As the governing body of the University, the Council has responsibility for maintaining a sound system of internal control that supports the achievement of strategic and operational objectives, while safeguarding public and other funds and assets for which it is responsible, in accordance with the responsibilities it is assigned under the Charter and Statutes and the OfS Terms and Conditions of Funding for Higher Education Institutions.
The system of internal control is designed to manage rather than eliminate the risk of failure to achieve objectives. It can therefore only provide reasonable and not absolute assurance of effectiveness. The system is based on an ongoing process designed to identify the principal risks to the achievement of the University’s strategy and objectives; to evaluate the nature and extent of those risks; and to manage them efficiently, effectively, and economically. This system is regularly reviewed by the Council and was in place for the year ended 31 July 2023 and up to the date of this report.
Council considers that there were no significant internal control weaknesses requiring disclosure.
The following processes are established and have been implemented during the period to the date of this report:
- The Council operates an annual pattern of work under which it regularly considers the plans and strategic direction of the University, including an annual meeting focused on strategic matters and an annually approved Financial Plan that provides the basis for any significant financial decision-making and a robust framework to ensure the University’s financial sustainability and resilience.
- Regular reporting from Council committees, including from the Audit and Risk Committee, which has responsibility for reviewing risk management, control and governance and value for money arrangements on behalf of Council. Audit and Risk Committee provides an annual report to Council including its opinion on the University’s arrangements.
- Reporting to the University’s Audit and Risk Committee, the Internal Audit function undertakes an annual programme of reviews of the University’s arrangements, culminating in an annual report on the adequacy and effectiveness of the University’s arrangements for risk management, control and governance, and value for money. The annual audit plan is informed by the risks identified in the University’s Principal Risk Register, and as well as providing independent assurance the recommendations arising from their reviews further enhance the internal control environment and the delivery of value for money. In 2022– 2023 and through to November 2023, Internal Audit function was provided under contract by KPMG.
- The External Audit function gives an independent opinion on the University’s annual financial statements and the use of public funds. These statements summarise the University’s financial performance during the year and its financial position as at the end of the financial year. In 2022–2023, PwC provided the External Audit function.
- The Risk Management Framework and Principal Risks Register, which are set out in more detail on page 42 of this report.
- Robust internal control arrangements, including for the prevention and detection of corruption, fraud, bribery, and other irregularities. Internal controls are reviewed and developed to ensure they remain fit for purpose and in response to risk evaluation and cover business, operational, compliance and financial risk. These arrangements are embedded into ongoing operations.
- The University’s Code of Ethics applies to all staff and in 2023 its scope has been extended to all members of the University including students and Council. It is supported by a procedure for reporting of concerns.
- An established budgetary control process. Regular management accounts are reviewed by the University Management Board and Finance Committee. There are additional processes for the administration and control of research grants, research contracts, donations, and endowments where there are specific conditions on how the funds may be spent.
- Regular meetings between senior managers and professional service leaders to review progress and issues arising from operational activities, and similar meetings between the Provost and Faculty Deans in relation to academic developments.
- Extensive financial controls including planning and budgeting arrangements, defined delegations of responsibility, review oversight and reporting arrangements, policies and procedures, Financial Regulations detailing financial controls and procedures.