AUDIT AND RISK COMMITTEE

TERMS OF REFERENCE

1. Purpose

The Audit and Risk Committee (the Committee) is a subcommittee of the Board of
Directors of the Rugby Football Union (the RFU), from which it derives its authority
and to which it regularly reports.
The principal purpose of the Committee is to:
• Review the RFU’s group financial statements;
• Consider the appointment of the external auditors and their independence;
• Review the effectiveness of the internal control systems of the RFU;
• Consider the appointment of the internal auditors and review the RFU’s internal
audit programme; and
• Monitor and oversee, and advise the Board on, the RFU’s risk management
process.

2. Constitution and Process

2.1. Membership

(a) General
The members of the Committee are appointed by the RFU Board of Directors (the
Board). There shall be at least four members of the Committee. At least two members
must be non-executive members of the Board (at least one being one of the Board’s
independent non-executive directors, and at least one who is a Council Member on the
Board of Directors), and at least one of whom shall have recent and relevant financial
experience. The Chair of the Board shall not be a member of the Committee.
The independent non-executive Director appointed by the Board will chair the
Committee. In the absence of the Chair of the Committee, the remaining members
present will elect one of themselves to chair the meeting.
The Board may co-opt additional members to the Committee for specific or general
purposes.

(b) Terms and term limits

Appointment to the Committee shall be for periods of up to three years ordinarily from
1 August in any year, with an aggregate maximum term of nine years. If a Council or
Board member of the Committee is removed from their position on the Board or Council,
they may at the discretion of the Board remain on the Committee for an interim period
until a successor is appointed.

Audit & Risk Committee ToR 1 of 5

 The Board may agree to extend the term limit of a member of the Committee if it
believes that it is in the interests of the RFU to do so.

2.2. Meetings

(a) Quorum
The quorum for meetings shall be two members of the Committee, provided that at
least one of whom has recent and relevant financial experience.
A duly convened meeting of the Committee at which a quorum is present shall be
competent to exercise all or any of the authorities, powers and discretions vested in or
exercisable by the Committee.

(b) Secretary
The secretary for the Committee will be provided by the RFU. The secretary should
ensure that the Committee receives information and papers in a timely manner to
enable full and proper consideration of issues. The secretary of the Committee shall
circulate the minutes of such meetings to the Chair of the Committee and once agreed
to all members of the Board and shall keep a record of the membership of, and the
dates of any changes to the membership of, the Committee.

(c) Attendees
No one other than the members of the Committee shall be entitled to attend Committee
meetings. The Chief Executive Officer, the Chief Financial Officer, the Legal and
Governance Director and their representatives and representatives of the external and
internal auditors would normally be invited to attend meetings, withdrawing if required
to do so by the Chair of the Committee. Others may attend from time to time at the
invitation of the Chair of the Committee.

(d) Frequency of meetings

The Committee shall meet at least three times each year and at such other times as
the Chair of the Committee or the Chair of the Board shall require. One of these regular
meetings are for the primary purpose of discussing the external audit plan with the
external auditors and for reviewing the annual financial statements and accompanying
report with the external auditors.

(e) Committee Self-Review

The Committee will conduct:
 an annual self-assessment of its performance and effectiveness; and
 an annual review of its Terms of Reference,
and report conclusions and recommendations to the Board and Council.

3. Scope of Authority
The Committee is concerned with the business of the entire RFU Group of companies
and its authority extends to all matters relating to the RFU and its business units and
subsidiaries.

The Committee has authority to investigate any matters within its responsibilities and
to obtain such information as it may require from any director, officer or employee of
the Group and may call any director, officer or employee of the Group to attend any
meeting of the Committee as and when required.

Audit & Risk Committee ToR 2 of 5

 The Committee has authority to obtain outside legal or other independent professional
advice at the RFU’s expense and to secure the attendance of outsiders with relevant
experience and expertise as necessary. The Committee will have the right to
commission studies and any other relevant market data, at reasonable cost to the RFU,
which it considers necessary in the performance of its duties.

4. Responsibilities of the Committee

The responsibilities of the Committee are as follows:

4.1 Financial Reporting

(a) To review, and challenge where necessary, the actions and judgements of
management, in relation to the annual financial statements before submission to the
Board, paying particular attention to:
 the application of significant accounting policies and any changes to them;
 the methods used to account for significant or unusual transactions where
different approaches are possible;
 whether the RFU has adopted appropriate accounting policies and made
appropriate estimates and judgements, taking into account the external auditor’s
views on the financial statements; and
 material information presented with the financial statements, including the
strategic report and the corporate governance statements, relating to the audit
and to risk management.
(b) To review the content of the annual report and financial statements and advise the
Board on whether, taken as a whole, it is fair, balanced and understandable and
provides the information necessary for members to assess the RFU’s performance,
business model and strategy, including the clarity of disclosures and the going concern
assumption.
(c) To discuss problems and reservations arising from the interim and final audits and any
matters the auditors may wish to discuss (in the absence of management, where
necessary).

4.2 Internal Audit

(a) To consider and advise the Board on the appointment and terms of engagement of the
internal audit service, the audit fee, the provision of any non-audit services by the
internal auditors (where the internal audit service provider is outsourced) and any
questions of resignation or dismissal of the internal auditors;
(b) To approve the internal auditors’ risk based plan; to consider major findings of internal
audit investigations and management's response; and to ensure cost effective co-
ordination of the work undertaken by internal and external auditors. The Committee will
ensure that the resources made available for internal audit are sufficient to meet the
RFU’s needs (or make a recommendation to the Board as appropriate).
(c) To receive reports on the results of the internal auditors’ work on a periodic basis,
including reviewing and monitoring management’s responsiveness to findings and
recommendations.
(d) To formally review the effectiveness of the internal audit processes on an annual basis,
including reviewing the performance of the internal auditors.
(e) To ensure that the internal auditors has direct access to the Chair of the Board and the
Committee and is accountable to the Committee.

Audit & Risk Committee ToR 3 of 5

(f) To meet with the internal auditors at least once per year without management being
present, to discuss the remit of internal audit and any issues arising from the internal
audit programme.

4.3 External Audit

(a) To consider and recommend the appointment of the external auditor and assess
independence of the external auditor, ensuring that key partners are rotated at
appropriate intervals. This includes leading the process for appointing external
auditors and making recommendations to the Board;
(b) To recommend the audit fee to the Board and preapprove any fees in respect of non-
audit services provided by the external auditors, subject to permitted levels established
by the Committee and to ensure that the provision of non-audit services does not impair
the external auditors’ independence or objectivity;
(c) To discuss with the external auditors before the audit commences, the nature and
scope of the audit and to review the auditors’ quality control procedures and steps
taken by the auditor to respond to changes in regulatory and other requirements. The
Committee should obtain and review a report by the external auditor describing:
 The auditing firm’s internal quality-control procedures;
 Any material issues raised by the most recent internal quality-control review, or
peer review, of the auditing firm, or by any inquiry or investigation by governmental
or professional authorities, within the preceding five years, respecting one or more
independent audits carried out by the auditing firm, and any steps taken to deal
with any such issues;
 All relationships between the independent auditors and the RFU.

(d) To review the findings of the audit with the external auditors, including:
 a review of the management letter incorporating management responses;
 any other matters the external auditors may wish to discuss (in the absence of
management where necessary);
(e) To formally review the effectiveness of external audit processes, including reviewing
the performance of the external auditors.
(f) To meet with the external auditors at least once per year without management being
present, to discuss the remit of external audit and any issues arising from the external
audit programme.

4.4 Risk Management and Internal Control

(a) Recognising that the determination of the risks and the level of risk appetite acceptable
to the RFU is the responsibility of the Board, to advise the Board on the RFU’s overall
risk appetite, tolerance and strategy, taking account of:
 the current and prospective macroeconomic and financial environment;
 assessment of risk by management; and
 the results of any review of internal control and risk.
(b) To oversee and advise the Board on the current risk exposures of the RFU and future
risk strategy.
(c) To review the RFU’s overall risk assessment processes that inform the Board’s
decision making.
(d) To review the adequacy and effectiveness of the RFU’s internal financial controls and
internal control and risk management systems.

Audit & Risk Committee ToR 4 of 5

(e) To review and approve the statements to be included in the annual report concerning
internal controls and risks.
(f) To oversee the RFU’s procedures for detecting fraud.
(g) To review management’s and the internal auditor’s reports on the effectiveness of the
systems for internal financial control, financial reporting and risk management.
(h) To review annually the RFU’s procedures for its employees and contractors to raise
concerns in confidence, and handling the receipt, retention and treatment of concerns
raised from whistleblowers including those regarding accounting matters, internal
controls or auditing matters, and to ensure that arrangements are in place for the
proportionate and independent investigation of such matters and for appropriate follow
up. This includes being provided with reports from management on any matters raised
through whistleblowing or similar routes.

5. Reporting

The membership of the Committee and full report of its Terms of Reference,
responsibilities and activities during the year shall be disclosed on the official website
of the RFU. The Chair of the Committee shall attend the Annual General Meeting of
the RFU to answer questions which relate to the work of the Committee.
The Committee shall report formally to the Board on its duties and responsibilities and
on how it has discharged its responsibilities as required by the Board.

6. Other Matters

The Committee will give due consideration to the provisions of laws, regulations and
governance codes applicable to the RFU.

Approved by the Board: 26 June 2019

Audit & Risk Committee ToR 5 of 5