Skip to content Accessibility statement

Audit and Risk Committee

Committee Objectives and Outcomes

Audit and Risk Committee’s primary objective is to advise, and provide assurance to Council on, the adequacy, effectiveness and efficiency of the University’s internal control and risk management arrangements. A key function of Audit and Risk Committee is to recommend the Annual Financial Accounts to Council, or otherwise advise Council of the Committee's areas of concern. The outcome of the work of the Audit and Risk Committee is to give Council assurance, or advise otherwise, on the adequacy of the University's systems of internal control and risk management to the extent that such controls are within the remit of Audit and Risk Committee. The Committee’s role relates to the monitoring of processes and controls rather than the actual substance of the business and activities to which these apply. Audit and Risk Committee may also undertake or commission work to underpin Council's ability and appetite to take or endorse wider strategic and regulatory activities for the University.

Remit

Committee Remit

The remit of the Committee under the following core, agenda-aligned headings, is:

2a) Strategic Development, Planning, Performance Monitoring and Resourcing items for consideration and/or decision

i. To recommend the University and Group annual financial statements for Council approval (in conjunction with Finance Committee), based on receiving assurance on the integrity and compliance with financial reporting standards and other requirements, informed by the external auditor’s annual report and management letter);

ii. To approve the content of Audit and Risk Committee’s annual report on the work of the Committee to present to Council and the Vice-Chancellor and President, including an opinion on how the committee has satisfied itself in relation to institutional arrangements for the adequacy and effectiveness of arrangements for internal control, risk management, sustainability1 , data quality and value for money (VfM);

iii. To consider and approve the internal audit annual and longer-term programme on the recommendation of UEB and the internal auditors;

iv. To consider and approve the external audit annual and longer-term strategy and plan on the recommendation of UEB and the external auditors;

v. To monitor the performance of the internal and external audit, including in relation to their objectivity and addressing any concerns;

vi. To monitor the adequacy and effectiveness of the University’s internal control environment, including through the internal audit reports and monitoring progress in implementing their recommendations;

vii. To monitor the adequacy and effectiveness of the University’s risk management framework as set out in the Risk Management Policy and Framework.

2b) Policy and Regulatory Matters

i. To recommend the (re)appointment period and terms of conditions or, in extremis, dismissal of the internal and external auditors for Council approval;

ii. To approve non-audit work and associated fees undertaken by the internal and external auditors on an annual basis;

iii. To recommend the Risk Management Policy and Framework for approval by Council, and consider the adequacy of an assurance map for the University to demonstrate effective risk mitigation across a range of control areas;

iv. To approve specific policies and procedures for the effective oversight of internal and external audit related matters as regulated by Audit and Risk Committee on behalf of Council;

v. To request periodic reports which enable Audit and Risk Committee to take assurance on the adequacy and effectiveness of University policies and controls in a range of internal and external compliance areas;

vi. To be notified by management and take assurance around responses to material internal and external regulatory breaches of University regulation, or notifications or enforcement notices and investigations by a range of external regulators including the Office for Students (OfS), its designated data and quality bodies, UKRI, UKVI, ICO, SLC and other statutory bodies and agencies, or through whistleblowing;

vii. To consider wider policy and reports from internal and external bodies which may have implications on the work of the Committee.

viii. In the event of the merger, dissolution or market exit of the University, to ensure that the necessary actions are completed, including arranging for a final set of financial statements to be completed and signed.

1 Note to members: The CUC HE Code of Practice for Audit Committee does not define ‘sustainability’ but ARC may wish to interpret this as key underpinning controls (other than financial sustainability and VfM) which mean the institution functions effectively and compliantly. It might include how ARC seeks assurance on environmental sustainability, plus areas which might be candidates for internally driven policy or internal audit assurance as per term of reference 2bv: statutory and regulatory compliance, anti-fraud and anti-money laundering, health and safety, Prevent duty, business and corporate ethics (ie the University’s institutional level systems for non-academic ethics disclosures), student consumer protection, cybersecurity, major and critical incidents, Insurance arrangements, Public interest disclosure (whistleblowing).

Authority

Audit and Risk Committee is principally an advisory committee, with a monitoring function, and in seeking assurance from a range of sources and bodies, and providing assurance to Council on the areas within its remit. Its role is to be assured that independent oversight of the areas within its remit takes place through the University’s management, governance and control systems.

It is for other bodies and systems to carry out such oversight and monitoring. The Committee has full authority to commission investigations into specific matters of concern, whether by management, a committee or the internal or external auditors, with an expectation of full cooperation and disclosure.

Reporting & Frequency

Reporting to Council: Audit and Risk Committee is a committee of Council and reports directly to it,

Frequently: through summaries of the minutes of each of its meeting to the next Council meeting.

Annually for its report (also to the Vice-Chancellor and President) covering the financial year period and any significant issues up to the date of preparing the report, and its recommendation to adopt the annual financial accounts, and accompanying documents such as the external audit report and management and internal audit annual report provided to Council for information.

Periodically via other policies, reports, plans and progress updates which it reviews and/or recommends for Council approval within the business cycle and its terms of reference.

Reporting to the Committee: The Committee has no sub-committee or groups.

However, in its oversight testing role, the Committee can reasonably request information and documented assurance and disclosures from all other committees and bodies of Council, UEB, Senate and reports from the internal and external auditors, or commission other bodies to undertaken investigations into areas of internal control or risk weakness, incidents such as fraud or financial irregularity or other material adverse events.

The Committee works closely with the Finance Committee based on their respective remits, including a distinct but joint role in both bodies’ review and recommendation to Council of the annual financial statements. The Audit and Risk Committee provides assurance that there has been a robust examination of the statements via the internal process and management representations and the external audit, and reviews the audit of the institution’s financial statements. It also reviews the audit report, the statement of responsibilities, statement of internal control. The Finance Committee endorses the content of the annual financial statements as showing a true and fair view of the University financial performance (based on financial reports received during the year) and recommends approval of the financial statements after a detailed examination. The Finance Committee also reviews the accounting policies, judgements and estimates, and going concern assumption proposed by management.

The Committee also has a duty to promote co-ordination between the internal and external auditors. The internal and external auditors shall also have the right to meet the Committee in private and to seek a special meeting if they think it appropriate. At least one annual private meeting shall be held between the Committee and the internal and external auditors.

Meeting frequency: a minimum of four times per year, with decisions also being able to be transacted and recorded by written resolution or, where necessary, Chair’s Action.

Meeting Modes: physical or virtual convening of members and attendees, or meetings which simultaneously enable both modes.

Membership

Committee members are appointed by Council on the recommendation of the Constitution and Nominations Committee. In line with the CUC Code of Practice for HE Audit Committees (2020), all members of the Committee must be external Council members or lay members.

Committee minimum membership: three members, all of whom must be external Council members or other co-opted external members. External Council members must form a majority of the membership over the co-opted members.

Other membership considerations: the Chair of Council or Chair of Finance Committee should not be members of the Committee. Proxy or alternate members are not permitted.

Quorum: 50% of members, or 50% rounded up where the number of members is odd.

Membership Review: membership will be periodically reviewed on behalf of Council by Governance and Nominations Committee for Council approval. Membership is otherwise coterminous with the individual’s appointment term. Gender balance and wider EDI considerations should be factored into the Committee’s reflection on its own size and composition.

MEMBERSHIP

Mr David Watson (Chair, Audit and Risk Committee) and External Council Member

Amanda Nevill, External Council Member

Professor John Loughhead, External Council Member

Mr Owen Trotter, (Co-Opted Member).

Secretary: Dr Philip Evans (Senior Governance and Assurance Officer)

 

In Attendance:

Mr Chris Thompson, Treasurer, Chair of Finance Committee, Senior Independent Lay Member and Pro-Chancellor

External and Internal Audit Representatives

Representatives of external audit (KPMG)

Representatives of internal audit (PwC)

 

UEB and wider senior management

Professor Saul Tender, Deputy Vice-Chancellor and Provost

Dr Joss Ivory, Chief Operating Officer

Jeremy Lindley, Finance Director

Rebekah Desport, Director of Planning and Risk

Dr Adam Dawkins, University Secretary

Ruth Clark, Group Financial Controller

Dr Russell Grant, Risk Manager

Further Information

Committee BusinessRelevant University Policies

 

Risk ManagementInformation for Committee Members only
Relevant External Regulatory DocumentsOffice for Students
Internal AuditExternal Audit

The prime responsibility of internal audit within the higher education sector is to provide the governing body (usually via the audit committee), head of institution and other senior managers with assurance regarding the adequacy and effectiveness of arrangements for risk management, control and governance. Internal audit can also provide independent and objective advice specifically to help management to improve risk management, control and governance, so contributing to the achievement of corporate objectives and reducing the effects of any significant risks faced by the institution. 

The University’s current provider of internal audit services is PwC.

The primary role of external auditors within the higher education sector is to report on the financial statements of the institution, carrying out whatever examination of the statements and underlying records and control systems is necessary to form their opinion of the statements. Institutions may also ask external auditors to provide services beyond the scope of audit of the financial statements, including special investigation work, taxation compliance and advice, consultancy and value for money reviews.

The University’s current provider of external audit services is KPMG.

Audit and Risk Committee
reports to Council

Chair

  • Mr David Watson

Who to contact

  • Dr Philip Evans
    Senior Governance and Assurance Officer
    for agendas and minutes
    philip.evans@york.ac.uk
    01904 324031

Other useful links