Terms of reference for the Risk & CSR Committee

Members

The members of the Committee shall be at least three non-executive directors. The Chairman of the Committee shall be appointed by the Board. The Chairman of the Committee shall also be a member of the Audit Committee.

The quorum of the Committee shall be two members.

Secretary

The secretary of the Company shall be the secretary of the Committee.

Attendance

The Group Chairman and the CEO would ordinarily be members of the Committee. The Committee shall normally require the attendance of the Safety, Assurance and Sustainability Director; the Head of Internal Audit; and, for the relevant agenda items, the Compliance Implementation Director and the Compliance Audit Director, or any other executives of the Group to report on risk positions, management or the workings of the compliance regime.

The Compliance Implementation Director is responsible for implementing the Compliance Regime and the Compliance Audit Director is responsible for undertaking periodic audits of QinetiQ’s compliance procedures and their implementation by QinetiQ.

Frequency of Meetings

Meetings shall be held at least four times a year. Committee members may request additional meetings if they consider one is necessary.

Operation

The Risk Committee has three primary functions:

1.  To oversee the sound operation of the risk management systems
2.  To monitor risk exposures
3.  To monitor QinetiQ’s compliance with the compliance requirements (agreed with the MOD), the QinetiQ generic Conflict of Interest Policy, and the Proxy Regime.

The Committee reports on its activities and makes recommendations to the Board.

The Committee is authorised by the Board to investigate any activity within its terms of reference, including any areas of concern as to ethical impropriety. It is authorised to seek any information it requires from any employee and all employees are directed to co-operate with any request made by the Committee.

The Committee is authorised by the Board to obtain outside legal or other independent professional advice and to secure the attendance of outsiders with relevant experience and expertise if it considers it necessary.

In relation to risk, while the Committee has responsibility for reviewing risk positions and the effectiveness of mitigation, discussions aimed at determining the type and amount of risk to be taken and the level of investment in mitigation to bring risk exposures into line with the risk strategy remain at the level of the full Board. The Committee may, however, undertake initial review of management proposals in relation to the risk strategy with a view to reporting to the Board.

In relation to compliance, the function of the Committee is to monitor QinetiQ’s compliance with the compliance arrangements agreed with the MOD, the purpose of which is to ensure that QinetiQ is able to maintain its position as a supplier of independent and impartial advice to the MOD. The Committee is authorised to take whatever approach is necessary to oversee and ensure the effective application of the compliance systems.

Duties

1   To oversee the sound operation of the risk management systems

This will involve:

  • Review of the structure supporting risk management including the role of risk management specialists; the identification of risk owners, their accountability and their reporting lines up to the CEO and to the Board and board committees; and the operation of any Executive risk committee;
  • Review of risk identification, assessment and reporting processes;
  • Ensuring the inclusion of the required level of risk analysis in relation to M&A transactions including requiring appropriate and timely risk analysis during the due diligence phase, liaising as required with the Audit Committee particularly in relation to the content of supporting documentation;
  • Review of the effectiveness of the risk management or control systems and of the quality of the assurance over such controls. (This excludes controls relating to financial reporting risks.);
  • Reviewing reports from the Head of Internal Audit on the application of risk management systems and monitoring management implementation of agreed actions;
  • Overseeing the learning of lessons from past problems or successes and the system for incorporating such lessons into risk management practices;
  • Consideration of the prevailing risk and control culture including periodically forming a view of attitudes to risk and control; and monitoring the effective application of the QinetiQ Group’s business ethics principles including compliance with the requirements of the Bribery Act;
  • Consideration of the implications of reward structures for the organisation’s risk culture;
  • Whilst recognising the requirements of the Proxy Regime, meet its oversight obligations by continuing to determine how risk management and internal control are applied in QNA, in part by maintaining an active dialogue with the QNA Board and audit committee on the approach being taken to securing and monitoring risk management effectiveness;
  • Review and approval, together with the Audit Committee, of the Company’s statements on internal controls and risk management in the Annual Report.

2   To monitor risk exposures

The Committee will:

  • Review reports on significant risk exposures (both “gross” i.e. before mitigation and “net” i.e. post-mitigation); this will include a review of the top-level risk register and of the approach to formulating the full risk register;
  • Consider changes and trends in risk exposures, including consideration of external factors influencing the Company’s risk profile;
  • Consider how far the estimated risk exposures are being mitigated to the required level in line with the agreed Risk Strategy;
  • Assess periodically, from a risk and internal control perspective, the Group Business Model and strategy, to check that key strategic and financial risks are reflected in the risk strategy and risk register (including consideration of stress-testing or scenario analysis undertaken by management);
  • Periodically assess the alignment between the Group’s strategy, its risk strategy and the prevailing risk profile and report its assessment to the Board; in doing so the Committee shall consider the inter-connectedness of risks;
  • Review the steps Management are proposing to mitigate existing, changing or emerging risks;
  • Conduct an initial review of management recommendations to the Board relating to risk strategy and the level of investment in mitigation;
  • Review and approval of the Company’s statements on risk exposures in the Annual Report.

3   To monitor QinetiQ’s compliance with the compliance requirements (agreed with the MOD), the QinetiQ generic Conflict of Interest Policy, and the Proxy Regime.

The Committee shall oversee and ensure the effective application of compliance requirements (agreed with the MOD) and the QinetiQ generic Conflict of Interest Policy, and provide assurance that the related obligations set out in the Articles of Association are being fully adhered to.

Reporting to the Committee, the key roles of Compliance Implementation Director and Compliance Audit Director will be responsible for implementing the Compliance System and undertaking periodic audits respectively to demonstrate and provide assurance that QinetiQ’s obligations are being met.

In addition, the Committee shall in relation to all businesses within the Group, wherever situated:

  • monitor the effective application of the QinetiQ Group’s business ethics principles;
  • review periodically the operation of the Proxy Regime to ensure that, whilst operating within the requirements of the Proxy Regime and respecting its intent, the Board receives sufficient assurance on the QNA operations to meet its oversight obligations;
  • monitor the effective application of the Proxy Regime’s meetings, visits and communications requirements;
  • monitor the activities of specific internal functions;
    • Safety relating to people, products, services and advice
    • International Trade Control
    • Information security, data protection and physical security
    • Commercial
    • Corporate Social Responsibility
    • Environmental, sustainability and supply chain management
    • Research involving human subjects
  • monitor any other internal functions which the Committee may, from time to time, determine falls within the scope of its responsibilities;
  • review appropriate quarterly reports from both the Company Secretary and Safety, Assurance and Sustainability Director.

Minutes

The minutes of meetings of the Committee shall be circulated to all members of the Board.

Other

The Committee shall review on an annual basis the Committee's effectiveness and recommend to the Board any necessary changes.

QinetiQ People Who Know How
Terms of reference for the Risk & CSR Committee