Audit and Risk Committee

1. Origin

The Council has established a committee of Council known as the Audit and Risk Committee.

2. Purpose

To review and advise the Council on:

• The adequacy and effectiveness of the University's arrangements for risk management, internal control and governance;
• Arrangements for ensuring financial sustainability, promoting economy, efficiency and effectiveness (value for money);
• The arrangements for the management and quality assurance of data submitted to the Higher Education Statistics Agency, Office for Students (OfS), Student Loans Company and other funding and regulatory bodies;
• The Financial Statements;
• The internal and external audit process and reports
• The appropriate internal audit operating model for the University
• The provision of external audit services for the University.

3. Responsibilities and activity

• The Committee is authorised by Council to obtain outside legal or other independent professional advice and to secure the attendance of non-members with relevant experience and expertise if it considers this necessary, in consultation with the President & Vice- Chancellor and/or Chair of Council. However, it may not incur direct expenditure in this respect without the prior approval of Council.

3.1 Financial Statements

• The Audit and Risk Committee will:
  • (a) review the Annual Financial Statements for the University and the group ensuring alignment with relevant accounting standards and in particular review any significant accounting and reporting issues, including complex or unusual transactions and highly judgemental areas, and recent professional and regulatory pronouncements and understand their impact on the Financial Statements. This includes reviewing, and challenging where necessary, the judgements of management, in relation to the Annual Financial Statements before submission to Council, paying particular attention to:
    • (i) critical accounting policies and practices, and any changes in them;
    • (ii) decisions requiring a major element of judgement and/or estimate;
    • (iii) the extent to which the financial statements are affected by any unusual transactions in the year and how they are disclosed;
    • (iv) the clarity and completeness of disclosures;
    • (v) significant adjustments resulting from the audit;
    • (vi) the Going Concern assumption, identifying any material uncertainties as to the University’s ability to continue to adopt the going concern basis of accounting in preparing the financial statements over a period of at least twelve months from their date of approval;
    • (vii) compliance with accounting standards and the HE/FESORP;
    • (viii) compliance with OfS, specifically the accounts direction, and other legal requirements;
    • (ix) reviewing the University’s statements on public benefit, internal control systems, risk management and Corporate Governance prior to endorsement by Council;
  • (b) review the audit aspects of the draft annual financial statements, including the external audit opinion, the statement of members’ responsibilities, the statement of internal control and any relevant issue raised in the external auditors’ management letter. The Committee should, where appropriate, confirm with the internal and external auditors that the effectiveness of the internal control system has been reviewed, and comment on this in its annual report to Council.

3.2 Internal and external audit services

• The duties of the Committee shall be to:
  • (a) consider and make recommendations to Council on the appointment of the external auditors, the audit fee, the provision of any non-audit services by the external auditors, and any questions of resignation or dismissal of the external auditors. The Committee will assess the independence and objectivity of the external auditors, ensuring that key partners are rotated on a regular basis; and ensure that the provision of non-audit services does not impair the external auditors’ independence or objectivity.
  • (b) review and agree with the external auditors, before the audit begins, the nature and scope of the audit via the approval of the External Audit strategy document.
  • (c) discuss with the external auditors problems and reservations arising from the interim and final audits, including a review of the management letter, incorporating management responses, and any other matters the external auditors may wish to discuss (in the absence of management where appropriate).
  • (d) consider and advise Council on the appointment and terms of engagement of the internal audit service (and the head of internal audit if applicable), the audit fee, the provision of any non-audit services by the internal auditors, and any questions of resignation or dismissal of the internal auditors, and ensure that the provision of non-audit services does not impair the internal auditors’ independence or objectivity
  • (e) review the internal auditors’ audit risk assessment, strategy and programme; consider major findings of internal audit investigations and management’s response; and promote co-ordination between the internal and external auditors. The Committee will ensure that the resources made available for internal audit are sufficient to meet the institution’s needs (or make a recommendation to Council as appropriate)
  • (f) monitor the implementation of agreed audit-based recommendations, from whatever source
  • (g) monitor annually the performance and effectiveness of the external and internal auditors, including any matters affecting their objectivity, and make recommendations to Council concerning their reappointment, where appropriate, ensuring that internal and external audit services are market tested on a regular basis.

3.3 Risk management

• The duties of the Committee shall be to:
  • (a) keep under review the effectiveness of the University’s management of risk, including health and safety, and focus on areas of higher risk in the Risk Register.  In particular, review the external auditors’ management letter, the internal auditors’ annual report, and management responses
  • (b) review progress by the University in managing and mitigating key risks

3.4 Compliance and other reporting responsibilities

• The duties of the Committee shall be to:
  • (a) review and monitor the effectiveness of the arrangements for the management and quality assurance of data submitted to the Higher Education Statistics Agency (HESA), OfS and other funding and regulatory bodies
  • (b) ensure that all significant losses have been properly investigated and that the internal and external auditors, and where appropriate the funding council’s accounting officer, have been informed
  • (c) oversee the institution’s policy on fraud and irregularity, and to receive an annual fraud report which will consider amendments to policy and a summary of any fraud incidents, including being notified of any action taken under that policy
  • (d) monitor compliance with the Financial Regulations and Financial Policies for anyone with a contractual relationship with the University - this includes all employees, honorary staff, Council members and official University visitors including those working on a voluntary basis - and notify Council of any material breach
  • (e) satisfy itself that suitable arrangements are in place to ensure financial sustainability and promote economy, efficiency and effectiveness (value for money)
  • (f) receive any relevant reports from the National Audit Office, funding councils and other organisations which directly affect or inform the work of the Committee.
  • (g) monitor annually the performance and effectiveness of the external and internal auditors, including any matters affecting their objectivity, and make recommendations to Council concerning their reappointment, where appropriate, ensuring that internal and external audit services are market tested on a regular basis.
  • (h) receive an annual report on the operation of the University’s whistleblowing policy and recommend amendments as appropriate.
• The Committee will conduct annual self-assessments together with a four yearly deep dive self-assessment of its own performance and effectiveness and report conclusions and recommendations to Council.
• The Committee will review its own Terms of Reference annually at the last meeting of the academic year.

4. Reporting arrangements

• The minutes of meetings of the Audit and Risk Committee will be distributed to all Committee members and attendees as appropriate, taking into account any conflicts of interest which may exist.
• Audit and Risk Committee minutes will be circulated to all members of Council following each meeting of the Committee.
• The Committee will prepare an annual report covering the University’s financial year and any significant issues up to the date of preparing the report. The report will be addressed to Council and will summarise the activity for the year. It will give the Committee’s opinion of the adequacy and effectiveness of the University’s arrangements for the following:
  • risk management, control and governance (the risk management element includes the appropriateness of the statement of internal control included with the annual statement of accounts);
  • economy, efficiency and effectiveness (value for money); and
  • management and quality assurance of data submitted to the Higher Education Statistics Agency, the Student Loans Company, OfS and other bodies.

This opinion should be based on the information presented to the Committee.

5. Constitution

5.1 Membership

The Audit and Risk Committee shall be appointed by the Nominations and Governance Committee and must consist of members with no executive responsibility for the management of the institution. The Chair of Audit and Risk Committee shall be appointed by Council. The Chair of  Council should not be a member of the Committee. Members should not have significant interests in the institution.

The Committee should comprise:

• Two lay members of Council (one appointed as Chair)
• Three persons with senior financial management experience gained outside the University (one of whom may be a lay member of Council).

At least one member should have recent relevant experience in finance, accounting or auditing. 
One member of the Committee should have relevant experience in risk management. 
The Committee may, if it considers it necessary or desirable, co-opt members with particular expertise. Members of the Committee should not also be members of the Finance Committee (or equivalent).

Note: The appointed members shall normally have no more than two consecutive periods of office.

Current membership is set out in the Annex to these Terms of Reference.

5.2 Attendance at meetings

• The President & Vice- Chancellor, Executive Director Finance, Vice-President (Operations), Executive Director of Governance, Legal Services, Risk & Resilience, Group Financial Controller, Director of Organisational Risk Management, the Head of Internal Audit (where in post) or a representative of the Internal Auditors, and a representative of the External Auditors shall normally attend meetings where business relevant to them is to be discussed. However, at least once a year, the Committee should meet with the external and internal auditors without any officers present.
• The University Treasurer is invited to attend all meetings as an observer.
• The Committee has the right, whenever it is satisfied that this is appropriate, to go into confidential session and exclude any or all other participants and observers other than the Audit and Risk Committee Secretary.
• Other representatives from internal and external auditors and University teams or departments shall attend meetings as appropriate and as required for specific matters where business relevant to them is to be discussed.

6. Quorum and frequency

6.1 Quorum

At least 3 members being present shall constitute as a quorum.

6.2 Frequency of meetings

The Chair or any member of the Committee or the Secretary may convene a meeting of the Committee at any time on reasonable notice to consider any matter falling within these Terms of Reference. The External Auditors or Head of Internal Audit (where in post) or a representative of the Internal Auditors may request a meeting if they consider it necessary.

7. Resources

The Secretary to the Audit and Risk Committee will be a member of Governance Services. They will attend all meetings of the Committee and provide all necessary support to the Committee. The Secretary should ensure that the Committee receives information and papers in a timely manner to ensure full and proper consideration of issues.

The Committee will make a suitable induction process available to new members of the Committee via the Secretary

8. Terms of Reference review

Date of last review:  4th June 2025

Date of next review: June 2026

Annex