Boards commonly establish committees to carry out specific aspects of their work.
The delegation of functions to board committees is a delegation of functions only. It is not a delegation by the board of its responsibility for the function.
Board committees for audit and risk management, executive remuneration and strategic planning are common. Committees should work to the same governance policies and procedures as the board.
They should have a chair, and a charter setting out their terms of reference and powers. Formal minutes of committee meetings should be taken.
All board committee minutes should be on the agenda and included in the papers for the next full board meeting for the benefit of those board members who are not members of the committee.
It is common practice for a board to delegate certain aspects of its work to committees. This allows a board to delegate part of its workload and enables the committee to perform a detailed analysis of important or sensitive matters before making recommendations for the board to consider.
A committee that operates well can enhance the board’s capacity to make well-informed decisions.
The board, not the committee, is accountable for all decisions.
The board should consider the types of committees necessary when assessing strategic priorities. It may have several ‘standing’ or permanent committees, such as a finance committee, an audit and risk management committee (may be separate), and an appointments or nominations committee. One-off committees may be established to deal with specific large projects.
Committees contribute to the monitoring of information, reporting and control systems. Some committees (such as audit committees) are mandatory for certain public entities.
Even a small board of, for example, four people can choose to establish a committee. Such a board might establish a committee comprising a core of two directors and some co-opted experts from outside the public entity. A small board may decide instead to have no committee at all.
Establishing a Committee
Committees generally comprise directors. Other people, such as management, may also be invited to join as either a member or in an ex-officio role.
It is fairly common practice for the public entity’s chief executive officer or chief finance and accounting officer to participate on relevant committees, but not be a member of the committee.
If particular expertise or experience is required it may be useful to invite people from outside the public entity to participate on a committee.
Committees need to be established with:
- a specific charter, with clear terms of reference
- delegations which do not undermine the board’s delegations to the chief executive officer
- an appropriate number of directors, including a majority of non-executive directors
- procedures for agendas, minutes and reporting to the board, including providing minutes of committee meetings to the board
- a clear expectation that the decision-making responsibilities of the full board are not to be compromised by the activities of any committee, and that significant issues will be reported to the board for discussion and decision.
The minutes of all board committee meetings must be on the agenda and included in the papers for the next full board meeting.
Audit and Risk Management Committee
Some public entities have separate audit and risk management committees. Others have a single committee that oversees both audit and risk matters. Either approach is acceptable. The following discussion assumes a committee covering both aspects.
An audit and risk management committee’s primary role is to assist the board by considering reports from the public entity and auditors. The committee provides assurance about the integrity of the financial processes, systems and reporting of the public entity.
Audit and risk management committees are often given the role of overseeing the risk management framework and register, and their operation in the public entity. This involves the committee ensuring that the board can pursue its chosen strategic directions, while managing risks within an agreed tolerance level.
For public entities that are subject to the Financial Management Act 1994, the standing directions under the Act require an audit committee to oversee and advise the public entity on matters of accountability and internal control affecting its operations.
An audit and risk management committee’s main tasks may include:
- reviewing the financial statements of the public entity
- ensuring that internal control systems are in place
- recommending the appointment of internal auditors, if required, and liaising with internal and external auditors
- overseeing the audit process
- reviewing and acting on audit reports
- overseeing the management of financial risks.
The public entity’s chief finance and accounting officer (CFAO) prepares detailed financial reports on the performance of the public entity.
The CFAO should not be a member of the audit and risk management committee but may be provided with a standing invitation to attend relevant parts of the audit and risk management committee meetings.
The CFAO may provide detailed explanations of financial reports and explain variances from expectations for financial matters. (In small public entities the chief executive officer may undertake the role of the CFAO.)
The board’s chair cannot be chair of the audit and risk management committee unless the Minister for Finance has given an exemption. This is to ensure that the audit and risk management committee works with a degree of independence from the board.
Members of the audit and risk management committee should be financially literate. Where a member does not have such expertise on initial appointment, financial literacy should be attained within a reasonable time through relevant training.
Membership of the committee should be assessed and rotated to ensure injection of new ideas. An independent accountant can be a useful additional member.
The audit and risk management committee should have unlimited access to internal and external auditors, to senior management and all employees. The committee should have sufficient resources to engage outside expertise if needed, such as legal and technical consultants.
The audit and risk management committee should ensure that all recommendations arising from internal and external audits are followed up, and implemented if appropriate. It should provide reasons as to why any recommendations have not been implemented.
The committee should be provided with a status report for all recommendations provided by the internal and statutory auditors where it is agreed action is required. These reports should include identified accountable officers and implementation dates.
Where it has the power to do so, the board can choose to delegate to another party the right to engage in a stipulated activity if there is the power to delegate in the establishing legislation. Such delegation does not absolve the board or its members from their accountability and responsibility for that activity. It can also stipulate that certain matters are reserved for board consideration only.
A delegation is where a party with authority to do something authorises another party to perform those actions on their behalf. There are four types of delegations relevant to a board of a public entity:
- delegation of powers or functions by legal instrument
- financial and other delegations, also by legal instrument, which enable the chief executive officer or chief finance and accounting officer, for example, to authorise expenditure by the public entity
- delegation of powers or functions by a board to directors who are members of a committee
- delegations of powers or functions by a board to the chief executive officer.
Delegations are based on the power to delegate provided either specifically in a public entity’s establishing legislation, in other documents, in the Public Administration Act 2004, or are implied under common law.
The board must make a formal decision to delegate particular powers or functions or financial delegations to particular individuals. Delegations are usually made to particular roles (such as a committee) to avoid having to update the delegations every time someone changes jobs.
A decision to delegate must be made formally by the board. The chair must sign an instrument of delegation on behalf of the board and the decision must be recorded in the minutes of the relevant board meeting. This instrument of delegation should be readily available to the chief executive officer and staff of the public entity.
The delegations must be reviewed at least annually to ensure they are appropriate and up to date. Regular reporting to the board is an integral part of the exercise of delegation.
The chair or chief executive officer may also have a delegation from the portfolio minister of particular ministerial powers or functions.
Subject to any restrictions in legislation on the board’s power to delegate, the board may delegate powers or functions to any of its directors, a board committee, the chief executive officer or a staff member.
A person who holds a delegation must take care to comply with the limits of the delegation, and any conditions placed on the delegation.
The board should ensure it receives a regular report on the use of delegations. This is so it knows how frequently delegations are being used and that they are being applied in the way that was intended.
Matters Reserved for the Board
A board charter documents the responsibilities of the board and those of management. The charter should be available to the directors and staff of the public entity. Any other responsibility that does not appear in the charter becomes management’s responsibility. This is subject to those responsibilities delegated to management by the board.
The board and the chief executive officer should share a clear understanding of their respective roles. Issuing delegations to the chief executive officer or other public entity staff is needed to reflect the distribution of responsibilities. The board should keep a set of delegations and monitor their use.