Reports and Financial statements 2009 - the University Offices ...

Statement of Internal Control 

1. The Council is responsible for maintaining a sound system of internal control that supports 

the achievement of policies, aims, and objectives, while safeguarding the public and other 

funds and assets for which the Council is responsible, in accordance with the Statutes and 

Ordinances and the Financial Memorandum with the HEFCE. 

2. The system of internal control is designed to manage rather than eliminate the risk of 

failure to achieve policies, aims, and objectives; it therefore provides reasonable but not 

absolute assurance of effectiveness. 

3. The system of internal control is designed to identify the principal risks to the achievement 

of policies, aims, and objectives, to evaluate the nature and extent of those risks and to 

manage them efficiently, effectively, and economically.This process was in place for the 

year ended 31 July 2009 and up to the date of approval of the financial statements, and 

accords with HEFCE guidance. 

4. The Council is responsible for reviewing the effectiveness of the system of internal control. 

The following processes have been established: 

(a) The Council meets 11 times throughout the year to consider the plans and strategic 

direction of the University. 

(b) The Council receives periodic reports from the Chairman of the Audit Committee 

concerning internal control and the minutes of all meetings of the Audit Committee. 

(c) The Council’s Risk Steering Committee oversees risk management.The Council receives 

periodic reports from the Chairman of the Risk Steering Committee and the minutes of 

all meetings of the Risk Steering Committee. 

(d) The Audit Committee receives regular reports from the internal auditors, which include 

the internal auditors’ independent opinion on the adequacy and effectiveness of the 

University’s system of internal control and risk management, together with recommendations 

for improvement. Each meeting of the Audit Committee receives a report from 

the Chairman of the Risk Steering Committee. 

(e) The University (through the Chair and Secretary of the Risk Steering Committee) offers 

tailored training and briefings (either on a one-to-one basis or in relevant groupings) to 

those whose roles involve risk management. 

(f ) A system of indicators has been developed for the University’s key risks. 

(g) A robust risk prioritization methodology based on risk ranking and cost–benefit 

analysis has been established. 

(h) A University-wide risk register is maintained as are registers at School level. 

(i) Key risks have been assigned to risk owners and risk reporting channels established. 

5. The Council’s review of the effectiveness of the system of internal control is informed by 

the work of the internal auditors Grant Thornton UK LLP.They operate to the standards 

defined in Accountability and Audit: HEFCE Code of Practice. 

6. The Council’s review of the effectiveness of the system of internal control is also informed by 

the work of the senior officers and the risk owners within the University, who have responsibility 

for the development and maintenance of the internal control framework, and by 

comments made by the external auditors in their management letter and other reports. 

68 University of Cambridge Annual Report 2009

Previous page

Next page

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

Reports and Financial statements 2009 - the University Offices ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?