audit, risk & governance committee documents... · place reliance on the ... the university’s...

12
AUDIT, RISK & GOVERNANCE COMMITTEE Annual Report to the University Board and the Accountable Officer for 2015/16 1 STATEMENT FROM THE CHAIR OF THE COMMITTEE I am pleased to present this report to the University Board and the Vice-Chancellor which details the key activities undertaken by the Audit, Risk & Governance Committee since autumn 2015. Having been appointed Chair of the Committee on 9 th July 2016, I have consulted with my predecessor, Prof Richard Conder, in approving this report and ensuring its accuracy. This report has been compiled in accordance with HEFCE’s Memorandum of Assurance and Accountability (MAA) and is presented for review by the Board before the audited Financial Statements are approved and signed. Governance matters have continued to feature prominently in the Committee’s work this year in the light of on- going changes in Government policy and shifting threats and opportunities. The University welcomed HEFCE in March for their five-yearly Assurance Review visit and was pleased to receive their opinion that they were able to place reliance on the University’s accountability information. HEFCE’s suggestions to improve our already sound practice included enhancements to our process of serious incident reporting and the wording of the Committee’s opinion on data quality. These suggestions have been taken into account and are reflected in this report. The University’s governance also came under review through our own internal auditor’s review of governance arrangements. The report confirmed that the arrangements provided satisfactory assurance and provided 2 recommendations for improvements to the arrangements for Senate and its Committees, both of which are being implemented. In addition the Board itself undertook its periodic independent review of Governance this year, undertaken by the Good Governance Institute in accordance with Terms of Reference determined by the Committee on behalf of the Board. The review outcomes showed that the University was well-governed and compliant with the CUC Code of HE Governance. The recommendations for possible enhancements are under consideration and will be taken forward in the coming year. A further independent review of the University’s Senate and academic governance arrangements is now underway and will report in 2016/17, which is particularly timely given the Board’s increased role in maintaining oversight of academic quality and the need to provide assurance statements to HEFCE on this point. The Committee’s Terms of Reference were expanded this year to include oversight of key corporate governance policies and incident reporting. Serious incident reporting for PREVENT and any serious harm to beneficiaries now form standing agenda items at every meeting. External auditors BDO were re-appointed following a full competitive tendering exercise. In accordance with best practice, a new lead partner has been identified and he is working closely with his colleague to ensure a smooth transition. In terms of the Committee’s oversight of risk management processes, we have seen some movement in latent risk indicators such as the risk that ‘BU is unable to ensure that our learning environment facilitates and supports a world-class learning community by failing to manage Estates programmes and projects’ has changed from rising to static following recent land acquisitions. Risks relating to the EU Referendum outcome, including impacts and mitigations, have been subsumed into other relevant risks throughout the Risk Register. New amber risks have emerged reflecting the Prevent duty and risks due to lack of appropriate student accommodation (arising from changes to the housing market). The Committee has continued to assess risks relating to IT controls (following the findings of last year’s internal audit report) and welcomed new policies on information security which were recommended to the Board. We also received regular reports on risks associated with the University’s Student Journey Project.

Upload: phamanh

Post on 24-Jun-2018

213 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

AUDIT, RISK & GOVERNANCE COMMITTEE

Annual Report to the University Board and the Accountable Officer for 2015/16

1 STATEMENT FROM THE CHAIR OF THE COMMITTEE

I am pleased to present this report to the University Board and the Vice-Chancellor which details the key activities undertaken by the Audit, Risk & Governance Committee since autumn 2015. Having been appointed Chair of the Committee on 9th July 2016, I have consulted with my predecessor, Prof Richard Conder, in approving this report and ensuring its accuracy. This report has been compiled in accordance with HEFCE’s Memorandum of Assurance and Accountability (MAA) and is presented for review by the Board before the audited Financial Statements are approved and signed.

Governance matters have continued to feature prominently in the Committee’s work this year in the light of on-going changes in Government policy and shifting threats and opportunities. The University welcomed HEFCE in March for their five-yearly Assurance Review visit and was pleased to receive their opinion that they were able to place reliance on the University’s accountability information. HEFCE’s suggestions to improve our already sound practice included enhancements to our process of serious incident reporting and the wording of the Committee’s opinion on data quality. These suggestions have been taken into account and are reflected in this report.

The University’s governance also came under review through our own internal auditor’s review of governance arrangements. The report confirmed that the arrangements provided satisfactory assurance and provided 2 recommendations for improvements to the arrangements for Senate and its Committees, both of which are being implemented. In addition the Board itself undertook its periodic independent review of Governance this year, undertaken by the Good Governance Institute in accordance with Terms of Reference determined by the Committee on behalf of the Board. The review outcomes showed that the University was well-governed and compliant with the CUC Code of HE Governance. The recommendations for possible enhancements are under consideration and will be taken forward in the coming year. A further independent review of the University’s Senate and academic governance arrangements is now underway and will report in 2016/17, which is particularly timely given the Board’s increased role in maintaining oversight of academic quality and the need to provide assurance statements to HEFCE on this point.

The Committee’s Terms of Reference were expanded this year to include oversight of key corporate governance policies and incident reporting. Serious incident reporting for PREVENT and any serious harm to beneficiaries now form standing agenda items at every meeting.

External auditors BDO were re-appointed following a full competitive tendering exercise. In accordance with best practice, a new lead partner has been identified and he is working closely with his colleague to ensure a smooth transition.

In terms of the Committee’s oversight of risk management processes, we have seen some movement in latent risk indicators such as the risk that ‘BU is unable to ensure that our learning environment facilitates and supports a world-class learning community by failing to manage Estates programmes and projects’ has changed from rising to static following recent land acquisitions. Risks relating to the EU Referendum outcome, including impacts and mitigations, have been subsumed into other relevant risks throughout the Risk Register. New amber risks have emerged reflecting the Prevent duty and risks due to lack of appropriate student accommodation (arising from changes to the housing market).

The Committee has continued to assess risks relating to IT controls (following the findings of last year’s internal audit report) and welcomed new policies on information security which were recommended to the Board. We also received regular reports on risks associated with the University’s Student Journey Project.

Page 2: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

In considering the 2015/16 Financial Statements and external audit report, the Committee was pleased to note that for the second year running there were no management letter points raised regarding any significant deficiencies in internal control. The Committee was also pleased to note that all internal audit reviews undertaken during the year resulted in findings of satisfactory or substantial assurance, with substantial assurance being given in the areas of payroll and associated HR Procedures, Risk Management and Value for Money. The Committee’s formal opinion, providing assurance in all key areas, can be found at Section 6 of this document.

Jean Lang Chair Audit, Risk & Governance Committee Bournemouth University November 2016

Page 3: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

2 INTRODUCTION

The Higher Education Funding Council for England (HEFCE) requires the Audit, Risk & Governance Committee (‘the Committee’) to produce an annual report to the University Board and the Accountable Officer (the Vice Chancellor). The Memorandum of Assurance and Accountability between HEFCE and institutions (July 2016/12) states that this must include the Committee’s conclusions on the adequacy and effectiveness of the Higher Education Institution’s (HEI’s) arrangements for:

i) risk management, control and governance; ii) economy, efficiency and effectiveness (value for money); and iii) management and quality assurance of data submitted to the Higher Education Statistics Agency (HESA),

the Student Loans Company, HEFCE and other bodies.

The report also records the work of the Committee and considers the external auditors’ management letter, the internal auditors’ annual report and any HEFCE reports or other relevant evaluations.

A model format for the report is provided in the Committee of University Chairs’ (CUC’s’) Guidance for Members of Audit Committees in HEIs (February 2008) and is used as the basis for this report.

In accordance with HEFCE’s instructions, this report covers the financial year 1 August 2015 to 31 July 2016 plus any significant issues up to the date of signing the report and the Committee’s consideration of the financial statements.

3 STRUCTURE AND OPERATION OF THE COMMITTEE

3.1 Membership and Terms of Reference The membership of the Audit, Risk & Governance Committee (ARG), those in attendance at meetings and the Terms of Reference are attached as Appendix 1. Membership of the Committee comprises up to seven independent Board Members, none of whom have executive authority, although members of the University Executive Team are in attendance at meetings, together with representatives from the University’s internal and external auditors.

In July 2016, the Committee Chair, Prof Conder, was appointed Chair of the University Board and, in accordance with good governance practice, stood down from the role of Audit Committee Chair. He was succeeded as Committee Chair by independent Board and Committee member Jean Lang, who is an experienced Audit Chair. A new independent member, who is a qualified accountant with extensive board level experience, was appointed to fill the resulting vacancy on the Committee. HEFCE was formally notified of the change of Board Chair and Audit Committee Chair at that time.

The Committee continues to review its Terms of Reference regularly (at least once per year), with the University Board most recently being asked to approve minor amendments in May 2016. This amendment made explicit the Committee’s oversight of key corporate governance policies and incident reporting.

3.2 Meetings The Committee met 3 times during the 2015/16 financial year (on 10th November 2015, 4th March 2016 and 17th June 2016). Minutes of the meetings were submitted in full to the next scheduled University Board meeting.

The Committee considered the 2015-16 financial statements and annual accountability return at a meeting held on 4th November 2016 and recommended these for approval by the University Board at its meeting on 25th November 2016.

Members of the Committee have the opportunity to consult the Auditors privately following every meeting and do so at least once a year. During the period of this report such discussions took place following the 10th November 2015 and 4th November 2016 meetings. Similarly, the Committee may meet in private with the members of the University’s Executive Team following any meeting, and did so on 10th November 2015.

Page 4: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

4 RISK MANAGEMENT

4.1 Risk Management The University’s Strategic Risk Register was reviewed at each meeting and the Committee reviews the Risk Management process annually to ensure that it remains fit for purpose. The policy was most recently reviewed on 4th November 2016 and approved as fit for purpose. The Strategic Risk Register is maintained, monitored and managed by the Risk Management Steering Group, an Executive group chaired by the Deputy Vice Chancellor. This Group is responsible for ensuring that a robust risk management process is in place and for evaluating Faculty and Professional Services’ risk registers. The University Leadership Team also reviewed the Strategic Risk Register on a quarterly basis. The Committee may refer any questions or comments on the risk register back to the Risk Management Steering Group or escalate them for consideration by the Board. Issues highlighted in the risk register inform the internal audit strategy. The Strategic Risk Register is submitted to the University Board along with the minutes of the Committee.

In addition, the risk appetite statements, developed and approved by the Board in 2014/15, for each of the University’s key areas of business, inform the strategic and operational activity required to achieve the University’s BU 2018 strategy.

The Internal Auditors, Kingston City Group (KCG) also conducted a review of the Risk Management Framework and Processes during the year and concluded that;

It is our opinion that the control framework over the University’s risk management arrangements provides substantial assurance that associated risks material to the achievement of the University’s objectives are adequately managed and controlled.”

The internal auditors’ full report was presented to the ARG for consideration at its meeting on 4th November 2016.

5 CONTROL AND GOVERNANCE

5.1 Internal Audit Internal Audit services are delivered to the University by the Internal Audit Consortium, Kingston City Group (KCG). KCG is a Cost Sharing Group (CSG) under the UK Finance Act 2012. The University is a Member institution of the KCG Consortium – a Higher Education (HE) shared services organisation for the provision of in-house Internal Audit services to Member institutions on a shared cost and not-for-profit basis.

The Strategic Internal Audit Plan (2013/14 to 2015/16) allocated 109 days audit activity for 2015/16 and 114 days were delivered, with the cost of the additional days being absorbed by KCG.

During 2015/16 KCG provided the Committee with interim reports on progress at each meeting. They conducted the following reviews during the period:

i) Financial and management accounting processes and systems

viii) University Governance Arrangements

ii) Payroll and associated HR procedures ix) Review of data quality

iii) Capital Programme and Expenditure x) IT Risk and Control

iv) Student systems (admissions) xi) VfM arrangements

v) Faculty of Management xii) Follow up of prior year recommendations

vi) Fundraising xiii) Ad hoc advice and guidance

vii) Fusion Investment Fund xiv) Review of UUK Code of Practice for the Management of Student Housing (follow up)

vii) Risk management

Page 5: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

33 recommendations (19 priority 2 and 14 priority 3) were raised in total compared to 25 in the previous year. 19 were judged to be ‘priority two’ (having an important effect on internal controls, but not requiring immediate management action) and 14 were ‘priority 3’ (improvements not vital to the overall system of internal control).

KCG also register and track all prior year recommendations and their implementation. Of the 25 agreed recommendations raised in 2014/15, 22 have been satisfactorily implemented, 1 is in the process of being implemented and 1 is now planned to be implemented by January 2017.

3 recommendations remain outstanding from 2013/14, all relating to IT Risk & Control. Work to implement these is ongoing with revised target completion dates of April 2017 and December 2016.

The individual reports of the internal audit service were deemed by the Committee to be appropriate in scope and helpful to the Committee and the management of the University.

The KCG Annual Report has been reviewed and its findings accepted by the Committee.

In the opinion of the Internal Auditors, KCG

“Overall, for the year ended 31 July 2016 and at the time of reporting, we provide satisfactory assurance that the University maintained adequately designed and effective arrangements for risk management, control and governance, and economy, efficiency and effectiveness.

We have reached this conclusion by examining the design and operation of controls over the University’s financial, operational and strategic processes and systems, its arrangements for ensuring Value for Money (VfM), and by assessing its risk management and governance processes and procedures as well as management’s progress in implementing recommendations made in prior years.

In our opinion controls over the University’s financial, operational and strategic processes are adequately designed and operating effectively. They are capable of providing an adequate basis for maintaining management control, if operated consistently and effectively and as intended by management.

The matters raised in this Report are only those which came to our attention in carrying out our audit procedures, in accordance with the annual internal audit plan, and are not necessarily a comprehensive statement of all the weaknesses that may exist, or of all the improvements that may be required.

The full text of the Internal Audit Annual Report for 2015/16 will be included in the papers for the 25 November 2016 University Board meeting. A new internal audit plan for 2016/17 to 2018/19 was considered and agreed by the Committee at its meeting on 17th June 2016.

5.2 External Audit The University contracts with BDO LLP for the provision of external audit services. The schedule of fees payable is included in the annual audit report, including any fees for non-audit services. Specific approval is sought from the Committee before inviting the external auditor to engage/tender for any non-audit services which, because of their size or nature or because of special terms or conditions may give rise to threats to the auditor’s independence.

BDO’s Annual Report was reviewed by the Committee at its meeting on 4th November 2016 and will be included in the papers for the University Board meeting on 25th November 2016. Prior to this (at the Committee’s June meeting), BDO presented their planning report which gave an overview of key audit and accounting matters expected to be included in the External Audit Annual Report. BDO anticipate that they will issue an unqualified opinion on the financial statements for 2015/16. The report notes that this will be the first year in which the University applies new accounting standard FRS 102, which the Board will be familiar with from the presentation on this topic provided by BDO at the July Board meeting. They conclude that the adjustments made for the restated financial statements are complete and appropriate and that they have been properly prepared in line with FRS 102 and the ‘Statement of recommended practice: Accounting for further and higher education’.

The External Auditors’ Management Letter for 2015/16 identified no recommendations for action in 2015/16.

Page 6: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

The Committee formally reviews the effectiveness of both the external and internal auditors’ performance annually, and found that both providers were operating effectively.

5.3 Financial Statements The Committee considered the draft Financial Statements for 2015/16 at its meeting on 4th November 2016 and recommended them to the Board for approval at their meeting on 25th November 2016.

5.4 HEFCE Assurance Letter In June 2016, the Committee received HEFCE’s annual assessment of institutional risk (based on the University’s annual accountability return) which stated that the University is ‘not at higher risk’ – this being one of only two possible ratings awarded by HEFCE, the other being ‘at higher risk’. Members noted the benchmarking data on key financial indicators. The Assurance letter was presented to the full Board with the minutes of the Committee meeting in July 2016.

In March 2016 HEFCE also undertook its quinquennial assurance review to examine how the university exercises accountability for the public funding which it receives. HEFCE’s overall conclusion of the review was ‘we are able to place reliance on the university’s accountability information’. No formal recommendations were found to be required. Their suggestions for enhancements included ensuring that data returns in respect of the Student Loans Company were expressly included in the Committee’s report and considering improvements to the serious incident reporting process.

5.5 Corporate Governance In 2015 the Committee received a report on the University’s compliance with the CUC’s Higher Education Code of Governance (Dec 2014). This included a line-by-line mapping against each provision of the Code and resulted in five recommendations being approved by the Committee to strengthen existing practice. In March 2016 the Committee received the first annual compliance update report and was pleased to note that all recommendations arising from the original report were completed or in the process of being actively implemented.

The internal auditors undertook their periodic review of corporate governance arrangements in 2016 and concluded that ‘…the control framework for the University’s governance arrangements provides satisfactory assurance that associated risks material to the achievement of the University’s objectives are adequately managed and controlled.’ The Board also undertook its own independent effectiveness review this year which confirmed that the University’s governance arrangements were sound whilst making some suggestions for possible enhancements to processes which are currently under consideration. The report of that independent review was shared with the internal auditors along with other evidence to support their own opinion.

5.6 Students’ Union at Bournemouth University (SUBU) The SUBU Audited Annual Accounts for the 2014/15 were received and noted by the Committee on 4th March 2016. The accompanying independent auditors’ report confirmed that there were no issues to report by exception to the Trustees of SUBU and the auditor’s management letter made 2 recommendations for improvement. The Committee also considered changes to the SUBU constitution and By-laws during the year in order to allow for the introduction of one extra sabbatical officer. These changes were recommended to, and subsequently approved by, the Board.

5.7 Health, Safety & Wellbeing The Committee received the annual report on Health, Safety & Wellbeing at its March 2016 meeting. The Committee noted the focus on prevention and wellbeing during the year and welcomed the University’s reaccreditation with the RoSPA (gold) award. The Chair of the Committee acts as the Board’s lead in terms of Health & Safety matters.

5.8 Policy Reviews and Incident Reporting The reporting of any incidents, in particular those relating to the Public Interest Disclosure, Anti-Bribery, Fraud and Conflicts of Interest policies, is a standing agenda item at all committee meetings, and to this list has been added any incidents in respect of Prevent, Modern Slavery and any other serious incidents, including significant risk to the University’s beneficiaries. During the year, one incident was raised under the Whistleblowing policy and was

Page 7: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

subsequently investigated and lacked any evidence to support the allegation. One potential conflict of interest issue was also investigated and the case subsequently resolved. One failed attempt at fraud was notified to the Committee and it was reported that this had been identified immediately and no loss had been incurred. At its 4th November meeting the Committee was notified that a potential data breach had occurred and was under investigation. The details were subsequently reported to both HEFCE and the Information Commissioners Office. At the time of writing the case remains under investigation. The Board have also been informed and will be updated once the outcome of the investigation is known..

The Public Interest Disclosure Policy was reviewed and approved by the Committee on 4th November 2016. It was also noted that the internal auditors had carried out benchmarking and confirmed that the University’s policy reflected up to date legislation and best practice. The University’s updated Major Incident Plan and Business Continuity Policy were approved by the Committee in June 2016. In accordance with the University’s Anti-Bribery Policy & Procedures, in November 2016 the Committee received and noted a report on the annual review of the hospitality register along with a reviewed Anti-Bribery Policy and Procedures document which was recommended to the full Board for approval on 25th November. The Committee also received an annual report on the implementation of the Code of Practice on the Freedom of Speech and an updated Fraud Policy. The Committee also approved a new policy relating to the prevention of Modern Slavery and considered the University’s statement for publication under the Modern Slavery Act 2015.

Finally, the Committee received and agreed revised Financial Regulations which were recommended to the Board for approval on 25th November 2016.

5.9 Economy, Eff iciency and Effect iveness (Value for Money) The Committee receives short progress reports at each meeting from the Director of Finance & Performance who is also Chair of the VFM Steering Group. It subsequently received the detailed 2015/16 annual report on VfM at its November 2016 meeting. The Committee was pleased to note that VfM arrangements received a rating of ‘substantial assurance’ from the internal audit review. The full report, which will be submitted to HEFCE along with the annual accountability return, will be made available to all Board members with the papers for the November 2016 Board meeting. The auditors’ opinion was that:

It is our opinion that the overall framework for the achievement of VfM at the University provides substantial assurance that associated risks material to the achievement of the University’s objectives are adequately managed and controlled.”

5.10 Val idation of Data Returns The Validation of Data Returns is a standing agenda item at every meeting. The annual Transparent Approach to Costing (TRAC) return was presented to the committee in March 2016 following confirmation of the return by Chair’s action.

A Data Quality Review is employed to internally validate institutional returns which allows for independent checking of returns by the University’s Planning, Risk and Management Information Team. Data submitted to the Student Loans Company has also been included in the schedule of Data Quality Reviews. Where relevant, consideration is also given to any matters raised by the University’s internal and external auditors, and through audits and reviews undertaken by third parties such as HEFCE.

The process for validating data returns is reviewed annually by the Committee to ensure that it remains fit for purpose. It was most recently reviewed and approved in November 2016.

The Internal Auditors conducted a review of data quality during 2015/16 which included a specific focus on the completion of the Destination of Leavers from Higher Education survey (DLHE). The review concluded that… ‘It is our opinion that the control framework for data quality (DHLE return) provides satisfactory assurance that associated risks material to the achievement of the University’s objectives are adequately managed and controlled.’

Page 8: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

6 OPINION

Based on the evidence of the internal audit reports considered, the external auditors’ report for the year ended 31 July 2016, other documentary evidence received and information and explanations received from the University’s Executive, the Committee is of the opinion that reliance can be placed on the internal control system operating within the University and that there are effective systems in place to secure value for money.

The Committee is satisfied that the University has an effective process in place for identifying, evaluating and managing the University’s significant risks.

The Committee is assured of the validity of the data submitted to the Higher Education Statistics Agency, the Student Loans Company, HEFCE and other funding and regulatory bodies and is satisfied that the systems in place to assure data quality are adequate and effective.

The Committee is satisfied that effective governance arrangements are in place.

The Committee considers that the responsibilities delegated to it by the University Board have been satisfactorily discharged.

AUDIT, RISK & GOVERNANCE COMMITTEE BOURNEMOUTH UNIVERSITY November 2016

Page 9: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Appendix 1

Audit, Risk & Governance Committee

Terms of Reference

Delegated Authority and Purpose

Audit, Risk & Governance Committee is authorised by the University Board to investigate any activity within its terms of reference. It is authorised to seek any information it requires from any employee, and all employees are directed to co-operate with any request made by the Committee. Audit, Risk & Governance Committee is authorised by the University Board to obtain outside legal or other independent professional advice and to secure the attendance of non-members with relevant experience and expertise if it considers this necessary, normally in consultation with the Vice Chancellor and/or chair of the University Board. However, it may not incur direct expenditure in this respect in excess of £10K without the prior approval of the University Board. Audit, Risk & Governance Committee will review the audit aspects of the draft annual financial statements. These aspects will include the external audit opinion, the statement of members’ responsibilities, the statement of internal control and any relevant issue raised in the external auditors’ management letter. The committee should, where appropriate, confirm with the internal and external auditors that the effectiveness of the internal control system has been reviewed, and comment on this in its annual report to the University Board.

Main responsibilities

1. To consider and advise the University Board on the University’s long-term audit strategy. 2. To oversee the University’s management of risk. As part of this oversight, to receive the University’s risk register at each committee meeting and, where appropriate to remit individual risks to other Board sub-committees for consideration. 3. To keep under review the effectiveness of governance and to form an opinion on the adequacy and effectiveness of the University’s governance arrangements. 4. To keep under review the effectiveness of the governance arrangements for the University’s related companies and to receive, for information, the audited annual accounts of any such companies. 5. To keep under review the effectiveness of the governance arrangements in accordance with the Code of Practice for the Students’ Union at Bournemouth University (SUBU), to consider and recommend to the Board any amendments to the constitution of the Students’ Union, and to note the audited annual accounts of the Students’ Union. 6. To consider and advise the University Board on the criteria for selection, appointment and terms of engagement of an internal audit service, the audit fee, the provision of any non-audit services by the internal auditors, and any questions of resignation or dismissal of the

Page 10: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

internal auditors. To keep under review the amount of non-audit services the internal auditors provide. 7. To review the internal auditors’ audit risk assessment, strategy and programme and their pertinence to the University's risk register; to consider major findings of internal audit investigations and management’s response and to advise the University Board accordingly. To promote co-ordination between the internal and external auditors. To ensure that the resources made available for internal audit are sufficient to meet the institution’s needs (or make a recommendation to the University Board as appropriate). 8. To advise the University Board on the appointment of the external auditors, the nature and scope of their work, the audit fee and the provision of any non-audit services by the external auditors and any questions of resignation or dismissal of the external auditors. To keep under review the amount of non-audit services the external auditors provide. 9. To receive, consider and advise the University Board on any problems or reservations arising from the interim and final external audit reports and management letters, incorporating management responses and any other matters the external auditors may wish to discuss (in the absence of management where necessary). 10. To consider elements of the annual financial statements in the presence of the external auditors, including the auditor’s formal opinion, the statement of members’ responsibilities and the statement of internal control, in accordance with HEFCE's accounts directions. 11. To monitor annually the performance and effectiveness of the external and internal auditors, including any matters affecting their objectivity and independence, and make recommendations to the University Board concerning their reappointment, where appropriate. 12. To monitor, annually (or more frequently if necessary), the implementation of approved recommendations relating both to internal audit reports and external audit reports and management letters. 13. To satisfy itself that appropriate arrangements are in place to promote economy, efficiency, effectiveness and the “green” agenda by receiving formal reports on an annual basis from the Chair of the University's Value for Money group. 14. To approve the University’s Business Continuity Policy. 15. To oversee the University’s policy on fraud and irregularity (including measures to ensure compliance with Anti-bribery legislation), including being notified of any action taken under that policy. 16. To oversee other key corporate governance policies of the University and where appropriate receive reports on any incidents arising under those policies, including Conflicts of Interests, Public Interest Disclosure (‘Whistleblowing’), Freedom of Speech and ‘Prevent’. 17. To receive assurance on behalf of the Board that all “material adverse events” and “serious incidents” within the definitions set out in

Page 11: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

HEFCE’s Memorandum of Assurance and Accountability (MAA) have been appropriately identified, reported, investigated and addressed, including reporting to HEFCE having due regard to HEFCE and the Charity Commission’s guidance on serious incident reporting and to HEFCE’s requirements set out in the MAA. 18. To ensure that the data used to measure performance against the University’s key performance indicators (KPIs) are fit for purpose. 19. To ensure that the University has in place appropriate health and safety policies and procedures. To monitor the effectiveness of these policies and procedures and, where necessary, to recommend changes. 20. To receive and consider any relevant reports from the National Audit Office, HEFCE and other organisations. 21. To receive and consider academic audit reports from HEFCE, the Quality Assurance Agency (including reports on Institutional Reviews and their findings) and other sources. 22. To be assured that the University’s processes for ensuring the probity and integrity of data returned to HESA and other external bodies are fit for purpose. 23. In the event of the merger or dissolution of the University, to ensure that the necessary actions are completed, including arranging for a final set of financial statements to be completed and signed.

Duration

Permanent

Chair

An Independent Board Member as appointed by the Board. See also ‘Note on Membership and Attendance at Meetings’ below.

Deputy Chair

An Independent Board Member, as appointed by the Board. See also ‘Note on Membership and Attendance at Meetings’ below.

Management and Support

Clerk to the Board, supported by the Corporate Governance & Committees Manager.

Membership [as at 25 November 2016]

An Independent member of the University Board (Chair) [Mrs J Lang] Six other Independent Members of the University Board or co-opted independent members. Mr N Beal Mr A Brien Dr C Shaw Ms C Troy Mr D Kane [Vacancy] In Attendance Deputy Vice Chancellor [Prof T McIntyre-Bhatty] Director of Finance and Performance [Mr G Beards] Chief Operating Officer [Mr J Andrews] Representative(s) of the University’s Internal Auditors [Mr S Kemp, Kingston City Group]

Page 12: Audit, Risk & Governance Committee Documents... · place reliance on the ... The University’s governance also came under review through our own internal auditor’s ... Audit, Risk

Audit, Risk & Governance Committee Annual Report 2015/16

Representative(s) of the University’s External Auditors [Mr K Hayward, BDO] Clerk to the University Board Observers (by pre-arrangement with the Chair) Chair of the Finance and Resources Committee Note: Members of the committee should not also be members of the Finance and Resources Committee. Observer status is defined as occasional attendance for specific purposes with the advance agreement of the Chair. It is non-contributory except for specific circumstances agreed with the Chair. The Committee may need additional advice and information from other individuals who may attend to present papers or to be present for particular agenda items with the Chair of Committee’s consent. See also ‘Note on Membership and Attendance at Meetings’ below.

Quorum

At least four Independent Members (this may include the Chair of the Committee)

Usual Number of Meetings

Normally three times per year. The external or internal auditors may request a meeting if they consider it necessary.

Reporting Line

University Board

Minutes

University Board

Sub-committees

None

Publication Minutes are not routinely published.

Notes NOTE ON MEMBERSHIP AND ATTENDANCE AT MEETINGS The Audit, Risk & Governance Committee and its chair shall be appointed by the University Board, from among its own members, and must normally consist of members with no executive responsibility for the management of the institution. The Chair of the University Board should not be a member of the Committee. Members should not have significant interests in the institution.

At least one member should have recent relevant experience in finance, accounting or auditing. The Committee may, if it considers it necessary or desirable, co-opt members with particular expertise. Members of the committee should not also be members of the Finance & Resources Committee (or equivalent).

The Director of Finance and Performance (or equivalent), a representative of internal audit and a representative of the external auditors shall normally attend meetings where business relevant to them is to be discussed. However, at least once a year the committee should meet with the external and internal auditors without any officers present.