Working together to achieve value for money

Neil Thomas

neil.thomas@kpmg.co.uk Level 1 Faculty Building, South Kensington Campus

Who are the internal auditors?
What is audit's objective?
What is the difference between the role of audit and line management?
What is the range of audit's work?
Fraud - Audit and the manager's responsibilities
Whistleblowing Policy

Who are the internal auditors?


Internal Audit is provided by KPMG.

On a day to day basis, the Head of Internal Audit reports to the College Secretary, and carries out a continuous examination of the accounting, financial and other activities of the College in accordance with HEFCE requirements and College Financial Regulations. He also has direct access to the President, Chairman of the Audit Committee, and Chairman of Council.  back to top

What is audit's objective?


Audit's objective is to provide a service to all levels of academic and administrative management by carrying out independent appraisals and analyses of risk control mechanisms, and by making recommendations to improve effectiveness and efficiency of the activities and operating procedures under management's control.

The achievement of this objective involves:

  • Reviewing and appraising the soundness, adequacy and application of accounting, financial and other controls (both existing and proposed) to promote effective and efficient internal control at reasonable cost.

  • Ascertaining the level of compliance with established policies, plans and procedures.

  • Ascertaining the effectiveness with which the College's assets are accounted for and safeguarded from losses of all kinds.

  • Ascertaining the reliability of management data produced within the College.

  • Conducting special investigations.

However, during the course of an audit we will primarily consider whether risk management, control and governance arrangements are adequate to manage risk and to secure propriety, efficiency, economy and effectiveness in the respective areas covered by the agreed terms of reference for the review. The review will seek to confirm that management have taken the necessary steps to achieve these objectives. Specifically with regard to the issue of risk, the College's Risk Management Policy defines risk management as the planned and systematic approach to the identification, evaluation and control of risk. It is concerned with evaluating the measures an organisation has in place already to manage identified risks, and then recommending the action that the organisation needs to take to control these risks more efficiently. By managing risk it is possible to reduce the likelihood of a risk occurring or to limit its consequences by implementing control mechanisms.  back to top

What is the difference between the role of audit and line management?


It is management's responsibility to establish internal control. Internal control includes the whole system of controls and methods, both financial and operational, which are established to minimise risks and their impact, safeguard assets, ensure efficiency and to encourage adherence to College policies and directives.

It is Internal Audit's role to carry out an independent appraisal and evaluation of the effectiveness of these controls. Audit is not part of line management. Internal Audit does not develop and install procedures, prepare records or engage in any activity which could compromise its independence. The emphasis on independence in no way diminishes the close working relationship and need for communication between Internal Audit and other functions of the College. This communication is particularly important, as our role includes appraising and advising on the controls to be included in new or revised systems, both computer and manual, before they are introduced.

To carry out its role, Audit is mandated by the Governing Body under Financial Regulation (133-137) to have full access to all the College's premises, records and documents. It also has the right to ask for and receive any necessary explanations about any matter under review.  back to top

What is the range of audit's work?


In accordance with a Risk Based Strategic Plan agreed by the Audit Committee, Internal Audit examines the systems throughout the College which control:

  • all forms of contracts and capital expenditure

  • raising and collecting revenue

  • administrative and operational expenditure

This is usually achieved by a programmed audit of the area under review, which generally would be an academic department, or central administrative division. In planning this process due regard is given to the College Risk Register see under "What is Audit's Objective?" above).  back to top

Fraud - Audit and the manager's responsibilities


Where management discover or suspect that an irregularity has or is about to take place, then in accordance with Financial Regulation (141-143) they should immediately inform the head of department or divisional director. If the incident or suspicion concerns fraud, loss of cash, cheques or other funds, irregularities concerning overpayment of salary or expenses, or misuse or loss of assets, then the Head of Management Audit & Review should be informed straight away. When a "break-in" has occurred, the Head of Security must be informed, and where there are insurance implications with regard to loss of equipment or stores, the College Director of Finance should also be informed.

The preliminary right of investigation of these occurrences lies with Audit. However, the Head of Management Audit & Review may consider it appropriate for the functional or departmental manager to investigate and take action, with the help and advice of Audit. Audit are experts on fraud and its investigation. We are here to assist, but can only do so if we are informed of what is happening. Enquiries are always handled with discretion.

Our aims and the aims of the client are one and the same - to improve operational efficiency, safeguard against risks and maintain the integrity of internal control. Contrary to popular belief, we are not simply critics telling management how to do their jobs better. We aim to establish a partnership with our colleagues.

To this end, every effort is made to ensure agreement on the factual content, tone and balance of the confidential audit report, prior to its issue.  

Ordinance C2: Policy and Response Plan for the Treatment of Fraud and Irregularities.  back to top

Whistleblowing policy


The College is committed to the highest standards of openness, probity and accountability. It seeks to conduct its affairs in a responsible manner, taking into account the requirements of the funding bodies and the standards in public life set out in the reports of the Committee on Standards in Public Life (the Nolan Committee). For this purpose the College has introduced a Regulation constituting the College's policy on, and procedures for, dealing with instances of Public Interest Disclosure or "whistleblowing" that is, allegations made by individuals relating to the running of the institution or the activities of colleagues within the institution. The policy is designed to enable employees, Governors, students, or other members of the College to raise, at a high level, concerns or to disclose information which the complainant in good faith believes shows malpractice or impropriety.  back to top

Ordinance D18: Investigation of Public Interest Disclosures