1. Purpose

This Charter sets out the composition, roles and responsibilities of the Audit & Risk Committee (the Committee) with respect to Iress Limited and its subsidiaries (the Company).

2. Responsibilities & functions

2.1 Responsibilities and functions generally

The primary role of the Committee is to assist and advise the Company Board (Board) to fulfil its responsibilities on matters relating to:

a) monitoring the adequacy of the Company’s corporate reporting processes;

b) reviewing and monitoring the integrity of the Company’s consolidated financial reports and statements to ensure that they provide a true and fair view of, and reflect the Committee members’ understanding of, the Company’s financial position and performance;

c) making recommendations in relation to, and overseeing the appointment and (if necessary) removal of, the Company’s external auditor;

d) liaising with the Company’s external auditor, and monitoring the scope and adequacy of their external audit;

e) reviewing and approving the annual Audit plan;

f) performing any other duties, and undertaking or overseeing any specific projects, as the Board may request;

g) reviewing from time to time the need for an internal audit function; and

h) reviewing and overseeing systems of risk management and internal controls.

2.2 Financial reporting & management

The Committee is responsible for:

a) reviewing half-year and full-year financial reports and statements with management and the external auditor;

b) reviewing and making recommendations to the Board regarding significant financial, accounting and reporting issues;

c) reviewing representation letters from the Managing Director and Chief Financial Officer to the external auditor;

d) reviewing the appropriateness of the accounting policies adopted by management in relation to the financial reports and making recommendations to the Board as to any changes or amendments;

e) reviewing the appropriateness of the treasury management policy adopted by the Company and treasury operations undertaken by Management pursuant to that policy;

f) oversight of tax matters;

g)) reviewing the details of any related party transactions existing at a consolidated group level;

h) reviewing financial statements for compliance with accounting standards, policies and other requirements relating to the preparation of financial reports;

i) assessing whether the half-year and full-year financial reports are consistent with the Committee members’ information and knowledge; and

j) reviewing and making recommendations to the Board concerning new or material changes to existing debt funding arrangements having regard to matters such as interest rates, tenor and lender capacity.

2.3 External audit

The Committee is responsible for:

a) periodically considering the appointment of the external auditor and, as required, considering the procedures for the selection and appointment of the external auditor and whether an audit tender process is required. Any subsequent recommendation on the appointment of the external auditor is put to the Board;

b) considering and approving the appointment of the audit engagement partner (where applicable);

c) reviewing and approving the terms of engagement and fees of the external auditor at the start of each audit year;

d) reviewing the findings of the audit with the external auditor;

e) assessing the independence of the external auditor based on the information received from the external auditor and management. In assessing independence of the external auditor, the Committee will consider amongst other things:

i) the employment of former employees of the external auditor;

ii) policies on the supply of non-audit services by the external auditor;

iii) the fees for audit and non-audit services provided by the external auditor on a regular basis;

iv) the rotation of audit partners;

v) the external auditor’s own statement on independence; and

vi) any other information from the external auditor identifying any relationships that may affect its independence;

f) reviewing the effectiveness of the annual audit and the performance of the external auditor taking into account the opinions of management; and

g) reviewing any proposal to engage the external auditor for any non-audit services in accordance with the Non-Audit Services policy, and assessing whether the proposed engagement would compromise the external auditor’s independence.

2.4 Risk Management

The Committee is responsible for:

a) ensuring that Management has implemented a structured and comprehensive risk management system across the Company which is capable of:

i) identifying, assessing, monitoring and managing risks that could have a material impact on the Company’s business (including operational, financial, environmental, social sustainability, compliance, strategy, ethical conduct, reputation or brand, technological, personnel, financial reporting and market-related risks) in a timely manner; and

ii) providing appropriate assurances to the Committee and the Board;

b) instructing management to provide information in such a manner to ensure the Committee is made aware of material risks to the Company in a timely manner in order to identify trends and leading indicators, address risks earlier, reduce the severity of the impact if a risk crystallises, and identify causes;

c) actively engaged in oversight of risk issues, including by:

i) requesting further information, analysis or action from management;

ii) asking questions of management;

iii) requesting changes to, or rejecting, recommendations or proposals regarding risk management; and

iv) driving the implementation of change to address identified gaps in risk management;

d) monitoring the adequacy and effectiveness of the Company’s risk management, internal controls, regulatory, internal governance policies, and compliance systems and processes including procuring that periodic reviews of extraneous risks (including new and emerging sources of risk) which could affect the Company are conducted and considering the results of those reviews;

e) making recommendations to the Board in relation to changes that should be made to the Company’s risk management framework or to the risk appetite set by the Board;

f) monitoring material changes to the Company’s risk profile;

g) reviewing, at least annually, the risk management framework and policies of the Company to assess whether these continue to be sound;

h) reviewing incidents involving fraud, bribery, corruption or other breaches of the Company’s internal controls and risk management system including any lessons learnt from such incidents;

i) reviewing the adequacy of the Company’s insurance program, having regard to the Company’s particular business, and the insurable risks associated with that business, and making recommendations to the Board in relation to such insurance programs; and

j) monitoring the management of Iress’ environment and social risks and opportunities, on an annual basis, including annual public disclosures and implementation of mitigation measures for material risks.

2.5 Compliance

The Committee is responsible for:

a) reviewing and overseeing the compliance function and framework, including reviewing the effectiveness of such function and framework in ensuring compliance with applicable legal and regulatory requirements and internal policies;

b) reviewing management reports with respect to the Company’s compliance with applicable legal and regulatory requirements; and

c) reviewing significant regulatory incidents and breaches and the management of such by management.

2.6 Environment, social & governance (ESG)

The Committee is responsible for:

a) reviewing the ESG strategy, initiatives, and policies on an annual basis;

b) reviewing and monitoring the financial, operational, regulatory, and reputational risks and opportunities of ESG on the Company and provide insight and guidance with respect to the Company’s management of such risks and impacts;

c) reviewing and discussing reports and ESG risk disclosures in periodic reporting documents from management regarding the Company’s progress toward achieving its key ESG objectives;

d) providing guidance with respect to communications with employees, investors, and other stakeholders, as appropriate, regarding the Company’s position on or approach to ESG matters;

e) reviewing the sufficiency of the financial and human resources allocated to ensuring the proper development, training, education, management and advancement of the Company’s ESG strategies; and

f) considering any other matters pertaining to ESG that may be referred to the Committee by the Board or another Board Subcommittee.

2.7 Other

The Committee will be provided with regular confidential reports on the number and type of whistleblowing incidents to enable it to address any issues at a regional or group level. The Committee will be provided additional information about any material incidents raised. Reports will be a “no names” basis to maintain the confidentiality of matters raised.

2.8 Collaboration with other Subcommittees

If a risk or matter relevant to the business of the People & Performance Committee (PPC) comes to the attention of this Committee, the Committee shall ensure that the issue is brought to the attention of the PPC.

If the PPC refers to the Committee a risk or matter relevant to the business of the Committee, the Committee shall examine the issue and take such actions as may be required, including making recommendations to the PPC, management or the Board as appropriate.

3. Authority

3.1 Reporting

The Committee reports to the Board. The external auditor reports to the Committee and the Board.

3.2 Delegation

Without limiting in any way the rights of each individual Director, the Board authorises the Committee to:

a) appoint, compensate and oversee the work of any external auditor employed by the Company;

b) resolve any disagreements between management and the external auditor on financial reporting;

c) pre-approve all auditing and non-audit services to be provided by the external auditor;

d) retain independent counsel, accountants or others to advise the Committee or assist in the conduct of an investigation;

e) seek and obtain information from people including employees, interview management and internal and external auditors, and seek advice from external consultants or specialists, where the Committee considers any one or more of these steps to be necessary or appropriate; and

f) delegate authority to subcommittees of the Committee.

4. Access

The Committee has full delegated authority from the Board to fulfil its responsibilities, including:

a) having access to adequate internal and external resources, including having:

i) access to, and meeting with, the external and internal auditors (if any), without executives or management of the Company being present; and

ii) unrestricted access to management, employees and information the Committee considers relevant to its responsibilities under this Charter; and

b) obtaining independent advice, at the Company's expense, including engaging and receiving advice and recommendations from appropriate independent experts.

5. Composition & participation

Composition of the Committee is as follows:

a) members of the Committee, and the Committee Chair, are appointed by the Board;

b) the Committee will consist of:

i) at least three members;

ii) each of whom shall be non-executive directors; and

iii) the majority of members, and the Committee Chair, must be independent non-executive directors of the Board;

c) Directors who are not members of the Committee are encouraged to attend meetings in a non-voting capacity and are allowed full access to all Committee papers, minutes and reports at all times upon request;

d) a Director’s membership of the Committee shall cease automatically where such Director ceases to be a Director of the Company;

e) each Committee member must have a working familiarity with general finance and accounting practices. At least one member of the Committee must have accounting or related financial management expertise;

f) the performance of the Committee will be evaluated by the Board at least annually; and

g) participation in the Committee is in addition to the other duties of a Director of the Board.

6. Administration

6.1 Meetings

Committee Meetings will be conducted as follows:

a) the Committee aims to meet four times per year and the schedule of meetings will be agreed in advance;

b) additional meetings may be convened as required or requested by the Committee Chair or the Board;

c) the Committee Chair will call a meeting of the Committee if so requested by any member of the Committee, the external auditor, internal auditor (if any) or by the Chair of the Board;

d) a quorum shall be any two (2) Committee members;

e) should the Committee Chair be absent from the meeting, the members of the Committee present at the meeting have the authority to choose one of their number to chair that particular meeting;

f) the primary functions, responsibilities and composition of the Committee, along with the attendance by members of the Committee meetings, will be disclosed in the Annual Report; and

g) if a time-sensitive risk arises when a meeting of the Committee is not scheduled to occur within a reasonable period of time then:

(i) management must notify the Committee Chair (or, if management is unable to reach the Committee Chair, the Chair of the Board) of the risk and outline details known of the risk; and

(ii) if the Committee Chair (or the Chair of the Board) considers that the risk is urgent, the Committee/Board Chair may:

(A) call an impromptu meeting of the Committee;

(B) arrange for the urgent issue to be on the agenda for the next full Board meeting;

or, if neither (A) or (B) are suitable options, then:

(C) arrange for the Committee Chair, Chair of the Board, Managing Director, and other appropriate stakeholders to conduct impromptu discussions to address the material risk.

In the case of (B) and (C), the material risk, including any action taken or outcome , should be raised at the next Committee meeting and recorded in Committee meeting minutes in accordance with section 6.6.

6.2 Secretary

The secretary of the Committee will be the Company Secretary or in the absence of the Company Secretary a suitable alternative approved by the Committee Chair.

6.3 Board Papers

The following practices will apply to the Board papers:

a) the Committee secretary will distribute in advance of a meeting the Board agenda and any related papers to each member of the Committee;

b) it is the Company’s practice for Committee papers to be distributed via a secure electronic Board portal, the contents of which is maintained by the secretary; and

c) at the discretion of the Committee Chair, additional papers may be tabled for discussion at the meeting.

6.4 Attendees

It is expected that the Managing Director and the Chief Financial Officer will attend each meeting of the Committee. It is expected that the external auditor will attend any meeting of the Committee at which the Committee considers matters relating to full-year and half-year results or matters pertaining to the annual external audit. The Committee may also invite any person to attend any meeting or part of any meeting of the Committee. However, the Committee should regularly conduct meetings without any member of the Leadership Team present.

6.5 Voting

Any matters requiring decision will be decided by a majority of votes of members present in person or by phone.

6.6 Minutes

The minutes of the Committee will be managed as follows:

a) the secretary will prepare minutes of meetings of the Committee and have them approved by the Committee Chair;

b) minutes of meetings will be confirmed at the next meeting of the Committee;

c) minutes of Committee meetings will be included in the papers for the next meeting of the Board following the date of the Committee meeting; and

d) minutes of Committees meetings must be entered into the minute book within one month after the relevant meeting, signed within a reasonable time after the meeting by the Chair of that meeting, or a succeeding meeting.

6.7 Reporting lines to the Committee

For the purpose of supporting the independence of its function, the external auditor has a direct line of reporting access to the Committee, and under the terms of the Company’s Code of Ethics Policy, Company employees have access to the Committee Chair if required.

7. Review of charter

The Charter shall be reviewed annually by the Board on advice from the Committee to keep it up to date and consistent with the Committee’s authority, objectives and responsibilities.

All amendments to the Charter are to be approved by the Board.

8. Publication of charter

A copy of this Charter is available on the Company website.

Updated December 2022.