Skip to main content

Audit and Risk Committee

Meeting Dates 2023/24

  • 29 September 2023 
  • 10 November 2023 
  • 5 March 2024 
  • 10 May 2024 
  • 28 June 2024 

Terms of Reference of the Audit Committee

Agreed by Audit and Risk Committee 10 November 2023.

In these terms of reference, “University” shall be taken to refer to the whole University group, or activities, including subsidiaries and joint ventures.

1. Constitution

Council has established a Committee (of Council) known as the Audit and Risk Committee, whose authority and duties are set out below.

2. Membership

The Committee (and its Chair) are appointed by Council and consists of Independent Members with no executive responsibility for the management of the University. There shall be no fewer than three Members; a quorum shall be at least two Members. The Chair of Council should not be a Member of the Committee and Members should not have significant interests in the University.

The Committee shall consist of at least three Independent Members of Council, and include the Council Dual Assurance Lead for Finance and Investments.

There shall be up to two Independent Members of the Committee who are external to the University and not members of the Council, but who shall receive Council papers and have the right to attend Council meetings as observers.

At least one Member should have recent and relevant experience in finance, accounting or auditing, including experience of an Audit Committee elsewhere. Not all members are expected to have the same level of accounting expertise. The Committee may, if it considers it necessary or desirable, co-opt members with particular expertise.

Committee members shall be appointed by the Council on the recommendation of the Nominations Committee. Independent members of Council, excluding the Chair, are eligible for appointment to the committee for the duration of their term in office. Independent Co-opted members shall hold office for three years ordinarily and shall be eligible for reappointment after three years up to a maximum term of nine years.

3. Attendance at meetings

The Registrar and Secretary, the Chief Financial Officer, the Director of University Corporate Services, General Counsel, Assistant Director (Finance), the Assistant Director (Compliance and Risk) and representatives of the external and internal auditors shall usually attend meetings where business relevant to them is to be discussed. However, at least once a year the Committee will meet with the external and internal auditors without any executive officers present.

The academic leadership of the University is represented by the Provost. Other members of the University management team, may be asked to attend the Audit and Risk Committee to present audit actions plans or to discuss risks relating to their management area.

The Vice-Chancellor in the capacity of Accountable Officer will be invited to attend at least one meeting of the Audit and Risk Committee each year.

4. Frequency of Meetings
Meetings shall normally be held at least four times each financial year. The external or internal auditors may request a meeting if they consider it necessary.
5. Authority

The Committee is authorised by Council, as the University's supreme governing body, to investigate any activity within its Terms of Reference. It is authorised to seek any information it requires from any employee and all employees are directed to co-operate with any request made by the Committee.

The Committee is authorised by Council to obtain outside legal or other independent professional advice and to secure the attendance of non- members with relevant experience and expertise if it considers this necessary, normally in consultation with the Vice-Chancellor and Chair of Council.

The Committee will also confirm with the internal and external auditors that the effectiveness of the internal control system has been reviewed, and provide an opinion on this in its annual report to Council. Council will review the annual report and the efficacy of Audit and Risk Committee.

6. Duties

The Audit and Risk Committee shall have the following primary duties:

a. To seek assurance that the University's activities deliver value for money to the institution, its students, staff and stakeholders and that there is a strong focus on economy, efficiency, and effectiveness. 

b. To review and monitor the underlying culture of the University, especially with regard to matters of ethical practice and standards, legal compliance and the promotion of continuous improvement.

c. To promote the work of internal and external audit across the University.

d. To ensure that the work of the University's auditors adds value and supports the delivery of the institution's core strategic objectives.

e. To protect the University's assets by assuring the adequacy of financial control, including:

  • To review the effectiveness of financial and associated control systems
  • To ensure that all significant losses have been properly investigated and that the internal and external auditors and the Office for Students have been informed, where appropriate.
  • To oversee the University's policy on fraud and irregularity, including being notified of any action being taken under that policy.
  • To monitor annually, or more frequently if necessary, the implementation of approved recommendations relating to both internal and external audit financial reports and management letters.
  • To review the audit aspects of the draft annual financial statements of the University. These aspects will include the external audit opinion, the statement of members' responsibilities, the statement of internal control and any relevant issue raised in the external auditors' management letter (and will include the Office for Students' Accounts Direction). The Committee will also, where appropriate, receive advice on the appropriateness of the accounting practices and policies.

f. To gain assurance that there is a robust culture of risk assessment and management, including:

  • Assessing the adequacy and effectiveness of the risk management arrangements in place across the University, including the role of the University Executive Board as the body responsible to Council for the effective management and monitoring of risk.
  • To receive, three times per year, the University Corporate Risk Register and risk report.
  • Seek assurance that risks are being scored adequately and are being managed effectively.
  • With invited risk owners, carry out in-depth reviews of risks which carry a higher risk score.
  • To receive regular reports from the internal and external auditos on key sector risks, including emerging risks, and assess how the University is addressing or seeking to address them.
  • To provide assurance to Council that risks are being managed effectively and that risk management processes remain robust and aligned to the audit plan.

g. To assure there is effective corporate governance and regulatory compliance underpinned by mechanisms of accountability, including:

  • reviewing and evaluating compliance with policies, plans, procedures, laws and regulations, including the expectations of the Office for Students (as the higher education regulator) and the relevant professional, statutory and regulatory bodies.
  • ensuring that governance and regulatory compliance is a point of annual focus within the internal audit plan.

h. To assure the quality, timeliness and mangement of data provided to external regulatory and associated bodies, and also the adequacy of management information made available to the Audit and Risk Committee to fulfill its duties.

i. To oversee and manage the work of the internal and external audit functions (as set out in sections 7 and 8), including assuring that there is a clear understanding and visibility of the role of the audit functions across the University and effective engagement with the audit process within services and faculties that is owned and promoted by the senior management team.

j. To monitor the Public Interest Disclosure Procedure ('whistleblowing') to ensure appropriate investigation of all matters reported under the policy, including those regarding accounting and auditing.

k. Annually to assess its own effectiveness and every four years to commission an external review of effectiveness against best practice across the HE and other relevant sectors.

7. Oversight and Management of the Internal Audit Function
  • To advise Council on the appointment and terms of engagement of the internal audit service, the audit fee, the provision of any non-audit services by internal auditors and any questions of resignation or dismissal of the internal auditors.
  • To monitor the performance and effectiveness of internal audit service, including any matters affecting their objectivity, and make recommendations to Council regarding their appointment.
  • To agree the nature and scope of work to be undertaken by the internal auditors in each academic year.
  • To consider and advise Council on the risk based strategic and annual plans for the internal audit service, ensuring the internal audit function on a regular basis addresses the University's top risks in the risk regsiter where an internal audit is considered to be the best means of receiving assurance on the management of those risks and receiving presentations on controls and mitigation where the risk is not subject to internal audit.
  • The Committee will ensure that the resources made available for internal audit are sufficient to meet the University's needs (or make a recommendation to Council as appropriate).
  • To consider major findings of internal audit investigations and management's responses and to advise Council on internal audit reports.
  • Monitor that actions relating to internal audit findings are closed out effectively.
  • To receive an annual report from the internal auditors, which should include an opinion on the degree of assurance that can be placed upon the sustem of internal control.
  • To promote co-ordination between the internal and external auditors.
8. Oversight and Management of the External Audit Function
  • To advise Council on the appointment of the external auditors, the scope of their work, the audit fee, the provision of non-audit services by the external auditors and any questions of resignation or dismissal of the external auditors.
  • To monitor the performance and effectiveness of external audit services, including any matters affecting their objectivity, and make recommendations to Council regarding their reappointment.
  • To discuss with the external auditors, before the audit begins, the nature and scope of the audit.
  • To discuss with the external auditors problems and reservations arising from the interim and final audits, including a review of the management letter, informing management responses and any other matters the external auditors may wish to discuss (in the absence of management where necessary), and to advise Council accordingly.
  • To consider elements of the University's annual financial statements in the presence of the external auditors, including the auditors' formal opinion, the statement of members' responsibilities and the statement of internal control, in accordnace with the Office for Students' Accounts Direction.
  • To consider advice from the external auditors on the approriateness of accounting policies, estimates and adjustments.
  • To promote co-ordination between the external and internal auditors.
9. Other
  • To receive and review reports, inspections and reviews relatins to audit, prepared by the funding councils, the National Audit Office, European Commission and other similar bodies.
  • To receive and review audit reports, inspections and reviews (which may be produced by auditors engaged with other bodies) in respect of Falmouth Exeter Plus and any other subsidiary or joint venture.
  • In the event of the merger or dissolution of the University, to ensure that the necessary action are completed, including arranging for a final set of financial statements to be completed and signed.
  • To be called upon by Council in specific situations to request assurances as appropriate.
  • To agree what information about the work of the Committee should be published on the Unviersity's Governance webpages.
10. Reporting Procedures

The Minutes of meetings of the Audit and Risk Committee will be circulated to all Members of Council (attached to agenda papers for Council meetings). Summary minutes and non-confidential papers from each meeting shall be published on the Audit and Risk Committee page of the University's website.

The Audit and Risk Committee will prepare an Annual Report covering the University's financial year and any significant issues up to the date of preparing the report. The report will be addressed to Council and the Vice-Chancellor, summarising the activity for the year. It will give the Committee's opinion on the adequacy of the University's arrangements for the following:

  • Risk management control and governance (the risk management element includes the accuracy of the statement of internal control included in the annual statement of accounts). Economy, efficiency and effectiveness (value for money)
  • Management and quality assurance of data submitted to HESA, Office for Students and other funding bodies.

This opinion should be based upon the information presented to the Committee, taking into account the advice received from the internal and external auditors. The Audit Committee Annual Report should be submitted to Council before the Members’ Responsibility Statement in the Financial Statements is signed.

13. Clerking Arrangements
The Assistant Director (Governance) will act as Clerk to the Committee.


Membership 2023/24


Nicholas Cheffings (2025)

Independent Member of Council

Alison Reed (2025)

Independent Member of Council

Tim Weller (2026)

Independent Member (non-Council)

David Dupont (2026)

Independent Member (non-Council)

Simon Enoch (2025)