Audit and Risk Committee - Terms of Reference


These terms of reference are based on those set out in the CUC Higher Education Audit Committee Code of Practice (May 2020) and the relevant sections of the Office for Students’ (OfS) Terms and Conditions of Funding 2018.15 Annexe C (and subsequent versions).


Governing Council has established an Audit and Risk Committee (ARC), responsible for assuring it about the adequacy and effectiveness of:


It is the role of ARC to advise and assist Governing Council in respect of the entire assurance and control environment of the institution. This in turn assists in ensuring compliance with the OfS General Ongoing Condition G2: Terms and conditions of financial support.

ARC should act as “the conscience” of the University and conduct its business in a way that provides the assurance required and, if necessary, identifies bad behaviour.  It should conduct its business in line with the Nolan principles of public life and ensure these are integrated into the operations of the provider.

ARC is authorised by Governing Council to investigate any activity within its terms of reference. It is authorised to seek any information it requires from any employee, and all employees are directed to cooperate with any request made by ARC.

The Committee is authorised by Governing Council to obtain outside legal or other independent professional advice and to secure the attendance of non-members with relevant experience and expertise if it considers this necessary, normally in consultation with the Vice-Chancellor and/or the Chair of Governing Council. However, it may not incur direct expenditure in this respect in excess of £100k without the prior approval of Governing Council.

1.    Internal Control

The Committee shall

1.1      Keep under review the effectiveness of the risk management, (including academic risk), culture, control and governance arrangements and review the external auditors’ management letter, the internal auditors’ annual report and management responses. In particular:

1.2      Monitor the implementation of agreed audit-based recommendations from whatever source.

1.3      Ensure that all significant losses have been thoroughly investigated and that the internal and external auditors – and where appropriate the regulator – have been informed.

1.4      Monitor annually the performance and effectiveness of the external and internal auditors.

1.5      Oversee the institution’s policy on fraud and irregularity, including being notified of any action taken under that policy.

1.6      Receive the Financial Regulations and scrutinise any changes to them;

1.7      Receive reports of any material variations from, or breaches of, the Financial Regulations;

1.8      Except where it is within the remit of the Performance, People and Resources Committee's terms of reference, this committee will oversee the risk aspects associated with the Institution's five-year plan.

1.9      Oversee the Institution's safeguarding action plan and monitor its implementation.

1.10    Receive an annual report on the state of health and safety within the Institution and note both the actions put in place and the future plans for health and safety across the University estate.

1.11    Establish assurance that the University has a robust approach to the management of risk and control by:

1.12   Liaise with other University committees in respect of any material risks relevant to that committee.

2.    Internal Audit

The Committee shall

2.1       Consider and advise Governing Council on the appointment and terms of engagement of the internal audit service, the audit fee, the provision of any non-audit services by the internal auditors, and any questions of resignation or dismissal of the internal auditors.

2.2       Undertake market testing of any externally provided internal audit at least every four years.

2.3       Review the internal auditors’ audit risk assessment, strategy and programme;

2.4       Consider major findings of internal audit investigations and management response; and promote coordination between the internal and external auditors.

2.5       Ensure that the resources made available for internal audit are enough to meet the University’s needs (or make a recommendation to Governing Council as appropriate).

3.    External Audit

The Committee shall

3.1       Consider elements of the annual financial statements in the presence of the external auditors, including the auditors’ formal opinion, the statement of members’ responsibilities and the statement of internal control, in accordance with the regulator’s Accounts Direction.

3.2       Advise Governing Council on the appointment of the external auditors, the audit fee, the provision of any non-audit services by the external auditors, and any questions of resignation or dismissal of the external auditors.

3.3       Undertake market testing of the external audit service at least every four years. The external auditor’s individual named partner should not hold this position for more than ten consecutive years.

3.4       Discuss with the external auditors, before the audit begins, the nature and scope of the audit.

3.5       Discuss with the external auditors problems and reservations arising from the interim and final audits, including a review of the management letter, incorporating management responses, and any other matters the external auditors may wish to discuss (in the absence of management where necessary).

4.    Non-financial Quality Management

The Committee shall

4.1       Receive any relevant reports from the Office for Students, the National Audit Office and other organisations.

4.2       Notify Governing Council of any request for a restriction in liability from the external or internal auditor. The University must not agree to any restriction in external auditor’s liability in respect of the external audit of their annual financial statements.

4.3       In the event of the merger or dissolution of the institution, ensure that the necessary actions are completed, including arranging for a final set of financial statements to be completed and signed.

4.4       Satisfy itself that suitable arrangements are in place to ensure the sustainability of the institution and to promote economy, efficiency and effectiveness. This may include consideration of arrangements that:

4.5       Satisfy itself that effective arrangements are in place to ensure appropriate and accurate data returns are made to external stakeholders and regulatory bodies.

4.6       Monitor other relevant sources of assurance, for example other external reviews.

4.7       The Committee should seek assurance that the University complies with the Office for Students’ Accounts Direction as this includes disclosures a provider must make regarding management and governance arrangements.

5.    Composition

5.1       Subject to 5.3 and 5.5 below all members of Governing Council are eligible to be members of the Committee and its Chair, and shall be appointed by Governing Council.

5.2       All members of the committee must have no executive responsibility for the management of the institution.

5.3       The Chair of Governing Council and the Chair of the Performance, People & Resources Committee should not be members of ARC. Members should not have significant interests in the institution.

5.4       There shall be no fewer than three members. A quorum shall be at least two members, both of whom must be members of Governing Council.

5.5       The Committee may, if it considers it necessary or desirable, co-opt individuals with relevant expertise to the committee. Co-opted members are members of the committee, but their presence at a meeting does not make up the quorum.

5.6       At least one member, whether a Governing Council member or a member who has been co-opted to the Committee, should have recent relevant experience in finance, accounting or auditing.

6.    Attendance and Clerking Arrangements

6.1       The Director of Finance, the head of internal audit and a representative of the external auditors shall normally attend meetings where business relevant to them is to be discussed.

6.2       The Clerk to the Committee will be the Secretary to the Governing Council

6.3       The Committee has the right, whenever it is satisfied that this is appropriate, to go into confidential session and exclude any or all other participants and observers other than the Audit Committee Secretary.

7.    Meetings

7.1       Meetings shall normally be held four times each financial year.

7.2       At least once a year the Committee should meet with the external and internal auditors without any officers present.

7.3       For internal audit this should be at the start of the meeting where the head of internal audit presents their report; for external audit it should be at the start of the meeting where the audit partner presents the audit findings and management letter.

7.4       The external auditors or head of internal audit may request additional meetings if they consider it necessary.

8.    Reporting Procedures

8.1       The minutes (or a report) of meetings of the Audit Committee will be circulated to all members of the Governing Council.

8.2       The Committee must prepare an annual report covering the institution’s financial year and any significant issues up to the date of preparing the report and its consideration of the financial statements for the year. The report will be addressed to the Governing Council and the Head of the Institution and will summarise the activity for the year.

8.3       The report must give the Committee’s opinion of the adequacy and effectiveness of the institution’s arrangements for:

8.4       The Committee must receive the external auditor’s report along with the University’s management response in time to inform its annual report.

8.5       Governing Council must receive and review the Committee’s annual report before the audited financial statements are signed.

9.    Review of the Committee’s Effectiveness

9.1       The Committee should periodically (and at a minimum of every four years) undertake a review of its terms of reference and its own effectiveness and recommend any necessary changes to Governing Council.


Approved by Audit and Risk Committee: 21 February 2023
Approved by Governing Council: 20 April 2023

Approved by Governing Council: February 2024

Next due for review: April 2024