No 6491
Wednesday 17 January 2018
Vol cxlviii No 15
pp. 306–318
23 January, Tuesday. Discussion at 2 p.m. in the Senate-House (see below).
24 January, Wednesday. End of first quarter of Lent Term.
27 January, Saturday. Congregation of the Regent House at 2 p.m.
28 January, Sunday. Preacher before the University at 11.15 a.m., Canon Dr Paula Gooder, Director for Mission Learning and Development, Diocese of Birmingham and Canon Theologian, Birmingham Cathedral.
6 February, Tuesday. Discussion at 2 p.m. in the Senate-House.
13 February, Tuesday. Lent Term divides.
|
Discussions (at 2 p.m.) |
Congregations |
|
23 January |
27 January |
|
6 February |
24 February |
|
20 February |
24 March |
|
6 March |
7 April |
|
20 March |
The Vice-Chancellor invites those qualified under the regulations for Discussions (Statutes and Ordinances, p. 105), to attend a Discussion in the Senate-House on Tuesday, 23 January 2018 at 2 p.m., for the discussion of:
1. Joint Report of the Council and the General Board, dated 5 December 2017 and 29 November 2017, on the definition of student used in certain procedures applicable to students and in committee membership (Reporter, 6487, 2017–18, p. 164).
2. Report of the General Board, dated 29 November 2017, on the establishment and re-establishment of certain Professorships (Reporter, 6487, 2017–18, p. 168).
3. Joint Report of the Council and the General Board, dated 11 December 2017 and 29 November 2017, on the governance of the Careers Service (Reporter, 6488, 2017–18, p. 179).
4. Annual Report of the Council for the academical year 2016–17, dated 20 November 2017 (Reporter, 6489, 2017–18, p. 197).
5. Annual Report of the General Board to the Council for the academical year 2016–17, dated 1 November 2017 (Reporter, 6489, 2017–18, p. 212).
6. Reports and Financial Statements for the year ended 31 July 2017 (Reporter, 6489, 2017–18, p. 218).
7. Second-stage Report of the Council, dated 9 January 2018, on the construction of a new Cavendish Laboratory in West Cambridge (Reporter, 6490, 2017–18, p. 289).
8. Second-stage Report of the Council, dated 9 January 2018, on the construction of a new Shared Facilities Hub building in West Cambridge (Reporter, 6490, 2017–18, p. 291).
9. Second-stage Report of the Council, dated 9 January 2018, on the provision of additional hockey and changing facilities at the Wilberforce Road Sports Ground (Reporter, 6490, 2017–18, p. 293).
Further information on Discussions, including details on format and attendance, is provided at https://www.governance.cam.ac.uk/governance/decision-making/discussions/.
The Council, on the advice of the Finance Committee, has declared that the University continues to remain outside the scope of the EU Public Procurement Regulations as it is less than 50% publicly funded. The calculation is carried out annually to ensure that it remains possible to make the declaration. It is the Council’s intention that the University’s procurement procedures should continue to follow good practice as may be set out in the regulations, as well as that in the University’s Financial Regulations (Statutes and Ordinances, p. 1027; see also http://www.finance.admin.cam.ac.uk/policy-and-procedures/financial-regulations).
The Council and the General Board have received recommendations from the General Board’s Education Committee concerning the practice of publicly displaying class-lists outside the Senate-House and subsequently publishing them in the Reporter, and other matters concerning class-lists.
Taking into account the forthcoming legal position under the General Data Protection Regulation (GDPR) and points made in previous debates and discussions on the topic of class-lists, the Council and the General Board have endorsed the following proposals, for implementation by 25 May 2018 (the application date of the GDPR):
(a)That a straightforward opt-out from the publication of results in class-lists should be adopted, which involves communication through the Cambridge Student Information System (CamSIS) by a student, without requiring any evidence in support;
(b)that the opt-out should apply to the publication of results both outside the Senate-House and in the Reporter;
(c)that the opt-out should have a strict deadline but that the deadline should be a reasonable time before results are published;
(d)that the practice of reading aloud the Mathematics class-lists in the Senate-House and subsequently scattering them within the Senate-House should be subject to the same approach as that in points (a) to (c) above;
(e)that prize-winners should not be listed on Senate-House class-lists but should be listed instead in the Reporter, subject to confirming with any individuals who have opted out of class-list publication whether they also wish to withhold their names from publication in the Reporter as prize-winners;
(f)that this work should have high priority for CamSIS development;
(g)that complete class-lists, including the names of candidates who had opted out of publication, should continue to be circulated confidentially to Departments and Colleges for their internal use.
The Council is submitting Graces (Graces 1 and 2, p. 317) for the approval of changes to Ordinances to reflect the above proposals.
The Council has received the Annual Report of the Audit Committee for 2016–17. The report is published for the information of the University. Appendix A is not reproduced; appendices B–E are provided online at http://www.admin.cam.ac.uk/reporter/2017-18/weekly/6491/AuditReport_Appendices_2016-17.pdf.
The Audit Committee is required to submit an annual report to Council, the Vice Chancellor, and subsequently to the Higher Education Funding Council for England (‘HEFCE’). The Audit Committee annual report is informed by the internal audit annual report (see Appendix A [not reproduced]).
This report follows the guidance set out in Appendix 6 of HEFCE’s Handbook for Members of Audit Committees in Higher Education Institutions.
This Audit Committee annual report is for the financial year 1 August 2016 – 31 July 2017 and includes the opinion of the Audit Committee on the reliance to be placed on the internal control and reporting systems of the University. The opinion is based on the Committee’s consideration of the University’s Risk Register, the internal auditor’s annual report, the external auditor’s management letter, other work commissioned by the Committee during the year, and on discussions at its meetings and workshops.
Deloitte LLP is the University’s internal auditor and was reappointed from August 2014 until July 2017; it has since been reappointed for a further two years, until July 2019.
This report refers only to those final internal audit reports that have been received and considered by the Audit Committee during the financial year under consideration. This will include any reports that were issued in draft during 2015–16, but which were not finalized for the Committee’s consideration until the 2016–17 financial year. This will not include any 2016–17 reports that have been finalized recently by internal audit, but which have not yet been considered by the Audit Committee at one of its meetings.
During 2016–17 and up to the point of writing, the Committee has received and considered 14 internal audit reports. Where a rating was ascribed, 92% of reports were given Substantial or Full assurance.
PricewaterhouseCoopers LLP (PwC) was reappointed as the University’s external auditor.
This section provides the Audit Committee’s opinion on the adequacy and effectiveness of institutional arrangements during 2016–17 and up to the date of this report.
The Audit Committee has monitored and considered the effectiveness of the University’s risk management, control, and governance throughout 2016–17. These arrangements support the University in fulfilling its policies, aims, and objectives, enabling the University to identify, understand, and manage its principal risks, and to be accountable and transparent in its governance. The Committee considers that the University and subsidiary companies have continued to make clear and sustained efforts to understand, communicate, and incorporate best practice in risk management, governance, and internal controls.
The Committee has agreed that the Statement of Internal Control in the Financial Statements for 2016–17 is an accurate reflection of the risk management, control, and governance arrangements in place. The Committee is satisfied that these arrangements are adequate and effective.
The Committee has monitored the effectiveness of the University’s financial controls, systems, and management structures in place for promoting efficiency, effectiveness, and economy in the use of public funds and other resources.
The Committee has noted the continuing adoption of and improvement in financial procedures and management practices designed to support the achievement of value for money and institutional effectiveness. The Committee is satisfied that these arrangements are appropriate and effective.
The Audit Committee monitors the effectiveness of the University’s management and quality assurance of data submitted to HESA,[†] to HEFCE, and to other funding bodies. Internal audit reviews of various aspects of data management form part of the three-year cycle of audits. An internal audit on data quality in the HESA return has been conducted this year for which substantial assurance was given. The Committee is satisfied that the management control and quality assurance of data submitted are adequate and effective.
The constitution of the Audit Committee is set out in the Statutes and Ordinances of the University of Cambridge (see Appendix B). It is noted that the membership and terms of reference of the Committee have recently been reviewed following actions agreed as a result of an effectiveness review of the Committee (see Section 8.4(e)(iii)).
|
Chair: |
Mr Mark Lewisohn |
|
Secretary: |
Dr Jonathan Nicholls, Registrary (until December 2016); |
|
Ms Emma Rampton, Acting Registrary (from January 2017) |
|
|
Assistant Secretary: |
Dr Clara East |
There was one membership change over the course of the year, which is noted in the summary of membership table below.
|
Class of membership* |
Name of member |
Limit of tenure |
|
(a) |
Mr Mark Lewisohn |
31 December 2017 |
|
(b) |
Dr Ruth Charles |
31 December 2019 |
|
Reverend Jeremy Caddick (until December 2016) |
31 December 2018 |
|
|
Dr Nick Holmes (from January 2017) |
31 December 2018 |
|
|
(c) |
Mr Peter Doyle |
31 December 2018 |
|
Ms Janet Legrand |
31 December 2018 |
|
|
Ms Catherine Spitzer |
31 December 2019 |
|
|
Mr John Aston |
31 December 2019 |
|
|
(d) |
Dr Keith Carne |
31 December 2017 |
|
Professor John Dennis |
31 December 2017 |
* Class (a): Chair and external member of the Council; class (b): members of Council; class (c): external members; class (d): co-opted members.
Members are appointed to the Audit Committee by the Council of the University of Cambridge. Membership nominations are made to the University Council’s Advisory Committee of Committee Memberships and External Nominations except in the case of class (d) members who are co-opted by the Committee on the basis of recommendations received.
The Audit Committee invites certain senior University officers and the University’s external and internal auditors to attend unreserved meetings. It may also invite other colleagues and external speakers to attend for a specific agenda item or to present on a particular area of operation or risk.
The Audit Committee also invites the Chair of each of the audit committees of Cambridge Assessment and Cambridge University Press to attend all meetings and to make biannual reports. In May 2017 a joint Cambridge Assessment and Cambridge University Press Audit Committee was established under the newly formed Press and Assessment Board (PAB). The Chair of the PAB Audit Committee is Mr Nick Temple (the former chair of the Cambridge University Press Audit Committee) who represents the PAB Audit Committee on the University Audit Committee.
The Vice-Chancellor is invited to address the Audit Committee annually.
|
Position |
Name |
|
Director of Finance |
Mr Andrew Reid |
|
Senior Pro-Vice-Chancellor (Planning and Resources) |
Professor Duncan Maskell |
|
Internal Auditor – Deloitte LLP |
Ms Kirsty Searles Mr Richard Neal Mr Tom Cropper |
|
External Auditor – PricewaterhouseCoopers LLP |
Mr Charles Joseland Mr Simon Ormiston Mr Stuart Newman Ms Ali Elsley |
|
Pro-Vice-Chancellor (Institutional and International Relations) |
Professor Eilís Ferran |
|
Director of University Information Services |
Dr Martin Bellamy |
|
Member of the Cyber Security Technical Review Group |
Professor Ian Leslie |
|
Head of the Registrary’s Office |
Dr Kirsty Allen |
|
Head of Research Operations |
Dr Jo Dekkers |
|
External Consultant, JCA Group |
Ms Alice Perkins |
|
Director of Estates Strategy |
Dr Jason Matthews |
|
Head of Estate Projects |
Ms Beverley Weston |
|
Head of Estate Planning |
Mr Paul Milliner |
|
Chief Financial Officer |
Mr Anthony Odgers |
|
Acting Chair of the Audit Committee of Cambridge Assessment |
Mr Peter Williams |
|
Chair of the Audit Committee of Cambridge University Press |
Mr Nick Temple |
The table below provides information on meeting dates and attendance.
|
Date |
Members and associated class |
Senior officers and guests |
Auditors |
Apologies1 |
Quorate |
|||
|
(a) |
(b) |
(c) |
(d) |
|||||
|
06/10/16 |
1 |
2 |
4 |
2 |
7 |
Internal: 2 |
1 |
Yes |
|
17/11/16 |
1 |
2 |
3 |
2 |
3 |
Internal: 3 External: 2 |
2 |
Yes |
|
19/01/17 |
1 |
2 |
3 |
2 |
6 |
Internal: 3 |
1 |
Yes |
|
09/03/17 |
1 |
2 |
3 |
2 |
7 |
Internal: 2 External: 2 |
1 |
Yes |
|
11/05/17 |
1 |
2 |
3 |
1 |
8 |
Internal: 2 |
2 |
Yes |
|
29/06/17 |
1 |
2 |
2 |
2 |
6 |
Internal: 2 |
2 |
Yes |
The Audit Committee’s terms of reference are set out in the Statutes and Ordinances of the University of Cambridge. It is the duty of the Audit Committee:
(a)to keep under review the effectiveness of the University’s internal systems of financial and other control;
(b)to advise the Council on matters relating to the external and internal auditors including their appointment, the provision by the auditors of any additional services outside the scope of their regular responsibilities, the remuneration of the auditors, and any questions relating to the resignation or dismissal of auditors;
(c)to ensure that sufficient resources are made available for internal audit;
(d)to approve proposals for internal audit put forward by the internal auditors;
(e)to review annually with the external auditors the nature and scope of the external audit;
(f)to consider any reports submitted by the auditors, both external and internal;
(g)to monitor the implementation of any recommendations made by the internal auditors;
(h)to satisfy themselves that satisfactory arrangements are adopted throughout the University for promoting economy, efficiency, effectiveness, and risk management;
(i)to establish appropriate performance measures and to monitor annually the performance and effectiveness of the external and internal auditors;
(j)to consider, in consultation with the external auditors, (i) any financial statements annexed to the abstract of accounts, including the auditors’ report, and (ii) any statement provided by the Council on the governance of the University;
(k)to ensure that all significant losses are properly investigated and that the internal and external auditors, and where appropriate the Higher Education Funding Council for England, are informed;
(l)to oversee the University’s policy on fraud and irregularity, and to ensure that they are informed of any action taken under that policy;
(m)to make an annual report to the Council, the Vice-Chancellor, and the Higher Education Funding Council for England;
(n)to receive reports from the National Audit Office and the Higher Education Funding Council for England, and to advise the Council thereon;
(o)to forward minutes of their meetings to the Council.
Deloitte LLP was reappointed as internal auditor for the University with effect from 1 August 2014 until 31 July 2017, and has been reappointed for a further two years until 31 July 2019.
The performance of the internal auditor and its lead partner is considered annually by the Committee.
The annual report for the period 1 August 2016 to 31 July 2017 was received by the Audit Committee at its meeting of 5 October 2017 (see Appendix A [not reproduced]). Subject to the limitations of the work described in Deloitte LLP’s report, the internal audit opinion given was as follows:
“We provide reasonable assurance that the University has an adequate and effective system of risk management, control and governance, and considers economy, efficiency, and effectiveness in its systems and processes for the year ended 31 July 2017. The control issues identified during our work do not materially impact upon the assurance statement provided.”
Internal audit plans are prepared annually on the basis of ranked risks and ownership, as set out in the University’s key risk register, and key issues identified in interviews with a selection of Committee members and senior officers. Different teams of auditors are assigned to undertake the work depending on the level of specialism required.
Audits are themed by function and involve visits to a range of departments and institutions. Fact-finding reports are commissioned where particular situations warrant further investigation. Departmental audit is primarily covered by the annual departmental self-assurance survey. The survey addresses all areas of traditional on-site departmental audits. To help validate the findings of the survey the results are followed up by face-to-face meetings and selected on-site testing. The results are shared with Schools to highlight best practices and areas for improvement.
Until January 2017, the Committee considered in full all reports submitted by the internal auditor at its meetings. From January 2017, after decision by the Committee following the recommendations arising from its effectiveness review in October 2017, the Committee discussed in detail only those reports that carried limited or nil assurance ratings. The Committee is still given access to all other reports through its online portal and the auditors summarize the findings of those reports in their progress report at each meeting. For reports with limited or nil assurance, the audit sponsor is invited to attend the meeting in which the report is discussed. This enables them to respond to the report and take questions.
Deloitte LLP provides an assessment of the adequacy and effectiveness of systems using the following definitions:
|
Full |
There is a sound system of internal control designed to achieve the University’s objectives. The control processes tested are being consistently applied. |
|
Substantial |
While there is a basically sound system of internal control, there are weaknesses, which put some of the University’s objectives at risk. There is evidence that the level of non-compliance with some of the control processes may put some of the University’s objectives at risk. |
|
Limited |
Weaknesses in the system of internal controls are such as to put the University’s objectives at risk. The level of non-compliance puts the University’s objectives at risk. |
|
Nil |
Control processes are generally weak leaving the processes/systems open to significant error or abuse. Significant non-compliance with basic control processes leaves the processes/systems open to error or abuse. |
Deloitte LLP classifies its recommendations as follows:
|
Priority 1 |
Issues that are fundamental to the University, for the attention of senior management and the Audit Committee. |
|
Priority 2 |
Issues that are fundamental to the area subject to internal audit, for the attention of senior management and the Audit Committee. |
|
Priority 3 |
Important issues to be addressed by management in their areas of responsibility. |
|
Priority 4 |
Housekeeping issues or good practice suggestions. |
Fees paid for work completed in the financial year 2016–17 are shown in Appendix C.
PricewaterhouseCoopers LLP (PwC) was reappointed as external auditor for the University for the financial year 2016–17. Mr Stuart Newman succeeded Mr Charles Joseland as the Engagement Partner for the external auditor in January 2017 following Mr Joseland’s retirement from PwC in December 2016.
In accordance with HEFCE’s Financial Memorandum, an external auditor is appointed or reappointed annually. The Statutes and Ordinances of the University of Cambridge also require that the accounts of the University are audited annually by qualified accountants appointed by Grace on the nomination of the Council.2
At its January 2017 meeting, the Committee received positive feedback from the Group in regard to the performance of the external auditor. The Committee therefore agreed to recommend to the Council that a Grace be promoted for the reappointment of PwC as the external auditor for the financial year 2016–17.
The appointment of a new external auditor, or the reappointment of the existing auditor, is due on 1 August 2019. A market testing exercise for the external audit provision will be conducted before then. The Audit Committee will establish a group to manage the exercise in Michaelmas Term 2017.
During 2016–17 the external auditor and PwC international affiliates firms carried out work in the following areas for the University: tax return procedures for a subsidiary company in India and professional assistance in the winding up of subsidiary companies in the Cambridge Assessment group. There were other minor engagements. In each significant case, the engagement was subject to the Audit Committee’s policy on non-audit services to ensure that the external auditor’s independence was not placed at risk.
The external audit management letter 2016–17 submitted by PwC was received by the Audit Committee at its meeting on 16 November 2017.
The Audit Committee considered the report and was satisfied with the remarks on auditing and accounting matters, detailed control observations, and other observations from around the University group.
Fees paid for work completed in 2016–17 are shown in Appendix D.
The Council is responsible for reviewing the effectiveness of the system of internal control. The Audit Committee supports the Council in this role through the following processes:
(a)The Council receives periodic reports from the Chair of the Audit Committee concerning internal control and receives the minutes of all meetings of the Audit Committee;
(b)the Audit Committee receives regular reports from the internal auditor, which include the internal auditor’s independent opinion on the adequacy and effectiveness of the University’s system of internal control and risk management, together with recommendations for improvement;
(c)the Council’s review of the effectiveness of the system of internal control is informed by the work of the internal auditor. They operate to the standards defined in Accountability and Audit: HEFCE Code of Practice;
(d)the Audit Committee reviews and reports on the implementation of recommendations made and agreed in the regular audit cycle and other investigations.
Through the consideration of reports from the internal auditor and other investigations, the Audit Committee is assured that the University’s system of internal control is currently effective and is able to report its reassurance to the Council for the year 2016–17.
Deloitte LLP has confirmed its reasonable assurance that the University has an adequate and effective system of risk management, control, and governance, and considers economy, efficiency, and effectiveness in its systems and processes for the year ended 31 July 2017. It has further confirmed that the control issues identified during its work do not materially impact upon the assurance statement provided.
The University of Cambridge pursues good practice in Risk Management as given in the Turnbull Committee guidance and more recent FRC[#] guidance issued in 2014, and endeavours to comply fully with HEFCE and other statutory requirements. The University’s view of acceptable risk is derived from a balanced view of all the risks in its operating environment. Risks are prioritized and assessed according to qualitative and quantitative measures. The strategy is as follows:
(i)A Risk Steering Committee (RSC) oversees the risk management process as a whole, on behalf of Council. The Chair of the Risk Steering Committee is the Senior Pro-Vice-Chancellor who attends Audit Committee meetings. The Chair of the Audit Committee is one of three Council representatives on the RSC. In 2016–17, a second external member of the Audit Committee was invited to attend the RSC to strengthen the link between audit and risk management;
(ii)a Risk Policy is reviewed annually;
(iii)the identification of the fundamental risks affecting the University and its Departments, Faculties, and central bodies. These are reviewed biannually to ensure that the full scope of the University’s activities is covered;
(iv)determining the appropriate risk appetite and level of exposure for the University as a whole;
(v)implementation of arrangements to manage fundamental risks and examination of the effectiveness of those arrangements. Where risk management is judged weak, poorly understood, or limited in effect, controls have been and will be enhanced;
(vi)allocating responsibility for the management of risks to senior university officers;
(vii)a review of risks and their management at least once a year.
(i) Audit Committee
The Audit Committee provides advice to the Council on the effectiveness of the Risk Steering Committee and on the internal control system, including the University’s system for the management of risk. The Audit Committee received the Risk Steering Committee’s annual report and annual review of the University’s key risk register at its November 2016 meeting. The interim revised key risk register was received at the May 2017 meeting.
Members of the Audit Committee are invited to bring their copies of the key risk register to all meetings to help inform discussions of audit reports and the impact on risk management, and also to plan the audit cycle.
A programme of presenters to speak to the Committee about key risks, and to answer questions directly from Committee members, continued during the course of 2016–17. The Committee received the following presentations:
6 October 2016
–The PVC (Institutional and International Relations), Professor Eilís Ferran, spoke about the management of risks relating to staffing, which is a red risk on the University’s key risk register.
–The Director of the University Information Services (UIS), Dr Martin Bellamy, discussed the latest developments on the cyber security programme and also presented a report on a data breach that occurred in Easter Term 2016.
–Ms Alice Perkins, external consultant, commissioned to conduct a review of the effectiveness of the Committee during Easter Term 2016, gave her report.
19 January 2017
–The Director of UIS, Dr Martin Bellamy, and Professor Ian Leslie, member of the Cyber Security Technical Review Group, reported on the Group’s findings.
–The Director of UIS followed with a further update on the cyber security programme.
9 March 2017
–The Vice-Chancellor gave his annual report to the Committee.
–The Head of the Registrary’s Office, Dr Kirsty Allen, presented on the University’s governance structure and processes.
–The Head of Research Operations, Dr Jo Dekkers, presented the annual report on research grant sponsors’ audits.
11 May 2017
–The Director of Estate Strategy, Dr Jason Matthews, and the Head of Estate Projects, Ms Beverley Weston, gave a presentation on the University’s estate management strategy.
29 June 2017
–The Director of Estate Strategy, Dr Jason Matthews, and the Head of Estate Planning, Mr Paul Milliner, attended to respond to the audit report received on space utilization, which carried a limited assurance rating.
(ii) Internal audit programme
The internal audit programme is responsible for providing independent and objective assurance on the University’s operations in order to evaluate and improve the effectiveness of the University’s internal control systems. The internal audit strategy is developed around the University’s objectives and assessment of its fundamental risks including an evaluation of the effectiveness of the University’s risk management process.
The reappointment of Deloitte LLP in August 2014 was subject to a refreshed service which focused more greatly on priority risk areas and sought broader assurance through the deployment of an annual departmental survey on compliance in high risk areas. Visits to a sample of the strongest and weakest performing departments are carried out in order to help verify the survey findings. The survey is also supported by the use of data analytics tools to interrogate data sets in systems; in 2016–17 this work focused on financial systems.
The third Departmental assurance survey was conducted in 2016–17 and the findings were reported to the Audit Committee in June 2017. The survey report enables the Audit Committee, administrative offices, and Schools to see at a glance where weaker areas exist, by Department and area. Engagement with Schools on the survey was particularly strong this year. Although the survey remains a good method for seeking broad assurance, the Audit Committee and internal auditor continue to monitor its effectiveness.
Throughout the year the auditors attended meetings with School Secretaries, Finance Managers, and Departmental Administrators, in particular to discuss the findings of the assurance survey. The internal audit Senior Engagement Partner attended meetings of the Risk Steering Committee as an observer.
At its May 2017 meeting, the Audit Committee agreed to renew the internal auditor’s contract for a further two years, until 31 July 2019. A market-testing exercise will be conducted in time for the appointment of new internal auditors, or the reappointment of the existing auditors, on 1 August 2019.
(iii) External audit
External audit informs the Audit Committee on the operation of the internal financial controls reviewed as part of the annual audit.
The Audit Committee has a number of standing agenda items: Value for Money (VfM), Fraud, Risk Management, and HEFCE. For each of these items it requests updates from senior university officers and also seeks assurance from the internal auditors.
The University’s Resource Management Committee (RMC) oversees VfM reporting for the University. The Chair of RMC, the Senior Pro-Vice-Chancellor, attends Audit Committee meetings and provides statements on behalf of the RMC. Economy, efficiency, and effectiveness in use of resources are considered within each system audit undertaken and recommendations are made in the individual audit reports as appropriate.
A set of value for money reporting indicators are used to track progress on the efficiency and effectiveness of resource use. The indicators focus on ‘institutional effectiveness’ at the strategic level and, by focusing on overall performance in core areas of teaching, research, and administration, aim to demonstrate how effectively the University uses its resources. Various indicators are used to show how well the University is using its resources and ultimately whether the University is institutionally effective. Performance can be tracked over time and compared with that of key competitors.
Efficiency and value for money values continue to be promoted through both local level and University-wide initiatives such as in the areas of procurement, estate management, energy and sustainability, financial, and IT services. The University also collaborates with the Colleges through the Bursars Committee to ensure VfM across the collegiate University.
Under the Financial Regulations, any member of staff must report immediately to the Registrary and the Director of Finance any suspicion of bribery, fraud, or other irregularity. Instances of bribery and fraud that involve sums of over £25,000 must be reported to HEFCE under the terms of the Financial Memorandum.
Over the 2016–17 academical year, there have been no reports of bribery and just one case of financial fraud in the University; the fraud was under the threshold that required reporting to HEFCE. In addition, an allegation of fraud involving a former embedded researcher in a College was under investigation although there was no financial loss to the University, and an allegation of malpractice by a University employee, including possible fraud, is currently under investigation and was reported to HEFCE in September 2017. Otherwise, there were no cases of fraud to report to HEFCE from Cambridge Assessment or Cambridge University Press during the 2016–17 year.
Risk management is a standing item on the Audit Committee agenda. The University’s key risk register is updated and reviewed by the Risk Steering Committee twice a year. The Risk Steering Committee reports to the Audit Committee on updates to the key risk register in May and October. The October review forms part of the Risk Steering Committee’s annual report which is submitted to the Audit Committee in November. This year, the Risk Steering Committee held an extra meeting in June, to allow for greater discussion of topics outside review of the risk register itself.
The Senior Engagement Partner of Deloitte LLP attended the October and June Risk Steering Committee meetings in 2016–17. This gave the internal auditors better insight into the University’s approach to and discussions about risk and enabled them to contribute expertise to key topics, such as risk appetite.
The annual summary of Schools’ and Non-School Institutions’ (NSI) risks was presented to the Risk Steering Committee at its June meeting.
The risk management training seminars delivered through the Personal and Professional Development (PPD) training programme and offered to staff across the University were continued in Michaelmas Term 2016 and Easter Term 2017. A Departmental Administrator attended the seminars to champion the benefits of risk management at a local level and to help promote best practice and consistency of approach. Separately, a training session on risk management was presented to three groups of administrators in Medical Research Council Units which transferred into the University during 2016–17.
Following re-development of the building in which the secondary Incident Management Room of the University’s emergency response team, the Silver Team, was situated until July 2017, a new room has been established. The room and the building in which it is located have improved facilities and location in comparison to the previous room, thereby offering greater resilience as an emergency planning location.
Planning for a desktop exercise for the Silver Team was initiated in Easter Term 2017 in readiness for an exercise in September 2017.
(i)HEFCE’s Annual Provider Review
The Committee received a copy of HEFCE’s Annual Provider Review at its May 2017 meeting. The University’s financial sustainability, good management, and governance matters were assessed as ‘not at higher risk’ and its quality and standards matters as ‘meets requirements’. No actions were required by HEFCE.
(ii)Assurance on Colleges’ use of student fees for educational purposes
The Committee has agreed a protocol enabling the Director of Finance, on an annual basis, to provide assurance to the Audit Committee that the student fees which transfer between the University and Colleges are used by the Colleges for the intended educational purposes. The calculation for 2016–17 was considered by the Audit Committee at its meeting in June 2017. The exercise involved looking at the total expenditure on education by Colleges against their total educational income including the College fee. The costing schedule showed that Colleges were making a material loss on education, with only few exceptions for which reasonable explanations could be given. Sufficient assurance could therefore be given that the money was spent for the purposes intended.
In support of the mechanism described above, an annual meeting takes place between the Chair of the Audit Committee, the Chair of the Colleges’ Committee, the Registrary, and the Chair of the Bursars’ Committee. An agreed note of the meeting is submitted to the Audit Committee. The annual report by the General Purchasing Sub-Committee to the Bursars Committee on Value for Money is also submitted to the Audit Committee. The meeting took place in June 2017 (see Appendix E ).
The Chair of the Bursars’ Committee Value for Money Sub-Committee reported on a number of collectively managed purchasing arrangements between the Colleges, including catering and utilities, and plans for new arrangements such as water and waste management. Collaboration between the Colleges and University involved work on IT initiatives.
In addition to the standing agenda items, the Audit Committee has considered the following items as part of its business during the 2016–17 financial year:
(i)Policy against bribery and corruption
The Committee received an annual review of the University’s policy against bribery and corruption at its June 2017 meeting. There had been no reports of bribery. Cambridge University Press and Cambridge Assessment separately provided assurance to the Audit Committee that their own policies against bribery and corruption were compliant with the University’s policy.
Bribery Act training is conducted through the University’s online Bribery and Corruption training module. A reminder to undertake training was issued by the Acting Registrary in April 2017 to all Heads of Institutions and Departmental Administrators. The message highlighted the importance of individuals’ participation in the training and clarified who should undertake the training. In response to feedback, an improved training module and reporting function is under development.
There was one case of whistleblowing in the University which is pending resolution.
(ii)North West Cambridge Project Phase 1
The Audit Committee established an Audit Group in 2015, chaired by the Chair of the Audit Committee, to investigate the potential forecast budget cost overruns reported in July 2015. The Audit Group made a number of recommendations on both the financial issues and wider governance matters. The internal auditors conducted follow up work in 2016–17 to review the implementation of the recommendations and the re-forecasting process for Phase 1. The report came with substantial assurance. It was noted that significant progress had been made which included the establishment of a Risk and Audit Sub-Committee. The internal auditors attend the Risk and Audit Sub-Committee meetings.
(iii)Review of effectiveness
In 2016 the Committee commissioned an external consultant, Ms Alice Perkins of JCA Partners LLP, to conduct a review of the Committee’s effectiveness. The consultant’s report was received by the Committee at its October 2016 meeting. A number of recommendations were made, actions against which have been implemented throughout the year.
Key actions included the following:
–From January 2017, while all audit reports received from the internal auditors continued to be circulated and reported on by the auditors at each meeting, only those reports with limited or nil assurance were discussed in detail. This released time for more in-depth discussion on other topics;
–The Committee’s membership and terms of reference have been reviewed and updated with approval now being sought for the revisions proposed through Council;
–A focus on succession planning for the Committee would be undertaken annually;
–A second external member of the Audit Committee would be invited to attend the Risk Steering Committee. Mr John Aston attended his first meeting in June 2017;
–The Head of the Registrary’s Office presented to the Committee on the University’s governance structure at its March meeting to improve understanding of the University’s operations, particularly for external members;
–The existing induction sessions whereby senior officers from different sections of the University’s administration and Schools explained and took questions on their areas of operation would be extended to all members in future;
–It was agreed that the Committee should meet in alternative venues around the collegiate University. Meetings since March 2017 have been held at a range of locations with links to academic departments, NSIs, and the wider University, in reflection of the breadth of operations represented in the reports submitted to the Committee.
Audit Committee workshops are opportunities to discuss strategic issues in more depth, often based around an expert presentation. These workshops operate in part as professional development opportunities for the Committee’s members.
The Committee held an extended meeting on 17 November 2016 to discuss the outcomes of the effectiveness review conducted by Ms Alice Perkins during Easter Term 2016. This led to the actions listed in Section 8.4(e)(iii) above.
At its June 2017 meeting the Committee agreed to schedule a series of workshops in 2017–18 to enable fuller discussion of key areas of operation and risk. One workshop will be held on space utilization and a further workshop will be led by the new Chief Financial Officer. An extended meeting in November 2017 has been arranged to enable the Committee members to meet the new Vice-Chancellor, Professor Stephen Toope.
[† Higher Education Statistics Agency (http://www.hesa.ac.uk).]
1 Figures refer to Committee members, senior officers, and Chairs of the CUP and CA Audit Committees.
2 Statutes and Ordinances of the University of Cambridge, p. 46.
[# Financial Reporting Council (http://www.frc.org.uk).]