Minutes of the Meeting of the Audit Committee of the Council, Thursday, 21St May 2015

AUDIT COMMITTEE

Minutes of the meeting of the Audit Committee of the Council, Thursday, 21st May 2015

PRESENT:Mr Rob Perrins (Chair)

Ms Amanda AllenMr Sanjay Khullar

Mr Surinder SharmaMr Paul Williams

IN ATTENDANCE:Mr Andrew Bush Mr Tony Felthouse

Mr Alan HawkesworthProfessor Helen Higson

Miss Katherine MillattMr Will North

Ms Geraldine Rutter Mr Neil Scott

Mr John Walter (Secretary)

APOLOGIES:Mr Rob FeketeMr David Newcombe

Mr Paul Pharaoh Mr Mike Russell

GOVERNANCE MATTERS

Declarations of Interest

15/33NOTED:

That Mr Surinder Sharma’s wife was a member of the Council of the University of Leicester and that Mr Andrew Bush was the internal auditor for the University of Leicester, which could have relevance to the discussion of possible sponsors and providers of the curriculum for the Aston Medical School (see Minute 15/51viii).

Minutes

15/34RESOLVED:

That the Minutes of the meeting of the Committee held on 22nd January 2015 be approved and that they be signed by the Chair.

Matters Arising from the Minutes

15/35RECEIVED:

A summary of matters arising from the minutes of the previous meeting in paper AU/15/12.

Implications of the Adoption of International Financial Reporting Standards (minute 15/5)

15/36RECEIVED:

A report on progress with the ongoing FRS 102 preparations (in paper AU/15/12a), noting that provisional converted balance sheets and results for 2014/15 had been prepared. Additionally, the provisional accounting policies for the FRS 102 financial statements had been drafted which had raised a number of points that would require Audit Committee and Council’s decisions before the policies could be finalised. 2014/15 would be used as a comparative year for the first set of FRS 102 accounts, due for the 2015/16 financial year. The University would need to prepare converted 31 July 2014, 2015 and 2016 balance sheets plus restate the results for 2014/15 and 2015/16.

15/37RESOLVED:

i) To accept a recommendation that the accruals model for recognising government revenue and capital grants should be adopted by the University.

ii) To accept a recommendation to apply Section 11 and 12 of FRS 102 in full for basic financial instruments. This should be monitored and if requirements changed the policy should be reviewed and consideration given to the adoption of the alternative hedge accounting approach allowed under IAS 39.

iii) To consider a report at the next meeting detailing the full implications of the adoption of FRS 102 including the financial impact (eg on disclosures, covenants, cash flow and going concern) of potentially large scale adjustments to net assets such as: revaluation of land, USS pension scheme, AUPS pension scheme, deferred capital grants accounting, and ASV land brought back on balance sheet.

Aston University Pension Scheme (AUPS) and the Universities Superannuation Scheme (USS) (minute 15/6)

15/38RECEIVED:

An oral report from the Chief Financial Officer on AUPS and USS developments and the following points were noted:

i) The USS Joint Negotiating Committee (JNC) had agreed a joint proposal for reform of the USS, supported by both Universities UK and UCU. The UCU also consulted their members in pre-92 institutions about this proposal with 67% voting in favour. It was currently subject to a statutory consultation with relevant employees which would end on 22 May 2015. The USS trustees would then consider responses and recommend any modifications to the JNC which would decide upon the final changes to be made. As a result of the agreement, it was anticipated that the University’s employer contribution would increase by between £1.5 million and £2 million from April 2016 for which budget provision had been made.

ii) PWC had been advising the University on options to reduce the £11 million deficit in respect of the AUPS. The AUPS trustees would be expediting the review of the scheme when the USS proposals were finalised.

A further report would be made to the next meeting of the Audit Committee.

University Student Planning System (USPS) (minute 15/8)

15/39RECEIVED:

A report from the Chief Financial Officer that consideration was being given to how best to improve the current methodology for student number and associated fee forecasting which was largely based on spreadsheets. For the short term staff from the Registry Planning Team and Finance were working closely to optimise the operation of the current system, and for the medium term were reviewing planning systems used at other universities for possible implementation at Aston. Reports on progress would be made to future meetings of the Audit Committee.

ACTION: Deputy Vice-Chancellor/Chief Financial Officer

Fraud Risk Exercise (minute 15/10)

15/40RECEIVED:

An action plan to ensure that the University addressed the identified risk issues following the completion of the Fraud Risk exercise (in Paper AU/15/12b).

Embedding a High Performance Culture (minute 15/11)

15/41NOTED:

That Mr Paul Williams had been advising the Director of Human Resources on the development of the University’s Human Resources Strategy, which aimed to develop a high performance culture.

15/42RESOLVED:

In recognising the necessity for the Executive to keep under review the effectiveness of the organisational structure in its attempt to achieve a high performance culture, that Mr Paul Williams should advise the Chief Financial Officer on how this could best be achieved and on appropriate metrics to demonstrate that this was being undertaken.

ACTION: Chief Financial Officer

Organisation of the University’s Conference Business (minute 15/13)

15/43NOTED:

That a report would be made to a future meeting following completion of a review of the future management of the University’s conference business.

University Library and Information Services (minute 15/23)

15/44NOTED:

i) That business-critical areas of IT having significant control weaknesses and/or high risk profile had been included for review in the Internal Audit Plan for 2015/16 and future years (see minute 15/53);

ii) That the action plans to address control weaknesses and issues raised in the report of the IT Risk Diagnostic Exercise had been reported within the general report on responses to audit reports (see minute 15/62ii).

Transparent Approach to Costing (TRAC) Return for 2013/14 (minute 15/25)

15/45NOTED:

That the University’s TRAC return for 2013/14 had been submitted to HEFCE by the 31st January 2015 deadline.

Assessment of the Effectiveness of the Audit Committee

15/46RECEIVED:

An Aston University Governance Risk Mapping (paper AU/15/13) which indicated that in most areas the responsibilities of the Audit Committee could be met through the papers submitted and processes adopted. The following points were noted:

i) That there appeared to be one area of potential weakness in the Committee’s current reporting structure, relating to reassurance around issues of going concern. For example, the Audit Committee did not currently receive the management accounts, financial forecasts (including cash flow) and longer term financial plans (these being reviewed by the Finance and Major Projects Committee - FMPC).

ii) That the Audit Committee currently was, from a going concern perspective, therefore reliant upon the historical external audit process and representation given by the University Executive, to support the external auditors’ acceptance of going concern within an ongoing 12 month period.

iii) That the Audit Committee also did not currently formally receive and consider Loan Covenant tests nor the details of the operation of the Pension Schemes which could both impact on going concern (these were considered by FMPC).

This matter would be referred to the Chair of the Council.

ACTION: Chair and CFO

15/47RESOLVED:

That a questionnaire on the effectiveness of the Audit Committee should be developed, using CUC/HEFCE guidelines and in liaison with colleagues from PWC, for circulation to members of the Committee for completion over the summer period. The results of the survey should be analysed and a report prepared which would inform a general discussion at the next meeting of the role and effectiveness of the Committee.

ACTION: CFO and Secretary

BUSINESS FOR DISCUSSION

Actions to Improve University Processes in Respect of External Funding Returns and Data Quality

Student Recruitment 2015/16

15/48RECEIVED:

An oral report from the Deputy Vice-Chancellor on the recruitment of students for 2015/16, noting that undergraduate applications were 18% higher than for the same period last year which compared favourably to the 2% national increase. Undergraduate offers were 12% higher and acceptances 22% higher for 2015/16 entry compared to 2014/15. Whilst postgraduate taught applications for 2015/16 entry were 12% lower than for 2014/15 (reflecting the national position), acceptances had increased by 7%. Only approximately 70% of anticipated postgraduate applications had been received to-date. Schools and central teams were focused on offer making and conversion activities.

Annual Report on Data Quality

15/49RECEIVED:

The Annual Report on Data Quality (in Paper AU/15/14) which provided an overview of the quality of returns made by the University to external regulators over the last 12 months and compliance with the University’s Data Quality Policy. It was noted that Aston’s performance in providing accurate and timely returns had improved considerably, as a result of strengthening the team of staff, better working practices and enhanced staff development and training, and further improvements were planned. All returns had been submitted either before or met the deadlines, and all were compliant. HEFCE was increasingly positive about the University’s progress in improving the quality of its data returns.

15/50RESOLVED:

That the Executive should continue with its efforts to improve the systems and processes for data quality management across all areas of the University.

ACTION: CFO and DV-C

Strategic Risk Management Policy and the Institutional Strategic Risk Register

15/51 CONSIDERED:

On reference from the University Executive, the Strategic Risk Management Policy and the Institutional Strategic Risk Register.

15/52RECOMMENDED:

That the Executive give consideration to the following comments which were intended to assist the University to optimise the processes for the identification and management of strategic risks:

i) The risk surrounding extremism and failure to comply with the requirements of the new Counter-Terrorism and Security Act 2015 should be added to the risk register.

ii) Potential breaches of the University’s ethics policy which could result in reputational damage and/or financial and/or legal penalties, should be added. Metrics should be developed to measure the number and nature of ethical breaches, including those identified via the University’s speak up policy.

iii) A risk associated with data protection and security should be added.

iv) The risk associated with failure to make external returns in an accurate and timely manner (Risk 11) had reduced considerably following the actions taken by the University, and accordingly, this be removed from the register.

v) Members agreed that Paul Williams should advise the Director of Human Resources on appropriate strategic actions to reduce the risks associated with failure to embed a high performance culture (Risk 4).

vi) The QAA Higher Education Review of the University had indicated that Aston should undertake an annual review of student-facing support services. This could be a further measure of the effectiveness of actions taken to reduce the risks associated with failure to improve and sustain the students’ total experience (Risk 5).

vii) The University was making strenuous efforts to reach a consensual agreement with Lloyds Bank over the sale of ASV. However, until this matter was resolved, the risk rating for Risk 9 had been increased in view of the potentially high impact on the student experience and institutional reputation.

viii) Members noted that the risk rating of the Aston Medical School (AMS) (Risk 12) had been increased to reflect timing and financial impacts associated with the curriculum. Negotiations with one University over the provision of the curriculum and guarantor arrangements had recently fallen through and it had been necessary to approach another University. A revised business case for AMS was to be presented to the next meetings of the Finance and Major Projects Committee and the Council.

The Executive Team would review the Risk Register in September at its Senior Management Advance.

ACTION: CFO

BUSINESS FOR DECISION/APPROVAL

Internal Audit

15/53CONSIDERED:

The reports of reviews by the Internal Auditors in respect of the following:

i) Information Security (Paper AU/15/16).

ii) Capital Programme Governance (Paper AU/15/17).

iii) Internal control recommendations follow-up review (Paper AU/15/18).

iv) Internal Audit Progress Report 2014/15 (Paper AU/15/19).

v) Internal Audit Plan for 2015/16 (Paper AU/15/20).

15/54NOTED:

i) That PWC’s report of the internal control recommendations follow-up review indicated that of eight high and medium risk actions reported as ‘complete’ there was evidence to support the completed status of only six of these actions. Two actions, raised as part of the internal audit of Business Continuity Management, were found to be ‘in progress’ and not ‘complete’. Elements of the actions agreed were scheduled for completion in summer 2015, namely: an annual review of IT disaster recovery documentation; and an annual table top exercise to test the adequacy of IT disaster recovery arrangements

ii) That PWC’s report on information security contained two high risk, four medium risk and three low risk recommendations. The more significant findings related to processing errors that had resulted in IT access for staff not being removed when they left the University and inadequate processes to keep software up-to-date and free from security weaknesses. Other findings related to gaps in the protection against malicious software, weak authentication of users to the University network and key application (via “single sign on”), a lack of data encryption for staff laptops and the absence of a policy to define minimum information security standards. These control weaknesses increased the risk that a third party attacker or previous employee could obtain unauthorised access to sensitive university financial, personal or research data.

iii) That PWC’s report on the review of Capital Programme Governance identified one medium risk, two low risks and one advisory recommendation. The recommendations, if implemented, would improve the University’s Risk Management, Corporate Governance and Value for Money arrangements. The University has recognised these points and had recently introduced a ‘Business Plan Template for Major Initiatives’ (ie for programmes or projects in excess of £5 million) to address them. The template required programme teams to detail the key financial and non-financial benefits and initial and on-going investment sums for the programme. This template was then reviewed and approved by the EOG. PWC recommended that this template be completed for the Business School programme.

iv) Members thanked colleagues from PWC for the high quality and effectiveness of the reports submitted.

15/55RESOLVED:

i) That the University Executive should ensure that the recommendations of the Internal and External Auditors are addressed in a timely manner and should undertake a review of the effectiveness and accuracy of the system for tracking and reporting on progress in implementing such responses. ACTION: CFO

ii) That an external review should be undertaken of the University’s data protection and security systems. ACTION: COE

iii) That an action plan should be developed to address the various IT and data security weaknesses identified in Internal Auditors’ reports, for presentation to the next meeting. ACTION: COE

iv) That the University should utilise the ‘Business Plan Template for all Major Initiatives’, including for the Business School project. ACTION: CFO/COE

v) That the Internal Audit Plan should be reviewed with a view to ensuring that the internal audit focused on areas at most risk. To this end it was suggested that the time allocated for data quality and the student experience be reduced, to allow more time for review of IT (particularly school-based systems), ethics and/or the plan for the implementation of the AMS. ACTION: CFO

vi) A paper setting out how the University ensures there are effective arrangements for the management and quality assurance of data submitted to the Student Loans Company should be submitted for consideration at the next meeting of the Audit Committee. ACTION DV-C

External Audit

15/56CONSIDERED:

Paper AU/15/21, prepared by the University’s External Auditors, KPMG LLP UK, detailing a proposed External Audit Strategy and Planning Memorandum for the Financial Year ending 31st July 2015. This set out their fees, audit approach, timetable, materiality and areas of significant risk.

15/57RESOLVED:

To approve the proposed External Audit Strategy and Planning Memorandum for the Financial Year ending 31st July 2015, subject to any additional work being undertaken on the basis of a fixed fee approach. ACTION: CFO

HEFCE’s Annual Risk Assessment Exercise

15/58RECEIVED:

Paper AU/15/22, a letter (dated 17th March 2015) providing the outcome of HEFCE’s annual assessment of institutional risk for the University. It was noted that based on the accountability returns submitted for 2013-14, HEFCE’s overall assessment was that Aston was not at higher risk and that the University was meeting the accountability obligations set out in the Financial Memorandum (up until 1 August 2014, and then in the Memorandum of Assurance and Accountability). The letter included an appendix providing useful benchmarking information on Aston’s position compared to the HE sector against key financial metrics.

Audit Committee’s Schedule of Business: 2015/16

15/59RECEIVED:

Paper AU/15/23, summarising the Audit Committee’s schedule of business for 2015/15, noting that this would be discussed at the next meeting in the context of the discussion about the role and effectiveness of the Committee.

Annual Report on the University Ethics Framework for 2014/15

15/60RECEIVED:

The Annual Report on the University Ethics Framework for 2014/15 (in Paper AU/15/24). The Report outlined the work being undertaken to implement the Framework, to raise awareness across the institution and to encourage the development of an organisational culture in which Aston’s ethical values and principles were adopted by everyone in all that they do. It also set out actions agreed by the Ethics Sub-Group for 2015/16 which would help further to embed Aston’s ethical values and principles.