Audit & Risk Committee - Terms of Reference


The membership of this committee shall consist of the following:

At least five (5) members of the Board of Governors from among the 17 board members appointed by the Lieutenant Governor in Council or elected by the board from the community-at-large. The chair and at least one other member of the committee are expected to have accounting or major financial expertise and experience and at least one member is expected to have risk management experience and expertise. All committee members are to be financially literate*.

One member of the committee shall also serve on the Finance & Investment Committee.

No governor may serve on the Audit & Risk Committee while that governor or a company with whom the governor has a business or employee relationship is receiving consulting, advisory or other fees from University of Waterloo.

(*"Financially literate" includes, at a minimum, the ability to read and understand a set of financial statements that present a breadth and level of complexity of the issues that can reasonably be expected to be raised by university's financial statements.)


The committee will meet at least three times per year, more often as required.


With respect to the external auditors, the issuance of annual audited financial statements, and the internal auditors, to:

  • review the external audit plan annually regarding the scope of the audit, and the costs
  • appraise the overall approach to the external audit, and the related fees
  • recommend annually to the board on the appointment / reappointment of external auditors and on the fees to be paid
  • approve what services the external auditors provide in addition to the audit of the financial statements
  • recommend the financial statements to the Board of Governors for approval
  • approve annually the internal audit plan and report to the Board of Governors
  • approve the appointment of internal auditors, as required
  • ensure that auditors and financial officers have direct access to the committee regarding any concerns about matters they feel have not been satisfactorily handled by others, and that there are no unresolved issues between management and the auditors that could affect the audited financial statements
  • meet directly with the auditors (both external and internal) in the absence of management, at every meeting at which the auditors are in attendance
  • review contentious issues, including actual or anticipated litigation, with material financial impact
  • review reports to management from the auditors and ensure that management has taken appropriate action
  • report to the board as appropriate on the activities of the auditors and the adequacy of their activities
  • retain or appoint, at the university’s expense, such experts and advisors as it deems necessary to carry out its duties, provided that the committee shall advise the Governance Committee of such actions

To monitor the effectiveness of the university's internal controls and management information systems, including:

  • that appropriate policies and procedures are in place for internal accounting, financial control, information technology and management information
  • that appropriate processes are in place to address and comply with applicable statutory, regulatory requirements, as appropriate
  • reporting to the board annually on these matters

To monitor the effectiveness of the university's risk management activities, including:

  • monitoring the effectiveness of the university’s risk management environment
  • receiving and considering reports on significant risks or exposures to the university and the management of these
  • ensuring that a risk management system with appropriate procedures is in place to mitigate risk
  • ensuring that an emergency response framework with appropriate procedures is in place in order to respond to emergencies
  • discussing with administration, the internal auditors and the external auditors the university’s major risk exposures (whether financial, operational, or otherwise), the adequacy and effectiveness of accounting and financial systems, and the steps administration has taken to monitor and control such exposures
  • reviewing, at every meeting, the status of risk management initiatives and emerging issues that have the potential to impact the university’s risk profile
  • reporting to the board annually on risk management
  • meeting with the risk officer in the absence of management, at least once annually
  • ensuring that committee members receive appropriate orientation regarding the work of the committee, and that training to enhance financial literacy and best practices in risk management is made available to committee members as required

To assess annually the adequacy of the committee's terms of reference and to propose any needed amendments to the Governance Committee.

Approved by the Board of Governors, 5 April 1988.
Amended by the Board of Governors, 6 June 2006.
Amended by the Board of Governors, 27 October 2009.
Amended by the Board of Governors, 1 June 2010.
Amended by the Board of Governors, 3 June 2014.
Amended by the Board of Governors, 4 April 2017.
Amended by the Board of Governors, 3 April 2018.

Amended by the Board of Governors, 1 February 2022.