Internal Audit Services

Description

The University required an independent and objective internal audit provider that would deliver a first-class professional service to the University. The University was seeking a service that: • is efficient, effective and high quality; • provides value for money; • provides constructive challenge and engagement, and focuses on value added service delivery as well as compliance; • provides objective assurances and/or recommendations in respect of key processes and the management of risk, internal control and governance arrangements; • provides wider sector and cross sector expertise and benchmarking. Lot 1: The scope of internal audit extends to all of the University's activities, the whole of its risk management, internal control and governance, and any aspect in respect of its delivery of value for money for students and in respect of our receipt of public funds. The successful internal audit provider will use a risk-based approach to consider the University's systems for risk management, internal control and governance. The successful internal audit provider will be responsible for providing assurance to the University's Board of Governors and the University's Accountable Officer (i.e. the Vice Chancellor) and reporting to management on the adequacy and effectiveness of: • risk management, internal control and governance, • economy, efficiency and effectiveness (value for money arrangements); and • management and quality assurance of data submitted to Higher Education Statistics Agency (HESA), the Student Loan Company, the OfS, Research England and other bodies It will not be within the remit of the internal auditors to question policy decisions but it will be part of their role to examine the management arrangements by which decisions are made, monitored and reviewed. In order to provide the required assurance, the internal auditors will undertake a programme of work to evaluate the arrangements in place: • to establish and monitor the achievement of organisational objectives; • to identify, assess and manage risks to those objectives; • to evaluate the effectiveness of governance processes; • to ascertain the integrity and reliability of financial and other information provided to management including that used in decision-making, and that provided to key external audiences; • to ascertain that systems of internal control are laid down and operate to promote the Page 5 to 8 economic, efficient and effective use of resources and to safeguard assets and value for money; • to provide advice, and recommendations, for improvement. The successful internal audit provider will also assess the adequacy of the arrangements in place to prevent and detect irregularities, fraud and corruption. However, the primary responsibility for preventing and detecting corruption, fraud and irregularities rests with management, who will institute adequate systems of internal control, including clear objectives, segregation of duties and authorisation procedures. The internal auditors will be expected to demonstrate that their approach and methodology delivers added value including the provision of horizon scanning and wider service improvement recommendations as part of the internal audit programme. As detailed in the Chartered Institute of Internal Auditors' Internal Audit Code of Practise, 'The chief internal auditor should ensure that the audit team has the skills and experience, including technical subject matter expertise, commensurate with the scale of operations and risks of the organisation. This may entail training, recruitment, secondment from other parts of the organisation or co-sourcing with external third parties.' The qualified personnel should operate an appropriate quality framework to ensure the efficient and effective provision of the services. The successful internal audit provider must be able to provide specialists in the areas, including but not limited to, IT auditing/cyber security, data protection/GDPR, legal (such as UKVI and CMA compliance), estates, procurement and academic risks including quality/ethics/Ofsted/REF. The appropriate specialists will need to be available throughout the entire audit process and until all recommendations have been fully agreed. The successful internal audit provider may be required to carry out investigations under the University's policy on Public Interest Disclosure. The University's financial year runs from 01 August to 31 July. The first audit year under any agreement arising from this Invitation to Tender shall be the year commencing 01 August 2022. The internal auditors will be expected to engage with the University to develop the 2022/23 audit programme between May 2022 and July 2022. The successful internal audit provider may be requested by the University's Audit and Risk Committee, the Deputy Vice-Chancellor (Strategy and Operations), the Chief Finance and Planning Officer or the University Secretary or nominee to conduct special reviews, provided such reviews do not compromise the internal auditor's objectivity, independence or the achievement of the audit plan. This may include follow-up work following a fraud or similar investigation. Lot 1: The scope of internal audit extends to all of the University's activities, the whole of its risk management, internal control and governance, and any aspect in respect of its delivery of value for money for students and in respect of our receipt of public funds. The successful internal audit provider will use a risk-based approach to consider the University's systems for risk management, internal control and governance. The successful internal audit provider will be responsible for providing assurance to the University's Board of Governors and the University's Accountable Officer (i.e. the Vice Chancellor) and reporting to management on the adequacy and effectiveness of: • risk management, internal control and governance, • economy, efficiency and effectiveness (value for money arrangements); and • management and quality assurance of data submitted to Higher Education Statistics Agency (HESA), the Student Loan Company, the OfS, Research England and other bodies It will not be within the remit of the internal auditors to question policy decisions but it will be part of their role to examine the management arrangements by which decisions are made, monitored and reviewed. In order to provide the required assurance, the internal auditors will undertake a programme of work to evaluate the arrangements in place: • to establish and monitor the achievement of organisational objectives; • to identify, assess and manage risks to those objectives; • to evaluate the effectiveness of governance processes; • to ascertain the integrity and reliability of financial and other information provided to management including that used in decision-making, and that provided to key external audiences; • to ascertain that systems of internal control are laid down and operate to promote the Page 5 to 8 economic, efficient and effective use of resources and to safeguard assets and value for money; • to provide advice, and recommendations, for improvement. The successful internal audit provider will also assess the adequacy of the arrangements in place to prevent and detect irregularities, fraud and corruption. However, the primary responsibility for preventing and detecting corruption, fraud and irregularities rests with management, who will institute adequate systems of internal control, including clear objectives, segregation of duties and authorisation procedures. The internal auditors will be expected to demonstrate that their approach and methodology delivers added value including the provision of horizon scanning and wider service improvement recommendations as part of the internal audit programme. As detailed in the Chartered Institute of Internal Auditors' Internal Audit Code of Practise, 'The chief internal auditor should ensure that the audit team has the skills and experience, including technical subject matter expertise, commensurate with the scale of operations and risks of the organisation. This may entail training, recruitment, secondment from other parts of the organisation or co-sourcing with external third parties.' The qualified personnel should operate an appropriate quality framework to ensure the efficient and effective provision of the services. The successful internal audit provider must be able to provide specialists in the areas, including but not limited to, IT auditing/cyber security, data protection/GDPR, legal (such as UKVI and CMA compliance), estates, procurement and academic risks including quality/ethics/Ofsted/REF. The appropriate specialists will need to be available throughout the entire audit process and until all recommendations have been fully agreed. The successful internal audit provider may be required to carry out investigations under the University's policy on Public Interest Disclosure. The University's financial year runs from 01 August to 31 July. The first audit year under any agreement arising from this Invitation to Tender shall be the year commencing 01 August 2022. The internal auditors will be expected to engage with the University to develop the 2022/23 audit programme between May 2022 and July 2022. The successful internal audit provider may be requested by the University's Audit and Risk Committee, the Deputy Vice-Chancellor (Strategy and Operations), the Chief Finance and Planning Officer or the University Secretary or nominee to conduct special reviews, provided such reviews do not compromise the internal auditor's objectivity, independence or the achievement of the audit plan. This may include follow-up work following a fraud or similar investigation.