No 6410
Wednesday 13 January 2016
Vol cxlvi No 15
pp. 302–322
19 January, Tuesday. Discussion at 2 p.m. in the Senate-House (see below).
23 January, Saturday. Congregation of the Regent House at 2 p.m.
24 January, Sunday. End of first quarter of Lent Term.
31 January, Sunday. Preacher before the University at 11.15 a.m., Rev’d L. C. Winkett, SE, Rector of St James’s, Piccadilly.
|
Discussions at 2 p.m. |
Congregations |
|
19 January |
23 January, Saturday at 2 p.m. |
|
2 February |
3 February, Wednesday at 11.15 a.m. (Honorary Degree; see below). |
|
16 February |
20 February, Saturday at 2 p.m. |
|
1 March |
19 March, Saturday at 11 a.m. |
|
15 March |
2 April, Saturday at 11 a.m. |
The Vice-Chancellor invites those qualified under the regulations for Discussions (Statutes and Ordinances, p. 107) to attend a Discussion in the Senate-House on Tuesday, 19 January 2016, at 2 p.m. for the discussion of:
1. Annual Report of the Council for the academical year 2014–15, dated 23 November 2015 (Reporter, 6408, 2015–16, p. 226).
2. Annual Report of the General Board to the Council for the academical year 2014–15, dated 4 November 2015 (Reporter, 6408, 2015–16, p. 239).
3. Reports and Financial Statements for the year ended 31 July 2015 (Reporter, 6408, 2015–16, p. 244).
The Report published in this issue (p. 316) will be discussed on 2 February 2016.
The Vice-Chancellor gives notice that he has received from the Governing Body of Trinity Hall, in accordance with the provisions of Section 7(2) of the Universities of Oxford and Cambridge Act 1923, the text of a proposed Statute to amend the Statutes of the College.
Paper copies may be inspected at the University Offices until 12 noon on 27 January 2016.
The Vice-Chancellor gives notice, in accordance with Special Ordinance A (i) 2, that an additional Congregation will take place on Wednesday, 3 February 2016 at 11.15 a.m., at which he expects to confer the following Honorary Degree (see p. 320).
His Excellency BAN KI-MOON
Secretary-General of the United Nations
Following admission to his Honorary Degree, the Secretary-General will address the Congregation.
Ticket-holders will need to be in their places in the Senate-House not later than 11 a.m. and proceedings are expected to end at about midday.
Admission to this occasion will be by ticket only.
All members and staff (including retired staff) of the University and the Colleges are eligible to apply for tickets to attend. In order to allow the greatest possible attendance by such applicants, requests for guest tickets will not be accepted.
Applications should preferably be made online at: https://www.cam.ac.uk/HD16.
Those who prefer may apply on paper or by email, stating a postal address and their qualifying University and/or College affiliation. Postal applications should be sent to: Honorary Degrees, The Vice-Chancellor’s Office, The Old Schools, Trinity Lane, Cambridge, CB2 1TN, or emailed to HonDegsRSVP@admin.cam.ac.uk (which can also be used for queries relating to the Congregation).
The deadline for applications is 12 noon on Wednesday, 20 January 2016. If demand for places exceeds capacity, all applications received by then will be balloted. Successful applicants should expect to receive their ticket during the week beginning 25 January. Tickets will be issued to named individuals and are strictly non-transferable. Further details, including advice on dress and access, will be included on the tickets and on arrival holders may be asked to show their University Card or some other form of photographic identification as well as their ticket.
With the exception of the Vice-Chancellor and Officers, no other procession will form on this occasion.
Members of the University attending are reminded that they are required by regulations in Ordinances to wear academical dress (although by custom others present do not).
The day of the Congregation will be a ‘scarlet day’, so Doctors are requested to wear their festal gowns, but hoods are not required on this occasion (other than by Officers in the Vice-Chancellor’s Procession). In accordance with the regulations and with the exception of the Vice-Chancellor, High Steward, Deputy High Steward, Commissary, Proctors, Registrary, Esquire Bedells, Orator, and the Honorary Graduand, other members of the University present who hold non-Cambridge degrees may wear the dress of those degrees without hoods on this occasion if they prefer.
The Vice-Chancellor also gives notice that the University flag will be flown from the Old Schools on Wednesday, 3 February 2016.
The Vice-Chancellor gives notice, in accordance with Special Ordinance A (i) 2, that in addition to the Congregation already called for Saturday, 16 July 2016 at 10 a.m., another Congregation will now take place on Friday, 15 July 2016, also at 10 a.m.
The Council has received the Annual Report of the Audit Committee for 2014–15. The report is published for the information of the University. Appendices B–E(ii) are available at http://www.admin.cam.ac.uk/reporter/2015-16/weekly/6410/AuditReport_Appendices_2014-15.pdf.
The Audit Committee is required to submit an annual report to Council, the Vice-Chancellor, and subsequently to the Higher Education Funding Council for England (‘HEFCE’). The Audit Committee Annual Report is informed by the internal audit annual report (see Appendix A [not published with this report]).
This report follows the guidance set out in Appendix 6 of HEFCE’s Handbook for Members of Audit Committees in Higher Education Institutions.
This Audit Committee Annual Report is for the Financial Year 1 August 2014 – 31 July 2015 and includes the opinion of the Audit Committee on the reliance to be placed on the internal control and reporting systems of the University. The opinion is based on the Committee’s consideration of the University’s Risk Register, the internal auditor’s annual report, the external auditor’s Management Letter, other work commissioned by the Committee during the year, and on discussions at its meetings and workshops.
Deloitte LLP are the University’s internal auditors and were reappointed from August 2014.
This report refers only to those final internal audit reports that have been received and considered by the Audit Committee during the financial year under consideration and up to the date of this report. This will include any reports that were issued in draft during 2013–14, but which were not finalized for the Committee’s consideration until the 2014–15 financial year. This will not include any 2014–15 reports that have been finalized recently by internal audit, but which have not yet been considered by the Audit Committee at one of its meetings.
During 2014–15 and up to the point of writing, the Committee has received and considered 26 internal audit reports. Where a rating was ascribed, 74% of reports were given Substantial or Full assurance.1
PricewaterhouseCoopers LLP were reappointed as the University’s external auditor.
This section provides the Audit Committee’s opinion on the adequacy and effectiveness of institutional arrangements during 2014–15 and up to the date of this report.
The Audit Committee has monitored and considered the effectiveness of the University’s risk management, control, and governance throughout 2014–15. These arrangements support the University in fulfilling its policies, aims, and objectives, enabling the University to identify, understand, and manage its principal risks, and to be accountable and transparent in its governance. The Committee considers that the University, individual institutions, and subsidiary companies have continued to make clear and sustained efforts to understand, communicate, and incorporate best practice in risk management, governance, and internal controls.
The Committee has agreed that the Statement of Internal Control in the Financial Statements for 2014–15 is an accurate reflection of the risk management, control, and governance arrangements in place. The Committee is satisfied that these arrangements are adequate and effective.
The Committee has monitored the effectiveness of the University’s financial controls, systems, and management structures in place for promoting efficiency, effectiveness, and economy in the use of public funds and other resources.
The Committee has noted the continuing adoption of and improvement in financial procedures and management practices designed to support the achievement of value for money and institutional effectiveness. The Committee is satisfied that these arrangements are appropriate and effective.
The Audit Committee has monitored the effectiveness of the University’s management and quality assurance of data submitted to HESA, to HEFCE, and to other funding bodies. Internal audit reviews of various aspects of data management have been conducted in the year for which substantial assurance was given. The Committee is satisfied that the management control and quality assurance of data submitted are adequate and effective.
The Constitution of the Audit Committee is set out in the Statutes and Ordinances of the University of Cambridge (see Appendix B).
|
Chair: |
Mr Mark Lewisohn |
|
Secretary: |
Dr Jonathan Nicholls, Registrary |
|
Assistant Secretary: |
Dr Clara East |
There were a number of membership changes over the course of the year and these are summarized in the table below.
|
Class of membership* |
Name of member |
Limit of tenure |
|
(a) |
Mr John Shakeshaft (until December 2014) Mr Mark Lewisohn (from January 2015) |
31 December 2016 31 December 2017 |
|
(b) |
Mr Mark Lewisohn (until December 2015) Dr Ruth Charles (from January 2015) Dr David Good |
31 December 2014 31 December 2016 31 December 2016 |
|
(c) |
Mr Peter Doyle Ms Janet Legrand Ms Caroline Stockmann (until February 2015) Mr John Dix (until November 2014) Ms Catherine Spitzer (from May 2015) Mr John Aston (from July 2015) |
31 December 2015 31 December 2015 31 December 2016 31 December 2016 31 December 2016 31 December 2016 |
|
(d) |
Professor Nigel Slater Dr Thomas Keith Carne vacancy |
31 December 2015 31 December 2015 |
* Class (a): Chair and external member of the Council; Class (b): members of the Council; Class (c): external members; Class (d): co-opted members.
Members are appointed to the Audit Committee by the Council of the University of Cambridge. Membership nominations are made to the University’s Council’s Advisory Committee of Committee Memberships and External Nominations.
The Audit Committee invites certain senior University officers and the University’s external and internal auditors to attend unreserved meetings. On occasion it may also invite other colleagues to attend for a specific agenda item. The Audit Committee also invites the Chair of each of the audit committees of Cambridge Assessment and Cambridge University Press to attend all meetings and to make biannual reports.
The Vice-Chancellor is invited to address the Audit Committee annually.
|
Position |
Name |
|
Director of Finance |
Mr Andrew Reid |
|
Senior Pro-Vice-Chancellor (Planning and Resources) |
Professor Steve Young |
|
Internal Auditor – Deloitte LLP |
Ms Kirsty Searles Mr Jonathan Gooding (from 3 July 2014) Mr Richard Neal |
|
External Auditor – PricewaterhouseCoopers LLP |
Mr Clive Everest (until 5 March 2015) Mr John Minards (until 5 March 2015) Mr Charles Joseland (from 5 March 2015) Mr Simon Ormiston Mr Stephen Wyborn |
|
Director of Communications |
Mr Paul Mylrea |
|
Director of University Information Services |
Dr Martin Bellamy |
|
Head of the University Research Office |
Dr Peter Hedges |
|
Chair of the Audit Committee of Cambridge Assessment |
Mr Bruce Picking |
|
Chair of the Audit Committee of Cambridge University Press |
Professor Sarah Worthington |
The table below provides information on meeting dates and attendance.
|
Date |
Members and associated Class |
Senior officers and guests |
Auditors |
Apologies 2 |
Quorate |
|||
|
(a) |
(b) |
(c) |
(d) |
|||||
|
02/10/14 |
1 |
2 |
3 |
1 |
2 |
Internal: 3 |
5 |
Yes |
|
13/11/14 |
1 |
2 |
4 |
2 |
6 |
Internal: 2 External: 3 |
0 |
Yes |
|
15/01/15 |
1 |
2 |
3 |
1 |
6 |
Internal: 4 |
2 |
Yes |
|
05/03/15 |
1 |
2 |
4 |
2 |
5 |
Internal: 3 External: 2 |
0 |
Yes |
|
07/05/153 |
1 |
2 |
3 |
2 |
5 |
Internal: 3 |
3 |
Yes |
|
02/07/15 |
1 |
1 |
4 |
1 |
5 |
Internal: 3 |
3 |
Yes |
The Audit Committee’s terms of reference are set out in Statutes and Ordinances of the University of Cambridge. It is the duty of the Audit Committee:
(a)to keep under review the effectiveness of the University’s internal systems of financial and other control;
(b)to advise the Council on matters relating to the external and internal auditors including their appointment, the provision by the auditors of any additional services outside the scope of their regular responsibilities, the remuneration of the auditors, and any questions relating to the resignation or dismissal of auditors;
(c)to ensure that sufficient resources are made available for internal audit;
(d)to approve proposals for internal audit put forward by the internal auditors;
(e)to review annually with the external auditors the nature and scope of the external audit;
(f)to consider any reports submitted by the auditors, both external and internal;
(g)to monitor the implementation of any recommendations made by the internal auditors;
(h)to satisfy themselves that satisfactory arrangements are adopted throughout the University for promoting economy, efficiency, effectiveness, and risk management;
(i)to establish appropriate performance measures and to monitor annually the performance and effectiveness of the external and internal auditors;
(j)to consider, in consultation with the external auditors, (i) any financial statements annexed to the abstract of accounts, including the auditors’ report, and (ii) any statement provided by the Council on the governance of the University;
(k)to ensure that all significant losses are properly investigated and that the internal and external auditors, and where appropriate the Higher Education Funding Council for England, are informed;
(l)to oversee the University’s policy on fraud and irregularity, and to ensure that they are informed of any action taken under that policy;
(m)to make an annual report to the Council, the Vice-Chancellor, and the Higher Education Funding Council for England;
(n)to receive reports from the National Audit Office and the Higher Education Funding Council for England, and to advise the Council thereon;
(o)to forward minutes of their meetings to the Council.
Deloitte LLP were reappointed as internal auditors for the University with effect from 1 August 2014 until 31 December 2017.
The performance of the internal auditors and their lead partner is considered annually by the Committee.
The annual report for the period 1 August 2014 to 31 July 2015 was received by the Audit Committee at its meeting of 8 October 2015 (see Appendix A [not included with this report]). Subject to the limitations of the work described in Deloitte LLP’s report, the internal audit opinion given was as follows:
‘We provide reasonable assurance that the University has an adequate and effective system of risk management, control, and governance, and considers economy, efficiency, and effectiveness in its systems and processes for the year ended 31st July 2015. The control issues identified during our work do not materially impact upon the assurance statement provided.’
Internal audit plans are prepared annually on the basis of weighted risks and ownership, as set out in the University’s key risk register, and key issues identified in interviews with a selection of Committee members and Senior officers. A greater focus on strategic risk was introduced as part of the revised approach to internal audit in 2014–15. As part of this approach, different teams of auditors have been assigned to undertake the work, as appropriate, for example specialist auditors for more specialized audits such as cyber security.
Audits are themed by function and some are Department-based. Departmental audit is now principally covered by an annual departmental self-assurance survey which was rolled out fully across the University for the first time this financial year. The survey covers all areas of the traditional on-site departmental audits and will be an annual exercise. The survey yielded a very high response rate and the findings have been followed up for validation by in-person meetings. The results are being shared with Schools to highlight best practices and areas of improvement needed.
The Committee considers all reports submitted by the internal auditor. Each internal audit report is assigned to a member of the Committee for detailed consideration. Reports are presented by the internal auditors and feedback and queries are subsequently invited from the member to whom the report had been assigned.
Deloitte LLP provide an assessment of the adequacy and effectiveness of systems using the following definitions:
|
Full |
There is a sound system of internal control designed to achieve the University’s objectives. The control processes tested are being consistently applied. |
|
Substantial |
While there is a basically sound system of internal control, there are weaknesses, which put some of the University’s objectives at risk. There is evidence that the level of non-compliance with some of the control processes may put some of the University’s objectives at risk. |
|
Limited |
Weaknesses in the system of internal controls are such as to put the University’s objectives at risk. The level of non-compliance puts the University’s objectives at risk. |
|
Nil |
Control processes are generally weak leaving the processes/systems open to significant error or abuse. Significant non-compliance with basic control processes leaves the processes/systems open to error or abuse. |
Deloitte LLP classify their recommendations as follows:
|
Priority 1 |
Issues that are fundamental to the University, for the attention of senior management and the audit committee. |
|
Priority 2 |
Issues that are fundamental to the area subject to internal audit, for the attention of senior management, and the audit committee. |
|
Priority 3 |
Important issues to be addressed by management in their areas of responsibility. |
|
Priority 4 |
Housekeeping issues or good practice suggestions. |
Fees paid for work completed in Financial Year 2014–15 are shown in Appendix C.
PricewaterhouseCoopers LLP (PwC) were reappointed as external auditors for the University for the financial year 2014–15.
Mr Charles Joseland succeeded Mr John Minards as the Engagement Partner of external auditor PwC in March 2015.
In accordance with HEFCE’s Financial Memorandum an external auditor is appointed or reappointed annually. The Statutes and Ordinances of the University of Cambridge also require that the accounts of the University are audited annually by qualified accountants appointed by Grace on the nomination of the Council.4
A Grace submitted to the Regent House on 18 February 2015 recommending the reappointment of PricewaterhouseCoopers LLP was approved on 27 February 2015.
At its January 2015 meeting the Committee agreed that the external auditors provided a high quality of service and were good value for money. The Committee therefore recommended to the Council that a Grace be promoted for the reappointment of PwC as the external auditors for the Financial Year 2014–15.
Market testing of the external auditors is required to be carried out every seven years, and appointment/reappointment of external auditors is due in the 2015–16 financial year. A sub-group of the Audit Committee has been set up to consider the matter.
During 2014–15 the external auditor carried out work in the following areas for the University: tax compliance, accounting treatment advisory, pensions advice, and investigation services at Cambridge University Press (CUP); an investigation carried out at the instruction of the Audit Committee into potential cost overruns on Phase 1 of the North West Cambridge development; tax compliance for certain University subsidiary companies; certain local accounts procedures for international operations; an external project administered by Cambridge Institute for Sustainability Leadership; and other minor engagements. In each case the engagement was subject to the Audit Committee’s policy on non-audit services to ensure that the external auditor’s independence was not placed at risk.
The external audit management letter 2014–15 submitted by PricewaterhouseCoopers LLP was received by the Audit Committee at its meeting on 19 November 2015.
The Audit Committee considered the report and was satisfied with the remarks on auditing and accounting matters, detailed control observations, and other observations from around the University group.
Fees paid for work completed in 2014–15 are shown in Appendix D.
The Council is responsible for reviewing the effectiveness of the system of internal control. The Audit Committee supports the Council in this role through the following processes:
(a)The Council receives periodic reports from the Chair of the Audit Committee concerning internal control and receives the minutes of all meetings of the Audit Committee;
(b)The Audit Committee receives regular reports from the internal auditors, which include the internal auditors’ independent opinion on the adequacy and effectiveness of the University’s system of internal control and risk management, together with recommendations for improvement;
(c)The Council’s review of the effectiveness of the system of internal control is informed by the work of the internal auditors. They operate to the standards defined in Accountability and Audit: HEFCE Code of Practice;
(d)The Audit Committee reviews and reports on the implementation of recommendations made and agreed in the regular audit cycle and other investigations.
Through the consideration of reports from the internal auditors and other investigations the Audit Committee is assured that the University’s system of internal control is currently effective and is able to report its reassurance to the Council for the year 2014–15.
Deloitte LLP has confirmed its reasonable assurance that the University has an adequate and effective system of risk management, control, and governance, and considers economy, efficiency, and effectiveness in its systems and processes for the year ended 31 July 2014. They have further confirmed that the control issues identified during their work do not materially impact upon the assurance statement provided.
The University of Cambridge pursues good practice in Risk Management as given in the Turnbull Committee guidance, and endeavours to comply fully with HEFCE and other statutory requirements. The University’s view of acceptable risk is derived from a balanced view of all the risks in its operating environment. Risks are prioritized and assessed according to qualitative and quantitative measures. The strategy is as follows:
i.A Risk Steering Committee (RSC) oversees the risk management process as a whole, on behalf of Council. The Chair of the Risk Steering Committee is the Senior Pro-Vice-Chancellor who attends Audit Committee meetings. The Chair of the Audit Committee is one of three Council representatives on the Risk Steering Committee. This strengthens the link between audit and risk management.
ii.A Risk Policy is reviewed and revised annually.
iii.The identification of the fundamental risks affecting the University and its Departments, Faculties, and central bodies. These are reviewed biannually to ensure that the full scope of the University’s activities is covered.
iv.Determining the appropriate risk appetite and level of exposure for the University as a whole.
v.Implementation of arrangements to manage fundamental risks and examination of the effectiveness of those arrangements. Where risk management is judged weak, poorly understood, or limited in effect, controls have been and will be enhanced.
vi.Allocating responsibility for the management of risks to senior university officers.
vii.A review of risks and their management at least once a year.
i.Audit Committee
The Audit Committee provides advice to the Council on the effectiveness of the Risk Steering Committee and on the internal control system, including the University’s system for the management of risk. The Audit Committee received the Risk Steering Committee’s annual report and annual review of the University’s key risk register at its second meeting of the year. The interim revised key risk register was received at the meeting on 7 May 2015.
Members of the Audit Committee are invited to bring their copies of the key risk register to all meetings to help inform discussions of audit reports and the impact on risk management, and also to plan the audit cycle.
A cycle of presenters to speak to the Committee about key risks and to answer questions directly was initiated in 2015.
ii.Internal audit programme
The internal audit programme is responsible for providing independent and objective assurance on the University’s operations in order to evaluate and improve the effectiveness of the University’s internal control systems. The internal audit strategy is developed around the University’s objectives and assessment of its fundamental risks including an evaluation of the effectiveness of the University’s risk management process. The 2014–15 plan placed particular emphasis on priority risk areas and working more interactively with Schools and Departments, sharing audit findings and best practice more widely. This was achieved through attendance by the internal auditors at the meetings of School Councils, School Secretaries, and School Finance Managers. The internal audit Senior Engagement Partner also attended Risk Steering Committee meetings as an observer. A departmental self-assurance survey is now a central component of the annual audit programme and contains a set of questions devoted to risk. Similarly, risk management arrangements are a standard and continuing aspect of all departmental audits.
iii.External audit
External audit informs the Audit Committee on the operation of the internal financial controls reviewed as part of the annual audit.
The Audit Committee has a number of standing agenda items: Value for Money (‘VFM’), Fraud, Risk Management, and HEFCE. For each of these items it asks for updates from senior university officers and also seeks assurance from the internal auditors.
The University’s Resource Management Committee (RMC) oversees VFM reporting for the University. The Chair of RMC, the Senior Pro-Vice-Chancellor, attends Audit Committee meetings and provides statements on behalf of the RMC. The internal auditors consider VFM as a standard item in institution or system audits.
A set of value for money reporting indicators continue to be used, following the Resource Management Committee’s approval of these in October 2013. The chosen indicators focus on ‘institutional effectiveness’ at the strategic level and, by focusing on overall performance in core areas of teaching, research, and administration, aim to demonstrate how effectively the University uses its resources. Various measures are used to indicate how well the University is using its resources and transforming them into ‘results’, and, ultimately whether the University is institutionally effective. Performance can be tracked over time and considered in comparison to the University’s key competitors.
The University and Colleges continue to explore opportunities for collaboration in the context of potential shared services and initiatives designed to provide better value for money for both.
Under the Financial Regulations, any member of staff must report immediately to the Registrary and the Director of Finance any suspicion of bribery, fraud, or other irregularity. Instances of bribery and fraud that involve sums of over £25,000 must be reported to HEFCE under the terms of the Financial Memorandum.
Over the 2014–15 academic year there have been no instances of fraud in excess of £25,000. There was one report of fraud in the University under this threshold. This matter concerned an employee in Judge Business School who had already left the University’s employment when the fraud was discovered. The internal auditors have investigated the matter and reported. There is no reason to expect any repetition of the behaviour concerned. Cambridge University Press and Cambridge Assessment make separate reports of fraud to the Audit Committee. Cambridge Assessment reported a suspected instance of fraud to the Committee at its November 2014 meeting, and Cambridge University Press reported a further incident at the January 2015 meeting.
Following the greater focus placed on the University’s priority risk areas in the 2014–15 internal audit plan the Senior Engagement Partner of Deloitte LLP attended both Risk Steering Committee meetings in 2014–15 as an observer. This helped give the internal auditors better insight into the University’s approach to and discussions about risk.
As is customary, a summary of Schools’ and NSIs’ risks was presented to the Risk Steering Committee at its half-year meeting. These summaries were subsequently shared with Schools and NSIs to allow them to view others’ risk profiles and to encourage consistency across the types of risks identified and the assessments made.
The risk management training seminars targeted at Departmental Administrators were continued in Michaelmas Term 2014 and Lent Term 2015. The seminar included a speaker from a Faculty to champion the benefits of risk management at a local level and for the purpose of strategic and financial planning and to help promote best practice and a consistent approach. Separately, at the request of one Department in the School of Biological Sciences, a training session on risk management was presented. A further presentation was given in September 2015 at a Planning Forum meeting organized by the Planning and Resource Allocation Office and attended by School and NSI representatives. This was timely in view of the forthcoming preparation of risk registers and business plans by institutions for submission as part of the 2015 planning round.
Following the internal audit on the University’s emergency management planning in 2013–14 work was completed on uploading Departments’ and institutions’ Emergency Action Plans (EAPs) onto an online repository. More recently, it has been agreed to transfer EAPs to a more technically agile system hosted by Estate Management. The system, Micad, already contains detailed building plans and compliance documents and is therefore well suited to host emergency action plans. The familiarity of the system to Departments should prove beneficial. Its capability to generate automatic reminder emails to institutions when an updated EAP is due is also an efficiency gain.
The University’s emergency management team, the Silver Team, was convened on 19 July 2015 in light of the major incident affecting IT services caused by storm damage the previous night. Services were functioning normally by midday as a result of the actions taken by the University Information Services (UIS) Division. In collaboration with the UIS, the University’s Silver Team is being equipped with improved IT facilities to assist the Team in an emergency. A test exercise for the Silver Team will be carried out in Lent Term 2016.
(i)HEFCE’s assessment of institutional risk
The Committee received a copy of the letter from HEFCE stating its opinion that the University is ‘not at higher risk’.
(ii)Assurance on Colleges’ use of HEFCE funds
The Committee
has agreed a protocol enabling the Director of Finance, on an annual basis, to provide
assurance to the Audit Committee that the funding transferred to the Colleges was being
used for the intended educational purposes. The calculation for 2013–14 was considered
by the Audit Committee at its meeting in May 2015. The findings demonstrated that there
was still adequate headroom between each College’s expenditure on undergraduate
education and the funding transferred, thereby providing assurance that the tuition
income was properly applied by the Colleges for educational purposes (see 
Appendix
E(i)).
In support of the mechanism described
above, an annual meeting takes place between the Chair of the Audit Committee, the Chair
of the Colleges’ Committee, the Registrary, and the Chair of the Bursars’ Committee. An
agreed note of the meeting is submitted to the Audit Committee. The annual report by the
General Purchasing sub-Committee to the Bursars’ Committee on Value for Money is also
submitted to the Audit Committee. The third such meeting took place in March 2015 (see
Appendix E(ii)).
In addition to the standing agenda items, the Audit Committee has considered the following items as part of its business during the 2014–15 financial year:
(i)Reappointment of internal auditors
Deloitte LLP’s reappointment in August 2014 to provide the University’s internal audit function was subject to a refreshed approach to their service which included an increased focus on priority risk areas as aligned with the University’s Key Risk Register, a broader insight from specialist and senior input, and greater self-assurance by Schools and Departments. The self-assurance has taken the form of a survey developed to reflect key risk areas and the results of the first survey will be presented to the first meeting of 2015–16. Areas of best practice and activities needing development will be highlighted in the survey report and the findings shared with Schools. Data analytics will also be used to give assurance on Departments’ compliance with key processes in high risk areas.
The revised approach also includes a stronger engagement with Schools and Departments and the internal auditors have attended School Council meetings, School Secretaries, and School Finance Managers meetings to discuss internal audit matters. Further meetings with other groups (e.g. School Office meetings) are planned for 2015–16. New online internal audit guidance for Departments is also in preparation.
Key audits in 2014–15 included the UIS change implementation project, cyber security, and alumni management and fundraising. The UIS and cyber security will be audited further in 2015–16, along with other principal audits of University’s subsidiary companies, aspects of the North West Cambridge project, and the follow up of the review findings into bio facilities.
(ii)Policy against bribery and corruption
At its July meeting the Committee received an annual review of the University’s policy against bribery and corruption. The review summarized the actions taken to implement the policy across the University, for example an annual memorandum to Heads of Institutions and Departmental Administrators to remind them of the policy, where to find it, and any updates to highlight. The review noted the internal audit report on the University’s Whistleblowing policy submitted to the Audit Committee in May 2015. The report recommended a review of the existing policy and the establishment of proactive procedures for communication of the policy. Work on these areas will be carried out in 2015–16.
Almost 2,000 staff have undertaken the online Bribery and Corruption training module. However the report notes that there are areas where take-up has been slow and these are to be targeted.
Cambridge University Press and Cambridge Assessment have separately provided assurance to the Audit Committee that their own policies against bribery and corruption are compliant with the University’s policy.
(iii)North West Cambridge Project Phase 1
In the light of potential forecast budget cost overruns reported for the project to the Finance Committee and the Council in July 2015, the Audit Committee, on the recommendation of these senior bodies, established an Audit Group with the following membership and terms of reference:
Mr Mark Lewisohn (Chair)
Ms Ruth Cairnie (a member of the Finance Committee)
Professor Duncan Maskell (Senior Pro-Vice-Chancellor)
Dr Ruth Charles (a member of the Audit Committee)
Mr David Grover (Chief Operating Officer for Investment at Mace)
Mr David Parsons (Legal Services Office) (Secretary)
The work of the Audit Group will comprise two parts to be carried out successively.
Part 1 will seek to establish:
|
(a) |
a detailed account of the substantial forecast costs overrun for Phase 1, including a narrative of the sequence of events, underlying causes, and contributory factors leading to it; |
|
(b) |
an analysis of current budget-setting and cost-monitoring processes, including the procedures for alerting appropriate senior University bodies to material changes in the financial position; |
|
(c) |
recommendations as to such immediate remedial actions as are required to ensure adequate cost control and timely escalation in the future; and |
|
(d) |
recommendations in respect of any other actions which in the view of the Audit Group should be taken as a matter of urgency in relation to the management and implementation of Phase 1. |
Part 2 will seek to establish:
|
(a) |
a wider analysis of the adequacy of the governance and management environment for the delivery of the NWC project, including the identification of any material deficiencies in existing strategies, systems, and/or skillsets; and |
|
(b) |
lessons to be learnt and recommendations for the future organization of the NWC project and any other future large scale development projects within the University. |
The Audit Group was supported by the engagement of PwC to undertake a fact-finding audit of the background to the forecast budget overrun. The Audit Committee engaged PwC to undertake this work because the University’s internal auditors, Deloitte, examine, as part of the audit plan approved by the Committee, various aspects of the project for report to the Committee but had not been required to undertake a generic review of the type commissioned from PwC.
The Audit Group reported to the October meeting of the Audit Committee and its conclusions were considered and adopted by the Council at its meeting on 19 October 2015.
During 2014–15 the Committee agreed that it was beneficial to seek alternative sources of assurance by inviting senior staff to present at Committee meetings, particularly in areas corresponding to the University’s key risks. In November 2014, the Director of Communications spoke to the Committee about managing risks in relation to the use of social media in the University. In January 2015 the Director of University Information Services gave a presentation on the University’s approach to tackling cyber security. In July 2015, the Head of the University Research Office addressed the Committee on managing risks in relation to external research activities and on the Research Funding risk more generally. A full cycle of presentations to cover those of the University’s key risks which currently carry a ‘red’ or ‘orange’ status is being arranged for 2015–16.
Audit Committee workshops are opportunities to discuss strategic issues in more depth, often based around an expert presentation. These workshops operate in part as professional development opportunities for the Committee’s members. During the financial year 2014–15 two workshops were held. The first workshop, held in November 2014, was attended by the Chief Executive and Chief Financial Officer of Cambridge University Press and the Group Finance Director of Cambridge Assessment who gave presentations on their respective operating environments, strategies, and risk management.
The second workshop was held in May 2015. The Director of Estate Strategy and Director of Operations in the Estate Management Division gave a presentation on the University’s Estate strategy. This was followed by a review of the University’s Strategic Risk Register by the Senior Pro-Vice-Chancellor.
Appendices B–E(ii) are available online at http://www.admin.cam.ac.uk/reporter/2015-16/weekly/6410/AuditReport_Appendices_2014-15.pdf.
1The % figure differs from that given in the Internal Audit Annual Report for the reasons outlined in paragraph 1.2.
2Figures refer to Committee Members, Senior Officers, and Chairs of CUP and CA Audit Committees.
3The Vice-Chancellor attended this meeting to give his annual report to the Audit Committee.
4Statutes and Ordinances of the University of Cambridge, 2014, p. 47.
Both the Yard and the Combination Room will be closed on Wednesday, 3 February 2016, on the occasion of the Honorary Degree Congregation. Access to the University Offices will be from Trinity Lane. Only those with admission tickets for the Congregation and other authorized persons will be allowed to enter the Yard during the closure.
The University Combination Room will also be closed on Tuesday, 2 February 2016.