4 minute read
Statement of Internal Controls
Council is responsible for maintaining a sound system of internal control that supports the achievement of policies, aims and objectives, while safeguarding the public and other funds and assets for which it is responsible. The University’s arrangements for the prevention and detection of fraud, bribery, corruption and other irregularities are designed to manage rather than eliminate the risk of failure to achieve policies, aims and objectives and can, therefore, only provide reasonable and not absolute assurance against material misstatement or loss. The key elements of the University’s system of internal control, which is designed to discharge the responsibilities set out above, include the following:
◼ clear definitions of, and the authority delegated to, heads of academic units and heads of administrative services ◼ a comprehensive medium and short-term planning process, supplemented by detailed annual income, expenditure, capital and cash flow budgets ◼ clearly defined and formalised requirements for approval and control of expenditure ◼ comprehensive Financial
Advertisement
Regulations, detailing financial controls and procedures, approved by Council and Finance
Committee ◼ key performance and risk indicators, which are monitored by the senior management team (through Executive Board) on a regular basis. Appropriate action is taken to address performance issues and the outcome reported to Council
The approach to internal control is risk-based. There is an ongoing process designed to: ◼ identify the principal risks (whether business, operational, compliance or financial) to the achievement of policies, aims and objectives ◼ evaluate the nature and likelihood of principal risks becoming a reality, and the potential impact ◼ take steps to manage risks efficiently, effectively and economically ◼ review high-ranking risks (in terms of likelihood and impact) during the year ◼ make regular reports on internal control and risk to Council (as well as Executive Board and Audit,
Risk and Assurance Committee) to assure it that procedures are in place for the identified risks to be managed The University requires colleagues and all its lay members to act honestly and with integrity and to safeguard the public resources for which they are responsible. The University has a Policy and Procedure on Public Interest Disclosure (Whistleblowing) which encourages and enables employees to call out when they encounter or suspect malpractice. It provides protection for those making such disclosures who act in good faith consistent with the Public Interest Disclosure Act. No whistleblowing cases were raised internally during 2021–22.
Council is of the view that the University’s risk management response has been appropriate. The effectiveness of the system of internal control is regularly reviewed by Council and accords with the internal control guidance for directors in the Combined Code as deemed appropriate for higher education. It is informed also by a professional internal audit team, which complies with the professional standards of the Chartered Institute of Internal Auditors. Internal audit coordinate their work appropriately with the external auditors and other assurance providers to help improve our internal controls and support the delivery of value for money. Senior management and Audit, Risk and Assurance Committee have also reviewed the performance of internal audit and are satisfied with it. The Internal Audit Strategy and Plan is approved by the Audit, Risk and Assurance Committee. The senior management team and Audit, Risk and Assurance Committee receive regular internal audit reports (which include recommendations and actions for improvement) and an Internal Audit Annual Report, which is provided to Council. The Internal Audit Annual Report for 2021–22 includes the opinion that the University’s arrangements for risk management, internal control, corporate governance and value for money are generally adequate and operating effectively, and can be relied upon by Council. A small number of fundamental findings have either been addressed or are being addressed by management. We neither identified nor were given any cause to notify the OfS of any reportable events. From 1 January 2022, the Office for Students’ revised definition of a reportable event came into effect (Regulatory Advice 16: Reportable events).
Public disclosure
Council membership, agenda, unreserved papers and minutes are all made publicly available on the University website ncl.ac.uk
Major incidents during the year
The pandemic continued to be a challenging threat to business continuity. Extensive measures were put in place to support all our students and follow all the health and safety protocols that were necessary. Our campuses in Malaysia and Singapore faced identical challenges and responded in similar ways. We have continued to make extensive efforts to communicate to students, colleagues and stakeholders throughout the pandemic about the steps we are taking to maintain our provision of services, fulfil our primary purpose and maintain a safe environment.
The University and College Union (UCU) voted to engage in industrial action due to disputes related to pay and the Universities Superannuation Scheme. Following a period of industrial action in spring 2022 and a planned marking and assessment boycott, the University and the local UCU branch reached an agreement to review the number of fixed-term contracts and the length of the working week which brought the industrial action and marking and assessment boycott to an end.
We have continued to pay particular attention to safety, mental health and wellbeing, academic delivery, student experience, student recruitment (in particular, international student recruitment), finances, IT and cyber security. This approach was discussed with and agreed by Council who paid special attention to issues of student mental health, international risks, the student experience, cyber security and financial sustainability.
