Audit and Risk Assurance Committee (ARAC) terms of reference

Terms of Reference agreed: November 2022
Next review date: November 2023


The Audit and Risk Assurance Committee (ARAC) is a standing committee that is a requirement of the Welsh Government’s Framework Document with NRW. Its principal role is to advise the Board and to support the Chief Executive/Accounting Officer on matters of risk, financial stewardship and accountability, internal control and governance.


The ARAC will provide assurance on the establishment and maintenance of an effective control environment to ensure financial and wider business integrity, sustainability and continuity. The ARAC will monitor NRW’s risk management processes to ensure their effectiveness in anticipating future risks as well as addressing the here and now, and that risk mitigation measures are consistent with NRW’s risk appetite.

The ARAC will provide the Board and the Chief Executive/Accounting Officer with an Annual Report summarising the business it has conducted during the year and the conclusions it has drawn therefrom. This will also inform the production of the Chief Executive/Accounting Officer’s Governance Statement.


The ARAC is responsible for effectiveness of key financial and other controls by ensuring it gains appropriate assurance of the:

  • Financial and other internal control frameworks;
  • Risk management framework, including aligning its own review of risks matters with deep dives conducted by other Board Committees;
  • Strategic risks relevant to compliance, by undertaking a programme of deep dives to scrutinise current and target scores, seeking confidence on the appropriateness of planned actions to manage risks and secure the target scores identified;
  • NRW Corporate governance arrangements;
  • Policies and procedures in respect of fraud, irregularity and public interest disclosure;
  • Management of Information, Data, and Cyber security risks, seeking confidence that those risks are managed appropriately and necessary controls are in place;
  • Implementation of approved recommendations relating to both internal and external audit reports and management responses;
  • consider elements of the annual financial statements in the presence of the external auditors, including the auditors’ formal opinion, the statement of members’ responsibilities and the statement of internal control;
  • review the accounting policies relating to the financial statements, particularly in relation to any changes, and to comment on their adequacy;
  • scrutinise and report to the Board on the Annual Report and Accounts of NRW and the Chief Executive/Accounting Officer’s Governance Statement and recommend approval for the Chief Executive/Accounting Officer to sign off the Annual Report and Accounts;
  • alert the Board and the Chief Executive/Accounting Officer to issues that pose a material risk;
  • gain assurance on issues of fraud, losses and special payments, including the Annual Report;
  • scrutinise all significant contracts let without competition (individually or collectively) in order to support transparency of decision;
  • oversight and scrutiny of progress and delivery of the Vision for Good Governance business transformation programme.

External Audit  

Wales Audit Office is NRW’s external auditor.

The ARAC will review the work of the external auditor and will consider their findings and management’s response to them. Specific responsibilities include to:

  • review and recommend (to the Chief Executive/Accounting Officer) approval of the annual external audit plan and audit fee;
  • review all external audit reports, including the audit completion report before final submission to the Chief Executive/Accounting Officer and the NRW Board, as well as any work undertaken outside of the annual external audit plan and management’s response thereto;
  • review the performance of the external auditor.

Internal Audit 

The ARAC will oversee NRW’s internal audit arrangements to ensure their effectiveness and will review the work and findings of the internal auditors, together with management’s responses. Specific responsibilities include to:

  • agree the internal audit strategy and annual internal audit plan;
  • receive and review topic-specific internal audit reports, together with management’s responses;
  • receive and review the Internal Audit Opinion;
  • review the performance of the internal audit service.


The ARAC will oversee NRW’s assurance arrangements to ensure their effectiveness and will provide leadership, scrutiny, and guidance on assurance activity, ensure alignment with the organisation’s strategic risks and with Internal Audit activity and findings. Specific responsibilities include:

  • Agree the assurance strategy and annual assurance plan;
  • Receive and review periodic assurance reports;
  • Scrutinise performance over the three lines of assurance, ensuring focus on areas of weakness.


The ARAC will meet at least four times per annum.

At least once a year, and otherwise as required, the internal and external auditors will meet with the ARAC without members of the executive being present.


The ARAC and other attendees will include four non-executive Board members, at least one of whom must have appropriate expertise in financial management, accounting and auditing.

The Audit Wales representatives will be invited to attend.

The Chief Executive/Accounting Officer, Director of Finance and Corporate Services, and Head of Governance and Board Secretary, will normally attend meetings of the ARAC except where specifically excluded for discussion of matters affecting their personal situation or performance.

Last updated