These terms of reference are based on those set out in the CUC Higher Education Audit Committee Code of Practice (May 2020) and the relevant sections of the Office for Students’ (OfS) Terms and Conditions of Funding 2018.15 Annexe C (and subsequent versions).
Governing Council has established an Audit and Risk Committee (ARC), responsible for assuring it about the adequacy and effectiveness of:
- Risk management, control and governance (including academic risk and governance)
- Economy, efficiency and effectiveness (VFM)
- The management and quality assurance of data
It is the role of ARC to advise and assist Governing Council in respect of the entire assurance and control environment of the institution. This in turn assists to ensure compliance with the OfS General Ongoing Condition G2: Terms and conditions of financial support.
ARC should act as “the conscience” of the University and conduct its business in a way that provides the assurance required and, if necessary, identifies bad behaviour. It should conduct its business in line with the Nolan principles of public life and ensure these are integrated into the operations of the provider.
ARC is authorised by Governing Council to investigate any activity within its terms of reference. It is authorised to seek any information it requires from any employee, and all employees are directed to co-operate with any request made by ARC.
The Committee is authorised by Governing Council to obtain outside legal or other independent professional advice and to secure the attendance of non-members with relevant experience and expertise if it considers this necessary, normally in consultation with the Vice-Chancellor and/or the Chair of Governing Council. However, it may not incur direct expenditure in this respect in excess of £100k without the prior approval of Governing Council.
1. Internal Control
The Committee shall
1.1 Keep under review the effectiveness of the risk management, (including academic risk), culture, control and governance arrangements and review the external auditors’ management letter, the internal auditors’ annual report and management responses. In particular:
- It must consider the internal audit provider’s annual report and management responses
- The external auditors’ management letter
1.2 Monitor the implementation of agreed audit-based recommendations from whatever source.
1.3 Ensure that all significant losses have been thoroughly investigated and that the internal and external auditors – and where appropriate the regulator – have been informed.
1.4 Monitor annually the performance and effectiveness of the external and internal auditors.
- ARC must agree all significant matters with a bearing on the auditor’s objectivity and independence.
- Additional work must not impair the independence of the external audit opinion.
1.5 Oversee the institution’s policy on fraud and irregularity, including being notified of any action taken under that policy.
1.6 Receive the Financial Regulations and scrutinise any changes to them;
- ARC must annually review the Financial Regulations, and
- Recommend or approve amendments to the Financial Regulations including authorisation limits, and
- Report a summary of any changes annually to the Governing Council.
1.7 Receive reports of any material variations from, or breaches of, the
- ARC may recommend [or approve] any actions arising from reports of such breaches or variations and
- ARC must report any actions arising from reports of breaches of the Financial Regulations to GC for ratification.
1.8 Establish assurance that the University has a robust approach to the management of risk and control by:
- Maintaining oversight of the Institution’s risk management policy, and
- Monitoring the effective development and risk management through oversight of the Strategic Risk Register and
- Reviewing the risk profile and risk appetite as approved by Governing Council.
2. Internal Audit
The Committee shall
2.1 Consider and advise Governing Council on the appointment and terms of engagement of the internal audit service, the audit fee, the provision of any non-audit services by the internal auditors, and any questions of resignation or dismissal of the internal auditors.
2.2 Undertake market testing of any externally provided internal audit at least every four years.
2.3 Review the internal auditors’ audit risk assessment, strategy and programme;
2.4 Consider major findings of internal audit investigations and management response; and promote coordination between the internal and external auditors.
2.5 Ensure that the resources made available for internal audit are enough to meet the University’s needs (or make a recommendation to Governing Council as appropriate).
3. External Audit
The Committee shall
3.1 Consider elements of the annual financial statements in the presence of the external auditors, including the auditors’ formal opinion, the statement of members’ responsibilities and the statement of internal control, in accordance with the regulator’s Accounts Direction.
3.2 Advise Governing Council on the appointment of the external auditors, the audit fee, the provision of any non-audit services by the external auditors, and any questions of resignation or dismissal of the external auditors.
3.3 Undertake market testing of the external audit service at least every four years. The external auditor’s individual named partner should not hold this position for more than ten consecutive years.
3.4 Discuss with the external auditors, before the audit begins, the nature and scope of the audit.
3.5 Discuss with the external auditors problems and reservations arising from the interim and final audits, including a review of the management letter, incorporating management responses, and any other matters the external auditors may wish to discuss (in the absence of management where necessary).
4. Non-financial Quality Management
The Committee shall
4.1 Receive any relevant reports from the Office for Students, the National Audit Office and other organisations.
4.2 Notify Governing Council of any request for a restriction in liability from the external or internal auditor. The University must not agree to any restriction in external auditor’s liability in respect of the external audit of their annual financial statements.
4.3 In the event of the merger or dissolution of the institution, ensure that the necessary actions are completed, including arranging for a final set of financial statements to be completed and signed.
4.4 Satisfy itself that suitable arrangements are in place to ensure the sustainability of the institution and to promote economy, efficiency and effectiveness. This may include consideration of arrangements that:
- support the culture and behaviour that is prevalent within the institution;
- ensure the effective management of conflicts of interest; and
- enable the appointment of ‘fit and proper persons’ to Governing Council and senior executive positions
4.5 Satisfy itself that effective arrangements are in place to ensure appropriate and accurate data returns are made to external stakeholders and regulatory bodies.
4.6 Monitor other relevant sources of assurance, for example other external reviews.
4.7 The Committee should seek assurance that the University complies with the Office for Students’ Accounts Direction as this includes disclosures a provider must make regarding management and governance arrangements.
5.1 Subject to 5.3 and 5.5 below all members of Governing Council are eligible to be members of the Committee and its Chair, and shall be appointed by Governing Council.
5.2 No member of the committee should have executive responsibility for the management of the institution or its subsidiaries.
5.3 The Chair of Governing Council and the Chair of the Strategy, Finance and Planning Committee should not be members of ARC. Members should not have significant interests in the institution.
5.4 There shall be no fewer than three members. A quorum shall be at least two members, both of whom must be members of Governing Council.
5.5 The Committee may, if it considers it necessary or desirable, co-opt individuals with relevant expertise to the committee. Co-opted members are members of the committee, but their presence at a meeting does not make up the quorum.
5.6 At least one member, whether a Governing Council member or a member who has been co-opted to the Committee, should have recent relevant experience in finance, accounting or auditing.
6. Attendance and Clerking Arrangements
6.1 The Director of Finance, the head of internal audit and a representative of the external auditors shall normally attend meetings where business relevant to them is to be discussed.
6.2 The Clerk to the Committee will be the Secretary to the Governing Council
6.3 The Committee has the right, whenever it is satisfied that this is appropriate, to go into confidential session and exclude any or all other participants and observers other than the Audit Committee Secretary.
7.1 Meetings shall normally be held four times each financial year.
7.2 At least once a year the Committee should meet with the external and internal auditors without any officers present.
7.3 For internal audit this should be at the start of the meeting where the head of internal audit presents their report; for external audit it should be at the start of the meeting where the audit partner presents the audit findings and management letter.
7.4 The external auditors or head of internal audit may request additional meetings if they consider it necessary.
8. Reporting Procedures
8.1 The minutes (or a report) of meetings of the Audit Committee will be circulated to all members of the Governing Council.
8.2 The Committee must prepare an annual report covering the institution’s financial year and any significant issues up to the date of preparing the report and its consideration of the financial statements for the year. The report will be addressed to the Governing Council and the Head of the Institution and will summarise the activity for the year.
8.3 The report must give the Committee’s opinion of the adequacy and effectiveness of the institution’s arrangements for:
- Risk management control and governance (including academic risk and governance)
- Economy, efficiency and effectiveness (VFM)
- Management and quality assurance of data submitted to the Higher Education Statistics Agency, the Student Loans Company, the Office for Students, Research England and other bodies
8.4 The Committee must receive the external auditor’s report along with the University’s management response in time to inform its annual report.
8.5 Governing Council must receive and review the Committee’s annual report before the audited financial statements are signed.
9. Review of the Committee’s Effectiveness
9.1 The Committee should periodically (and at a minimum of every four years) undertake a review of its terms of reference and its own effectiveness and recommend any necessary changes to Governing Council.
Considered by Audit and Risk Committee: 3 November 2022
Approved by Governing Council: 1 July 2022
Considered by Audit and Risk Committee: 21 September 2022
Considered by Audit and Risk Committee: 6 February 2023
Approved by Audit and Risk Committee: 21 February 2023
Approved by Governing Council: 20 April 2023
Next due for review: April 2024