Audit and Risk Assurance Committee Handbook
The Audit and Risk Assurance Committee handbook reflects developing best practice in governance.
Documents
Details
This Audit and Risk Assurance Committee (ARAC) handbook covers the roles and responsibilities of an ARAC and provides guidance on good governance processes for ARACs.
Whilst it is not intended to provide guidance on areas that an ARAC may need to review, Annex F ’Key questions for an ARAC to ask’ does provide prompts of what ARACs should consider on a range of topics, including whistleblowing and cyber security. This Annex is not meant to be an exhaustive (or restrictive) list of questions relating to a particular topic.
The Handbook haswas been updated in March 2025, to include changes resulting from the introduction of the Global Internal Audit Standards. This has resulted in the introduction of a new Annex H ‘Governing the Internal Audit Function’, which outlines the key requirements contained in the Global Internal Audit standards,Standards, for ARACs. Consequently, the checklist which an ARAC could use to review its effectiveness is now at Annex I.
To help with an effectiveness review and take account of each member’s views, a checklist for reviewing the questionseffectiveness fromof Annexthe IARAC haveis beencontained transferredin toAnnex aI spreadsheetof (Auditthis Handbook and Riskis Assurancealso Committeepublished as a standalone self-assessment tool)tool allowing all ARAC members (and the views of others) to be collated and analysed. This tool is a modified version of the National Audit Office’s Outcome Analyser and includes changes resulting from the introduction of the Global Internal Audit Standards. As an alternative, ARACs can consider using the NAO’s the NAO’s ARAC effectiveness effectiveness tool and its outcome analyser, which incorporates leading practice alongside the essentials set out in the the ARAC Handbook. Handbook. This may be particularly appropriate for ARACs of large or complex organisations.
The current (August 2025) minor update to the Handbook makes clear that the self-assessment tool does not need to be completed annually, but it should be completed at least once every three years. The self-assessment tool has also been amended to allow some questions to have a not applicable response.
Updates to this page
-
ARAC handbook and GIAA Audit and Risk Assurance Committee Self-Assessment Tool updated.
Update history
2025-08-28 14:52
Minor updates to the Handbook have been made, to make clear that the self-assessment tool does not need to be completed annually, but it should be completed at least once every three years. The self-assessment tool has also been amended for this requirement and to allow some questions to have a not applicable response.
2025-04-09 11:54
ARAC handbook and GIAA Audit and Risk Assurance Committee Self-Assessment Tool updated.
2025-03-31 16:20
Updates made to body copy about the Audit and Risk Assurance Committee self-assessment tool.
2024-07-24 12:16
The Handbook has been fully refreshed to improve clarity and reflect changes in best practice in governance. The annexes on whistleblowing and cyber security have been removed, and some questions on these topics are now incorporated into Annex F ‘Key questions for an ARAC to ask’. A checklist for ARACs to use to review their effectiveness has been added at Annex H. To help with this review and take account of each member’s views, the questions from Annex H have been transferred to a spreadsheet allowing all ARAC members (and the views of others) to be collated and analysed.