As the governing body of the University, the Council has responsibility for maintaining a sound system of internal control that supports the achievement of strategic and operational objectives, while safeguarding public and other funds and assets for which it is responsible, in accordance with the responsibilities assigned to the governing body in the Charter and Statutes and the Office for Students’ (OfS) Terms and Conditions of Funding for Higher Education Institutions.
The system of internal control is designed to manage rather than eliminate the risk of failure to achieve objectives. It can therefore only provide reasonable and not absolute assurance of effectiveness. The system is based on an ongoing process designed to identify the principal risks to the achievement of the University’s strategy and policies; to evaluate the nature and extent of those risks; and to manage them efficiently, effectively, and economically. This system is regularly reviewed by the Council and was in place for the year ended 31 July 2024 and up to the date of the approval of the financial statements.
The following processes have been established:
- The Council regularly considers the plans and strategic direction of the University, including an annual meeting focused on strategic matters and an annually approved Financial Plan that provides the basis for any significant financial decision-making and a robust framework to ensure the University’s financial sustainability and resilience.
- Regular reporting from Council committees, including from the Audit and Risk Committee, which has responsibility for reviewing risk management, control and governance and value for money arrangements on behalf of Council. The Audit and Risk Committee provides an annual report to Council including its opinion on the University’s arrangements.
- Reporting to the Audit and Risk Committee, the Internal Audit function undertakes an annual programme of reviews of the University’s arrangements, culminating in an annual report on the adequacy and effectiveness of the University’s arrangements for risk management, control and governance, and value for money. The annual audit plan is informed by the risks identified in the University’s Principal Risk Register and, as well as providing independent assurance, the recommendations arising from their reviews further enhance the internal control environment and the delivery of value for money.
- The External Audit function gives an independent opinion on the University’s annual financial statements and the use of public funds. These statements summarise the University’s financial performance during the year and its financial position as at the end of the financial year.
- A Risk Management Framework and Principal Risks Register, which is set out in more detail on page 86 of this report.
- Robust internal control arrangements are in place, including for the prevention and detection of corruption, fraud, bribery, and other irregularities. Internal controls are reviewed and developed to ensure they remain fit for purpose and cover business, operational, compliance and financial risk. These arrangements are embedded into ongoing operations.
- An established budgetary control process. Management accounts are reviewed by UMB and Finance Committee. There are additional processes for the administration and control of research grants, research contracts, donations, and endowments where there are specific conditions on how the funds may be spent.
- Regular meetings take place between senior managers and professional service leaders to review progress and issues arising from operational activities, and similar meetings between the Provost and faculty deans in relation to academic developments.
- Extensive financial controls including defined delegations of responsibility, review, oversight and reporting arrangements, as well as policies and procedures, including the Financial Regulations detailing financial controls and procedures.