2003 Audit Charter: ONECHARTER
THE AUDIT AND RISK MANAGEMENT COMMITTEE
OF THE BOARD OF DIRECTORS
BANK ONE CORPORATION
The Audit and Risk Management Committee is appointed by the Board of Directors to assist Board oversight of (1) the integrity of the financial statements of the Corporation, (2) the compliance by the Corporation with legal and regulatory requirements, (3) the effectiveness of internal controls, (4) the independent auditors' qualifications and independence, (5) the performance of the Corporation's internal and external auditors, (6) policy standards and guidelines for risk management and (7) financial transactions, capital management and financial planning and performance. The Committee shall have responsibility and authority with respect to the matters stated in this charter for the Corporation and its subsidiaries.
The members of the Committee shall be appointed by the Board of Directors, shall serve at the pleasure of the Board of Directors for such term or terms as the Board may determine, and shall meet the independence and experience requirements of the New York Stock Exchange and other applicable laws and regulations. The Committee shall consist of not less than three directors, including a Chairman, each of whom the Board of Directors has determined has no material relationship with the Corporation and one of whom the Board of Directors has determined is a "financial expert" as such qualifications are interpreted by the Board of Directors in its business judgment. The presence of fifty percent of the members of the Committee shall constitute a quorum of the Committee, and the act of the majority of the members present at any meeting at which a quorum is present shall be the act of the Committee. The Committee shall meet at least four times annually.
No director may serve as a member of the Committee if such director serves on the audit committee of more than three public companies unless the Board of Directors determines that such simultaneous service would not impair the ability of such director to effectively serve on the Committee, and discloses this determination in the Corporation's annual proxy statement. No member of the Committee may receive any compensation from the Corporation other than (i) director's fees, which may be received in cash, stock options or other in-kind consideration ordinarily available to directors; (ii) a pension or other deferred compensation for prior service that is not contingent on future service; and (iii) any other regular benefits that other directors receive.
The Committee shall have the authority to retain special legal, accounting or other consultants to advise the Committee. The Committee may request any officer or employee of the Corporation or the Corporation's outside counsel or independent auditor to attend a meeting of the Committee or to meet with any members of, or consultants to, the Committee.
The Committee shall make regular reports to the Board of Directors.
The Committee shall:
1. Be directly responsible for the appointment (subject, if determined by management, to ratification by the Corporation's stockholders), compensation, oversight of the work and termination of the independent auditor (including resolution of disagreements between management and the auditor regarding financial reporting).
2. At least annually, obtain and review a report by the independent auditor describing: the firm's internal quality control procedures; any material issues raised by the most recent internal quality-control review, or peer review, of the firm, or by any inquiry or investigation by governmental or professional authorities, within the preceding five years, respecting one or more independent audits carried out by the firm, and any steps taken to deal with any such issues; and (to assess the auditor's independence) all relationships between the independent auditor and the Corporation.
3. Meet with the independent auditor to review the planning of its audit of the Corporation's financial statements.
4. Discuss the Corporation's annual audited financial statements, quarterly financial statements, earnings press releases and earnings quality with management and the independent auditor, including the Corporation's disclosures under "Management's Discussion and Analysis of Financial Condition and Results of Operations".
5. Discuss the types of financial information and earnings guidance provided, and the types of presentations made, to analysts and rating agencies.
6. Review CEO and CFO certifications regarding the Corporation's financial statements and SEC filings, including the adequacy of the Corporation's disclosure controls and procedures.
7. Review the representations of management and the findings of the independent auditor as to the effectiveness of the Corporation's systems of internal controls in order to obtain reasonable assurance that the Corporation's annual and quarterly financial reports are prepared in accordance with generally accepted accounting principles and are free from material fraud or error.
8. Review with management, internal audit and the independent auditor significant accounting and reporting principles and practices applied by the Corporation in preparing its financial statements, including a discussion with the independent auditor regarding its judgments about the quality of the Corporation's accounting principles used in financial reporting.
9. Review changes to the Corporation's accounting principles and practices that materially impact the Corporation's consolidated financial statements.
10. Discuss with the independent auditor matters relating to the conduct of the audit as required by professional auditing standards.
11. Review with the independent auditor any audit problems or difficulties the auditor may have encountered in its work, management's response and any management letter provided by the auditor.
12. Discuss and recommend to the Board of Directors whether the Corporation's audited financial statements should be included in the Corporation's annual report on Form 10-K.
13. Pre-approve all services and fees of the independent auditor.
14. Receive periodic written statements from the independent auditor delineating all relationships between the auditor and the Corporation, discuss with the auditor any disclosed relationships or services that may impact the objectivity and independence of the outside auditor, and if so determined by the Committee, recommend that the Board of Directors take appropriate action in response to the auditor's report to satisfy itself of the independence of the auditor.
15. Review appointment and replacement of the General Auditor and review annually the responsibilities, budget and staffing of the internal audit function.
16. Review, as appropriate, risk assessment and risk management policies and procedures, including limits and limit allocations for credit risk, market risk, investment risk, liquidity risk, interest rate risk and operating risk.
17. Receive periodic reports regarding the Corporation's contingent liabilities, and, as appropriate, review guidelines and procedures for assuming significant contingent liabilities.
18. Review significant operational and customer service issues and monitor remediation of such issues as appropriate.
19. Review, as appropriate, guidelines relating to the issuance of securities and capital actions.
20. Review acquisitions, joint ventures and strategic arrangements from the perspective of assessing the risks assumed by such actions and implementing controls, if necessary, to limit such risks.
21. Review reports of significant issues prepared by internal audit and other risk oversight functions.
22. Review the assessment of management regarding compliance by subsidiary banks with laws and regulations designated by the FDIC as being essential for safety and soundness, and compliance by subsidiary banks with regulations of the OCC relating to fiduciary activities.
23. Review within the purview of this Charter those policies of the Corporation with regard to which applicable laws, rules and regulations require Board of Directors' approval and permit delegation to an appropriate committee of the Board of Directors.
24. Prepare the report required by the rules of the Securities and Exchange Commission to be included in the Corporation's annual proxy statement.
25. Review the Corporation's Code of Ethics and Code of Conduct, and any significant reported violations.
26. Review the significant results of regulatory examinations of the Corporation.
27. Review with the Corporation's Chief Legal Officer matters that may have a material impact on the Corporation's consolidated financial statements.
28. Meet periodically with management, the General Auditor, the independent auditor and any other persons whom the Committee deems appropriate in separate executive sessions.
29. Review and reassess the adequacy of this Charter periodically and recommend any proposed changes to the Board of Directors for approval.
30. Set clear hiring policies for employees or former employees of the independent auditor.
31. Prepare and review with the Board of Directors an annual performance evaluation of the Committee.
The function of the Committee is oversight. The management of the Corporation is responsible for the preparation, presentation and integrity of the Corporation's financial statements. Management is also responsible for maintaining appropriate accounting and financial reporting principles and policies and internal controls and procedures that provide for compliance with accounting standards and applicable laws and regulations. The independent auditors are responsible for planning and carrying out a proper audit of the Corporation's annual financial statements, reviews of the Corporation's quarterly financial statements prior to the filing of each quarterly report on Form 10-Q, and other procedures. In fulfilling their responsibilities hereunder, it is recognized that the members of the Committee are not employees of the Corporation and are not, and do not represent themselves to be, accountants or auditors by profession or experts in the fields of accounting or auditing including in respect of auditor independence. As such, it is not the duty or responsibility of the Committee or its members to (i) conduct "field work" or other types of auditing or accounting reviews or procedures, (ii) set auditor independence standards, (iii) determine that the Corporation's financial statements are complete and accurate and are in accordance with accounting principles generally accepted in the United States of America or (iv) assure compliance with laws and regulations and the Corporation's Code of Ethics or Code of Conduct.