Audit & Risk Committee
Terms of reference
Approved by the BT Group plc Board on: 3 April 2019
The Audit & Risk Committee is a committee of the Board of Directors of BT Group plc (the Board), from which it derives its authority.
1.1. The committee shall comprise at least three members, all of whom shall be independent non-executive directors, and at least one of whom shall have recent and relevant financial experience. The committee as a whole shall have competence relevant to the telecommunications sector. The Chair of the Board shall not be a member of the committee.
1.2. Only members of the committee have the right to attend committee meetings. However, the Group Chief Financial Officer, Group General Counsel, Director of Risk, Compliance and Assurance and Director Group Finance will be invited to attend meetings of the committee on a regular basis. Other non-members, may be invited to attend all or part of any meeting as and when appropriate. BT’s external auditors will normally attend, although they will not be present at meetings when the committee discusses their performance and/or remuneration.
1.3. Members of the committee shall be appointed by the Board.
1.4. The Board shall appoint the committee chair who shall be an independent non-executive director. In the absence of the committee chair and/or an appointed deputy at a committee meeting, the remaining members present shall elect one of themselves to chair the meeting.
2.1. The Company Secretary or their nominee shall act as secretary of the committee.
3.1. The quorum necessary for the transaction of business shall be two members.
4. Frequency of meetings
4.1 The committee shall meet at least four times a year at the appropriate intervals in the financial reporting and audit cycle and otherwise as required.
4.2 Outside of the formal meetings, the committee chair will maintain a dialogue with key individuals involved in the company’s governance, including the Chair of the Board, the Chief Executive, the Group Chief Financial Officer, the external auditors, the Director of Risk, Compliance and Assurance and the Company Secretary.
5. Notice of meetings
5.1 Meetings of the committee shall be called by the secretary of the committee, at the request of the committee chair or any of its members.
5.2 Unless otherwise agreed, notice of each meeting confirming the venue, time and date shall be sent to each member of the committee and any other person required to attend before the date of the meeting. The agenda of items to be discussed and supporting papers shall be sent to committee members and to other attendees as appropriate.
6. Minutes of meetings
6.1 The secretary shall minute the proceedings and resolutions of all meetings, including recording the names of those present and in attendance.
7. Annual general meeting
7.1. The committee chair shall attend the annual general meeting of the company and be prepared to respond to any shareholder questions on the committee’s activities.
8.1 Financial reporting
The committee shall:
8.1.1 monitor the integrity of the financial statements of the company to satisfy itself that they meet all statutory requirements, SEC requirements, appropriate Financial Reporting Standards and, where applicable, the requirements of the Listing Rules, Disclosure Guidance and Transparency Rules and the UK Corporate Governance Code and that there are no unsettled issues of significance between the management and the external auditors which could affect the truth and fairness of the statements, including
i. the annual statutory financial statements;
ii. the half year and quarterly financial results / trading updates;
iii. the Annual Report and Form 20-F; and
iv. other announcements relating to the company’s financial performance, including the going concern and viability statements;
8.1.2 assess and, if thought fit, recommend to the Board of British Telecommunications plc the approval of the Regulatory Financial Statements, Reconciliation Report and associated documents as required by Ofcom, taking into account the statutory and regulatory requirements set out in 8.1.1;
8.1.3review the disclosures made by the Chief Executive and Group Chief Financial Officer during the certification process for the Annual Report regarding any significant deficiencies or material weaknesses in the design or operation of internal financial controls and any fraud involving management or other employees who have a significant role in the company’s internal controls over financial reporting;
8.1.4review and challenge where necessary:
i. the application, appropriateness and consistency of financial reporting judgements and significant accounting policies and any changes to them;
ii. the methods used to account for significant or unusual transactions where different approaches are possible;
iii. whether the company has adopted appropriate accounting standards and made appropriate estimates and judgements, taking into account the views of the external auditors;
iv. the clarity and completeness of disclosure in the company’s externally published financial reports and the context in which the statements are made; and
v. all material information presented with the financial statements and trading updates, such as the strategic report and the corporate governance statements relating to the audit, systems of internal control and risk management.
8.1.5 where it is not satisfied with any aspect of the proposed financial reporting by the company, report its views to the Board.
8.2 Narrative reporting
Where requested by the Board, the committee shall review the content of the annual report and accounts and advise the Board on whether, taken as a whole, it is fair, balanced and understandable and provides the information necessary for shareholders to assess the company’s position, performance, business model and strategy.
8.3 Risk Management systems and Internal controls
8.3.1 The committee shall on behalf of the Board (which retains overall responsibility for risk management):
i. monitor the company's risk management and internal control systems that identify, assess, manage and monitor risks (both financial and non-financial), including material controls (financial, operational and compliance) and carry out an annual review of their effectiveness and report that review in the annual report;
ii. review and approve the statements to be included in the annual report concerning risk management, internal controls and the viability statement; and
iii. ensure that a robust assessment of the emerging and principal risks facing the company, including those that would threaten the business model, future performance, solvency and liquidity, is undertaken by the Board at least once a year and confirm that review in the annual report and describe those risks and how they are being managed or mitigated.
8.3.2 The Chief Executive will attend annually to discuss his view of risks across the business and the top risks facing the company as a whole.
8.3.3 The committee shall consider a report from management each year on the major risks that may materialise in the future, particularly as a consequence of adverse changes to the economic, social, regulatory, political or technology environment, or as an unintended consequence of new products and services being offered or developed by the organisation.
8.3.4 The committee shall receive regular updates from each CEO of the Customer Facing Units (CFUs) and BT Technology on risk management in their part of the business, including the key risks and the actions they are taking to address them.
8.3.5 The committee shall review the scope of the company’s s404 Sarbanes-Oxley internal controls audit testing and the results of the testing.
8.3.6 The committee shall consider management’s confirmation of the operation of the s404 Sarbanes-Oxley Act processes, and consider the implications of management’s conclusions for the purposes of the preparation of each year’s annual report and to ensure that control deficiencies are being appropriately addressed.
8.3.7 The committee shall receive regular reports on significant litigation and financial commitments and significant potential liability (including tax) issues involving the company.
8.4 Internal Audit
The committee shall:
8.4.1 review internal audit and its relationship with the external auditors, including plans and performance; and its reports on risk management processes and the systems of risk management and internal control;
8.4.2 review and endorse the annual internal audit plan;
8.4.3 review promptly all material reports on the company from internal audit and monitor actions taken by management to address issues arising from such reports;
8.4.4 review and monitor management’s responsiveness to the findings and recommendations of internal audit;
8.4.5 review the activities, resources, organisational structure and the operational effectiveness of internal audit, and where appropriate, make recommendations to the Board;
8.4.6 review and approve the Internal Audit Charter annually;
8.4.7 monitor and review the effectiveness of the internal audit function in the context of the company’s overall assurance framework; and
8.4.8 concur with the appointment or dismissal of the Director of Risk, Compliance and Assurance.
8.5 External Audit
The committee shall:
8.5.1 review and make recommendations to the Board, to be put to the shareholders for approval at the annual general meeting, in relation to the appointment, re-appointment and removal of the company’s external auditors, and make recommendations to the Board regarding tendering the external audit contract from time to time as required by best practice or regulation;
8.5.2 ensure that key audit partners are rotated at appropriate intervals in line with best practice; and consider their resignation and removal and recommend appropriate action to the Board;
8.5.3 oversee the relationship with the external auditors including:
i. review and approve their remuneration, including both fees for audit and non-audit work, ensuring it is appropriate to enable an effective and high-quality audit to be conducted; and
ii. approve the terms of engagements, including any engagement letter issued at the start of each audit and the scope of the audit;
8.5.4 review, at least annually, the effectiveness of the external audit process and the qualifications, expertise, resources, independence and objectivity of the external auditors, including the nature and extent of non-audit and consultancy services. The committee shall also keep under review, the company policy on the engagement of the external auditors to supply non-audit services (to ensure prior approval by the committee of these services and assessment of the impact this may have on independence or objectivity);
8.5.5 review the scope and results of the external audit and any significant findings reported to the committee in the management letter, receiving updates from management on action taken; and
8.5.6 review and discuss any reports from the external auditors on critical accounting policies, including management’s response.
8.6 Compliance, Whistleblowing and Fraud
8.6.1The committee shall monitor the effectiveness of processes for dealing with:
i. complaints received by the company regarding accounting, internal accounting controls or auditing matters;
ii. the confidential, anonymous submission by employees (and third parties) of concerns (‘whistleblowing’ procedures), regarding questionable accounting or auditing matters; and
iii. the confidential, anonymous submission by employees and third parties of concerns regarding potential or actual non-conformance with internal governance and compliance polices or external compliance obligations;
and ensure arrangements are in place for the proportionate and independent investigation of all matters so reported, and appropriate follow up actions. The committee will report to the Board on the effectiveness of the arrangements and the issues raised through these arrangements.
8.6.2 The committee shall review reports from Risk, Compliance and Assurance on BT’s key compliance policies and programmes (including mandatory training) worldwide.
8.6.3 The committee shall oversee the overall approach to securing compliance with laws, regulations and company policies in areas of risk, including monitoring the effectiveness of the global compliance programme.
8.6.4 The committee shall receive updates on each Regional Governance Committees’ (“RGC’s”) review of the risk management framework in their region, their top governance and compliance risks and the effectiveness and progress of the committee.
8.6.5 The committee shall serve as an escalation point for the Group Director of Ethics & Compliance on any relevant concerns.
8.6.6 The committee shall review the code of ethics as required by the Sarbanes-Oxley Act for the Chief Executive, Group Chief Financial Officer, senior finance managers and for any other people from time to time as appropriate.
9. Reporting responsibilities
9.1 The committee chair shall report to the Board on its proceedings after each meeting, on all matters within its duties and responsibilities, including:
i. significant issues that it considered in relation to financial statements and the annual report and Form 20-F, and how these were addressed;
ii. any issues considered with regards to the systems of risk management and internal controls;
iii. its assessment of the effectiveness of the external audit process; and
iv. any other issues on which the Board has requested the committee’s opinion.
9.2 The committee shall make whatever recommendations to the Board it deems appropriate on any area within its remit where action or improvement is needed.
9.3 The Chair of the Group Risk Panel will provide the committee chair with regular updates on the work of the panel and minutes of panel meetings will be available on request to each committee member.
9.4 The committee shall compile a report on its activities to be included in the annual report, including:
i. the significant issues the committee considered in relation to the financial statements and how any issues were addressed;
ii. an explanation of how it assessed the independence and effectiveness of the external audit process;
iii. in the case of the Board not accepting the committee’s recommendations on the external auditors’ appointment, reappointment or removal, a statement from the committee explaining its recommendation and the reasons why the Board has taken a different position; and
iv. an explanation of how auditor independence and objectivity are safeguarded, if the external auditors provide non-audit services.
10. Other matters
The committee shall:
10.1. have access to sufficient resources in order to carry out its duties, including access to the company secretarial team for assistance as required;
10.2. be provided with appropriate and timely training, including an induction programme for new members and on an ongoing basis for all members;
10.3. give due consideration to relevant laws and regulations, the provisions of the UK Corporate Governance Code and the requirements of the Listing Rules, Prospectus Rules and Disclosure Guidance and Transparency Rules and any other applicable rules, as appropriate;
10.4. oversee any investigation of activities which are within its terms of reference;
10.5. arrange for periodic reviews of its own performance and terms of reference and recommend any changes it considers necessary to the Board.
The committee is authorised:
11.1 through the Company Secretary to seek any information it requires from any employee of the company in order to perform its duties;
11.2 in consultation with the Company Secretary, to obtain where necessary to fulfil its duties any external legal, accounting or other professional advice on any relevant matter;
11.3 to call any employee to be questioned at a meeting as and when required; and
11.4 to publish in the annual report details of any issues that cannot be resolved between the committee and the Board.