What is assurance?

Assurance processes help to identify potential risk and vulnerabilities in activities, allowing senior leaders to make informed decisions and implement strategies to mitigate those risks. Assurance helps to protect the University from unforeseen issues and reduce the likelihood of mistakes.

The three lines model

The 'three lines' model is a framework used for effective risk management and governance: 

1. Operational management: functions that own and manage risk (those responsible for implementing and maintaining internal controls to mitigate risks)
2. Risk management and compliance: functions that oversee risk (support for the first line by providing expertise, guidance and oversight to ensure risks are managed effectively)
3. Independent assurance: functions that provide independent assurance (e.g. internal audit, commissioned reviews or specialist assurance assignments etc.)

Audit Committee

The Audit Committee is responsible for checking that the University has adequate and effective financial, operational and governance arrangements and reports annually to the University Council with an opinion on how well these structures are operating.

To form its opinion, the Committee needs to know:

1. the University has policies in place that set out requirements, responsibilities and guidance in areas of key risk;
2. processes to support those policies are working effectively.

In other words, the Committee needs assurance that things are working as intended.

The Audit Committee receives assurance from several sources, including internal reporting and through the work of the University's internal and external auditors. 

Further information can be found on the Audit Committee pages.

Internal audit

The internal audit function is responsible for providing an independent appraisal of the University’s financial and operational activities. Internal audit:

• can be thought of as a 'critical friend';
• provides advice on improving particular processes or controls in key areas of risk; and
• provides assurance to the Audit Committee and senior management that risk management, internal controls, processes and governance are working effectively

Where risks are identified, the University must consider what action it needs to take to address the underlying risk and subsequently demonstrate that it has done so.

The University operates a hybrid, managed outsourced internal audit model. This comprises a single, outsourced internal audit firm (Deloitte LLP),  supported by an internal Assurance Team who facilitate the work of the outsourced internal audit firm with a view to driving the effectiveness and efficiency of internal audit. This approach allows the University to combine external and independent audit expertise with in-depth knowledge of the academic and administrative processes at the University.

Further information can be found on our Internal auditing pages.

External audit

An external audit function is also required by the University's Statutes. The external audit function gives an independent opinion on the University’s annual financial statements. These statements summarise the University’s financial performance during the year. The Council, on the advice of the Audit Committee, appoints the external auditor. The external auditors work both within institutions and the Finance Division.

Further information can be found on our External auditing pages.

Governance site links:

• Audit Committee
• Internal auditing
• External auditing