Audit & Risk Committee

The Audit & Risk Committee is a Committee of the Board of Directors of BT Group plc (the Board), from which it derives its authority and to which it regularly reports.

Terms of reference

1 Membership and attendance

1.1 The Committee shall comprise at least three members, all independent non-executive directors at least one of whom shall have recent and relevant financial experience. The Chairman of the Board shall not be a member of the Committee.

1.2 The Board shall appoint the Committee members, the Committee Chairman and any deputy. In the absence of the Committee Chairman and/or an appointed deputy, the remaining members present shall elect one of themselves to chair the meeting.

1.3 Only Committee members have the right to attend Committee meetings; the Group Finance Director, Deputy Group CFO, Company Secretary, Director Internal Audit and Director Group Financial Control although not members of the Committee will attend meetings with the agreement of the Committee Chairman, as will the Group Director of Ethics and Compliance for those meetings where relevant in whole or part. BT’s external auditors, PricewaterhouseCoopers, will normally attend, although they will not be present at meetings when the Committee discusses their performance and/or remuneration.

1.4 Other Board director may be invited to attend all or part of any meeting with the agreement of the Committee Chairman.

1.5 The Company Secretary or his nominee shall act as Secretary of the Committee.

2 Quorum and proceedings of meetings

2.1 The quorum for Committee meetings shall be two members.

2.2 The Committee shall meet at least six times a year at the appropriate times in the reporting and audit cycle and otherwise as required.

2.3 Any Committee member, the Secretary or Director Internal Audit may call additional meetings as necessary. The external auditors may also request additional meetings.

2.4 The Committee Chairman will be available to the external auditors, Director Internal Audit; the Company Secretary and Group Director of Ethics and Compliance to discuss any matters of concern in relation to financial reporting matters, internal control concerns or compliance with the Group’s legal, regulatory and compliance obligations should this be considered necessary by those individuals.

2.5 The Committee will meet regularly with the external auditors and Director Internal Audit without management present.

3. Principal duties

3.1 Financial reporting

3.1.1 Review the annual, half year and quarterly financial results, the Annual Report and Form 20-F and other published information relating to the Group’s financial performance including the going concern and viability statements to satisfy itself that they meet all statutory requirements, SEC requirements, appropriate Financial Reporting Standards and, where applicable, the requirements of the UK Listing Authority and the UK Corporate Governance Code and that there are no unsettled issues of significance between the management and the auditors which could affect the truth and fairness of the statements.

3.1.2 Review the disclosure made by the Chief Executive Officer and Group Finance Director during the certification process for the Annual Report about any significant deficiencies or material weaknesses in the design or operation of internal financial controls and any fraud involving management or other employees who have a significant role in the Group’s internal control over financial reporting.

3.1.3 In particular, review and challenge where necessary:

3.1.3.1 the consistency of, and any changes to, significant accounting policies;
3.1.3.2 the methods used to account for significant or unusual transactions where alternative accounting approaches can be adopted;
3.1.3.3 whether the Group has followed appropriate accounting standards and made appropriate estimates and judgements, taking into account the views of the external auditor;
3.1.3.4 the clarity and completeness of disclosure in the Group’s externally published financial reports and the context in which the statements are made; and
3.1.3.5 all material information presented with the financial statements, such as the business review and the corporate governance statements relating to the audit and to risk management.

Where the Committee is not satisfied with any aspect of the proposed financial reporting by the Group, it shall report its views to the Board.

3.2 Narrative reporting

Where requested by the Board, the Committee should review the content of the annual report and accounts and advise the Board on whether, taken as a whole, it is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group’s performance, business model and strategy.

3.3 Internal controls and risk management

3.3.1 Consider and recommend to the Board the Group’s risk appetite and review on behalf of the Board, the Group’s risk profile.

The Group Chief Executive Officer will attend annually to discuss the effectiveness of the Group’s risk management process, the top risks facing the Group as a whole and the Group’s risk appetite. Following this session, the Committee will submit their conclusions and any recommendations to the Board.

3.3.2 Endorse a programme of testing of the risk mitigations and controls that underpin the Group’s assessment of residual risk compared to risk appetite.

3.3.3 Review the Group’s current risk exposure and capability to identify new risks.

3.3.4 Consider a report from management each year on the major risks that may materialise in the future, particularly as a consequence of adverse changes to the economic, social, regulatory, political or technology environment, or as an unintended consequence of new products and services being offered or developed by the organisation.

3.3.5 Each line of business (including BT Technology, Service & Operations) CEO will attend at least one meeting per year to discuss risk management in their part of the business including the key risks and the actions they are taking to address them.

3.3.6 Monitor and review the standards of risk management and internal control, including the processes and procedures for ensuring that material business risks, including risks relating to IT security, fraud and related matters, are properly identified and managed, the effectiveness of internal control, financial reporting, accounting policies and procedures, and the Company’s statements on internal controls before they are agreed by the Board for each year’s Annual Report.

3.3.7 Review the scope of audit testing of the Group’s s404 Sarbanes-Oxley internal controls and the results of that testing, receive and consider management’s confirmation that s404 Sarbanes-Oxley Act processes have operated, and consider the implications of management’s conclusions for the purposes of the preparation of each year’s Annual Report and to ensure that control deficiencies are being appropriately addressed.

3.3.8 Establishing and reviewing the effectiveness of all processes for dealing with:

  • complaints received by the Group regarding accounting, internal accounting controls or auditing matters; and
  • the confidential, anonymous submission by employees (and third parties) of concerns (‘whistleblowing’ procedures), regarding questionable accounting or auditing matters; and
  • the confidential, anonymous submission by employees and third parties of concerns regarding potential or actual non-compliance with internal governance and compliance polices or external compliance obligations, and ensuring arrangements are in place for the proportionate and independent investigation of all matters so reported, and appropriate follow up actions.

3.3.9 Consider and review the processes for Group risk management annually to ensure adequate oversight of risks (both financial and non- financial) faced by the Group and the system of internal controls and reporting of those risks within the business. The Committee will assess annually, the effectiveness of the Group’s Risk Management function.

3.3.10 Receive regular reports on significant litigation and financial commitments and potential liability (including tax) issues involving the Group.

3.3.11 In relation to BT’s key compliance policies and programmes worldwide including but not limited to: business practices, ethics, anti-corruption & bribery compliance, regulatory and environmental compliance, sanctions and international trade, health and safety and regulation of data ('the programmes'):

  • endorse the programmes as amended and updated from time to time;
  • monitor the implementation of the programmes to satisfying itself that they are appropriate, effective and adequately enforced; and
  • keep under review BT’s approach to the structure of BT’s compliance training.

3.3.12 Oversee the overall approach to securing compliance with laws, regulations and company policies in areas of risk, including monitoring the effectiveness of the global compliance programme.

3.3.13 Receive updates on each Regional Governance Committees’ (“RGC’s”) quarterly review of the risk management framework in their region, their top Governance and Compliance risks and the effectiveness and progress of the Committee; and receive regular presentations from the Chairs of each of the RGCs on the progress of their Committee including against the scorecard measures as set from time to time.

3.3.14 Serve as an escalation point for the Group Director of Ethics & Compliance on any relevant concerns and hold the Group Director of Ethics & Compliance accountable for the effective implementation and on-going performance of BT’s compliance framework.

3.3 15 Adopt a code of ethics for BT’s Chief Executive, Group Finance Director, senior finance managers and for any other people the Committee considers from time to time appropriate.

3.4 Internal audit

3.4.1 Review internal audit and its relationship with the external auditors, including plans and performance; and reports on risk management processes and the standards of risk management and internal control.

3.4.2 Review and assess the annual internal audit plan.

3.4.3 Review promptly all material reports (such as via the ‘hitlist’) on the Group from the internal auditors. The Committee will ensure that appropriate action is taken on issues arising from such reports.

3.4.4 Review and monitor management’s responsiveness to the findings and recommendations of the internal auditors.

3.4.5 Review the activities, resources, organisational structure and the operational effectiveness of internal audit, and where appropriate, make recommendations to the Board.

3.4.6 Review and approve annually the Internal Audit Charter.

3.4.7 Monitor and review the effectiveness of the company’s internal audit function in the context of the company’s overall risk management system.

3.4.8 The Committee Chairman shall concur with the appointment or dismissal of the Director Internal Audit.

3.5 External audit

3.5.1 Review and make recommendations to the Board, to be put to the shareholders for approval at the AGM, in relation to the appointment, re-appointment and removal of the company’s external auditors, and make recommendations to the Board regarding tendering the external audit contract from time to time as required by best practice or regulation.

3.5.2 Ensure that key partners are rotated at appropriate intervals in line with best practice; and consider their resignation and removal and recommend appropriate action.

3.5.3 Review the performance of the external auditors including the scope of their audit and recommend to the Board appropriate remuneration.

3.5.4 Review, at least annually, the effectiveness of the audit and the qualifications, expertise, resources, independence and objectivity of the external auditor, including the nature and extent of non-audit and consultancy services and keep under review, the Group policy on the engagement of the external auditors for these services to ensure that independence or objectivity is not impaired.

3.5.5 Review and approve the engagement letter issued at the start of each audit and the scope of the audit.

3.5.6 Review the scope and results of the external audit and any significant findings reported to the Committee in the management letter, receiving updates from management on action taken.

3.5.7 Review and discuss any reports from the external auditors on critical accounting policies, including management’s response.

4. Reporting responsibilities

4.1 After each meeting, the Committee Chairman shall report formally to the Board on its proceedings and how it has discharged its responsibilities.

4.2 The Chair of the Group Risk Panel will, following each meeting of the Panel, provide the Chair of the Committee with a report of the meeting and minutes will be available on request to each Committee member.

4.3 The Committee shall make whatever recommendations to the Board it deems appropriate on any area within its remit where action or improvement is needed.

4.4 A report to the shareholders on the activities of the Committee in discharging its responsibilities shall be included, as a separate section, in the Annual Report & Form 20-F.

4.5 The Committee Chairman shall attend the annual general meeting to answer shareholder questions on the Committee’s activities.

5. Authority

The Committee has authority to:

5.1 oversee any investigation of activities which are within its terms of reference;

5.2 require provision of any necessary information to fulfill the above;

5.3 obtain, through the Group General Counsel and Company Secretary, outside legal help and any professional advice, at the Group’s expense, which might be necessary to enable it to fulfill its duties;

5.4 call any employee, through the Company Secretary, to be questioned at a meeting of the Committee as and when required; and

5.5 delegate any of its powers to one or more of its members, or the Secretary if it deems this appropriate.

6. Other

The terms of reference and the effectiveness of the Committee shall be reviewed annually and the necessary recommendations made to the Board for its approval.