Cambridge University Reporter


STATEMENT OF INTERNAL CONTROL

1. The Council have responsibility for maintaining a sound system of internal control that supports the achievement of policies, aims and objectives, while safeguarding the public and other funds and assets for which the Council are responsible, in accordance with the Statutes and Ordinances and the Financial Memorandum with the HEFCE.

2. The system of internal control is designed to manage rather than eliminate the risk of failure to achieve policies, aims and objectives; it can therefore only provide reasonable and not absolute assurance of effectiveness.

3. The system of internal control is based on an ongoing process designed to identify the principal risks to the achievement of policies, aims and objectives, to evaluate the nature and extent of those risks and to manage them efficiently, effectively and economically. This process was in place for the year ended 31 July 2006 and up to the date of approval of the financial statements, and accords with HEFCE guidance.

4. The Council have responsibility for reviewing the effectiveness of the system of internal control. The following processes have been established:

(a The Council meet ten times throughout the year to consider the plans and strategic direction of the University.
(b The Council receive periodic reports from the Chairman of the Audit Committee concerning internal control and receives the minutes of all meetings of the Audit Committee.
(c The Council have established a Risk Steering Committee to oversee risk management. The Council receive periodic reports from the Chairman of the Risk Steering Committee and receive the minutes of all meetings of the Risk Steering Committee. Risk management is a standing item on the agenda for meetings of the Council.
(d The Audit Committee receives regular reports from the internal auditors, which include the internal auditors' independent opinion on the adequacy and effectiveness of the University's system of internal control and risk management, together with recommendations for improvement.
(e A regular programme of risk management and awareness courses has been held during the year.
(f A system of risk indicators has been developed for the University's key risks.
(g A robust risk prioritization methodology based on risk ranking and cost-benefit analysis has been established.
(h A University-wide risk register is maintained.
(i Key risks have been assigned to risk owners and risk reporting channels established.

5. The Council's review of the effectiveness of the system of internal control is informed by the work of the internal auditors, RSM Robson Rhodes. They operate to the standards defined in Accountability and Audit: HEFCE Code of Practice.

6. The Council's review of the effectiveness of the system of internal control is also informed by the work of the senior officers and the risk owners within the University, who have responsibility for the development and maintenance of the internal control framework, and by comments made by the external auditors in their management letter and other reports.