Internal controls and risk management systems
- The audit committee should review the entity’s internal financial controls (that is, the systems established to identify, assess, manage and monitor financial risks).
- The entity’s management is responsible for the identification, assessment, and management and monitoring of risk, for developing, operating and monitoring the system of internal control and for providing assurance to the board and executive management that it has done so. Except where the board or a risk committee is expressly responsible for reviewing the effectiveness of the internal control and risk management systems, the audit committee should receive reports from management on the effectiveness of the systems they have established and the conclusions of any testing carried out by internal and external auditors.
- Except to the extent that this is expressly dealt with by the board or risk committee, the audit committee should review and approve the statements included in the annual report in relation to internal control and the management of risk.