Audit and Risk Committee

Audit and Risk Committee reports to Council.

Terms of reference

Objectives and outcomes

Audit and Risk Committee's main role is to advise Council on the effectiveness of the University's internal controls and risk management.

The committee assures Council that our systems of internal control and monitoring processes are adequate and efficient.

It also recommends the Annual Financial Accounts to Council.

Remit

The remit of the Committee under the following core, agenda-aligned headings, is:

(a) Strategic development, planning, performance monitoring and resourcing items for consideration and/or decision

  1. To recommend the University and Group annual financial statements for Council approval (in conjunction with Finance Committee), based on receiving assurance on the integrity and compliance with financial reporting standards and other requirements, informed by the external auditor’s annual report and management letter).
  2. To approve the content of Audit and Risk Committee’s annual report on the work of the Committee to present to Council and the Vice-Chancellor and President, including an opinion on how the committee has satisfied itself in relation to institutional arrangements for the adequacy and effectiveness of arrangements for internal control, risk management, sustainability, data quality and value for money (VfM). (Note to members: The CUC HE Code of Practice for Audit Committee does not define ‘sustainability’ but ARC may wish to interpret this as key underpinning controls (other than financial sustainability and value for money) which mean the institution functions effectively and compliantly. It might include how ARC seeks assurance on environmental sustainability, plus areas which might be candidates for internally driven policy or internal audit assurance as per term of reference b5 statutory and regulatory compliance, anti-fraud and anti-money laundering, health and safety, Prevent Duty, business and corporate ethics (ie the University’s institutional level systems for non-academic ethics disclosures), student consumer protection, cybersecurity, major and critical incidents, Insurance arrangements, public interest disclosure (whistleblowing).)
  3. To consider and approve the internal audit annual and longer-term programme on the recommendation of UEB and the internal auditors.
  4. To consider and approve the external audit annual and longer-term strategy and plan on the recommendation of UEB and the external auditors.
  5. To monitor the performance of the internal and external audit, including in relation to their objectivity and addressing any concerns.
  6. To monitor the adequacy and effectiveness of the University’s internal control environment, including through the internal audit reports and monitoring progress in implementing their recommendations.
  7. To monitor the adequacy and effectiveness of the University’s risk management framework as set out in the Risk Management Policy and Framework.

(b) Policy and regulatory matters

  1. To recommend the (re)appointment period and terms of conditions or, in extremis, dismissal of the internal and external auditors for Council approval.
  2. To approve non-audit work and associated fees undertaken by the internal and external auditors on an annual basis.
  3. To recommend the Risk Management Policy and Framework for approval by Council, and consider the adequacy of an assurance map for the University to demonstrate effective risk mitigation across a range of control areas.
  4. To approve specific policies and procedures for the effective oversight of internal and external audit related matters as regulated by Audit and Risk Committee on behalf of Council.
  5. To request periodic reports which enable Audit and Risk Committee to take assurance on the adequacy and effectiveness of University policies and controls in a range of internal and external compliance areas.
  6. To be notified by management and take assurance around responses to material internal and external regulatory breaches of University regulation, or notifications or enforcement notices and investigations by a range of external regulators including the Office for Students (OfS), its designated data and quality bodies, UKRI, UKVI, ICO, SLC and other statutory bodies and agencies, or through whistleblowing.
  7. To consider wider policy and reports from internal and external bodies which may have implications on the work of the Committee.
  8. In the event of the merger, dissolution or market exit of the University, to ensure that the necessary actions are completed, including arranging for a final set of financial statements to be completed and signed.

Authority

Audit and Risk Committee is principally an advisory committee, with a monitoring function, and in seeking assurance from a range of sources and bodies, and providing assurance to Council on the areas within its remit.

Its role is to be assured that independent oversight of the areas within its remit takes place through the University’s management, governance and control systems.

It is for other bodies and systems to carry out such oversight and monitoring.

The Committee has full authority to commission investigations into specific matters of concern, whether by management, a committee or the internal or external auditors, with an expectation of full cooperation and disclosure.

Parent committee and associated subcommittees