Policy on Auditors' Independence

 

POLICY TO SAFEGUARD THE INDEPENDENCE OF THE EXTERNAL AND THE INTERNAL AUDITORS

 

Introduction

1.     An important element of good governance is the independence and objectivity of the external and the internal auditors. The provision of any non-audit related services to the University by the external or the internal auditors, or the provision of any services (courses, training, consultancy or other academic services) to the external or the internal auditors by the University or any member of University staff must not compromise this independence and objectivity.  Philanthropic support or sponsorship must only be accepted from the external or the internal auditors where it does not affect, or cannot be perceived to affect, the auditors’ independence and objectivity.

2.     This Policy sets out the University’s objectives for protection of the independence of the external and the internal auditors, and the arrangements it has adopted to enable it to safeguard the independence of the audit firms engaged by the University. 

Objectives

3.     The University’s objectives in respect of the independence of the external and the internal auditors are:

a)   to safeguard the independence and the objectivity of the external and the internal auditors, in accordance with good governance;

b)   to comply with guidance from HEFCE and relevant professional, legal, ethical and regulatory standards on auditor independence;

c)    to have procedures for the engagement of the external and the internal auditors for the conduct of non-audit related work;

d)    to have procedures for the acceptance of donations from or sponsorship by the external or the internal auditors; and

e)    to have procedures for the engagement of the University or its staff by the external and the internal auditors for the provision of academic services. 

Scope

4.     This Policy has been adopted by Council and applies throughout the University apart from Oxford University Press, which has its own procedures to ensure the independence of its auditors.

5.     This Policy also applies in full to wholly-owned subsidiary companies unless separate policies have been formally approved and adopted by the Boards of those companies and endorsed by the Council’s General Purposes Committee.

Standards

6.      The University follows best practice in the safeguarding of auditor independence.  The University is mindful of guidance from HEFCE[1] and of relevant professional, ethical and legal standards as applicable to external and internal audit.

7.     The University notes that the external and internal auditors are subject to different professional and ethical obligations in relation to their independence and objectivity, as a result of the different services that they provide.  This is reflected in the provisions of this Policy.

Responsibilities

Responsibilities of Council

8.     Council is responsible for approving the Policy and has overall responsibility for safeguarding the independence and objectivity of the external and the internal auditors. 

Responsibilities of the Audit and Scrutiny Committee

9.     The Audit and Scrutiny Committee is responsible for proposing and maintaining the University’s Policy to safeguard the independence of the internal and external auditors.  The Committee receives an annual report on the fees paid to the external and the internal auditors for audit and non-audit services, and an annual report on donations and sponsorship received from the external and internal auditors.  The committee also considers cases relating to the appointment of the external auditors and the internal auditors for the conduct of non-audit related work, as referred to the committee by the Audit Management Group.   

Responsibilities of the Audit Management Group[2]

10.   The Audit Management Group is responsible for considering proposals for the engagement of the external and internal auditors for the conduct of non-audit related work; referring cases relating to the appointment of the external auditors and the internal auditors for the conduct of non-audit related work to the Audit and Scrutiny Committee as necessary; considering proposals to engage the University or its staff to provide academic services (including courses) for the auditors; considering proposals for donations to or sponsorship of the University and colleges by the auditors; and making an annual report to the Audit and Scrutiny Committee on fees paid to and donations or sponsorship received from the external and the internal auditors. 

Engagement of the auditors for non-audit related work

11.   The University may engage the external or the internal auditors for the conduct of certain non-audit related work, according to the provisions of this Policy, and subject to the approval process in paragraphs 18 to 21.  Separate provisions apply for the external auditors and the internal auditors, reflecting the different services that they provide and the different professional, ethical and legal standards to which they are subject.

Engagement of the external auditors to provide non-audit services

12.   In respect of the external auditors, the Policy defines non-audit services that the external auditors are prohibited from providing to the University, and non-audit services that the external auditors are permitted to provide.     

a)   Prohibited non-audit services

Prohibited non-audit services are those activities that the external auditors are prohibited from undertaking as the activities are generally perceived to involve the external auditors making judgments or decisions that are the responsibility of the University’s senior officers and would interfere with the external auditors’ objectivity when undertaking the external audit. The external auditors are therefore explicitly excluded from undertaking this type of work.  A list of prohibited non-audit services (List A) is attached to this Policy as Appendix A.  

b)   Permitted non-audit services

It may be considered appropriate to instruct the external auditors to undertake permitted non-audit services, rather than another body, because of the external auditors’ detailed understanding of the University’s business; this may result in cost efficiencies and, where relevant, may assist with the maintenance of confidentiality.  A list of permitted non-audit services (List B) is attached to this Policy as Appendix B. 

Specific approval (see paragraphs 18 to 21) is required before the external auditors are contracted. 

13.   The lists of prohibited (List A) and permitted (List B) non-audit services have been drawn up with reference to and incorporating a number of the recommendations of the 2008 HEFCE guidance for audit committees and the more recent guidance from the Audit Practices Board in the UK and the Guidance on Audit Committees published by the Financial Reporting Council in December 2010. The lists may be amended only by the Audit and Scrutiny Committee.  They are not intended to be exhaustive.

14.   Where the proposed non-audit service is not referred to in either the list of prohibited or permitted activities or there is any doubt over the categorisation, please contact the Senior Assistant Registrar (Assurance) for guidance.

Engagement of the internal auditors to provide non-audit services

15.   Specific approval (see paragraphs 18 to 21) is required from the Audit Management Group before the internal auditors are contracted to deliver non-audit related services.  The Audit Management Group will consider whether the proposed work can be undertaken without risk to the internal auditors’ independence. 

16.   Work that, in the view of the Audit Management Group, can be undertaken without risk to the internal auditors’ independence will be classified as permitted non-audit services. 

17.   The Audit Management Group may refer proposals to engage the internal auditors to provide non-audit services to the Audit and Scrutiny Committee for approval. 

Approval process: engagement of the external or the internal auditors

18.   The advance written approval of the Audit Management Group must be obtained prior to the engagement of the external or the internal auditors with respect to any permitted non-audit services on a case by case basis.  It is also necessary to obtain the Group’s approval for any proposed fee to be charged by the external or the internal auditors for providing the permitted non-audit service.

19.   A specific written request for authorisation for the provision of non-audit services must be submitted to the Secretary of the Audit Management Group.  Each request must include:

a)    a description of the nature of the non-audit service to be provided;

b)   whether there are any safeguards in place to eliminate or reduce to an acceptable level any potential threat to the auditors’ objectivity and independence that may result from the provision of the services; and

c)    an estimate of the total fees (including reasonable expenses) that will accrue to the external or the internal auditors in the provision of the services, both for individual services and in aggregate, noting the period over which they will be incurred and the amount relative to the audit fee (including the basis on which fees are calculated).

20.   The external or internal auditors may only be engaged to provide the services in question once the written submission has been formally approved by the Group.

21.   The Audit Management Group may refer cases to the Audit and Scrutiny Committee for approval. 

Acceptance of donations from or sponsorship by the external or the internal auditors

22.   Acceptance of donations from, or sponsorship by, the external or the internal auditors may also affect, or be perceived to affect, their independence and objectivity.  If the external or internal auditors wish to make a donation to the University or to a college, or to sponsor a University or college activity or event, the external or the internal auditors shall first put the proposal to the Audit Management Group for consideration. 

23.   If the Audit Management Group agrees that the proposed donation or sponsorship proposal would not affect, or be perceived to affect, the external or the internal auditors’ independence or objectivity, then:

a)   in the case of a proposed donation to the University, the proposal shall be passed to the Development Office for processing in the usual way, including, where appropriate, the seeking of approval from the Committee to Review Donations;

b)   in the case of a proposal for sponsorship of a University event or activity, the proposal shall be referred to the General Purposes Committee or other body (as appropriate) for further consideration; or

c)   in the case of a proposed donation to, or sponsorship of an event or activity at, a college, the auditors shall be free to take forward its discussions with the college.

24.   If the Audit Management Group considers it appropriate it may, at its discretion, set an approval threshold below which certain donations or sponsorship received from the audit firms, such as donations to student sports clubs and societies, would not require specific approval. 

25.   If the Audit Management Group is of the view that the proposed donation or sponsorship proposal, whether concerning the University or a college, would affect or be perceived to affect the external or the internal auditors’ independence or objectivity, then that proposal shall no longer be pursued by the auditors.

26.   All donations and sponsorship received from the external and internal auditors will be reported annually to the Audit and Scrutiny Committee. 

27.   A report on student recruitment and related activity carried out at the University by the external and the internal auditors will also be made annually to the Audit and Scrutiny Committee. 

Provision of courses and other academic services to the external or internal auditors

28.   Should the external or the internal auditors seek to instruct the University or its staff to provide certain educational or other academic services for the audit firm, the following provisions apply.   

29.   Attendance by the auditors’ staff on a course or a series of courses designed and delivered by the University and provided on normal commercial terms (i.e. not bespoke courses) is permitted under this Policy. 

30.   Separate provisions apply to the provision of bespoke courses by the University to the audit firms, reflecting their different professional and ethical obligations in relation to their independence and objectivity. 

a)    For the external auditors: attendance by the external auditors’ staff on a course or a series of courses designed and delivered by the University specifically for the external auditors (i.e. bespoke courses) is prohibited under this Policy. 

b)   For the internal auditors: specific approval is required from the Audit Management Group before the University can be engaged to deliver bespoke courses to the internal auditors’ staff.  Bespoke courses that, in the view of the Audit Management Group, can be delivered without risk to the internal auditors’ independence will be permitted.  The Audit Management Group will report its decisions on proposals to deliver bespoke courses to the internal auditors to the Audit and Scrutiny Committee, and in certain cases may refer proposals to the committee for approval.

31.    The University and its staff may from time to time supply the external or the internal auditors with consultancy, research, advice or other academic services.  In general, such provision of services will not be considered to compromise the independence and objectivity of the external or the internal auditors.  Nonetheless, departments are required to notify the Audit Management Group of such work in case the work is of such a scale or risk to the University that there is a potential threat to the auditors’ objectivity and independence.  If the Audit Management Group considers that the auditors’ objectivity and independence is threatened by the provision of work for the external or the internal auditors, the work will not be permitted to proceed. 

Interaction with other policies, procedures and regulation

32.   This Policy interacts and overlaps with a number of other University policies and procedures, including but not limited to:

  • Financial Regulations;
  • Bribery and Fraud Policy; and
  • Gifts and Hospitality Policy.

33.   This Policy also takes account of the University’s wider legislative obligations including the Memorandum of assurance and accountability with HEFCE and the Audit Code of Practice.

List A

External auditors: prohibited non-audit services

The external auditors are explicitly excluded from undertaking work in this List. 

A1

Accounting

  • bookkeeping for underlying accounting transactions; or
  • maintaining accounting records;  or
  • the preparation of financial statements to be audited and used outside the University. 

A2

Tax

  • assignments performed where fees are contingent and material and/or dependent on uncertain tax law and audit judgment;
  • acting as an advocate before a regulatory or statutory body on a matter which is material to the financial statements or dependent on audit judgment; or
  • handling tax payments on behalf of a group

A3

Internal Audit

  • providing a fully outsourced internal audit function;
  • carrying out internal audit work in an area on which the external auditors would want to place reliance in any subsequent audit; or
  • undertaking an internal audit management role

A4

Information Technology

  • design or the implementation of financial information systems

A5

Valuations and appraisals

  • valuations and/or other appraisals services where the results will or may be incorporated in audited financial statements

A6

Legal

  • legal services involving matters where the outcome has a potentially material effect on the University financial statements

A7

Human Resources

  • providing recruitment services in relation to key management positions within the University; or
  • seconding employees to key management positions within the University

A8

Other

  • undertaking any joint business activity (defined as work or services delivered jointly or collaboratively between the external auditors and the University) save as otherwise agreed by the Audit and Scrutiny Committee;
  • providing actuarial or pension valuation services to the University; or
  • corporate finance or corporate transaction services for the University
  • any other matter specifically prohibited by law

 

List B

External auditors: permitted non-audit services

Specific approval is required before the external auditors are contracted to undertake any work in this List.

B1

Accounting

  • advice on the preparation of financial information and the application of GAAP; or
  • training support for accounting projects and in relation to accounting standards

B2

Tax

  • assistance in tax compliance activities including preparation of draft returns, submission of returns and correspondence with tax authorities;
  • advice on tax matters, recent developments and/or complex or high risk areas;
  • expatriate tax matters;
  • transfer pricing advice;
  • subject to A5 above, valuations for tax purposes; or
  • tax advice in relation to corporate transactions

B3

Human Resources

  • secondments to lower level positions (with guidance from the Director of Finance in each case)

B4

Other

  • Such other activities as may be agreed by the Committee from time to time.

 



[1] Specifically the “Memorandum of assurance and accountability between HEFCE and institutions”; Annex A , Audit Code of practice, www.hefce.ac.uk/pubs/year/2014/201412/#d.en.87547

[2]The Audit Management Group comprises University staff from Council Secretariat and the Finance Division, and representatives of the internal auditors.  In this Policy, references to the Audit Management Group are to the University members of the Group only; that is, the internal auditors are not party to decisions or recommendations relating to auditor independence.