Statement of internal controls
68
University of Winchester
Integrated Annual Report 2019-20
The Board of Governors has responsibility for maintaining a sound system of internal controls that supports the achievement of policies, aims and objectives, while safeguarding the public and other funds and assets for which they are responsible. This is in accordance with the responsibilities assigned to the governing body in the Office for Students terms and conditions of funding for higher education institutions dated 29 March 2019 (OfS 2019.12). Since the introduction of the Office for Students, which took on the funding and regulation of the Higher Education sector from 1 April 2018, the University has complied with the ‘carried forward’ powers and duties of the Office for Students including:
• The terms and conditions of Office for Students funding,
• The terms and conditions of Research England Grant funding, and
• The requirements set out in the Agreement on Institutional Designation, as outlined in the Office for Students terms and conditions of funding for higher education institutions. We have complied with the Office for Students ongoing conditions of registration including giving due regard to relevant guidance about how to comply with consumer protection law when developing and implementing policies, procedures and terms and conditions, and adopting and publishing a Student Protection Plan. We have complied with the terms and conditions of funding made under section 65 of the Further and Higher Education Act 1992, as amended by a statutory instrument setting out the transitional arrangements, the Higher Education and Research Act 2017
(Consequential, Transitional, Transitory and Saving Provisions) Regulations 2018. We comply with the CUC Code of Practice and refers to best practice guidance, including guidance from British Universities Finance Directors Group (BUFDG). The system of internal controls is designed to manage rather than eliminate the risk of failure to achieve policies, aims and objectives; therefore, it only provides reasonable and not absolute assurance of effectiveness. The system of internal controls is based on an on-going process designed to identify risks to the achievement of policies, aims and objectives, to evaluate the nature and extent of those risks and to manage them efficiently, effectively and economically. This process has been in place for the year ended 31 July 2020 and up to the date of approval of the Financial Statements, and accords with the Office for Students guidance. The Board of Governors has responsibility for reviewing the effectiveness of the system of internal controls. The following processes have been established:
• The Board currently meets at regular intervals of at least three times per year to consider the plans and strategic direction of the University.
• The Board receives periodic reports from the Chair of the Risk and Audit Committee concerning internal controls, and it requires regular reports from managers on the steps they are taking to manage risks in their areas of responsibility, including progress reports on key projects. The Board and ViceChancellor receive an annual report from the Chair of the Risk and Audit Committee covering the business of the Committee over that year.
• The Board has delegated to the Risk and Audit Committee some of the responsibility for providing oversight of risk management.
• The Risk and Audit Committee receives regular reports from the internal auditor, which includes their independent opinion on the adequacy and effectiveness of the University’s system of internal controls, together with recommendations for improvement.
• A regular programme of review is undertaken to identify and keep up to date the record of risks facing the organisation.
• Risk awareness is facilitated at University and operational levels as appropriate to the risk. Risk management is embedded in the operation of the University.
• A system of key performance and risk indicators has been developed.
• A robust risk prioritisation methodology based on risk ranking and cost-benefit analysis has been established. An organisationwide Risk Register, which is informed by HEFCE’s guidance Risk Management: a guide to good practice for higher education institutions, is maintained. The Risk Register identifies those risks which might prevent the University from achieving its strategic priorities.
• Reports are received from budget holders, department heads and project managers on internal control activities.
