Audit and Risk Committee

Committee Objectives and Outcomes

Audit and Risk Committee’s primary objective is to advise, and provide assurance to Council on, the adequacy, effectiveness and efficiency of the University’s internal control and risk management arrangements.

A key function of Audit and Risk Committee is to recommend the Annual Financial Accounts to Council, or otherwise advise Council of the Committee's areas of concern.

The outcome of the work of the Audit and Risk Committee is to give Council assurance, or advise otherwise, on the adequacy of the University's systems of internal control and risk management to the extent that such controls are within the remit of Audit and Risk Committee.

The Committee’s role relates to the monitoring of processes and controls rather than the actual substance of the business and activities to which these apply.

Audit and Risk Committee may also undertake or commission work to underpin Council's ability and appetite to take or endorse wider strategic and regulatory activities for the University.

Remit
Authority
Reporting and frequency
Membership
Meeting Dates
Agendas & Minutes
Further Information

Remit

The remit of the Committee under the following core, agenda-aligned headings, is:

(a) Strategic Development, Planning, Performance Monitoring and Resourcing items for consideration and/or decision

To recommend the University and Group annual financial statements for Council approval (in conjunction with Finance Committee), based on receiving assurance on the integrity and compliance with financial reporting standards and other requirements, informed by the external auditor’s annual report and management letter)
To approve the content of Audit and Risk Committee’s annual report on the work of the Committee to present to Council and the Vice-Chancellor and President, including an opinion on how the committee has satisfied itself in relation to institutional arrangements for the adequacy and effectiveness of arrangements for internal control, risk management, sustainability¹ , data quality and value for money (VfM)
To consider and approve the internal audit annual and longer-term programme on the recommendation of UEB and the internal auditors
To consider and approve the external audit annual and longer-term strategy and plan on the recommendation of UEB and the external auditors
To monitor the performance of the internal and external audit, including in relation to their objectivity and addressing any concerns
To monitor the adequacy and effectiveness of the University’s internal control environment, including through the internal audit reports and monitoring progress in implementing their recommendations
To monitor the adequacy and effectiveness of the University’s risk management framework as set out in the Risk Management Policy and Framework

(b) Policy and Regulatory Matters

To recommend the (re)appointment period and terms of conditions or, in extremis, dismissal of the internal and external auditors for Council approval;
To approve non-audit work and associated fees undertaken by the internal and external auditors on an annual basis;
To recommend the Risk Management Policy and Framework for approval by Council, and consider the adequacy of an assurance map for the University to demonstrate effective risk mitigation across a range of control areas;
To approve specific policies and procedures for the effective oversight of internal and external audit related matters as regulated by Audit and Risk Committee on behalf of Council;
To request periodic reports which enable Audit and Risk Committee to take assurance on the adequacy and effectiveness of University policies and controls in a range of internal and external compliance areas;
To be notified by management and take assurance around responses to material internal and external regulatory breaches of University regulation, or notifications or enforcement notices and investigations by a range of external regulators including the Office for Students (OfS), its designated data and quality bodies, UKRI, UKVI, ICO, SLC and other statutory bodies and agencies, or through whistleblowing;
To consider wider policy and reports from internal and external bodies which may have implications on the work of the Committee.
In the event of the merger, dissolution or market exit of the University, to ensure that the necessary actions are completed, including arranging for a final set of financial statements to be completed and signed

¹ Note to members: The CUC HE Code of Practice for Audit Committee does not define ‘sustainability’ but ARC may wish to interpret this as key underpinning controls (other than financial sustainability and VfM) which mean the institution functions effectively and compliantly. It might include how ARC seeks assurance on environmental sustainability, plus areas which might be candidates for internally driven policy or internal audit assurance as per term of reference b5 statutory and regulatory compliance, anti-fraud and anti-money laundering, health and safety, Prevent duty, business and corporate ethics (ie the University’s institutional level systems for non-academic ethics disclosures), student consumer protection, cybersecurity, major and critical incidents, Insurance arrangements, Public interest disclosure (whistleblowing).

Authority

Audit and Risk Committee is principally an advisory committee, with a monitoring function, and in seeking assurance from a range of sources and bodies, and providing assurance to Council on the areas within its remit.

Its role is to be assured that independent oversight of the areas within its remit takes place through the University’s management, governance and control systems.

It is for other bodies and systems to carry out such oversight and monitoring.

The Committee has full authority to commission investigations into specific matters of concern, whether by management, a committee or the internal or external auditors, with an expectation of full cooperation and disclosure.

Reporting and frequency

Reporting to Council

Audit and Risk Committee is a committee of Council and reports directly to it:

Frequently: through summaries of the minutes of each of its meeting to the next Council meeting.
Annually for its report (also to the Vice-Chancellor and President) covering the financial year period and any significant issues up to the date of preparing the report, and its recommendation to adopt the annual financial accounts, and accompanying documents such as the external audit report and management and internal audit annual report provided to Council for information.
Periodically via other policies, reports, plans and progress updates which it reviews and/or recommends for Council approval within the business cycle and its terms of reference.

Reporting to the Committee

The Committee has no sub-committee or groups. However, in its oversight testing role, the Committee can reasonably request information and documented assurance and disclosures from all other committees and bodies of Council, UEB, Senate and reports from the internal and external auditors, or commission other bodies to undertaken investigations into areas of internal control or risk weakness, incidents such as fraud or financial irregularity or other material adverse events.

The Committee works closely with Finance Committee based on their respective remits, including a distinct but joint role in both bodies’ review and recommendation to Council of the annual financial statements. Audit and Risk Committee provides assurance that there has been a robust examination of the statements via the internal process and management representations and the external audit, and reviews the audit of the institution’s financial statements. It also reviews the audit report, the statement of responsibilities, statement of internal control. Finance Committee endorses the content of the annual financial statements as showing a true and fair view of the University financial performance (based on financial reports received during the year) and recommends approval of the financial statements after a detailed examination. Finance Committee also reviews the accounting policies, judgements and estimates, and going concern assumption proposed by management.

The Committee also has a duty to promote co-ordination between the internal and external auditors. The internal and external auditors shall also have the right to meet the Committee in private and to seek a special meeting if they think it appropriate. At least one annual private meeting shall be held between the Committee and the internal and external auditors.

Meeting Frequency

A minimum of four times per year, with decisions also being able to be transacted and recorded by written resolution or, where necessary, Chair’s Action.

Meeting Modes

Physical or virtual convening of members and attendees, or meetings which simultaneously enable both modes.

Membership

Committee members are appointed by Council on the recommendation of the Constitution and Nominations Committee. In line with the CUC Code of Practice for HE Audit Committees (2020), all members of the Committee must be external Council members or lay members.

The Committee minimum membership must comprise three members, all of whom must be external Council members or other co-opted external members. External Council members must form a majority of the membership over the co-opted members.

Membership will be periodically reviewed on behalf of Council by Governance and Nominations Committee for Council approval. Membership is otherwise coterminous with the individual’s appointment term. Gender balance and wider EDI considerations should be factored into the Committee’s reflection on its own size and composition.

Other membership considerations

The Chair of Council or Chair of Finance Committee should not be members of the Committee. Proxy or alternate members are not permitted.

Quorum

50% of members, or 50% rounded up where the number of members is odd.

Appointed Members

David Watson (Chair, Audit and Risk Committee) and External Council Member
Professor John Loughhead, External Council Member
Owen Trotter, (Co-Opted Member)
Vacancy

In Attendance

Mr Chris Thompson, Treasurer, Chair of Finance Committee, Senior Independent Lay Member and Pro-Chancellor
External and Internal Audit Representatives
- Representatives of external audit (Grant Thornton/Azets)
- Representatives of internal audit (PwC)
UEB and wider senior management
- Professor Ken Badcock, Deputy Vice-Chancellor and Provost
- Ruth Clark, Group Financial Controller
- Dr Adam Dawkins, University Secretary
- Simon Donoghue, Director of Strategic Planning and Performance
- Dr Russell Grant, Risk Manager
- Dr Joss Ivory, Chief Operating Officer
Dr Philip Evans, Senior Governance and Assurance Officer (Secretary)

Meeting Dates

2023-2024

Thursday 21 September 2023, 9.15am-12.30pm (online)
Thursday 16 November 2023, 9.00am-1100am Joint with Finance Committee, 11.00am-1.00pm ARC meeting (H/G21)
Thursday 15 February 2024, 9.15am-12.30pm (online)
Thursday 25 April 2024, 9.15am-12.30pm (H/G09)
Thursday 4 July 2024, 9.15am-12.30pm (online)

Agendas & Minutes

Agendas and executive summaries for the meetings listed below are currently under preparation for publication, to ensure that they meet ICO, FOI and accessibility requirements. In the meantime, please direct any queries to governance@york.ac.uk

Further Information

Committee Business	Relevant University Policies
Audit and Risk Committee Annual Cycle of Business 2021-22 (MS Word , 26kb) Executive summaries for Council of the Committee's meetings [redacted]	Internal Audit Protocols (see under ‘other useful links’) External Auditor Provision of Non-Audit Services (see under ‘other useful links’) Financial Regulations/Policies and Scheme of Delegation
Risk Management	Information for Committee Members only
Risk Management Policy Corporate Risk Governance - core committee roles (PDF , 104kb)	Board Effect Login
Relevant External Regulatory Documents	Office for Students
CUC: HE Audit Committees Code of Practice (May 2020) CUC: HE Code of Governance (December 2020)	OfS: Regulatory Framework for HE in England OfS: Conditions of Registration OfS: Regulatory Notices and Advice OfS: Value for Money
Internal Audit	External Audit
The prime responsibility of internal audit within the higher education sector is to provide the governing body (usually via the audit committee), head of institution and other senior managers with assurance regarding the adequacy and effectiveness of arrangements for risk management, control and governance. Internal audit can also provide independent and objective advice specifically to help management to improve risk management, control and governance, so contributing to the achievement of corporate objectives and reducing the effects of any significant risks faced by the institution. The University’s current provider of internal audit services is PwC.	The primary role of external auditors within the higher education sector is to report on the financial statements of the institution, carrying out whatever examination of the statements and underlying records and control systems is necessary to form their opinion of the statements. Institutions may also ask external auditors to provide services beyond the scope of audit of the financial statements, including special investigation work, taxation compliance and advice, consultancy and value for money reviews. The University’s current provider of external audit services is KPMG.

Who to contact

Chair
Mr David Watson

Secretary
Dr Philip Evans
Senior Governance and Assurance Officer
for agendas and minutes
philip.evans@york.ac.uk
01904 324031

Other useful links

CUC Higher Education Audit Committees Code of Practice 2020 (PDF , 1,315kb)

External Auditor Provision of Non Audit Services (PDF , 772kb)

Internal Audit Protocols - January 2023 (PDF , 145kb)