skip to main content
Federal Reserve Bank of New York
Careers
Publications Catalog
News & Events
Banking Markets Research Education Regional Outreach About the Fed
 

publications
Browse Related Publications
contacts
View Contacts

  		 
Home > About the Fed> Organization
Audit and Operational Risk Committee Charter
 
SECTION I. Purpose.
The Audit and Operational Risk Committee is appointed by the Board of Directors (the “Board”) of the Federal Reserve Bank of New York (the “Bank”) to assist the Board in monitoring (1) the integrity of the financial statements of the Bank, (2) the Bank’s external auditor’s qualifications and independence, (3) the performance of the Bank’s internal audit function and external auditors, (4) internal controls and the measurement of operational risk, and (5) the compliance by the Bank with legal and regulatory requirements. The Audit and Operational Risk Committee should also assess the effectiveness of (2), (3), (4), and (5) above.
SECTION II. Committee Membership.
The Audit and Operational Risk Committee shall consist of no fewer than five members. The members of the Audit and Operational Risk Committee shall meet the independence and experience requirements of Section 4 of the Federal Reserve Act and, to the extent not inconsistent therewith, (a) System Letter 2601 (May 16, 2001), as the same may be amended, supplemented, superseded or otherwise modified, (b) the New York Stock Exchange, (c) Section 10A(m)(3) of the Securities Exchange Act of 1934 (the “Exchange Act”) and the rules and regulations of the Securities and Exchange Commission (the “Commission”). At least one member of the Audit and Operational Risk Committee shall be an audit committee financial expert as defined by the Commission. Audit and Operational Risk Committee members shall not simultaneously serve on the audit committees of more than two public companies. The members of the Audit and Operational Risk Committee shall be appointed by the Board on the recommendation of the Nominating and Corporate Governance Committee. Audit and Operational Risk Committee members may be replaced by the Board.
SECTION III. Meetings.
The Audit and Operational Risk Committee shall meet as often as it determines, but not less frequently than quarterly. Three or more members of the Audit and Operational Risk Committee shall constitute a quorum for the transaction of business, and action by the Audit and Operational Risk Committee shall be upon the vote of a majority of those present at any meeting at which a quorum is present. The Audit and Operational Risk Committee shall meet at least once per year with the Bank’s external auditor and the Bank’s general counsel. The Audit and Operational Risk Committee shall meet periodically with management, the internal auditors and the external auditor in separate executive sessions. The Audit and Operational Risk Committee may request any officer or employee of the Bank or the Bank’s outside counsel or external auditor to attend a meeting of the Committee or to meet with any members of, or consultants to, the Committee.
SECTION IV. Notational Voting.
The Audit and Operational Risk Committee may transact business through notational voting subject to the following restrictions:

(a) the decision to allow notational voting on any particular matter shall be subject to the approval of the Chair of the Committee;

(b) only actual votes shall be counted – silence shall not be interpreted as consent; and

(c) action by the Committee pursuant to notational voting shall be upon a vote of a majority of the Committee members.

SECTION V. Committee Authority and Responsibilities.
The Audit and Operational Risk Committee shall consult with the Board of Governors of the Federal Reserve System (“Board of Governors”) with regard to the selection, compensation and performance of the external auditor, and shall do so at least annually. The Audit and Operational Risk Committee shall recommend, if necessary, the termination of the external auditor. The Audit and Operational Risk Committee shall be directly responsible for the oversight of the work of the external auditor (including resolution of disagreements between management and the external auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work. The external auditor shall report directly to the Audit and Operational Risk Committee.

The Audit and Operational Risk Committee shall pre-approve all auditing services and permitted non-audit services (including the fees and terms thereof) to be performed for the Bank by its external auditor, subject to de minimus exceptions which are approved by the Audit and Operational Risk Committee prior to the completion of the audit.

The Audit and Operational Risk Committee shall have the authority, to the extent it deems necessary or appropriate, to retain independent legal, accounting or other advisors. The Bank shall provide for appropriate funding, as determined by the Audit and Operational Risk Committee, for payment of compensation to the external auditor for the purpose of rendering or issuing an audit report and to any advisors employed by the Audit and Operational Risk Committee.

The Audit and Operational Risk Committee shall make regular reports to the Board and ensure that all audit recommendations and concerns receive proper attention by Bank management. This charter is effective as of July 16, 2009; the Audit and Operational Risk Committee shall review and reassess the adequacy of this Charter annually, confirm that all responsibilities outlined therein have been carried out, and recommend any proposed changes to the Board for approval. The Audit and Operational Risk Committee shall annually review the Audit and Operational Risk Committee’s own performance.

The Audit and Operational Risk Committee shall receive reports from the General Counsel or the Corporate Secretary regarding risk events involving the Board of Directors, an individual Director, and/or the General Auditor, including but not limited to a waiver of any applicable policy. The Audit and Operational Risk Committee shall be responsible for ensuring that risks involving the full Board, a Director, or the General Auditor are being properly managed by the person or entity responsible, including, where applicable, the full Board, a Board committee, an individual Board member, and/or senior Bank management.

The Audit and Operational Risk Committee, to the extent it deems appropriate, shall:

A. Financial Statement and Disclosure Matters

    1. Review with management and the external auditor the annual audited financial statements in both draft and final form and discuss any issues arising with respect to accuracy, fraud, or other irregularities.
    2. Discuss with management and the external auditor significant financial reporting issues and judgments made in connection with the preparation of the Bank’s financial statements, including any significant changes in the Bank’s selection or application of accounting principles, any major issues as to the adequacy of the Bank’s internal controls and any special steps adopted in light of material control deficiencies.
    3. Review and discuss reports from the external auditors on:

      1. All critical accounting policies and practices to be used.
      2. All alternative treatments of financial information within generally accepted accounting principles that have been discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the external auditor.
      3. Other material written communications between the external auditor and management, such as any management letter or schedule of unadjusted differences.

    1. Discuss with management and the external auditor any off-balance sheet structures on the Bank’s financial statements.
    2. Discuss with management the Bank’s major financial risk exposures and the steps management has taken to monitor and control such exposures, including the Bank’s risk assessment and risk management policies and control and governance processes.
    3. Discuss with the external auditor any difficulties encountered in the course of the audit work, any restrictions on the scope of activities or access to requested information, and any significant disagreements with management.
    4. Review disclosures made to the Audit and Operational Risk Committee by the Bank’s President, First Vice President and the Bank’s Executive Vice President having responsibilities similar to those of a chief financial officer during their certification process about any significant deficiencies in the design or operation of internal controls or material weaknesses therein and any fraud involving management or other employees who have a significant role in the Bank’s internal controls.

B. Oversight of Bank’s Relationship with the External Auditor
    1. Review and evaluate the lead partner of the external auditor team.
    2. Obtain and critically evaluate a report from the external auditor at least annually regarding (a) the external auditor’s internal quality-control procedures, (b) any material issues raised by the most recent internal quality-control review, or peer review, of the firm, or by any inquiry or investigation by governmental or professional authorities within the preceding five years respecting one or more external audits carried out by the firm, (c) any steps taken to deal with any such issues, and (d) all relationships between the external auditor and the Bank. Evaluate the qualifications, performance and independence of the external auditor, including considering whether the auditor’s quality controls are adequate. The Audit and Operational Risk Committee shall present its conclusions with respect to the external auditor to the Board.
    3. Ensure the rotation of the lead (or coordinating) audit partner having primary responsibility for the audit and the audit partner responsible for reviewing the audit at least once every five years and in a manner otherwise consistent with the requirements of the laws applicable to public companies.
    4. Recommend to the Board policies for the Bank’s hiring of employees or former employees of the external auditor who participated in any capacity in the audit of the Bank.
    5. Discuss with the national office of the external auditor issues on which they were consulted by the Bank’s audit team and matters of audit quality and consistency.
C. Oversight of the Bank’s Internal Audit Activity
    1. Recommend to the Board the appointment and termination (including separation payments) of the General Auditor, and to concur with any reassignment of the General Auditor to another position in the Bank.
    2. Formally evaluate the performance of the General Auditor, following the guidelines set forth by the Bank for evaluating the performance of other officers.
    3. Recommend to the Board, or a designated subset of the Board, all actions affecting the salary or classification of the General Auditor. 
    4. Approve all actions affecting the salary or classification of other officers assigned to the Internal Audit Activity. 
    5. Ensure that the General Auditor is not dependent on any Bank executive or operating officer for the security of his or her position and has access to the Board on a confidential basis.
    6. Ensure that the Internal Audit Activity is independent of Bank management, both by intent and actual practice.
    7. Review and approve any significant deviations from financial accounting practices.
    8. Review the effectiveness of the internal audit function to ensure that it operates in accordance with applicable and appropriate professional standards, including those endorsed by the Institute of Internal Auditors.
    9. Review and approve the General Auditor’s Annual Audit Plan and any material changes to that Plan.
    10. Review the reports to management prepared by the Internal Audit Activity for matters deemed significant by the General Auditor and management’s response to such reports.
    11. Approve the Bank’s operational risk management policy/ approach and review Internal Audit Activity’s assessment of the Bank’s operational risk management framework and execution of same.  The Bank’s operational risk management policy and framework should be designed to identify significant operational risks and should explain how of each such risk is managed.
    12. Discuss with the external auditor and management the Internal Audit Activity responsibilities, budget and staffing and any recommended changes in the planned scope of the internal audit.
    13. Annually, the Chair of the Audit and Operational Risk Committee shall consult with the Chair of the Management and Budget Committee regarding the adequacy of the budget for the Audit Function.
D. Compliance and Operational Risk Oversight Responsibilities
    1. Obtain reports from management, the Bank’s General Auditor and the external auditor that the Bank is in conformity with applicable legal requirements and the Bank’s Code of Conduct.  Such reports should include, among other things, and the Committee should review, the Bank’s process for communicating the Code of Conduct to employees and officers and compliance therewith, and the Bank’s investigation and follow-up regarding instances of non-compliance.
    2. Establish procedures for the receipt, retention and treatment of complaints received by the Bank regarding accounting, internal accounting controls or auditing matters, and the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.
    3. Discuss with management and the external auditor any correspondence any governmental agencies and any published reports that raise material issues regarding the Bank’s financial statements or accounting policies.
    4. Discuss with the Bank’s General Counsel legal matters that may have a material impact on the financial statements or the Bank’s compliance with applicable laws and its own policies.
    5. Obtain reports from management and the General Auditor on the effectiveness of internal controls over operational and other risks.
SECTION VI. Limitation of Audit and Operational Risk Committee’s Role
While the Audit and Operational Risk Committee has the responsibilities and powers set forth in this Charter, it is not the duty of the Audit and Operational Risk Committee to plan or conduct audits or to determine that the Bank’s financial statements and disclosures are complete and accurate and are in accordance with generally accepted accounting principles and applicable rules and regulations. These are the responsibilities of management and the external auditor.
 
 
Home spacer Federal Reserve System
Contact Us spacer Terms of Use spacer RSS Feeds spacer Site Map