Audit and Risk Committee - Terms of Reference

Membership

The Committee and its Chair shall be appointed by Council, with the following specific requirements:

  • members will have no executive responsibility for the management of the institution;
  • there shall be no fewer than four members three of whom should be members of Council; a quorum shall be two members;
  • the Chair of Council will not normally be a member of the Committee;
  • the Chair of the Committee will normally be a member of Council;
  • members should not normally have significant interests in the institution;
  • at least one member should have a background in finance, accounting or auditing and the Committee may, if it considers it necessary or desirable, co-opt members with particular expertise;
  • no member of the Committee may also be a member of the Finance and Infrastructure Committee (or equivalent),
  • the Chair of Finance and Infrastructure Committee, although not a member of the Committee, will be allowed to attend and comment as appropriate.  

Membership of the Committee is for three years and may be renewed. Members should not ordinarily serve on the Committee for more than three terms of office and, where possible, changes in membership should be phased in to provide continuity. 

Other attendees at meetings 

The Chief Operating Officer, the Head of Internal Audit, and a representative of the external auditors shall normally attend meetings where business relevant to them is to be discussed. At least once a year, the Committee will meet with the external and internal auditors without any officers present. 

Frequency of meetings 

Meetings shall normally be held at least three times each financial year. The external auditors or Head of Internal Audit may request a meeting if they consider it necessary. 

Authority 

The Committee is authorised by Council to investigate any activity within its terms of reference. It is authorised to seek any information it requires from any employee, and all employees are directed to co-operate with any request made by the Committee. 

The Committee is authorised by Council to obtain outside legal or other independent professional advice and to secure the attendance of non-members with relevant experience and expertise if it considers this necessary, normally in consultation with the Accountable Officer (as designated by OfS) and/or the Chair of Council. This includes non-audit fees paid to the external auditors and internal auditors. However, it may not incur direct expenditure in this respect in excess of £25,000, without the prior approval of Council. 

Duties 

The duties of the Committee are to: 

  • Auditors
    • advise the Council on the appointment of the external auditors, the audit fee, the provision of any non-audit services by the external auditors and any questions of resignation or dismissal of the external auditors; 
    • discuss if necessary with the external auditors, before the audit begins, the nature and scope of the audit; 
    • discuss with the external auditors problems and reservations arising from the interim and final audits, including a review of the management letter incorporating management responses, and any other matters the external auditors may wish to discuss (in the absence of management where necessary); 
    • consider and advise the Council on the appointment and terms of engagement of the internal audit service (and the head of internal audit, if applicable), the audit fee, the provision of any non-audit services by the internal auditors and any questions of resignation or dismissal of the internal auditors; 
    • review the internal auditors' audit needs assessment and the audit plan;
    • consider major findings of internal audit investigations and management's response;
    • promote co-ordination between the internal and external auditors. The Committee will ensure that the resources made available for internal audit are sufficient to meet the institution's needs (or make a recommendation to Council as appropriate);
    •  monitor the implementation of agreed audit-based recommendations, from whatever source; 
    •  monitor annually the performance and effectiveness of external and internal auditors, and to make recommendations to Council concerning their re-appointment, where appropriate.
  • Risk management and control
    •  keep under review the effectiveness of internal control and risk management systems, and in particular to review the external auditor’s management letter, the internal auditors' annual report, and management responses; 
    • review, and to advise Council on, risk management control activity undertaken by the University Executive, with a view to ensuring that the University is managing all forms of risk effectively and adopting best practice in risk management generally;  
    • oversee the institution's policy on fraud and irregularity, including being notified of any action taken under that policy;
    • where appropriate, confirm with the internal and external auditors that the effectiveness of the internal control system has been reviewed, and comment on this in its annual report to the Council.
  • OfS
    •  ensure that all significant losses have been properly investigated and that the internal and external auditors, and where appropriate the OfS Accountable Officer, have been informed;
    • satisfy itself that appropriate value for money arrangements are in place to promote economy, efficiency and effectiveness. 
    •  satisfy itself that appropriate data quality procedures are in place to ensure major external reports and returns are completed appropriately; 
    • receive any relevant reports from the National Audit Office, the OfS and other organisations;
    • ensure governance oversight of the reporting to OfS of serious incidents (defined as those that may have, or actually, put the University’s asset, beneficiaries  or reputation at risk).
  • Financial Regulation and Governance
    • review the effectiveness of the University’s Finance and Governance Regulations, including the University’s Bank Mandates, Treasury Controls and the University’s Financial Authority-limits, and to report to Council thereon
    • oversee the University’s Ethics Framework, and make recommendations to Council thereon
    • to review, in exceptional circumstances, ethical governance issues referred following consideration by the University Executive or the University Research Ethics Committee.
  • Financial statements
    • review and approve the annual financial statements in the presence of the external auditor, including the auditor's formal opinion, the statement of members' responsibilities and any corporate governance statement, including consideration of the internal control systems effectiveness,  risk management statements and any relevant issue raised in the external audit management letter.  
  • Review of Effectiveness of the Audit and Risk Committee
    • undertake an annual review of the effectiveness of the Audit and Risk Committee and its terms of reference.

Reporting Procedures

The minutes (or a report) of meetings of the Committee will be circulated to all members of the Council.

The Committee will prepare an annual report for the institution's financial year. The report will be addressed to Council and designated officer, summarising the activity for the year. It will give the Committee's opinion on the extent to which Council may rely on the internal control and risk management system and the arrangements for securing economy, efficiency and effectiveness. (This opinion should be based upon the information presented to the Committee). The Audit and Risk Committee annual report should normally be submitted to Council before the University’s annual financial statements are signed.

Secretarial arrangements

The secretary to the Audit and Risk Committee will normally also be responsible for servicing Council (or another appropriate independent individual).

JGW/Approved by Council 26.11.14/Amendment to Membership approved by Nominations Committee 12.10.16/Minor revisions approved by Audit Committee 6.6.18/ Minor revisions, including change of title to Audit and Risk Committee, approved by Council 19.6.19