You are in :
HEFCE

June 2004/27 (web version updated December 2005)
Core funding/operations
Framework for accountability

This report is for information and guidance

Accountability and Audit: HEFCE Code of Practice

This document contains HEFCE's requirements for accountability and audit arrangements in higher education institutions and HEFCE's related bodies. It supersedes the 'HEFCE Audit Code of Practice' issued in May 2002 (HEFCE 2002/26), and is effective from 1 August 2004.

To: Heads of HEFCE-funded higher education institutions, connected institutions and related bodies
Heads of universities in Northern Ireland
Of interest to those responsible for: Senior management, Finance, Governance
Reference: 2004/27
Publication date: June 2004
Enquiries to:

Paul Greaves
tel 0117 931 7378
e-mail p.greaves@hefce.ac.uk

Peter Collingwood
tel 0117 931 7090
e-mail p.collingwood@hefce.ac.uk

Executive summary (read on-line)

Download

The Code plus Annexes A and B
[ MS Word 235K | Zipped Word 81K | Adobe PDF 292K | Zipped PDF 245K ]

Annexes C-K
[ MS Word 207K | Zipped Word 42K | Adobe PDF 198K | Zipped PDF 160K ]

Annex J updated 3 March 2005

December 2005 updates to paragraphs 37, 38, 132 and 141

Contents

  • Executive summary
  • Introduction
  • The corporate governance context
  • The higher education audit framework
  • General principles for internal and external auditors
  • Audit of HEIs by the HEFCE Assurance Service
  • Audit committees in HEIs
  • Internal audit arrangements in HEIs
  • External audit arrangements in HEIs
     
  • Annex A    Mandatory requirements
  • Annex B    List of abbreviations
     

  • Web-site

  • Annex C    Audit committee: model terms of reference
  • Annex D    Combined Code extract - Audit committee and auditors
  • Annex E    Audit committee annual report: a model format
  • Annex F    Procedures for market testing of externally provided internal and external audit
  • Annex G    Internal audit: model terms of reference
  • Annex H    External audit: model terms of reference
  • Annex I    External audit report: suggested wording
  • Annex J    Guidance on value for money arrangements
  • Annex K    Annual assurance return from institutions

Executive summary

Purpose

1.    This document sets out our requirements for higher education institutions' (HEIs') accountability and audit arrangements and the broad framework in which they should operate.

Key points

2.    This Code replaces the 2002 version of the Audit Code of Practice (HEFCE 2002/26) with effect from 1 August 2004. Its contents reflect:

  • a clearer recognition of the importance of corporate governance in institutional accountability and audit
  • the reduction in audit burden following changes to the operation of the HEFCE audit team (the auditors are now integrated with HEFCE finance and estates advisers in the HEFCE Assurance Service)
  • the requirement for a statement of internal control to be included with published financial statements, as recommended by the Combined Code on corporate governance best practice and reporting following the Turnbull Report, and as reflected in HEFCE's Accounts Directions to the sector
  • further reference to risk management arrangements
  • revised professional standards for internal auditors, for example from the Treasury
  • developments intended to increase the overall degree of self-regulation in the sector, to enable further lightening of touch by the HEFCE Assurance Service, relying where possible on existing information and arrangements.

3.    Regard has also been paid to the Smith and Higgs reports where they are relevant to the higher education (HE) sector. Sir Robert Smith chaired a working group of the Financial Reporting Council to advise on updating Combined Code guidance about audit committees in UK listed companies. Although the sector backgrounds are different, the way audit committees are expected to operate is very similar. Derek Higgs reported in the Higgs report on the role and effectiveness of non-executive directors.

4.    This revised Code is the result of a re-drafting exercise that involved a focus group of sector and stakeholder representatives, the HEFCE Board and Audit Committee, and a national consultation (HEFCE 2003/60). This process endorsed changes to the Code including the key ones that HEFCE should be open in its risk assessment of HEIs and that in the rare circumstances when an HEI is at high risk we will increase our interventions. Other changes made following the consultation include a new annex on value for money (VFM), revised guidance on internal audit in HEIs, and new guidance on risk-based internal auditing in HE.

5.    The Code describes our minimum audit and reporting requirements and those that we consider to be good practice or worthy of consideration. It is now a mandatory requirement for institutions to submit their internal audit annual reports. Previously this was optional, although the majority of institutions have submitted the reports. We have also strengthened our guidance on dual appointments to require separate audit providers for internal and external services.

6.    Model versions of key documents are provided for HEIs to use at their own discretion.

Context

7.    This update of the Code comes at a time when we are seeking to improve our accountability and audit requirements so that the regulatory burden on institutions can be minimised while satisfying the need to account to Parliament for the use of public funds. On the one hand stakeholders demand credible and robust assurance about the proper and effective use of public funds distributed by HEFCE. On the other hand, momentum to reduce the accountability burden has increased following the publication in 2002 of the Cabinet Office Better Regulation Task Force report on higher education. Subsequent work by the Better Regulation Review Group to monitor and challenge the regulatory burden in HE continues this momentum. The Code reflects ongoing work to target accountability resources where they are most needed and to make accountability requirements proportionate to risk. We will continue to co-operate with other agencies who have common interests, to minimise the impact of accountability and audit while maintaining its effectiveness.

8.    We are developing a consistent approach to our accountability and audit requirements. Where possible, capital funding, funding for the reward and development of staff and other initiatives are being implemented with criteria that recognise institutions with good records in performance, sustainability and accountability. In the long term, we wish to use audit and monitoring arrangements to identify successful (in performance terms), sustainable (in broad terms) and accountable institutions, and to minimise intervention at these.

9.    The approach of the HEFCE Assurance Service recognises that there is a continuum from regulated to self-regulated. Towards the regulated end of the spectrum, accountability and audit involve considerable external intervention by the HEFCE Assurance Service in the form of visits and other work. We are seeking to promote increased self-regulation where HEIs, through their audit and other reports, demonstrate that they are accountable without the need for intervention.

HEFCE Chief Executive

10.    HEFCE's Chief Executive is its accounting officer. He is responsible for ensuring the proper and efficient use of public funds by HEFCE, by HEIs and by others who receive HEFCE funds, and also for ensuring that Treasury guidance is observed. The financial memorandum between the Department for Education and Skills (DfES) and HEFCE requires the issue of an Audit Code of Practice. This is that Code.