Audit and Risk Committee

1. Origin

The Council has established a committee of Council known as the Audit and Risk Committee.

2. Purpose

To review and advise the Council on:

• The adequacy and effectiveness of the University's arrangements for risk management, control and governance;
• Arrangements for ensuring sustainability, promoting economy, efficiency and effectiveness;
• The arrangements for the management and quality assurance of data submitted to the Higher Education Statistics Agency, Office for Students (OfS), Student Loans Company and other funding bodies;
• The audit of the draft Financial Statements.

To consider and advise Council on the provision of external and internal audit for the University.

3. Responsibilities and activity

• The Committee is authorised by Council to obtain outside legal or other independent professional advice and to secure the attendance of non-members with relevant experience and expertise if it considers this necessary, normally in consultation with the President & Vice- Chancellor and/or Chair of Council. However, it may not incur direct expenditure in this respect without the prior approval of Council.
• The Audit and Risk Committee will review the audit aspects of the draft annual financial statements. 
• These aspects will include the external audit opinion, the statement of members’ responsibilities, the statement of internal control and any relevant issue raised in the external auditors’ management letter. 
  The Committee should, where appropriate, confirm with the internal and external auditors that the effectiveness of the internal control system has been reviewed, and comment on this in its annual report to Council.

The duties of the Committee shall be to:

• consider and make recommendations to Council on the appointment of the external auditors, the audit fee, the provision of any non-audit services by the external auditors, and any questions of resignation or dismissal of the external auditors. The committee will assess the independence and objectivity of the external auditors, ensuring that key partners are rotated on a regular basis, and ensure that the provision of non-audit services does not impair the external auditors’ independence or objectivity.
• review and agree with the external auditors, before the audit begins, the nature and scope of the audit
• discuss with the external auditors problems and reservations arising from the interim and final audits, including a review of the management letter, incorporating management responses, and any other matters the external auditors may wish to discuss (in the absence of management where necessary).
• review, and challenge where necessary, the judgements of management, in relation to the annual financial statements before submission to Council, paying particular attention to:
  • critical accounting policies and practices, and any changes in them;
  • decisions requiring a major element of judgement;
  • the extent to which the financial statements are affected by any unusual transactions in the year and how they are disclosed;
  • the clarity and completeness of disclosures;
  • significant adjustments resulting from the audit;
  • the Going Concern assumption, identifying any material uncertainties as to the University’s ability to continue to adopt the going concern basis of accounting in preparing the financial statements over a period of at least twelve months from their date of approval;
  • compliance with accounting standards and SORPs;
  • compliance with OfS and other legal requirements;
  • reviewing the University’s statements on public benefit, internal control systems and risk management prior to endorsement by Council;
• consider and advise Council on the appointment and terms of engagement of the internal audit service (and the head of internal audit if applicable), the audit fee, the provision of any non-audit services by the internal auditors, and any questions of resignation or dismissal of the internal auditors, and ensure that the provision of non-audit services does not impair the internal auditors’ independence or objectivity
• review the internal auditors’ audit risk assessment, strategy and programme; consider major findings of internal audit investigations and management’s response; and promote co- ordination between the internal and external auditors. The Committee will ensure that the resources made available for internal audit are sufficient to meet the institution’s needs (or make a recommendation to Council as appropriate)
• keep under review the effectiveness of the management of risk, with a focus on the highest areas of risk in the Risk Register, and in particular review the external auditors’ management letter, the internal auditors’ annual report, and management responses
• support the University in its identification and management of risk
• review progress by the University in reducing and mitigating key risks
• review and monitor the effectiveness of the arrangements for the management and quality assurance of data submitted to the Higher Education Statistics Agency (HESA), OfS and other funding bodies
• monitor the implementation of agreed audit-based recommendations, from whatever source
• ensure that all significant losses have been properly investigated and that the internal and external auditors, and where appropriate the funding council’s accounting officer, have been informed
• oversee the institution’s policy on fraud and irregularity, including being notified of any action taken under that policy
• review the Financial Regulations periodically (every four years) and report the outcome to Council. In the intervening years, to recommend to Council any necessary minor revisions
• monitor compliance with the Financial Regulations and Financial Policies for anyone with a contractual relationship with the University - this includes all employees, honorary staff, Council members and official University visitors including those working on a voluntary basis - and notify Council of any material breach.
• satisfy itself that suitable arrangements are in place to ensure sustainability and promote economy, efficiency and effectiveness (value for money)
• receive any relevant reports from the National Audit Office, funding councils and other organisations which directly affect or inform the work of the Committee
• monitor annually the performance and effectiveness of the external and internal auditors, including any matters affecting their objectivity, and make recommendations to Council concerning their reappointment, where appropriate, ensuring that internal and external audit services are market tested on a regular basis
• review and monitor the effectiveness of University whistle-blowing policies that are in place and to recommended amendments as appropriate

The Committee will conduct annual self-assessments together with a four yearly deep dive self-assessment of its own performance and effectiveness and report conclusions and recommendations to Council.

The Committee will review its own Terms of Reference annually at first meeting of the academic year.

4. Reporting arrangements

• The minutes of meetings of the Audit and Risk Committee will be distributed to all Committee members and attendees as appropriate, taking into account any conflicts of interest which may exist.
• Audit and Risk Committee minutes will be circulated to all members of Council following each meeting of the Committee.
• The Committee will prepare an annual report covering the University’s financial year and any significant issues up to the date of preparing the report. The report will be addressed to Council and will summarise the activity for the year. It will give the Committee’s opinion of the adequacy and effectiveness of the University’s arrangements for the following:
  •  risk management, control and governance (the risk management element includes the appropriateness of the statement of internal control included with the annual statement of accounts);
  • economy, efficiency and effectiveness (value for money); and
  • management and quality assurance of data submitted to the Higher Education Statistics Agency, the Student Loans Company, OfS and other bodies.

This opinion should be based on the information presented to the Committee. The Audit and Risk Committee annual report should normally be submitted to Council before the Annual Accountability Statement in the annual financial statements is signed.

5. Constitution

5.1 Membership

The Audit and Risk Committee and its Chair shall be appointed by Council (via the Nominations Committee) and must consist of members with no executive responsibility for the management of the institution. The Chair of Council should not be a member of the Committee. Members should not have significant interests in the institution.

The Committee should comprise:

• Two Class 2 lay members of Council (one appointed as Chair)
• Three persons with senior financial management experience gained outside the University (one of whom may be a lay member of Council).

At least one member should have recent relevant experience in finance, accounting or auditing. 
One member of the Committee should have relevant experience in risk management. 
The Committee may, if it considers it necessary or desirable, co-opt members with particular expertise. Members of the Committee should not also be members of the Finance Committee (or equivalent).

Note: The appointed members shall normally have no more than two consecutive periods of office.

Current membership is set out in the Annex to these Terms of Reference.

5.2 Attendance at meetings

• The Executive Director Finance & Planning, President & Vice- Chancellor, Vice-President (Operations), Executive Director Governance, Legal & Strategy Implementation, Head of Financial Accounts and Compliance, the Head of Internal Audit and a representative of the External Auditors shall normally attend meetings where business relevant to them is to be discussed. However, at least once a year, the Committee should meet with the external and internal auditors without any officers present.
• The University Treasurer is invited to attend all meetings as an observer.
• The Chair of Council is invited to attend (ex-officio).
• The Committee has the right, whenever it is satisfied that this is appropriate, to go into confidential session and exclude any or all other participants and observers other than the Audit and Risk Committee Secretary.
• Other representatives from internal and external auditors and University teams or departments shall attend meetings as appropriate and as required for specific matters where business relevant to them is to be discussed.

6. Quorum and frequency

6.1 Quorum

At least 3 members being present shall constitute as a quorum.

6.2 Frequency of meetings

The Chair or any member of the Committee or the Secretary may convene a meeting of the Committee at any time on reasonable notice to consider any matter falling within these Terms of Reference. The External Auditors or Head of Internal Audit may request a meeting if they consider it necessary.

7. Resources

The Secretary to the Audit and Risk Committee will be a member of Governance Services. They will attend all meetings of the Committee and provide all necessary support to the Committee. The Secretary should ensure that the Committee receives information and papers in a timely manner to ensure full and proper consideration of issues.

The Committee will make a suitable induction process available to new members of the Committee via the Secretary

8. Terms of Reference review

Date of last review: November 2023

Date of next review: September 2024

Annex