All policies
Board Committees

Committee Charters

Sky Nexus Cyber Operations operates four Board-level committees consistent with the ASX Corporate Governance Principles and Recommendations (4th Edition), the Corporations Act 2001 (Cth), and applicable APRA prudential standards. Each committee operates under a Board-approved charter reviewed annually.

Last updated: 1 June 2025
1

Audit Committee (Corporations Act 2001 s 307C / ASX Principle 4)

The Audit Committee assists the Board in fulfilling its oversight responsibilities for financial integrity, internal controls, risk of financial misstatement, and external audit. Composition and operation comply with s 307C of the Corporations Act 2001.

  • Minimum three members — all non-executive directors; majority must be independent
  • Chair must be an independent director with accounting or financial expertise; cannot be Board Chair
  • Meets at minimum four times per year — including pre- and post-audit sessions
  • Reviews half-year and annual financial statements before Board approval
  • Oversees the internal audit function, approves the internal audit plan, and reviews findings
  • Appoints, evaluates, and recommends remuneration of the external auditor to the Board
  • Reviews related-party transactions for compliance with Corporations Act Chapter 2E
  • Receives reports on significant accounting judgements and estimates
2

Risk Committee (APRA CPS 220 / ISO 31000:2018)

The Risk Committee oversees the enterprise risk management framework and provides Board-level assurance that material risks are identified, assessed, and managed within the Board's approved risk appetite.

  • Minimum three members — includes the CEO and at least two independent directors
  • Chair is an independent director with risk management expertise
  • Meets quarterly and on an ad-hoc basis for emerging or material risk events
  • Reviews and approves the risk appetite statement and risk tolerance thresholds annually
  • Receives the enterprise risk register quarterly from executive leadership
  • Oversees cyber risk (aligned to NIST CSF 2.0 and ASD Essential Eight), operational, legal, strategic, and reputational risk
  • Reviews the Business Continuity Plan and Disaster Recovery Plan test results annually
  • Endorses the Modern Slavery risk assessment and mitigation actions
3

Remuneration Committee (ASX Principle 8 / Corporations Act 2001)

The Remuneration Committee ensures that executive and non-executive remuneration is set at a level that is fair, transparent, and aligned to organisational performance and stakeholder interests.

  • Minimum three independent non-executive directors
  • Chair is an independent director
  • Sets and annually reviews remuneration frameworks for the CEO, CFO, and direct reports (ss 200A–200J Corporations Act)
  • Approves equity incentive plans (employee share/option schemes) — subject to shareholder approval where required
  • Reviews and reports on gender pay equity data annually — aligned to Workplace Gender Equality Act 2012 (Cth) obligations
  • Engages independent remuneration advisers as required; adviser declarations required under Corporations Act ss 206K–206N
  • Reviews superannuation and termination benefit arrangements for compliance with s 200B-F
4

Technology & Security Committee (APRA CPS 234 / SOCI Act 2018)

The Technology & Security Committee provides Board-level oversight of technology strategy, cybersecurity posture, and major technology investments, ensuring Sky Nexus meets its obligations under APRA CPS 234 and the SOCI Act 2018 for any services provided to critical infrastructure entities.

  • Minimum three members — at least one director with demonstrated technology or cybersecurity expertise
  • Chair is an independent director
  • Meets bi-monthly and on-call for material security incidents (defined as incidents meeting the ACSC significant cyber incident threshold)
  • Approves the annual technology roadmap and information security investment plan
  • Receives quarterly security metrics: SOC performance, incident trends, Essential Eight maturity score, vulnerability remediation SLA adherence
  • Oversees IRAP and DISP compliance obligations
  • Reviews and approves the Cyber Incident Response Plan (CIRP) annually; ensures alignment to ACSC Cyber Incident Response Guide
  • Approves technology investments above the defined Board-approval threshold; reviews and challenges the technology vendor risk landscape
  • Reviews post-incident analyses for all material cyber events and tracks remediation of root causes

Questions about this policy?

Contact our team for clarification, to exercise your rights, or to request engagement-specific documentation.

legal@skynexus.co
Sky Nexus Cyber Operations · 7 Saltgrass Ave, Tarneit VIC 3029 · 1800 712 345