Audit and Risk Committee

Audit and Risk Committee reports to Council.

Terms of reference

Objectives and outcomes

Audit and Risk Committee's main role is to advise Council on the effectiveness of the University's internal controls and risk management.

The committee assures Council that our systems of internal control and monitoring processes are adequate and efficient.

It also recommends the Annual Financial Accounts to Council.


The remit of the Committee under the following core, agenda-aligned headings, is:

(a) Strategic development, planning, performance monitoring and resourcing items for consideration and/or decision

  1. To recommend the University and Group annual financial statements for Council approval (in conjunction with Finance Committee), based on receiving assurance on the integrity and compliance with financial reporting standards and other requirements, informed by the external auditor’s annual report and management letter).
  2. To approve the content of Audit and Risk Committee’s annual report on the work of the Committee to present to Council and the Vice-Chancellor and President, including an opinion on how the committee has satisfied itself in relation to institutional arrangements for the adequacy and effectiveness of arrangements for internal control, risk management, sustainability, data quality and value for money (VfM). (Note to members: The CUC HE Code of Practice for Audit Committee does not define ‘sustainability’ but ARC may wish to interpret this as key underpinning controls (other than financial sustainability and value for money) which mean the institution functions effectively and compliantly. It might include how ARC seeks assurance on environmental sustainability, plus areas which might be candidates for internally driven policy or internal audit assurance as per term of reference b5 statutory and regulatory compliance, anti-fraud and anti-money laundering, health and safety, Prevent Duty, business and corporate ethics (ie the University’s institutional level systems for non-academic ethics disclosures), student consumer protection, cybersecurity, major and critical incidents, Insurance arrangements, public interest disclosure (whistleblowing).)
  3. To consider and approve the internal audit annual and longer-term programme on the recommendation of UEB and the internal auditors.
  4. To consider and approve the external audit annual and longer-term strategy and plan on the recommendation of UEB and the external auditors.
  5. To monitor the performance of the internal and external audit, including in relation to their objectivity and addressing any concerns.
  6. To monitor the adequacy and effectiveness of the University’s internal control environment, including through the internal audit reports and monitoring progress in implementing their recommendations.
  7. To monitor the adequacy and effectiveness of the University’s risk management framework as set out in the Risk Management Policy and Framework.

(b) Policy and regulatory matters

  1. To recommend the (re)appointment period and terms of conditions or, in extremis, dismissal of the internal and external auditors for Council approval.
  2. To approve non-audit work and associated fees undertaken by the internal and external auditors on an annual basis.
  3. To recommend the Risk Management Policy and Framework for approval by Council, and consider the adequacy of an assurance map for the University to demonstrate effective risk mitigation across a range of control areas.
  4. To approve specific policies and procedures for the effective oversight of internal and external audit related matters as regulated by Audit and Risk Committee on behalf of Council.
  5. To request periodic reports which enable Audit and Risk Committee to take assurance on the adequacy and effectiveness of University policies and controls in a range of internal and external compliance areas.
  6. To be notified by management and take assurance around responses to material internal and external regulatory breaches of University regulation, or notifications or enforcement notices and investigations by a range of external regulators including the Office for Students (OfS), its designated data and quality bodies, UKRI, UKVI, ICO, SLC and other statutory bodies and agencies, or through whistleblowing.
  7. To consider wider policy and reports from internal and external bodies which may have implications on the work of the Committee.
  8. In the event of the merger, dissolution or market exit of the University, to ensure that the necessary actions are completed, including arranging for a final set of financial statements to be completed and signed.


Audit and Risk Committee is principally an advisory committee, with a monitoring function, and in seeking assurance from a range of sources and bodies, and providing assurance to Council on the areas within its remit.

Its role is to be assured that independent oversight of the areas within its remit takes place through the University’s management, governance and control systems.

It is for other bodies and systems to carry out such oversight and monitoring.

The Committee has full authority to commission investigations into specific matters of concern, whether by management, a committee or the internal or external auditors, with an expectation of full cooperation and disclosure.

Reporting to Council

Audit and Risk Committee is a committee of Council and reports directly to it:

  • Frequently through summaries of the minutes of each of its meeting to the next Council meeting.
  • Annually for its report (also to the Vice-Chancellor and President) covering the financial year period and any significant issues up to the date of preparing the report, and its recommendation to adopt the annual financial accounts, and accompanying documents such as the external audit report and management and internal audit annual report provided to Council for information.
  • Periodically via other policies, reports, plans and progress updates which it reviews and/or recommends for Council approval within the business cycle and its terms of reference.

Reporting to the Committee

The Committee has no subcommittee or groups. However, in its oversight testing role, the Committee can reasonably request information and documented assurance and disclosures from all other committees and bodies of Council, UEB, Senate and reports from the internal and external auditors, or commission other bodies to undertaken investigations into areas of internal control or risk weakness, incidents such as fraud or financial irregularity or other material adverse events.

The Committee works closely with Finance Committee based on their respective remits, including a distinct but joint role in both bodies’ review and recommendation to Council of the annual financial statements.

Audit and Risk Committee provides assurance that there has been a robust examination of the statements via the internal process and management representations and the external audit, and reviews the audit of the institution’s financial statements.

It also reviews the audit report, the statement of responsibilities, statement of internal control.

Finance Committee endorses the content of the annual financial statements as showing a true and fair view of the University financial performance (based on financial reports received during the year) and recommends approval of the financial statements after a detailed examination.

Finance Committee also reviews the accounting policies, judgements and estimates, and going concern assumption proposed by management.

The Committee also has a duty to promote co-ordination between the internal and external auditors. The internal and external auditors shall also have the right to meet the Committee in private and to seek a special meeting if they think it appropriate. At least one annual private meeting shall be held between the Committee and the internal and external auditors.

Committee members are appointed by Council on the recommendation of the Constitution and Nominations Committee. In line with the CUC Code of Practice for HE Audit Committees (2020), all members of the Committee must be external Council members or lay members.

The Committee minimum membership must comprise three members, all of whom must be external Council members or other co-opted external members. External Council members must form a majority of the membership over the co-opted members.

Membership will be periodically reviewed on behalf of Council by Governance and Nominations Committee for Council approval. Membership is otherwise coterminous with the individual’s appointment term. Gender balance and wider EDI considerations should be factored into the Committee’s reflection on its own size and composition.

Other membership considerations

The Chair of Council or Chair of Finance Committee should not be members of the Committee. Proxy or alternate members are not permitted.


50% of members, or 50% rounded up where the number of members is odd.

Appointed members

In attendance

  • Chris Thompson, Treasurer, Chair of Finance Committee, Senior Independent Lay Member and Pro-Chancellor

External and internal audit representatives

  • Representatives of external audit (Grant Thornton/Azets)
  • Representatives of internal audit (PwC)

UEB and wider senior management

  • Professor Ken Badcock, Deputy Vice-Chancellor and Provost
  • Nirmal Borkhataria, Interim Finance Director
  • Ruth Clark, Group Financial Controller
  • Adam Hewitt, Interim University Secretary
  • Simon Donoghue, Director of Strategic Planning and Performance
  • Russell Grant, Risk Manager
  • Joss Ivory, Chief Operating Officer
  • Philip Evans, Senior Governance and Assurance Officer (Secretary)

Meeting frequency

A minimum of four times per year, with decisions also being able to be transacted and recorded by written resolution or, where necessary, Chair’s Action.

Meeting modes

Physical or virtual convening of members and attendees, or meetings which simultaneously enable both modes.

Meeting dates 2023-24

Date Time Location
Thursday 21 September 9.15am to 12.30pm Online
Thursday 16 November

9am to 11am: Joint with Finance Committee

11am to 1pm: ARC meeting


Thursday 15 February 9.15am to 12.30pm Online
Thursday 25 April 9.15am to 12.30pm H/G09
Thursday 4 July 9.15am to 12.30pm Online

Internal audit

The prime responsibility of internal audit in higher education is to provide the governing body (usually via the audit committee), head of institution and other senior managers with assurance regarding the adequacy and effectiveness of arrangements for risk management, control and governance.

Internal audit can also provide independent and objective advice to help management to improve risk management, control and governance, so contributing to the achievement of corporate objectives and reducing the effects of any significant risks faced by the institution. 

The University’s current provider of internal audit services is PwC.

External audit

The primary role of external auditors with higher education is to report on the financial statements of the institution, carrying out whatever examination of the statements and underlying records and control systems is necessary to form their opinion of the statements.

Institutions may also ask external auditors to provide services beyond the scope of audit of the financial statements, including special investigation work, taxation compliance and advice, consultancy and value-for-money reviews.

The University’s current providers of external audit services are Grant Thornton and Azets.

Parent committee and associated subcommittees