, receive the independence letter and review the management letter and related materials;
   3. discuss with the external auditors the scope and purpose of the upcoming audit and the procedures to be followed including coordination with internal audit;
   4. review all matters required to be communicated to the Committee under Generally Accepted Auditing Standards;
   5. review with the external auditors their findings, any restrictions on their work, cooperation received, and their recommendations and facilitate the resolution of any disagreements between management and the external auditors;
   6. receive privately the external auditors’ opinion on various matters, including the quality and effectiveness of financial and internal audit staff, significant accounting principles and practices, unresolved material differences of opinion or disputes;
   7. periodically review and approve a policy governing the engagement of the external auditors for the provision of non-audit services; and
   8. annually review and assess the independence and performance of the external auditors.

4. Internal Audit: to oversee the internal audit function and reports, the Committee shall:

1. 1. review with the Chief Internal Auditor a summary of findings, any restrictions or limitations on their work, cooperation received, special investigation reports, findings from third party auditors (not including work performed by the appointed external auditors), and any recommendations arising therefrom;
   2. review the proposed audit plans for the coming year, the criteria upon which they are based and the coordination of services provided to the external auditors;
   3. periodically review and approve the internal audit mandate (the Internal Audit Department Policy Statement) for continued relevance;
   4. review audit progress, findings, recommendations, responses and follow-up actions; in situations where the auditee has not responded appropriately in a timely fashion to the audit findings, follow-up and obtain a management response on those action items which remain outstanding for a significant period of time;
   5. satisfy itself as to internal audit independence, cooperation received from management, interaction with external audit and any unresolved material disagreements with management;
   6. review the budget, organizational structure, and qualifications of the internal audit department;
   7. through its Chair, act as the formal supervisor of the Chief Internal Auditor and in consultation with the President and the Vice-President (Operations and Finance), have the final approval to appoint or discharge the Chief Internal Auditor and complete an annual performance review of the Chief Internal Auditor;
   8. periodically review the effectiveness of the internal audit activity; and
   9. meet privately with the Chief Internal Auditor at least quarterly.

5. Compliance: to oversee compliance-related issues, the Committee shall:

1. 1. obtain regular updates from management and legal counsel regarding legislative and regulatory compliance and outstanding litigation matters;
   2. review the effectiveness of the system for monitoring compliance with laws and regulations and the results of management’s investigation and follow-up (including disciplinary action) of instances of non-compliance;
   3. review the findings of any examinations by regulatory agencies; and
   4. review the process for communicating conflict of interest and code of conduct policies to employees and monitoring compliance.

6. Enterprise-wide Risk Management: to oversee the University’s risk management framework which shall include approval of Management’s proposed Risk Appetite Statement and review of:

1. 1. the identification and quantification of all significant risks (e.g. strategic, financial, operational, reputational etc.) the University is exposed to;
   2. the University’s appetite and tolerance for these risks on both an inherent and residual basis;
   3. Management’s strategy and controls for managing these risks;
   4. the roles and responsibilities for risk identification and management including risk ownership;
   5. risk monitoring and reporting;
   6. emerging risks including risk horizon, likelihood and severity of such risks;
   7. opportunities identified by Management for the future growth of the University
   8. and shall provide input as appropriate as to the overall risk culture and tolerance of the University. The Audit and Risk Committee shall be satisfied that Management operates within the University’s approved Risk Appetite Statement.

7. Reporting: to fulfill its reporting responsibilities, the Committee shall:

1. 1. report to the Board of Governors as required about Committee activities, issues, and related recommendations;
   2. report to the Board of Governors, on its review of Management’s proposed Risk Appetite Statement and present a final version for approval by the Board
   3. complete periodic self-assessments of the Audit and Risk Committee’s effectiveness against its mandate and report any concerns to the Board;
   4. periodically review the Terms of Reference of the Audit and Risk Committee and recommend any proposed changes for consideration by the Board of Governors; and
   5. perform other activities as requested by the Board.

8. Other duties:

1. 1. oversee the work of any public accounting firm engaged by the University where such work would be defined as “public accounting” within the meaning of the standards of the Canadian Institute of Chartered Accountants;
   2. investigate any matter brought to its attention with full access to all books, records, facilities and personnel of the University; and
   3. review and ensure that procedures are in place for the receipt, retention and treatment of complaints regarding accounting, internal accounting controls or audit matters.