Skip to main content

Audit and Risk Committee Terms of Reference

Show Related Pages

Audit and Risk Committee: Terms of Reference

October 2025

1. Introduction

The Office of the Police Ombudsman for Northern Ireland “the Office” was established under the Police (Northern Ireland) Act 1998.  It is an executive Non-departmental Public Body whose sponsor body is the Department of Justice and is accountable to the Northern Ireland Assembly through the Justice Minister.  The Office of the Police Ombudsman operates under a management framework governed by the Police (Northern Ireland) Act 1998 and the Police (Northern Ireland) Act 2000.  The Office of the Police Ombudsman for Northern Ireland does not have a Board but is headed by the Police Ombudsman who is a corporation sole under the Police (Northern Ireland) Act 1998 and appointed by Royal Warrant.  The Accounting Officer is the Chief Executive for the Office of the Police Ombudsman for Northern Ireland.

2. Constitution and Purpose

The Audit and Risk Committee advises and supports the Police Ombudsman and Chief Executive in discharging their responsibilities in relation to issues of risk, control and governance, by reviewing the comprehensiveness, reliability and integrity of the risk, control and governance assurances available to the organisation.  As the Police Ombudsman is appointed under statute as a Corporation Sole and the Office does not have a Board, in consequence the role of the Committee has greater significance than for other Audit and Risk Committees, which operate in conjunction with a Board. 

3. Independent Non-Executive Members

The current independent non-executive members are:

Non-Executive Member and Co-Chair
Name: Colin Kennedy
Date appointed: March 2025
Appointment end date: March 2028 (extendable by 2 further years)

Non-Executive Member and Co-Chair
Name: Kevin McMahon
Date appointed: March 2025
Appointment end date: March 2028 (extendable by 2 further years)

  • These members shall between them chair all Audit and Risk Committee Meetings. 
  • It has formally been agreed to secure a third Independent External Member in order to provide a greater range of expertise to the Audit and Risk Committee. Recruitment for this will be progressed during Quarters 2 and 3 of the 2025/26 financial year.
  • The role of the independent non-executive members is to provide:

             i. Constructive challenge;
             ii. A fresh, objective perspective and new ideas;
             iii. Improved rigour to management processes;
             iv. Specific expertise and experience;
             v. A safe sounding board for new approaches; and
            vi. A balance to the mix of skills and experience on the Committee.

4. Membership

The following people will normally be expected to attend each meeting of the Audit and Risk Committee.

Internal

  • Police Ombudsman for Northern Ireland
  • Chief Executive (Accounting Officer) 
  • Director of HR and Corporate Services
  • Other Directors providing organisational updates
  • Finance Manager

External

  • Representative from Internal Auditor – NICS Internal Audit 
  • Representative from External Auditor – Northern Ireland Audit Office
  • A representative from Department of Justice may attend meetings in an observer capacity.

Other members of staff, on certain occasions may be invited to attend the Audit and Risk Committee to contribute to certain agenda items, such as risk, or as observers.

 Secretariat support to the Committee will be provided by a Personal Secretary within the Office. The proceeding and resolutions of all Committee meetings, including the names of those present and in attendance will be minuted and kept as a record. If at all possible, all papers will be provided to the members of the Audit and Risk Committee one week in advance of each meeting.

Once approved by the Committee, the minutes of the Audit and Risk Committee meetings will be published on the Office website.

5. Reporting

The Audit and Risk Committee will provide the Police Ombudsman and Accounting Officer with an Annual Report, timed to support finalisation of the accounts and the Governance Statement, summarising its conclusions, from the work it has done during the year. This report will also include an appraisal of the Committee members' performance and assessment of training needs. An appraisal of the Committee's performance will be carried out by the Chief Executive and will be included in the Annual Report.

6. Responsibilities

The Audit and Risk Committee will advise the Police Ombudsman and Accounting Officer on:

i. The strategic processes for risk, control and governance and the Governance Statement;

ii. The accounting policies, the accounts and the annual report of the organisation, including the process of review of the accounts prior to submission for audit, levels of error identified, and management’s letter of representation to the external auditors;

iii. The planned activity and results of both internal and external audit;

iv. Adequacy of management response to issues identified by audit activity, including external audit’s management letter;

v. Assurances relating to the corporate governance requirements of the organisation;

vi. Proposals for tendering for Internal Audit services or for purchase of non-audit services from contractors who provide audit services;

vii. Anti-fraud policies, whistle-blowing processes, and arrangements for special investigations, including Value for Money;

viii. Review the operation of the Office’s Code of Ethics at least every three years;

ix. Consider any other matters where requested to do so by the Police Ombudsman;

x. The Audit and Risk Committee will also, at a minimum annually, review its own effectiveness and report the results of that review to the Police Ombudsman and to the Accounting Officer (this will be completed before the September meeting).

7. Rights

The Audit and Risk Committee may:

a) Co-opt additional members for a period not exceeding a year to provide specialist skills, knowledge and experience;

b) Procure specialist ad-hoc advice at the expense of the organisation, subject to budgets agreed by the Police Ombudsman and the Accounting Officer.

8. Access

The Head of Internal Audit and the representative of External Audit will have free and confidential access to the Chair(s) of the Audit and Risk Committee.

9. Meetings

i. The Audit and Risk Committee will meet at least four times a year (usually in March, June, October and December). The Chair(s) of the Committee may convene additional meetings, as they deem necessary. The agenda will be reviewed for each meeting and agenda items will include relevant cyclical areas fo work.

ii. Both independent non-executive members of the Audit and Risk Committee will normally be present for the meeting to be deemed quorate. However, in exceptional circumstances, the Audit and Risk Committee may proceed with one non-executive member present.  The non-executive members of the Committee will co-chair the meetings.

iii. The Audit and Risk Committee may ask any or all of those who normally attend but who are not members to withdraw to facilitate open and frank discussion of particular matters.

iv. At least one Audit and Risk Committee meeting per year will be held with the internal and external auditors in closed session.

v. The Police Ombudsman or the Accounting Officer may ask the Audit and Risk Committee to convene further meetings to discuss particular issues on which they want the Committee’s advice.

10. Information Requirements

For each meeting the Audit and Risk Committee will normally be provided with:

  • A report summarising any significant changes to the organisation’s Risk Register or proposed changes to the Corporate Governance arrangements;
  • The most recent Finance update provided to ELT;
  • A progress report from the Head of Internal Audit summarising 
  • Work performed (and a comparison with work planned);
  • Key issues emerging from Internal Audit work;
  • Management response to audit recommendations;
  • Changes to the Internal Audit Plan;
  • Any resourcing issues affecting the delivery of Internal Audit objectives;
  • A progress report from the External Audit representative summarising work done and emerging findings;
  • A progress report from management providing an update in relation to the implementation of internal and external audit recommendations;
  • Any management assurance reports, including but not limited to: fraud or theft, data breaches, direct award contracts, raising concerns;
  • Reports on the management of major incidents or “near misses” and lessons learned;  
  • As and when appropriate, the Committee will also be provided with;
  • Proposals for the Terms of Reference of Internal Audit / Internal Audit Charter;
  • The Internal Audit Strategy;
  • The Head of Internal Audit’s Annual Opinion and Report;
  • Quality Assurance Reports on the Internal Audit function;
  • The draft accounts of the organisation;
  • The draft Governance Statement;
  • A report on any changes to accounting policies;
  • External Audit’s Management Letter (RTTCWG);
  • A report on any proposals to tender for audit functions;
  • A report on co-operation between Internal and External Audit;
  • The Risk Management Strategy;
  • End Year and Mid-Year Accounting Officer Stewardship Statements.

11. Review and Approval

The terms of reference will be reviewed by the Audit and Risk Committee at least annually (at the March meeting).