Compliance and Risk

Compliance and RiskInsurance, Audit and RiskAudit

Internal audits

Internal audits are conducted in order to provide independent assurance to the University’s management, governing authorities and other stakeholders. Reviews are planned on an annual cycle agreed between the internal auditors, management and the University’s Audit and Risk Committee. In addition, ad hoc topical reviews may be requested by Council.

Audit should not be seen as a policing activity, but as a useful tool for reviewing and improving the risk management, control and governance of our processes. These reviews assist us in assessing whether the following points are being met, and to identify improvements that should be made to systems and/or processes to better achieve this. Audit assesses:

  • That risks are understood and appropriately controlled
  • That accounting information is accurately and meaningfully recorded and reported
  • That the University’s objectives are met in a way that provides good value for money 

 You can find out more about External Audit on the Finance Services website.

The role of University staff in audits

Pre audit planning - The audit sponsor from the area to be audited will agree the scope of the review within the framework set by the audit plan. This provides input with appropriate knowledge and experience. At this stage, staff in relevant posts or other areas required will be identified to assist with the audit. The audit sponsor will need to make these areas aware so that they have sufficient time to prepare. 

Audit fieldwork – Relevant staff will help the auditors to perform the review. This could be via interviews, or actually stepping through processes and transactions. It is important that this is completed by personnel who perform the relevant roles and therefore have a good understanding of the processes that are being reviewed. The auditors will discuss with the nominated contact any issues identified prior to submitting a draft report.

Agreeing the audit report – The auditors will submit a draft report to management. This may include an action plan and associated timeframe. There is opportunity to challenge and provide additional evidence before the report is finalised. Once the report is agreed, management will provide a response, effectively agreeing to the actions and committing to the stated timeframe. A named owner will be allocated to each required action.

Implementing the actions – The named action owner will then implement the action(s) within the stated timeframe. The nominated contact within the area audited should collate these updates and provide evidence to the Audit and Risk team supporting completion of the action plans. The Audit and Risk team will report against target to the University’s Audit and Risk Committee.

If you require any further information please contact the Audit and Risk team.

More detail on how all of this works can be seen here:

Audit Process

Audit Visual