FEDERAL RESERVE BANK OF ATLANTA
AUDIT & OPERATIONAL RISK COMMITTEE CHARTER
The Audit and Operational Risk Committee of the Federal Reserve Bank of Atlanta (Bank) operates consistent with the by-laws of the Bank and the policies of the Board of Governors of the Federal Reserve System. The Audit and Operational Risk Committee, acting on behalf of the Board of Directors, shall perform functions necessary to assess the effectiveness and independence of the Bank's internal and external audit function in providing an independent and objective assessment of the Bank's risk management, control, and governance processes.
The Audit and Operational Risk Committee assists the Board of Directors in fulfilling its oversight responsibilities related to assessing 1) the adequacy and effectiveness of controls over financial reporting, 2) the efficiency and effectiveness of operations, 3) the effectiveness of risk management processes, and 4) compliance with laws and regulations.
To promote independent and objective assessments, the General Auditor reports to the Board of Directors through the Audit and Operational Risk Committee. The Audit and Operational Risk Committee must ensure that the General Auditor has access to the Board of Directors, on a confidential basis, and that the audit function is independent, both by intent and actual practice, from the management of the Bank.& The Audit and Operational Risk Committee also provides oversight of the Bank's enterprise risk management function and activities, including significant operational risk exposures and related risk mitigation efforts.1
II. COMPOSITION AND TERM
The Audit and Operational Risk Committee consists of a minimum of three of the Bank's directors. As defined below, all Committee members shall be "independent" and "financially literate" and at least one member shall have "banking, accounting, or other relevant financial proficiency." The Board of Directors need not explicitly designate and publicly disclose which Audit and Operational Risk Committee members meet the financial proficiency requirement. The Chair of the Board of Directors appoints, with the approval of the full Board of Directors, the committee members for one-year terms and designates the committee Chair.
Members of the Audit and Operational Risk Committee are considered to be "independent" if they have no relationship with the Bank that might interfere with the exercise of their independence from management and the Bank. Examples of relationships include (i) a director being employed by that Bank within the past five years; (ii) a director accepting compensation from that Bank other than compensation for Board services; (iii) a director being a member of the immediate family of an individual who has been employed by the Bank as an officer within the past five years; and (iv) a director being a partner in, or controlling shareholder or an executive officer of, any for-profit business to which that Bank made, or from which the Bank received, payments that have been significant to the Bank within the past five years. A director who is an officer or director of a depository institution or its holding company is not considered to have a relationship that interfered with his or her independence solely because the depository institution makes payments to the Bank for financial services or an extension of credit.
"Financially literate" means the director has an understanding of financial statements, internal accounting controls, and Audit and Operational Risk Committee functions.
"Banking, accounting, or other relevant financial proficiency" means significant employment experience in finance, accounting, auditing, or banking functions, professional certification in accounting, or other comparable experience or background which results in the individual's financial sophistication, including being or having been a chief executive officer or other senior officer with financial oversight responsibilities.
The Audit and Operational Risk Committee meets at the call of the committee Chair, but no less often than quarterly. Executive sessions with the General Auditor are conducted at least quarterly and always when meetings are attended by Bank management.
The Committee Chair in calling a meeting shall endeavor to transmit reasonable notice thereof to all members of the Committee, and a meeting may be held provided a quorum can be assembled. Any two members of the Committee constitute a quorum for the transaction of business. Acts of the Committee are determined upon the vote of a majority of those present. The business of the Committee also may be conducted by means of a conference telephone call or via correspondence, provided reasonable efforts are made to have all members of the Committee participate and provided further that a quorum of the Committee participates.
Minutes of all meetings of the Committee shall be kept by such person as the Committee may from time to time designate for that purpose.
The Audit and Operational Risk Committee's duties and responsibilities are as follows:
A. Review of Internal and External Audit Work and Results
C. Risk Management Oversight
D. Concerns Regarding Accounting, Internal Controls and Audit Matters
According to System Audit Standard 99, "Consideration of Fraud in a Financial Statement Audit," requires the external auditors to obtain information to identify the risks of material misstatement due to fraud, including making specific inquiries of management, the General Auditor, and the Audit and Operational Risk Committee. Members of the Audit and Operational Risk Committee should be prepared to answer the auditors' questions about the risks of fraud in the Bank and whether the Committee members have knowledge of fraud or suspected fraud affecting the Bank. Audit and Operational Risk Committee members should also be prepared to discuss how the Audit and Operational Risk Committee exercises oversight of the assessment of the risk of fraud, and activities that mitigate those risks.
E. Personnel Actions
F. Departmental Oversight Matters
AUDIT AND OPERATIONAL RISK COMMITTEE INTERACTION
Information and reports reviewed by the Audit and Operational Risk Committee, Executive Committee and RPO Oversight Committee may each be of interest to the other and should be provided to the other as appropriate. Joint meetings of these committees to review and discuss topics of mutual interest may be beneficial on occasion.
2 Audit results and matters of concern related to Bank Supervision and Regulation will be referred to the Executive Committee of the Board of Directors.