Compliance and Risk

Compliance and RiskInsurance, Audit and RiskAudit

Internal audits

Internal audits are conducted in order to provide independent assurance to the University’s management, governing authorities and other stakeholders. Reviews are planned on an annual cycle agreed between the internal auditors, management and the University’s Audit and Risk Committee. In addition, ad hoc topical reviews may be requested by Council.

Audit should not be seen as a policing activity, but as a useful tool for reviewing and improving the risk management, control and governance of our processes. These reviews assist us in assessing whether the following points are being met, and to identify improvements that should be made to systems and/or processes to better achieve this. Audit assesses:

  • That risks are understood and appropriately controlled
  • That accounting information is accurately and meaningfully recorded and reported
  • That the University’s objectives are met in a way that provides good value for money 

 You can find out more about External and Internal Audit on the Finance Services website.

The role of University staff in audits

Pre audit planning - a nominated contact from the area to be audited will agree the scope of the review within the framework set by the audit plan. This provides input with appropriate knowledge and experience. At this stage, staff in relevant posts will also be identified to assist with the audit.

Audit fieldwork – Relevant staff will help the auditors to perform the review. This could be via interviews, or actually stepping through processes and transactions. It is important that this is completed by personnel who perform the relevant roles and therefore have a good understanding of the processes that are being reviewed. The auditors will discuss with the nominated contact any issues identified prior to submitting a draft report.

Agreeing the audit report – The auditors will submit a draft report to management. This may include an action plan and associated timeframe. Management will provide a response, effectively agreeing to the actions and committing to the stated timeframe. A named owner will be allocated to each required action.

Implementing the actions – The named action owner will then implement the action(s) within the stated timeframe. The nominated contact within the area audited should collate these updates and provide evidence to Compliance, Governance and Risk (CGR) supporting completion of the action plans. CGR will report against target to the University’s Audit Committee.

More detail on how all of this works can be seen in the Audit Visual