1.1 The members of the Committee shall be at least three non-executive Directors. The Chairman of the Committee shall be appointed by the Board. The Chairman of the Committee shall also be a member of the Audit Committee.
1.2 The quorum of the Committee shall be two members
2.1The Secretary of the Company, or his or her nominee, shall be the Secretary of the Committee
3.1 Only members of the Committee have the right to attend the Committee meetings. However, other individuals may be invited to attend all or part of any meeting as and when deemed appropriate by the Board or the Committee.
3.2 The Group Chairman and the CEO would ordinarily be members of the Committee. The Committee shall normally require the attendance of the Group Safety and Governance Director; the Head of Internal Audit; and, for the relevant agenda items, the Compliance Implementation Director and the Compliance Audit Director, or any other executives of the Group, to report on risk positions, management or the workings of the compliance regime.
3.3 The Compliance Implementation Director is responsible for implementing the compliance regime and the Compliance Audit Director is responsible for undertaking periodic audits of QinetiQ’s compliance procedures and their implementation.
4.0 Frequency of meetings
4.1 Meetings shall be held at least four times a year. Committee members may request additional meetings, if they consider one is necessary.
5.1 The Risk Committee's primary functions are:
5.1.1 To oversee the sound operation of the risk management systems;
5.1.2 To monitor risk exposures;
5.1.3 To consider emerging and unknown risks;
5.1.4 To monitor culture and risk appetite;
5.1.5 To monitor QinetiQ’s compliance with the compliance requirements (agreed with the MOD), the QinetiQ generic conflict of interest policy, and the proxy regime; and
5.1.6 To oversee QinetiQ’s initiatives to assess and take responsibility for its effects on social wellbeing, i.e. corporate social responsibility (CSR).
5.2 The Committee reports on its activities and makes recommendations to the Board.
5.3 The Committee is authorised by the Board to investigate any activity within its terms of reference, including any areas of concern as to ethical impropriety. It is authorised to seek any information it requires from any employee and all employees are directed to co-operate with any request made by the Committee.
5.4 The Committee is authorised by the Board to obtain outside legal or other independent professional advice and to secure the attendance of outsiders with relevant experience and expertise if it considers it necessary.
5.5 In relation to risk, while the Committee has responsibility for reviewing risk positions and the effectiveness of mitigation, discussions aimed at determining the type and amount of risk to be taken and the level of investment in mitigation to bring risk exposures into line with the risk strategy, remain at the level of the full Board.
5.6 The Committee is further responsible for coordinating risk oversight among committees and the full Board and to prevent any risks that strictly do not fall within the remit of the Audit Committee or any of the other committees of the Board.
5.7 In relation to compliance, the function of the Committee is to monitor QinetiQ’s compliance with the compliance arrangements agreed with the MOD, the purpose of which is to ensure that QinetiQ is able to maintain its position as a supplier of independent and impartial advice to the MOD. The Committee is authorised to take whatever approach is necessary to oversee and ensure the effective application of the compliance systems.
6.1 To oversee the sound operation of the risk management systems. This will involve;
- Review of risk identification, assessment and reporting processes;
- Review of the effectiveness of the risk management or control systems and of the quality of the assurance over such controls. (This excludes controls relating to financial reporting risks);
- Reviewing reports from the Head of Internal Audit on the application of risk management systems and monitoring management implementation of agreed actions;
- Overseeing the learning of lessons from past problems or successes and the system for incorporating such lessons into risk management practices;
- Oversee and advise the Board on the current risk exposures of the Company and future risk strategy;
- In conjunction with the Audit Committee, review the Company’s capability to identify and manage new risk types;
- Consideration of the prevailing risk and control culture and risk appetite, including periodically forming a view of attitudes to risk and control; and monitoring the effective application of QinetiQ Group’s business ethics principles including compliance with the requirements of the Bribery Act;
- Whilst recognising the requirements of the Proxy Regime, meet its oversight obligations by continuing to determine how risk management and internal control are applied in any US business covered by such a regime, in part by maintaining an active dialogue with the Proxy Board on the approach being taken to securing and monitoring risk management effectiveness;
- Review the Company’s procedures for the prevention of bribery; and
- Review and approval, together with the Audit Committee, of the Company’s statements on internal controls and risk management in the Annual Report.
6.2 To monitor risk exposures
The Committee will:
- Review reports on significant risk exposures (both “gross” i.e. before mitigation and “net” i.e. post-mitigation); this will include a review of the top-level risk register and of the approach to formulating the full risk register;
- Consider changes and trends in risk exposures, including consideration of external factors influencing the Company’s risk profile;
- Consider how far the estimated risk exposures are being mitigated to the required level in line with the agreed risk strategy;
- Assess periodically, from a risk and internal control perspective, the Group Business Model and strategy, to check that key strategic and financial risks are reflected in the risk strategy and risk register (including consideration of stress-testing or scenario analysis undertaken by management);
- Periodically assess the alignment between the Group’s strategy, its risk strategy and the prevailing risk profile and report its assessment to the Board; in doing so the Committee shall consider the inter-connectedness of risks;
- Review the steps Management are proposing to mitigate existing, changing or emerging risks;
- Conduct an initial review of management recommendations to the Board relating to risk strategy and the level of investment in mitigation; and
- Review and approve the Company’s statements on risk exposures in the Annual Report.
6.3 To monitor QinetiQ’s compliance with the compliance requirements (agreed with the MOD), the QinetiQ generic Conflict of Interest Policy, and the Proxy Regime.
6.3.1 The Committee shall oversee and ensure the effective application of compliance requirements (agreed with the MOD) and the QinetiQ generic conflict of interest policy, and provide assurance that the related obligations set out in the Articles of Association are being fully adhered to.
6.3.2 Reporting to the Committee, the key roles of Compliance Implementation Director and Compliance Audit Director will be responsible for implementing the compliance system and undertaking periodic audits respectively to demonstrate and provide assurance that QinetiQ’s obligations are being met.
6.3.3 In addition, the Committee shall in relation to all businesses within the Group, wherever situated:
- Monitor the effective application of the QinetiQ Group’s business ethics principles;
- Monitor the effective application of the Proxy Regime’s meetings, visits and communications requirements;
- Monitor the activities of specific internal functions;
- Safety relating to people, products, services and advice;
- International trade control including sanctions (against individuals, organisations or countries), relevant import and export licensing requirements;
- Information security, data protection and physical security;
- Corporate social responsibility environmental, sustainability and supply chain management;
- Research involving human subjects;
- Monitor any other internal functions which the Committee may, from time to time, determine falls within the scope of its responsibilities.
7.1 The Secretary, or his or her nominee, shall minute the proceedings of all meetings of the Committee.
7.2 The minutes of meetings of the Committee shall be circulated to all members of the Board.
7.3 Final signed copies of the minutes of the meetings of the Committee should be maintained for the Company’s records, in hard and soft copy where possible.
8.0 External audit
8.1 The Committee Chairman should attend the annual general meeting of the Company to respond to any queries from shareholders on the Committee’s activities.
9.0 Reporting Responsibilities
9.1 The Committee Chairman shall report to the Board on its proceedings after each meeting on all matters within its duties and responsibilities;
9.2 The Committee shall make whatever recommendations to the Board it deems appropriate on any area within its reemit where action or improvement is needed.
9.3 The Committee shall produce a report of its activities and the Company’s risk management and strategy to be included in the Company’s annual report.
10.1 The Committee shall give due consideration to laws and regulations, the provisions of the Code and the requirements of the UK Listing Authority and Disclosure Guidance and Transparency Rules.
10.2 The Committee shall annually review its terms of reference to ensure it is operating at maximum effectiveness.
10.3 The Committee shall review on an annual basis the Committee's effectiveness and recommend to the Board any necessary changes.