AUDIT, RISK MANAGEMENT AND COMPLIANCE COMMITTEE CHARTER This Charter sets out the responsibilities of the Audit, Risk Management and Compliance Committee (the Committee) of the Woolworths Limited Board (the Board). Responsibilities The Committee will operate to provide advice to and assist the Board in fulfilling its responsibilities in respect of Woolworths Limited (the Company) external and internal audit functions, risk management, compliance, financial statements and market reporting systems, internal accounting and control systems, and other matters as directed to the Committee by the Board. Its responsibilities extend across the Company’s global operations. The responsibilities of the Committee are as follows: External Audit In respect of external audit the Committee shall: ƒ monitor and review the process for selecting the external auditors and make recommendations to the Board regarding the appointment, re-appointment and removal of the external auditors. A formal process of a review of the appointment of the appointed Auditor is undertaken every 3 years. ƒ monitor the performance of the external auditors annually. ƒ ensure the Audit Partner is rotated every 5 years. ƒ agree annually the terms of the engagement with the external auditor, including the scope and proposed fee for audit and audit related services. ƒ review all audit reports provided by the external auditors, including but not limited to: a. the overall scope and plans for the external audit activities including staffing and fees. b. any significant matters arising from any audit and management’s response. c. any other major issues regarding accounting principles and financial statement presentations, internal controls, financial reporting issues, off-balance sheet exposures and other material accounting and financial reporting issues. d. summary of unadjusted audit differences and managements’ assessment of their validity and materiality. ƒ ensure no management restrictions are being placed upon the external auditors. ƒ review and monitor the independence of the external auditors. Such independence should be reviewed in light of Corporations Law, applicable codes of professional conduct and “perceived” independence. ƒ establish a framework for the approval of additional audit and non-audit services by the external auditors. ƒ ensure that the external auditor has regular direct access to the Committee. The Company will not invite any ex-audit partners to be appointed as Directors. Further, any ex-audit partners or senior audit personnel who may be proposed for appointment in a management position will be subject to Board Approval. Internal Audit In respect of internal audit the Committee shall: ƒ review and monitor with the internal auditor: ƒ the overall scope, annual plans and budget for internal audit activities. ƒ progress against the annual work plan including any significant changes to it, any restrictions on scope of activities and any significant disagreements with management. ƒ all key internal audit reports, including audit findings, management responses and action plans in relation to those findings, and reports from the internal auditors on the follow up of those action plans. ƒ the alignment of risk management framework and internal audit activities. ƒ ensure that the internal auditor has regular direct access to the Committee. ƒ ensure that the internal audit function is adequately resourced to deliver the approved annual plan. ƒ ensure that the internal auditor is objective and is not involved in executive decision making of the organisation. ƒ review the performance and approve the appointment or termination of the Head of Internal Audit, who shall report to the Group Managing Director. Risk Management In respect of risk management the Committee shall perform the following functions to assist the Board in overseeing the Company’s system of risk management and internal control, and in complying with the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations (specifically Principle 7): ƒ in complying with Recommendation 7.1 of Principle 7, review the Company’s policies on risk oversight and management and require management to make a summary of those policies publicly available. ƒ in complying with Recommendation 7.2 of Principle 7, require management to design and implement the risk management and internal control system to manage the Company’s material business risks and for management to report on whether those risks are being managed effectively, and to require disclosure in the corporate governance statement of the annual report whether the report from management has been received. ƒ oversee management’s actions in the evaluation, management, monitoring and reporting of material operational, financial, compliance and strategic risks. In providing this oversight, the Committee shall: ƒ review the framework and methodology for risk identification, the degree of risk the Company is willing to accept, the management of risk and the processes for auditing and evaluating the companies risk management system. ƒ review group wide objectives in the context of the abovementioned categories of corporate risk. ƒ review and where necessary approve guidelines and policies governing identification, assessment and management of the Company’s exposure to risk. ƒ review and approve the delegations of financial authorities and address any need to update these authorities on an annual basis. ƒ review compliance with agreed treasury policy. ƒ review insurance arrangements to ensure appropriate coverage. ƒ review annually the adequacy of self insurance provisions for workers compensation, public liability and general insurance. ƒ ensure that the Group’s risk management activities are adequately resourced. ƒ oversees the appropriate investigation and management reporting of significant risk events and incidents. In respect of compliance the Committee shall: ƒ monitor, review and assess the effectiveness of the Group Compliance program; receive compliance assurance reports and compliance breach reports, including material notices to or inquiries received from government regulators or agencies, from the Company’s General Manager Group Compliance as well as recommendations from the General Manager, Group Compliance and / or Finance Director, as appropriate, on compliance policies, systems and processes on significant legal, compliance or regulatory matters that may have a material effect on the Company’s legal liabilities or financial statements. This will include legal and regulatory compliance in relation to all aspects of the Company’s operations, including, health and safety, privacy, environment, trade practices and fair trading, trade weights and measures, and employment obligations. The Committee will review specific policies, systems and processes for addressing these and other compliance issues. ƒ Review established procedures for the receipt, retention and treatment of complaints received by the Company regarding accounting practices, internal accounting controls or auditing matters, whether received from employees or otherwise and whether or not provided on a confidential or anonymous basis. Financial Statements In respect of financial statements the Committee shall: ƒ review and recommend for approval by the Board the Company’s half year and full year financial statements, Annual Report and Appendix 4e/d (full year/half year) statutory filings with supporting documents and accompanying notes having regard to: a. the quality of earnings, liquidity and transparency and accuracy of reporting. b. critical accounting policies applied and the implications of any changes in such policies. c. compliance with relevant regulatory and statutory requirements. d. areas of significant judgement and estimates by management and their treatment in the financial statements. e. significant or unusual transactions or events and their implications for the financial statements. ƒ review any representation letters provided to the external auditors in respect of the financial statements. ƒ review and monitor the propriety of related party transactions involving directors, senior management and their external disclosure. ƒ review and approve the section within the Annual Report that describes the work of the Committee and its responsibilities, the statement on internal control and the attendance records of its members. ƒ review the CEO and CFO declarations in respect of the financial statements and financials records. ƒ in complying with Recommendation 7.3 of Principle 7, require the CEO and CFO to provide assurance that the declaration provided in accordance with section 295A of the Corporations Act is founded on a sound system of risk management and internal control and that the system is operating effectively in all material respects in relation to financial reporting risks, and to require disclosure in the corporate governance statement of the annual report whether the assurance has been received. In addition, in the current period, certification by the CEO and CFO stating whether: ƒ The financial records of the entity for the financial year have been properly maintained in accordance with section 286 of the Corporations Act. ƒ The Financial Statements, and the Notes to the Financial Statements, for the financial year, comply with the relevant accounting standards, and ƒ The Financial Statements and the Notes for the financial year give a true and fair view; is required in accordance with the Corporations Act and has been received by the Directors. The Committees role in certification includes: ƒ Determining the scope of risk management and internal controls to be covered by the CEO/CFO certification. ƒ Satisfying itself that the process underlying certification is appropriate. Continuous Disclosure The Committee shall: ƒ Review the detailed policies and procedures designed to ensure compliance with the ASX Listing Rules on continuous disclosure. Other matters The Committee: a) may undertake any special projects or investigations which the Committee considers necessary, or as may be requested by the Board. b) shall meet with the internal and external auditors at least once a year without executive management being present. c) review such audit committee reports from subsidiaries or related entities as may be required. d) shall review and assess the adequacy of this charter annually, and make appropriate recommendations for revisions to be approved by the Board. Structure and Composition Composition of the Committee The Committee shall be comprised of at least three non-executive directors appointed by the Board each of whom the Board has determined has no material relationship with the Company and each of whom is otherwise “independent”. The Board is responsible for the appointment of members to the Audit Committee, for setting the term of member appointments and for the revocation of any such appointments. All members shall have appropriate business and financial expertise to act effectively as members of the Committee, as determined by the Board. Chair of the Committee The Chair of the Committee shall be appointed by the Board and shall not also be Chair of the Board. Should the Chair of the Committee be absent from a meeting, the members of the Committee shall choose one of their number to be Chair of the Committee for the meeting. The Chairman of the Committee shall be an independent Non-Executive Director. The Chairman of the Committee shall report to the Board after each meeting covering key issues and reports discussed at each meeting. The minutes of the meetings shall be circulated to all members of the Board and the Head of Internal Audit. The Committee Chairman will meet with the CEO, the CFO, Senior Management and external and internal Auditors between meetings to discuss and review matters relating to Committee functions as appropriate. Secretary The Secretary of the Audit, Risk Management and Compliance Committee is appointed by the Board and has responsibility for circulating minutes and matters arising from each meeting to all members of the Committee and the Board. The Company Secretary shall act as Secretary to the Committee and shall produce such papers and minutes of the Committee’s meetings as are appropriate, in a timely manner. Meetings The Chair of the Committee will call a meeting of the Committee if so requested by any member of the Committee or by the internal or external auditors. In addition to any meeting requested in accordance with the above position, the Committee shall (unless otherwise determined by the Chair of the Committee), meet at least four times per year. Attendance at Meetings A quorum at a meeting shall be two members. Authority of the Committee The Committee has the authority to: a) obtain independent professional or other advice in the fulfilment of its duties at the cost of the Company; b) obtain such resources and information from the Company in the fulfilment of its duties as it may reasonably require, and c) directly access the internal and external auditors to discuss and review specific issues, and the right to co-ordinate their respective roles. The Committee has full access to the Company’s records and personnel, whilst they are a member of the committee. The internal and external auditors have direct access to either the Committee or the Chair of the Committee. Agenda Items Agenda items should be supported by written papers. The following shall be standing agenda items: a) External auditor’s report on progress of the audit programme. b) Internal auditor’s report on progress of the audit programme. In addition to reviewing financial processes and controls, the Committee should review and sign off on any: a) Significant accounting issues. b) Significant amendments to accounting policies. c) Significant amendments to the Company’s risk management framework.