Purpose
The Audit and Risk Committee (the “Committee”) is appointed by the Board of Directors (the “Board”) of Seven Seven Co Ltd (the “Company” or “Dreamprice”) and shall provide assistance to the Board in fulfilling its responsibilities to the Company and to its shareholders, potential shareholders, the investment community and other stakeholders with respect to its oversight of the following:
Audit
- The quality and integrity of the Company’s accounting and reporting practices and controls, the financial statements and reports of the Company;
- The Company’s compliance with legal and regulatory requirements;
- The independent auditor’s qualifications and independence; and
- The performance of the Company’s internal audit function and independent auditors.
Risk
- Overseeing that the executive team has identified and assessed all the risks that the Company faces and has established a risk management infrastructure capable of addressing those risks;
- Overseeing, in conjunction with other board-level committees, risks, such as strategic, financial, credit, market, liquidity, security, property, IT, legal, regulatory, reputational, and other risks;
- Overseeing the division of risk-related responsibilities to each board committee and performing a gap analysis to determine that the oversight of any risks is not missed;
- Designing the company’s enterprise–wide risk management framework.
Composition
The Committee shall be comprised of three members of which at least 1 member of the Board, who shall be determined by the Board to be “independent” under the principles of Corporate Governance and any other applicable professional or legal requirements, including the more rigorous independence requirements applicable specifically to audit committee members.
All members of the Committee shall have a working familiarity with basic finance and accounting practices, and at least one member of the Committee shall be an “audit committee financial expert”. Committee members shall have other such qualities as the Board determines appropriate.
The members of the Committee shall be appointed by the Board at the annual organizational meeting of the Board and shall serve until the next such organizational meeting of the Board or until their successors shall be duly elected and qualified. The members of the Committee may be removed, with or without cause, by a majority vote of the Board.
Unless a Chairperson is elected by the full Board, the members of the Committee may designate a Chairperson by majority vote of the full Committee membership. The Chairperson will chair all regular sessions of the Committee and set the agenda for the Committee meetings.
Meetings
The Committee shall meet at least four times annually, or more frequently as their responsibilities dictate. As part of its job to foster open communication, the Committee shall, at least annually, meet separately with management, the head of the internal audit department and the independent auditors to discuss any matters that the Committee or any of these groups believes should be discussed privately. In addition, the Committee should meet with the independent auditors and management quarterly to review the Company’s financial statements and reports.
All members of the Board who are not members of the Committee may attend meetings of the Committee but may not vote. The Committee may invite to its meetings any management or other personnel of the Company, or any third parties, as it deems appropriate in order to carry out its responsibilities.
Responsibilities and Duties
Audit
The Committee, in discharging its oversight role, is empowered to study or investigate any matter of interest or concern that it deems appropriate. The Committee shall have the authority to retain outside legal, accounting or other advisers for this or any other purpose, including the authority to approve the fees payable to such advisers and any other terms of retention.
The Committee shall be given full access to the Company’s internal audit department, management, personnel and independent auditors as necessary to carry out these responsibilities.
The Committee’s specific responsibilities in carrying out its oversight role are delineated in the Audit and Risk Committee Responsibilities Checklist (Annex 1). The responsibilities checklist will be updated annually to reflect changes in regulatory requirements, authoritative guidance, and evolving oversight practices.
The Committee relies on the expertise and knowledge of management, the internal auditors, and the external auditors in carrying out its oversight responsibilities. Management of the company is responsible for determining the company’s financial statements are complete, accurate, and in accordance with generally accepted accounting principles. The public accounting firm is responsible for auditing the company’s financial statements. It is not the duty of the Committee to plan or conduct audits, to determine that the financial statements are complete and accurate and are in accordance with generally accepted accounting principles, to conduct investigations, or to ensure compliance with laws and regulations or the company’s internal policies, procedures, and controls.
To fulfill its responsibilities and duties the Committee shall:
Documents/Reports Review
Review with management and the independent auditors, prior to public dissemination, the Company’s annual audited financial statements and any quarterly financial statements and reports, including the Company’s disclosures under the “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and a discussion with the independent auditors of the matters required to be discussed by International Standards on Auditing, as applicable.
Independent Auditors
- Retain (and terminate, as the case may be) the Company’s independent auditors (subject to shareholder ratification) and approve all audit engagement fees and terms;
- Oversee the work of the registered public accounting firm employed by the Company, including the resolution of any disagreement between management and the independent auditor regarding financial reporting, for the purpose of preparing or issuing an audit report or related work;
- Approve, in advance, any audit and any permissible non-audit engagement or relationship between the Company and the independent auditors;
- Review at least annually the qualifications, performance and independence of the independent auditors. In conducting its review and evaluation, the Committee should:
a. Obtain and review a report by the Company’s independent auditors describing: (i) the auditing firm’s internal quality-control procedures;
(ii) any material issues raised by the most recent internal quality-control review, or peer review, of the auditing firm, or by any inquiry or investigation by governmental or professional authorities, within the preceding five years, respecting one or more independent audits carried out by the auditing firm, and any steps taken to deal with any such issues; and
(iii) all relationships between the independent auditors and the Company (so as to enable the assessment of the independent auditors’ independence);
b. Ensure the rotation of the lead audit partner and reviewing partner on at least the period required by the code of Corporate Governance or the Financial Reporting Council.
c. Take into account the opinions of management and the Company’s internal auditors (or of other personnel responsible for their internal audit function); and
d. Receive from the independent auditors such written statements and recommend to the Board and\or management such action it deems appropriate to ensure the independence of the external auditors;
e. Review with the independent auditors any audit problems or difficulties and management’s response; and
f. Set clear hiring policies to be implemented by the Company for employees or former employees of the independent auditors to ensure independence.
Risk
- The Committee will help to set the tone and develop a culture of the enterprise vis-à-vis risk, promote open discussion regarding risk, integrate risk management into the Company’s goals and compensation structure, and create a corporate culture of risk avoidance
- The Committee will monitor the Company’s risk profile – its on-going and potential exposure to risks of various types
- The Committee will approve the risk management policy and plan prepared by management. The risk management plan should include:
- the company’s risk management structure
- the risk management framework i.e. the approach followed, for instance, COSO, ISO, Code of Corporate Governance
- the standards and methodology adopted – this refers to the measureable milestones such as tolerances, intervals, frequencies, frequency rates, etc.
- risk management guidelines
- reference to integration through, for instance, training and awareness programmes, and
- details of the assurance and review of the risk management process.
- The committee should review the risk management plan at least once a year.
- The Committee will define risk review activities regarding the decisions (e.g. acquisitions), initiatives (e.g. new products), and transactions and exposures (e.g. by amount) and prioritise them prior to being sent to the board’s attention
- The Committee will review and confirm that all responsibilities outlined in the charter have been carried out
- The Committee will monitor all enterprise risks
- The Committee will conduct an annual performance assessment relative to the risk committee’s purpose, duties, and responsibilities.
- The Committee will oversee the risk program/interactions with management
- The Committee will review and approve the risk management infrastructure and the critical risk management policies adopted by the organisation
- The Committee will periodically review and evaluate the company’s policies and practices with respect to risk assessment and risk management and annually present to the full board a report summarising the committee’s review of the company’s methods for identifying, managing, and reporting risks and risk management deficiencies
- The Committee will continually, as well as at specific intervals, monitor risks and risk management capabilities within the organisation, including communication about escalating risk and crisis preparedness and recovery plans
- The Committee will continually obtain reasonable assurance from management that all known and emerging risks have been identified and mitigated or managed
- The Committee should communicate formally and informally with the executive team and risk management regarding risk governance and oversight
- The Committee should discuss with the CEO and management the company’s major risk exposures and review the steps management has taken to monitor and control such exposures, including the company’s risk assessment and risk management policies
- The Committee will review and assess the effectiveness of the company’s enterprise-wide risk assessment processes and recommend improvements, where appropriate; review and address, as appropriate, management’s corrective actions for deficiencies that arise with respect to the effectiveness of such programs
- The Committee should understand how the company’s internal audit work plan is aligned with the risks that have been identified and with risk governance (and risk management) information needs
Reporting Process and Controls
Audit
- Review, in consultation with the independent auditors and the internal auditors the integrity of the Company’s internal and external financial reporting processes and controls. In this regard, the Committee should obtain and discuss with management and the independent auditors all reports from management and the independent auditors regarding:
(i) all critical accounting policies and practices to be used by the Company;
(ii) analyses prepared by management and/or the independent auditors setting forth significant financial reporting issues and judgments made in connection with the preparation of the financial statements, including all alternative treatments of financial information within generally accepted accounting principles that have been discussed with the Company’s management, the ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the independent auditors;
(iii) major issues regarding accounting principles and financial statement presentations, including any significant changes in the Company’s selection or application of the accounting principles;
(iv) major issues as to the adequacy of the Company’s internal controls and any specific audit steps adopted in the light of material control deficiencies; and
(v) any other material written communications between the independent auditor and the Company’s management;
2. Review periodically the effect of regulatory and accounting initiatives, as well as off-balance sheet structures (if any), on the financial statements of the Company;
3. Establish regular systems of reporting to the Committee by each of management, the independent auditors and the internal auditors regarding any significant judgements made in management’s preparation of the financial statements and any significant difficulties encountered during the course of the review or audit, including any restrictions on the scope of work or access to requested information;
4. Review any significant disagreement between management and the independent auditors or the internal auditing department in connection with the preparation of the financial statements and management’s response to such matters; and
5. Review and discuss with the independent auditors the responsibilities, budget and staffing of the Company’s internal audit function.
Risk
- Understand and approve management’s definition of the risk-related reports that the committee could receive regarding the full range of risks the Company faces, as well as their form and frequency
- Respond to reports from management so that management understands the importance placed on such reports by the committee and how the committee views their content
- Read and provide input to the board and audit committee regarding risk disclosures in financial statements and other public statements regarding risk
- Keep risk on both the full board’s and management’s agenda on a regular basis
- Coordinate (via meetings or overlap of membership), along with the full board, relations and communications with regards to risk among the various committees, particularly between the audit and risk committees
Legal\Compliance\General
- Review, with the Company’s counsel, any legal matter that could have a significant impact on the Company’s financial statements or operations;
- Report regularly to the Board:
a. with respect to any issues that arise regarding the quality or integrity of the Company’s financial statements, the Company’s compliance with legal and regulatory requirements, the performance and independence of the Company’s independent auditors or the performance of the internal audit function;
b. following all meetings of the Committee; and
c. with respect to such other matters that are relevant to the Committee’s discharge of its responsibilities; and
d. Maintain minutes or other records of meetings and activities of the Committee.
Annual Performance Evaluation and Charter Review
The Committee shall perform a review and evaluation, at least annually, of its performance, risk-oversight needs and its members, including reviewing the compliance of the Committee with this Charter. In addition, the Committee shall review and reassess, at least annually, the adequacy of this Charter and recommend to the Board any improvements to this Charter that the Committee considers necessary or valuable. The Board shall also issue an annual evaluation of the Committee’s performance.
The Committee shall also perform any other activities consistent with this Charter, the Company’s by-laws that the Board or the Audit and Risk Committee determines are necessary.