The Atlanta Fed

March 2012

FEDERAL RESERVE BANK OF ATLANTA
AUDIT & OPERATIONAL RISK COMMITTEE CHARTER

I.   PURPOSE

The Audit and Operational Risk Committee of the Federal Reserve Bank of Atlanta (Bank) operates consistent with the by-laws of the Bank and the policies of the Board of Governors of the Federal Reserve System. The Audit and Operational Risk Committee, acting on behalf of the Board of Directors, shall perform functions necessary to assess the effectiveness and independence of the Bank's internal and external audit function in providing an independent and objective assessment of the Bank's risk management, control, and governance processes.

To promote independent and objective assessments, the General Auditor reports to the Board of Directors through the Audit and Operational Risk Committee.  The Audit and Operational Risk Committee must ensure that the General Auditor has access to the Board of Directors, on a confidential basis, and that the audit function is independent, both by intent and actual practice, from the management of the Bank.  The Audit and Operational Risk Committee also provides oversight of the Bank's enterprise risk management function and activities, including significant operational risk exposures and related risk mitigation efforts¹.

II.   COMPOSITION AND TERM

The Audit and Operational Risk Committee consists of a minimum of three of the Bank's directors.  As defined below, all Committee members shall be "independent" and "financially literate" and at least one member shall have "banking, accounting, or other relevant financial proficiency." The Board of Directors need not explicitly designate and publicly disclose which Audit and Operational Risk Committee members meet the financial proficiency requirement. The Chair of the Board of Directors appoints, with the approval of the full Board of Directors, the committee members for one-year terms and designates the committee Chair.

Members of the Audit and Operational Risk Committee are considered to be "independent" if they have no relationship with the Bank that might interfere with the exercise of their independence from management and the Bank. Examples of relationships include (i) a director being employed by that Bank within the past five years; (ii) a director accepting compensation from that Bank other than compensation for Board services; (iii) a director being a member of the immediate family of an individual who has been employed by the Bank as an officer within the past five years; and (iv) a director being a partner in, or controlling shareholder or an executive officer of, any for-profit business to which that Bank made, or from which the Bank received, payments that have been significant to the Bank within the past five years.  A director who is an officer or director of a depository institution or its holding company is not considered to have a relationship that interfered with his or her independence solely because the depository institution makes payments to the Bank for financial services or an extension of credit.

"Financially literate" means the director has an understanding of financial statements, internal accounting controls, and Audit and Operational Risk Committee functions.

"Banking, accounting, or other relevant financial proficiency" means significant employment experience in finance, accounting, auditing, or banking functions, professional certification in accounting, or other comparable experience or background which results in the individual's financial sophistication, including being or having been a chief executive officer or other senior officer with financial oversight responsibilities.

III.   MEETINGS

The Audit and Operational Risk Committee meets at the call of the committee Chair, but no less often than quarterly. Executive sessions with the General Auditor are conducted at least quarterly and always when meetings are attended by Bank management.

The Committee Chair in calling a meeting shall endeavor to transmit reasonable notice thereof to all members of the Committee, and a meeting may be held provided a quorum can be assembled.  Any two members of the Committee constitute a quorum for the transaction of business.  Acts of the Committee are determined upon the vote of a majority of those present.  The business of the Committee also may be conducted by means of a conference telephone call or via correspondence, provided reasonable efforts are made to have all members of the Committee participate and provided further that a quorum of the Committee participates.

Minutes of all meetings of the Committee shall be kept by such person as the Committee may from time to time designate for that purpose.

IV.   RESPONSIBILITIES

The Audit and Operational Risk Committee's duties and responsibilities are as follows:

A.   Review of Internal and External Audit Work and Results

1. Hold regular meetings to permit timely and adequate discussion of significant audit results, risks, governance and control processes, losses and irregular occurrences, and other matters of concern to the auditors and directors. Ensure that audit recommendations and concerns receive proper attention by Bank management. ²
2. Determine that internal and external auditors are free from interference in determining the scope of audit engagements, performing audit work, and communicating the results thereof.  In the case of audits performed by external auditors, it shall not be considered "interference" for the Board of Directors to have input into the scope of the audit.
3. Obtain from the General Auditor and external auditor, an independent and objective assessment of the Bank's financial condition and reporting, procedural and accounting controls, operational effectiveness and efficiency, compliance with laws and regulations, and the effectiveness of Bank management's risk management programs.
4. Discuss quality assurance reviews of the internal audit activity.
5. Bring before the Board of Directors any matters reported by the General Auditor, external auditor, or others that warrant the Board's attention, and to ensure that audit recommendations and concerns receive proper attention by Bank management.

1. At least annually, meet with the external auditor to review scope and results of the Bank's external audit about internal controls, the fair presentation of the Bank's financial statements, updates on developments affecting the Bank's external financial reporting, and certain other matters required under generally accepted auditing standards. Provide input to the Board of Governors on the quality of the external auditor's annual performance under the Federal Reserve System contract as it relates to this Bank. Comment to the Board of Directors on the proposed scope of the external audit contract for the System and on potential bidders when this arrangement is renegotiated.
2. Ensure that the independence of the external auditor is not diminished in fact or appearance. Committee approval is required for plans to engage the external auditor to perform non-audit services or if an individual who provided external audit services is employed into a management position at the Bank.
3. Promptly inform the Board of Directors of any significant concerns related to financial reporting, the quality of external audit work, or the independence of the external auditor.
4. In accordance with Bank and Board of Governors' policies, engage independent counsel and other advisors and/or following recommendation to the Board of Directors and consultation with the Board of Governors, engage its own external audit firm when necessary to fulfill its duties, including its fiduciary responsibilities.

C.   Risk Management Oversight

1. Oversee the Bank's enterprise risk management program.
2. Review and assess the Bank's operational risk exposures, and monitor the steps management has taken to control these risks.

D.   Concerns Regarding Accounting, Internal Controls and Audit Matters

1. Audit and Operational Risk Committee members should be prepared to answer inquiries from the external auditors, especially concerning fraud and the mitigation of fraud risks.

According to System Audit Standard 99, "Consideration of Fraud in a Financial Statement Audit," requires the external auditors to obtain information to identify the risks of material misstatement due to fraud, including making specific inquiries of management, the General Auditor, and the Audit and Operational Risk Committee. Members of the Audit and Operational Risk Committee should be prepared to answer the auditors' questions about the risks of fraud in the Bank and whether the Committee members have knowledge of fraud or suspected fraud affecting the Bank.  Audit and Operational Risk Committee members should also be prepared to discuss how the Audit and Operational Risk Committee exercises oversight of the assessment of the risk of fraud, and activities that mitigate those risks.

2. The Committee shall establish procedures for (1) the confidential, anonymous submission by Bank employees of complaints and concerns regarding questionable accounting, internal controls or audit matters and (2) the receipt, retention and treatment of such complaints and concerns.

E.  Personnel Actions

1. Formally appraise the performance of the General Auditor, following guidelines set forth by the Bank for evaluating the performance of its officers.
2. Initiate for Board of Directors' approval all actions affecting the salary or classification of the General Auditor and other audit officers.
3. Initiate for Board of Directors' approval the appointment and termination (including separation payments) of the General Auditor. Committee concurrence is required for any reassignment of the General Auditor to another position in the Bank.

F.  Departmental Oversight Matters

1. Review and approve the annual audit program to determine that it provides for audits whose scope and frequency provide an appropriate level of audit attention and when necessary or practical that it is coordinated with other external audits (i.e. Board of Governors, Treasury, etc.).
2. Review and approve the annual audit resource plan to determine that it is sufficient to carry out an effective audit program.  Also, periodically review the resource plan against actual performance and review justifications for any significant variances from existing System and Bank guidelines.
3. Annually review the formal written charters of the Audit and Operational Risk Committee and the Audit Department and review committee activities to ensure the charter is being fulfilled.
4. Obtain the full Board of Directors approval of the Audit and Operational Risk Committee charter when changes are warranted.

AUDIT AND OPERATIONAL RISK COMMITTEE INTERACTION

Information and reports reviewed by the Audit and Operational Risk Committee, Executive Committee and RPO Oversight Committee may each be of interest to the other and should be provided to the other as appropriate. Joint meetings of these committees to review and discuss topics of mutual interest may be beneficial on occasion.