Model Financial Memorandum between HECE and institutions

Model FinancialMemorandumbetween HEFCEand institutions

June 2008/19Core funding/operationsReport

Effective 1 August 2008

The model Financial Memorandum, between HEFCEand the institutions we fund, sets out the terms andconditions for payment of HEFCE grants. Thememorandum should be read in conjunction withPart 2, the schedule, which gives conditions specificto the institution, the funds available to the institution,and the educational provision the institution hasagreed in return for those funds. This documentreplaces HEFCE 2006/24 issued in July 2006.

June

2008

/19

Free

© HEFCE 2008

The copyright for this publication is held by theHigher Education Funding Council for England(HEFCE). The material may be copied orreproduced provided that the source isacknowledged and the material, wholly or in part,is not used for commercial gain. Use of the materialfor commercial gain requires the prior writtenpermission of HEFCE.

TM

ENVIRONMENTALLY

Alternative formats This publication can be downloaded from theHEFCE web-site (www.hefce.ac.uk) underPublications. For readers without access to theinternet, we can also supply it on CD or in largeprint. Please call 0117 931 7035 for alternativeformat versions.

Financial Memorandum between HEFCE and institutions

Purpose of this document 3

Our responsibilities to institutions 3

Institutions’ responsibilities to HEFCE 4

Financial management and sustainability 5

Estate management and exchequer interests 6

Accountability and risk assessment 6

Revisions to the memorandum 6

Annex A: Mandatory requirements of the Financial Memorandum 7

and Accountability and Audit Code of Practice

Annex B: Accountability and Audit Code of Practice

Executive summary 9

Introduction 10

Corporate governance 10

Higher education audit framework 11

General principles for internal and external auditors 12

Audit and risk assessment of HEIs by the HEFCE assurance service 13

Audit committees in HEIs 15

Internal audit arrangements in HEIs 16

External audit arrangements in HEIs 19

Annex C: Allocating and paying funds 22

Annex D: Institutional engagement and support strategy

Introduction 23

Normal contact 23

Focused dialogue 23

Support strategy 23

Annex E: Annual assurance return from institutions 26

Annex F: Consent for financial commitments

Introduction 27

Definitions 27

Our response 27

Annex G: Exchequer interests

Introduction 30

Requirements 30

Circumstances in which the exchequer interest becomes repayable 30

Annex H: Definitions and abbreviations 32

HEFCE 2008/19 1

Contents

2 HEFCE 2008/19

Purpose of this document1. This Financial Memorandum sets out theformal relationship between HEFCE and thegoverning bodies of the institutions it funds. Itreflects our responsibility to provide annualassurances to Parliament that:

• our funds are being used for the purposes forwhich they were given

• risk management, control and governance inthe sector are effective

• value for money is being achieved.

2. The memorandum is in two parts. Part 1(this document) sets out the terms andconditions which apply in common to allinstitutions funded by HEFCE. Part 2 (issuedeach year) gives conditions specific to theinstitution, a schedule of funds available in theacademic year and the educational provision theinstitution has agreed to make in return forthose funds. References to the memorandumembrace both Part 1 and Part 2.

3. Institutions are bound by the requirements oftheir charter and statutes (where appropriate)and by rules relating to their charitable status.This document does not supersede thoserequirements; rather, it provides evidence thatinstitutions are complying with them.

4. This memorandum takes effect from 1August 2008, as does the Accountability andAudit Code of Practice (Annex B).

Our responsibilities toinstitutions5. We will work with institutions and the highereducation sector to the high standards ofopenness, integrity and consistency expected ofpublic sector bodies. We recognise thatinstitutions are autonomous bodies and will act

reasonably. We will not ask for information thatwe already have, and as far as possible we willrely on data and information that institutionshave produced to meet their own needs. We willtry to make regulation efficient and ensure thatits benefits outweigh the costs to institutions,ourselves and other parties.

6. Our aim is to be open and transparent withinstitutions and other stakeholders. We recognisethat this may sometimes conflict with the desireto protect commercial confidentiality. Incomplying with the Freedom of Information Actand similar legislation we will try to make itclear to institutions what information we regardas confidential, and we will judge each case onits merits.

7. Our grants to institutions are to fundactivities defined by the Further and HigherEducation Act 1992 (‘the 1992 Act’). For highereducation institutions (HEIs) these are:

• providing education and undertakingresearch

• providing facilities and undertaking activitiesthat the institution’s governing body thinksare necessary or desirable for providingeducation or doing research.

For further education colleges (FECs), we fundthe provision of ‘prescribed’ courses of highereducation.

8. Our funding is subject to certain conditions, asset out in the 1992 Act. The Act allows us to addcertain conditions to our funding. We will consultthe sector on any changes to those conditions.

9. These conditions of funding do not apply toany funds that institutions receive from othersources, although the principles will be reflectedin conditions of grant associated with otherpublic sector income to institutions. We want to

HEFCE 2008/19 3

Model Financial Memorandum betweenHEFCE and institutions

In this memorandum the definitions listed at Annex H apply.

encourage them to develop other sources of incomethat are consistent with their overall mission andobjectives.

10. We will review an institution’s annualaccountability returns to us and give to thedesignated officer and governing body a confidentialrisk assessment. When we assess an institution to be‘at higher risk’, we will engage with it in line withour institutional engagement and support strategy(see Annex D). One of the annual accountabilityreturns to be submitted is the annual assurancereturn (see Annex E).

Institutions’ responsibilities toHEFCE11. HEFCE is the major public sector funder ofHEIs as a whole and has lead public accountabilityfor them. As a result, institutions need to providecertain information about their viability and theway they operate. HEFCE is also being appointedas the principal regulator of the sector under theCharities Act, though this should not involve asignificant additional burden on institutions.

12. Institutions are accountable to all theirstakeholders, not just HEFCE, and this will beeasier if they operate in an open and transparentway. An institution will need to plan and deliver itsactivities effectively, in line with its mission andobjectives, and meet its various legal requirements,particularly those to ensure fair and equal treatmentof its staff and students.

13. The governing body of an institution iscollectively responsible for overseeing its activities,determining its future direction and fostering anenvironment in which its mission is achieved. Actingin accordance with the institution’s own statutesand constitution (where appropriate), the governingbody should ensure that the institution:

• has a robust and comprehensive system of riskmanagement, control and corporate governance

• has regular and adequate information tomonitor performance and track the use ofpublic funds

• plans and manages its activities to remainsustainable and financially viable

• informs us of any change in its circumstanceswhich, in the judgement of the designatedofficer, is a material adverse change

• uses public funds for proper purposes andstrives to achieve good value for money frompublic funds

• complies with the mandatory requirementsrelating to audit, set out in our audit code andour annual accounts direction

• sends us:

– the annual accountability returns whichconstitute the ‘single conversation’ (seeparagraph 28)

– other information we may reasonablyrequest to understand the institution’s riskstatus

– any data requested by the HigherEducation Statistics Agency (HESA)

• has effective arrangements for the managementand quality assurance of data submitted toHESA, HEFCE and other funding bodies (wereserve the right to use our own estimates ofdata where we have reason to believeinstitutional data are not fit for purpose)

• considers our assessment of its risk status andtakes action to manage or mitigate the risks weidentify.

14. The governing body will appoint the head ofinstitution as the ‘designated officer’, who willadvise the governing body (and HEFCE, ifnecessary) if the institution fails to comply withthis memorandum. The designated officer and/orchair of the governing body may be required toappear before the Public Accounts Committeealongside the chief executive of HEFCE, as ouraccounting officer, on matters relating to grants tothe institution.

15. Institutions shall subscribe to HESA and theQuality Assurance Agency for Higher Education

4 HEFCE 2008/19

(QAA), and ensure that their use of JANET1 andSuperJANET networks conform to acceptablepractice and current legislation.

16. We expect institutions to consider how theiractions affect our policy objectives for the sector, asset out in our strategic plan. When they plan amajor change in strategy or academic provision, orconsider merging with another body, they shoulddiscuss this with us at an early stage.

17. Institutions may only use Council funds foractivities eligible for funding under the 1992 Actand other relevant legislation. This conditionapplies where the HEI passes on part of its HEFCEgrant to another legally distinct entity – a‘connected institution’ – for the provision offacilities or learning and teaching or for research tobe undertaken. In such cases, as set down in Section27 of the Teaching and Higher Education Act 1998(‘the 1998 Act’), the institution must obtain theCouncil’s consent before passing HEFCE funds tothe connected institution.

Financial management andsustainability18. Institutions should have a financial strategythat reflects their overall strategic plan, setsappropriate targets and performance indicators andshows how resources are to be used. To remainsustainable and financially viable they should alsoassess, take and manage risks in a balanced waythat does not overly constrain freedom of action inthe future.

19. Institutions must:

• stay solvent

• not incur deficits, unless these are covered bydiscretionary reserves. Any deficits not coveredby these reserves must be recovered withinthree years or within a period agreed with us.For this purpose, any pension scheme deficitsincluded on an institution’s balance sheetfollowing implementation of FRS17 should beexcluded from the calculation of reserves.However, institutions should still work towardsimproving any pension scheme deficits.

20. We normally expect an institution to increaseits reserves broadly in line with income. A series ofdeficits, even if covered by discretionary reserves,might be a cause of concern, as could low levels ofliquidity or increased borrowing. In such cases wewould expect to discuss financial performance andstrategy with the institution.

21. We expect an institution to consider theconsequences of new financial commitments andensure they are consistent with its strategic plan andfinancial strategy and represent good value formoney. We are to review our requirements as setout in paragraph 22 and Annex F during 2008-09and this Financial Memorandum will be revised in2009 as appropriate.

22. An institution must get written consent from usbefore it agrees to any new financial commitmentsas follows:

a. Long-term commitments – where theannualised servicing cost of its total financialcommitments would increase to above 4 percent of total income.

b. Short-term financial commitments – wherenegative net cash exceeds 5 per cent of totalincome for more than 35 consecutive days.

Annex F sets out the information we need to assessboth types of request, and explains the methods ofcalculating the annualised servicing cost andnegative net cash.

23. The thresholds mentioned in paragraph 22 arenot limits and should not constrain an institutionfrom increasing its financial commitments wherethis is appropriate. An institution should determinethe level of borrowing that is both affordable andconsistent with its financial strategy. We ask theinstitution to demonstrate this in the case presentedto us, show that the proposal represents good valueand confirm the approval of its governing body. Inresponding to requests for consent we aim to behelpful and pragmatic, taking into account thecircumstances of each proposal.

24. As part of ensuring its long-term viability, aninstitution should know the full cost of its activitiesand use this information in making decisions. If it

HEFCE 2008/19 5

1 See Annex H for definitions.

does not seek to recover the full cost, this should bethe result of a clear policy set by the governing bodyand included in the financial strategy, and should notput the institution in financial difficulty. We expectour funds not to subsidise non-public activities.

Estate management andexchequer interests25. Institutions should manage their estate in linewith an estates strategy. The strategy should bewritten with reference to guidance available to thesector, including that from HEFCE. Institutionsshould review their current and expected use ofland and buildings, and consider rationalising anddisposing of assets no longer needed. Formervoluntary colleges and other institutions holdingland and buildings not covered by exemptcharitable status shall also take into account therequirements of the Charity Commissioners.

26. For exchequer interests, the institution, havingentered into an agreement with HEFCE effective on1 August 2006, shall follow the conditions set atAnnex G. If an institution has not signed such anagreement, it is bound by the terms and conditionsset out in the earlier model Financial Memorandum(HEFCE 2003/54).

Accountability and riskassessment27. We expect institutions to have governance andmanagement processes that can readily demonstrateto their public sector funders (including HEFCE)proper control over, and accountability for, the useof public funds. The better these processes are, theeasier it will be for institutions to show that theyare making proper use of public money.

28. As far as possible the accountability processbetween HEFCE and institutions will beconcentrated into an exchange of documents anddialogue during a specific period each year – this isknown as the ‘single conversation’. We will confirmthe specific content of this exchange each year andconsult the sector on any major changes to theprocess. Our aim is to minimise our demands on

institutions and as far as possible to rely on dataand information that they have produced to meettheir own needs.

29. Institutions should send us their accountabilityinformation on the specified dates in December ofeach year. We will review this and give eachinstitution a confidential, formal assessment of itsrisk status. For those we consider to be ‘not athigher risk’ – in our experience to date, the vastmajority – there will be no need for furtherinformation or discussion of accountability until thenext year’s return. Sometimes we will ask for moreinformation to clarify uncertainties.

30. When we assess an institution as ‘at higher risk’we must respond appropriately, to protect the publicinterest. Our institutional engagement and supportstrategy (see Annex D) describes the range of waysin which we might respond and help institutionsresolve difficulties and manage risks. We will alwaysdiscuss our concerns with the institution, and takeits views and actions into account, before weformally make an ‘at higher risk’ assessment. Wewill also try to reach agreement on what needs to bedone. When we consider the institution to be nolonger at higher risk, we will write to its governingbody to confirm this.

31. Beyond the exchange of accountabilityinformation each year, we welcome the opportunityfor regular and informal discussions with aninstitution about its plans and developments. Webelieve this will help us to work together and reducethe risk of misunderstanding.

Revisions to the memorandum32. We will revise this document only afterconsulting the sector or its representative bodies.

6 HEFCE 2008/19

1. The following are mandatory requirements ofthe Financial Memorandum and the Accountabilityand Audit Code of Practice (‘the Code’). We willassess compliance with these.

2. The governing body must ensure that theinstitution meets its responsibilities as set out inparagraphs 11 to 29 of the Financial Memorandum.

3. The institution must obtain written consent forfinancial commitments, as specified in Annex F tothe Financial Memorandum.

4. The governing body of each higher educationinstitution (HEI) must take reasonable steps toensure that there are sound arrangements for riskmanagement, control and governance, and foreconomy, efficiency and effectiveness (value formoney), within the HEI.

5. Each HEI must have an effective auditcommittee which produces an annual report for thegoverning body and the designated officer. Theaudit committee annual report must relate to thefinancial year and include any significant issues upto the date of preparing the report which affect theopinion. The audit committee annual report mustinclude the audit committee’s opinion on theadequacy and effectiveness of:

• the HEI’s risk management, control andgovernance arrangements

• arrangements for promoting economy, efficiencyand effectiveness

• the arrangements for the management andquality assurance of data submitted to theHigher Education Statistics Agency (HESA),HEFCE and other funding bodies.

6. Members of the audit committee must not haveexecutive authority. Members should not also bemembers of a finance committee, unless theinstitution’s governing body has made a cleardecision to allow one audit committee member tosit on both (no more than one member may sit onboth and he or she should not be the chair).

7. The audit committee of each HEI, advised whereappropriate by its internal audit service, must satisfyitself that satisfactory arrangements are in place topromote economy, efficiency and effectiveness.

8. Each HEI must have an effective internal auditfunction, which reports regularly to the auditcommittee and at least annually to the governingbody and the designated officer. The internal auditannual report must relate to the financial year, andinclude any significant issues up to the date ofpreparing the report which affect the opinion.

9. The work of the internal audit service mustcover the whole of the risk management, controland governance arrangements of the HEI.

10. The head of the internal audit service musthave direct access to the HEI’s designated officer,the chair of the audit committee and, if necessary,the chair of the governing body. Internal as well asexternal auditors must also have unrestricted accessto information – including all records, assets,personnel and premises – and be authorised toobtain whatever information and explanations thehead of the internal audit service or the externalauditor considers necessary.

11. Internal and external audit services must not beprovided by the same firm or provider.

12. Fees paid to external auditors for other servicesmust be disclosed separately in a note in thefinancial statements.

13. Subject to legislative constraints, the HEFCEassurance service must have unrestricted access toinformation – including all records, assets, personneland premises – and can require anyone to give anyexplanation which it considers necessary to fulfil itsresponsibilities. This includes access to any work ofthe internal and external auditors, or correspondencebetween internal and external auditors. For access toexternal audit work, the HEFCE assurance servicewill exchange letters (where necessary) with bothparties to deal with confidentiality and the termsunder which access is given.

HEFCE 2008/19 7

Annex AMandatory requirements of the Financial Memorandumand Accountability and Audit Code of Practice

14. HEIs must not agree to any restriction inexternal auditors’ liability in respect of the externalaudit of their annual financial statements, except asspecified at Annex B, paragraph 100.

15. The following information must be provided,according to a timetable which will be notifiedeach year:

• a signed and approved set of financialstatements

• a copy of the audit committee’s annual report

• a copy of the internal auditors’ annual report

• the completed annual assurance return (AnnexE of the Financial Memorandum)

• a copy of the external auditor’s managementletter and any management response.

16. The HEI’s designated officer must report anymaterial adverse change – such as a significant andimmediate threat to the HEI’s financial position,significant fraud or major accounting breakdown –without delay to all of the following:

• the chair of the HEI’s audit committee

• the chair of the HEI’s governing body

• the HEI’s head of internal audit

• the external auditor

• the HEFCE chief executive.

17. The governing body must inform HEFCE’sassurance service without delay of the removal orresignation of the external or internal auditors.

8 HEFCE 2008/19

Executive summary

Purpose1. This Code sets out our requirements for highereducation institutions’ (HEIs’) accountability andaudit arrangements and the broad framework inwhich they should operate. Its status is that of anannex to the Financial Memorandum and the Codeis therefore a condition of grant.

Key points2. This Code replaces the 2004 version of the AuditCode of Practice (HEFCE 2004/27) with effect from1 August 2008. Its contents reflect the newaccountability framework published in 2007(HEFCE 2007/11).

3. This revised Code is the outcome of a reviewand consultation process undertaken in 2007-08which resulted in a new Financial Memorandum.

4. The Code has been streamlined to focus on themandatory reporting requirements with whichinstitutions need to comply. It now gives lessdetailed specifications for how audit arrangementsin institutions should operate, and instead pointsreaders to established and authoritative sources ofguidance that are not mandatory.

Context5. This update of the Code comes at a time whenthe funding position of institutions in England ischanging considerably. Since the previous version in2004, public investment in the sector has risen butso has that from other sources, notably full-timeundergraduate students who now pay a higher fee.Whoever is paying for higher education (HE), theyall expect accountability. At the same time, theimperative for better regulation is accepted by allparties, which means that regulatory interventionshave to be optimised. There is also considerablepressure on HEFCE and other funding bodies to

operate as efficiently as possible, so we mustcontinue to streamline the way our audit andassurance staff operate. Finally, HEFCE is to bedesignated as the principal regulator of HEIs ascharities; although the implications of this had notbeen finalised as this Code was in preparation, itwill be important to operate the HE accountabilityframework in an effective manner. Taken together,these factors mean we must have the best possiblebalance between accountability and autonomy. Forthis to be achieved, governors, managers andauditors in institutions must meet their obligationsunder the Code.

New requirement6. The only additional requirement in this newCode is that we are seeking assurances fromdesignated officers and audit committees about themanagement and quality assurance arrangementsfor data submitted to the Higher EducationStatistics Agency (HESA), HEFCE and otherfunding bodies. This is imperative in order toimprove the reliability of data which is crucial forthe efficiency of our funding and to reduce thenumber of significant funding adjustments neededto correct data errors. We endorse guidance on theprinciples of data management for public bodies aspublished in November 2007 by the AuditCommission, ‘Improving information to supportdecision making: standards for better quality data’2.

HEFCE chief executive7. HEFCE’s chief executive is its accounting officer.The chief executive is responsible for ensuring theproper and efficient use of public funds by HEFCE,by HEIs and by others who receive HEFCE funds,and for ensuring that Treasury guidance is observed.The Financial Memorandum between theDepartment for Innovation, Universities and Skills(DIUS) and HEFCE requires the issue of an AuditCode of Practice for institutions. This is that Code.

HEFCE 2008/19 9

Annex BAccountability and Audit Code of Practice

2 Available at www.audit-commission.gov.uk under Reports and publications/Audit Commission reports.

Introduction8. This Code states how effective accountabilityand audit coverage should be achieved. It sets outour minimum requirements for the reporting of riskmanagement, control and governance arrangements,for internal and external audit arrangements, andthe broad framework in which they should operate.

9. The Code applies to the relationship betweenHEFCE and HEIs – and in principle to their relatedcompanies and other bodies which, indirectly,receive HEFCE funding. These include, for instance,subsidiary entities of HEIs such as subsidiarycompanies, student unions and charitable funds.These subsidiary entities are not required to observethis Code in detail, but should pay appropriateregard to it. We also fund a small number ofconnected institutions through HEIs, which are alsosubject, indirectly, to this Code. The colleges of theuniversities of Oxford and Cambridge are notfunded directly by us but are subject to an agreedaudit protocol.

10. We also fund and have relationships with anumber of related bodies. These are independentbodies established to assist HEFCE and the HEsector to deliver HE strategy. Each related body isrequired as a condition of its funding with HEFCEto conform to this Code as far as is appropriate andpractical.

11. There are a number of mandatory requirementswhich are conditions of funding under the FinancialMemorandum between HEFCE and HEIs. Theseare set out in Annex A of the FinancialMemorandum.

12. We may update the Code on the HEFCE web-site at any time. We will consult sector stakeholdersabout significant changes, particularly where theyaffect mandatory requirements. We may alsosupplement the Code with occasional circular lettersspecifying guidance and requirements. They will bedeveloped in consultation with the representativebodies in HE, and will be incorporated into anysubsequent revision of the Code.

13. We assess institutions’ performance against this

Code in two ways. Firstly, every report and returnrequired under this Code, from each institution, isscrutinised on an annual basis by the HEFCEassurance service. Where institutions fail to reportas required, this is classed as non-compliance withconditions of grant. Secondly, each institution issubject to a brief, five-yearly review to assess theextent to which its accountability performance canbe relied upon. This leads to a report agreed by thedesignated officer on behalf of the HEI and itsgoverning body which is publicly available (moredetails are in HEFCE Circular Letter 25/2006).

14. The Code is primarily for use by internal andexternal auditors, HEIs’ senior management,members of the governing body and auditcommittees. It may also be of interest to otherstakeholders. More detailed advice on any aspectof the Code is available from the HEFCEassurance service.

Corporate governance 15. The corporate governance arrangements of anHEI are the means by which strategy is set andmonitored, the executive is held to account, risksare managed, stewardship responsibilities aredischarged and sustainability is ensured. A morecomplete description of corporate governance in anHEI can be found in the guide by the Committee ofUniversity Chairmen (CUC) – ‘Guide for membersof higher education governing bodies in the UK’(HEFCE 2004/40). The responsibilities of agoverning body as to conditions of HEFCE fundingcan be found in the Financial Memorandum.

16. The CUC Guide includes a Governance Code ofPractice, against which CUC and HEFCE commendinstitutions to evaluate themselves. The principleshould be that institutions ‘comply or explain’ andthe outcome of each periodic evaluation should bepublished, ideally in the Corporate GovernanceStatement or Statement on Internal Control in thepublished financial statements.

10 HEFCE 2008/19

Higher education auditframework17. In accordance with the FinancialMemorandum, HEIs must have effective riskmanagement, control and governance arrangements.Other funding bodies also have an interest in thesecontrol arrangements, including Parliament, DIUS,the Learning and Skills Council (LSC), ResearchCouncils UK, the Department for Employment andLearning (DEL) in Northern Ireland and theTraining and Development Agency (TDA) forSchools.

18. Each of these bodies makes appropriatearrangements to safeguard its interest. Each has itsown auditors, but in practice there are only twogroups engaged in regular audit investigation of aninstitution’s systems and records – an institution’sinternal and external auditors. This is the same levelof activity that is common in the private sector. Ofthe interested parties, DIUS, HEFCE, LSC, DEL,TDA and the Research Councils seek to avoidduplication by relying on the work of the otherbodies’ auditors whenever possible.

Parliament19. Parliament’s interest is to see that public fundsare properly applied and accounted for and usedeconomically, efficiently and effectively byrecipients. The Comptroller and Auditor General(CAG), head of the National Audit Office, is theexternal auditor of HEFCE. The CAG has the rightto inspect the accounts of any HEI that receivesHEFCE grant, and the right to carry out value-for-money (VFM) investigations. The National AuditOffice is highly selective in its use of inspectionrights: most of its audit work is undertaken atHEFCE, and VFM investigations normally involveonly a sample of institutions at any one time.

Department for Innovation, Universitiesand Skills20. Public funds for HE are primarily channelledthrough DIUS. The DIUS permanent secretary, asaccounting officer, is responsible and accountable toParliament. The HEFCE chief executive must besatisfied that proper arrangements are being madeto safeguard public funds. This is achieved through

the Financial Memorandum between DIUS andHEFCE, which requires HEFCE to have an auditservice and appropriate accounting systems. Thework of HEFCE auditors is examined by the DIUSaudit service, which may observe it at work in HEIsbut does not audit HEIs itself.

HEFCE21. Under the Financial Memorandum with DIUS,HEFCE’s chief executive is accounting officer forthe funds received from DIUS and is accountable toParliament for them. This applies both to money wespend directly on our own operations and to moneyspent by the HEIs and other entities that receiveHEFCE funds. Accordingly, the HEFCE assuranceservice provides both the internal audit functionwithin HEFCE and assurance to the HEFCE chiefexecutive on the arrangements within HEIs andother HEFCE-funded entities. This Code isprincipally concerned with the latter part of theservice, namely arrangements in HEIs and otherHEFCE-funded entities. However, the internal auditof HEFCE’s arrangements is carried out inaccordance with these same standards. In commonwith the arrangements in HEIs, there is an auditcommittee to assist the HEFCE chief executive andBoard in discharging their accountability and auditresponsibilities, both in respect of HEFCE and ofHEIs and other entities.

22. The governing body of an HEI is responsiblefor ensuring the proper use of public funds. Underthe Financial Memorandum with HEFCE thegoverning body is required to designate a principalofficer known as the designated officer. Thegoverning body will designate the institution’s vice-chancellor, principal or equivalent to this role. Heor she should satisfy the governing body in respectof the use of public funds, and may be required toappear before the Public Accounts Committee of theHouse of Commons, alongside HEFCE’s chiefexecutive, on matters relating to the use of HEFCEfunds. The chair of the governing body may also berequired to appear before the Public AccountsCommittee.

23. In the event of any material adverse change inan institution’s circumstances, such as a significantand immediate threat to the HEI’s financial

HEFCE 2008/19 11

position, significant fraud or major accountingbreakdown, the designated officer must inform,without delay, all of the following:



• the HEI’s head of internal audit

• the external auditor


On receiving any such notification, the chiefexecutive will discuss what response to make withthe HEI’s governing body or designated officer,including any action to be taken. If a matterrequiring report is discovered by external or internalauditors in the normal course of their work and thedesignated officer refuses to make a report, theauditors must report directly to all of the following:




This is to ensure that the HEI has taken appropriateaction.

24. We accept the designated officer’s judgementabout what constitutes a material adverse change,although when it comes to fraud we provide thefollowing guideline. Material fraud or irregularity isusually where one or more of the following apply:

• the sums of money involved are, or potentiallyare, in excess of £20,000 (we will keep thisfigure under review and notify changes throughour annual accounts direction)

• the particulars of the fraud or irregularity arenovel, unusual or complex

• there is likely to be public interest because ofthe nature of the fraud or irregularity, or thepeople involved.

25. There may be cases of fraud, or otherimpropriety or irregularity, that fall outside thisdefinition. In these cases or any others, HEIs canseek advice or clarification from the HEFCEassurance service. In view of the public interest,HEIs should normally notify the police of suspected

or actual fraud. Where the police are not notified,management should advise the institution’s auditcommittee of the reason. HEIs are also referred tothe guidance on fraud we issued in 1999, ‘Fightingfraud in higher education’ (HEFCE 99/65).

Learning and Skills Council and theTraining and Development Agency26. Some HEIs receive funds from the LSC or theTDA, who therefore also have an interest in theirmanagement and accountability. To avoidunnecessary duplication, the LSC and TDA will relyon the accountability and audit framework set outin this Code. They are not directly involved inauditing HEIs, except that they may occasionallyrequest specific audit work to be undertaken inaccordance with their own funding conditions.HEFCE and the LSC have a formal protocol for thiswork, and it is reflected in an annual exchange ofassurances between the chief executives and inmemoranda of understanding between the differentbodies.

General principles for internaland external auditors

Duties27. These general principles for auditors areintended to supplement, not replace, those issued bythe recognised professional bodies (including theEthical Standards issued by the Auditing PracticesBoard), which we expect auditors to follow as well.The principles set out our requirements for thestandards for HEIs’ internal and external auditors,and are the standards to which our own auditorsoperate, in recognition of the high level of probitydemanded where public funds are involved.

Objectivity28. Auditors should ensure that the HEI’s auditcommittee is appropriately informed on a timelybasis of all significant facts and matters that bearupon the auditors’ objectivity and independence. Inparticular, auditors should avoid the following:

• official, professional and personal relationshipswhich might cause the auditor to limit theextent or character of the audit

12 HEFCE 2008/19

• any responsibility for the executivemanagement of the HEI

• any interest, financial or non-financial, direct orindirect, in the HEI (other than the normalemployee or contractor relationship, or the fundingof any prize, scholarship or academic appointment).

29. Notwithstanding the need for objectivity, theexternal and the internal auditors of an HEI shouldaim to ensure that their work programmescomplement each other to optimise the effectivenessof their services.

Dual appointments30. Provision of both internal audit and externalaudit services to an HEI by the same firm orprovider is not permitted under this Code, becausethis compromises auditors’ objectivity. The onlypermitted exception is where an external auditorcarries out a limited amount of (typically specialist)work in support of the internal audit service, andthe extent of this should be monitored by the auditcommittee. Further guidance on this subject can befound in Ethical Standard 5 of the AuditingPractices Board.

31. External auditors need to form a view on thequality and coverage of the internal auditors’ work,to determine the extent to which they can rely onthis to underpin their own work. It is not acceptablefor a firm to provide an opinion as external auditorabout the same firm’s work as internal auditor.Governors and managers need such opinions to beobjective and independent. It is also useful togovernors and managers to obtain two independentviews on risk management, control and governance,reflecting the different perspectives of internal andexternal auditors.

Due professional care32. Internal and external auditors are expected toexercise due professional care in their work andshould refer to the published standards of theirprofessional bodies (Institute of CharteredAccountants in England and Wales, Association ofChartered Certified Accountants, CharteredInstitute of Public Finance and Accountancy,Institute of Internal Auditors) for further guidance.

Audit and risk assessment ofHEIs by the HEFCE assuranceservice

Role and scope33. The HEFCE assurance service (HEFCEAS) isresponsible for evaluating the risk management,control and governance arrangements of HEIs andother entities funded by HEFCE, and for givingassurance on those arrangements to HEFCE’s chiefexecutive. HEFCEAS will also provide informationand advice to the HEFCE audit committee to enableit to fulfil its role in advising the HEFCE Board andchief executive.

34. All the activities of HEIs are within the remit ofHEFCEAS. HEFCEAS works in accordance with thestandards for internal audit in the GovernmentInternal Audit Standards issued by the Treasury, andguidance from relevant professional auditing andaccountancy bodies. It will consider whether riskmanagement, control and governance arrangementsare adequate to manage risk and to secure propriety,efficiency, economy and effectiveness in all areas. Itwill seek to confirm that management has taken thenecessary steps to achieve these objectives.

35. Subject to legislative constraints, HEFCEAS hasaccess to all records, information and assets of HEIsand other entities, and can require any officer,including members of the governing body, to giveany explanation which it considers necessary tofulfil its responsibilities.

36. HEFCEAS will liaise, whenever appropriate,with the National Audit Office, the HEIs’ internaland external auditors (collectively and individually),DIUS, TDA, the Scottish Funding Council, theHigher Education Funding Council for Wales, DELand any other appropriate HEFCE officer orrelevant organisation. HEFCEAS will also liaisewith sector bodies as it seeks to promote goodgovernance, management and auditing. Liaison ispursued both for effectiveness and to avoidduplication of effort.

Reporting37. HEFCEAS will report on HEIs’ compliance withthe relevant standards to HEFCE’s chief executive

HEFCE 2008/19 13

and audit committee. The audit committee will alsoconsider, and advise the chief executive on, anyassessments of HEFCEAS, including any reports thathave been specially commissioned and any by theDIUS head of internal audit.

38. HEFCEAS will, when appropriate, draw theattention of the HEFCE chief executive and auditcommittee to material adverse changes includingsignificant frauds and any major accountingbreakdowns.

39. HEFCEAS will submit an annual report oninstitutional risk to HEFCE’s chief executive andaudit committee. This will:

• include HEFCEAS’ assessment of the adequacyand effectiveness of the risk management,control and governance arrangements withinHEIs and other entities funded by HEFCE

• report on coverage achieved

• provide audit performance measures.

Ongoing risk assessment40. We expect HEIs to notify us of significantchanges and issues as they arise, not simply materialadverse changes. This will help us to maintain thecurrency of the risk assessment. For example,changes of auditors, of key personnel (such as thefinance director, or university secretary/registrar) orkey systems changes (such as the implementation ofa new finance information system) are potentiallysignificant in our risk assessment. We also need tobe notified of material adverse changes inperformance, such as under-recruitment, that couldimpact on our assessment.

Annual accountability assessment41. Every year HEFCEAS will assess the extent towhich each HEI’s audit and related reports,supported by any other relevant information,demonstrate the effectiveness of risk management,control and governance arrangements. The workwill take place after receipt of HEIs’ financialstatements and other audit returns (the singleconversation). The conclusions from the assessmentswill be taken into account when HEFCE makes itsoverall risk assessment of each HEI, and will bereflected in the resultant annual letter notifying our

risk assessment to the HEI’s designated officer.Where HEIs’ reports are not provided to us, orwhere they reveal inconsistencies or other concerns,we will take appropriate action. This may includethe HEFCE assurance service undertaking auditwork or asking for audit work to be done.

42. The specific sources of assurance that influenceour assessment include the financial statements andthe reports of the audit committee and the internaland external auditors; the detailed requirements willbe published each year. In addition we will requirethe annual assurance return from the designatedofficer which confirms compliance with theFinancial Memorandum (see Annex E to theFinancial Memorandum). It should be noted that anew specific assurance on data quality is required aspart of this return.

HEFCE assurance reviews at institutions43. HEFCEAS undertakes reviews at institutionswith the objective of determining whether theinstitutions’ reports and returns, including thosespecified in this Code, can be relied upon. Wherethis is so, and an institution continues to performwell and sustain itself, HEFCEAS will only need toundertake its brief review once in every five-yearcycle. The review is discussed in detail in HEFCECircular Letter 25/2006.

44. In adopting a risk-based approach, HEFCEASwill need to undertake more frequent reviews orconduct different sorts of enquiries if an institutiondoes not meet its obligations under this Code or getsinto difficulty. There are a range of possible HEFCEengagements with institutions at risk, and these are setdown in our institutional engagement and supportstrategy (see Annex D to the Financial Memorandum).

Data audits45. HEIs are required to supply us with data toinform our allocations of funding generally and inresponse to specific initiatives. To avoid duplicationwe will wherever possible use data that are alreadysupplied through HESA. We have procedures forvalidating and verifying data. We also undertakedata audit work in each institution. From 2008-09we aim to audit data in each institution once everyfive years, which is a slight increase on our previous

14 HEFCE 2008/19

seven-year cycle. The work will be risk-based, inthat we will tailor our coverage to reflect the datarecord, risks and materiality of different areas offunded activity in each HEI.

Value for money46. There is an underlying duty of care to ensurethat public funds are spent on the purposes forwhich they are intended, and that good value formoney (VFM) is obtained. This duty falls onHEFCE and on the HEIs that we fund. Furtherguidance on VFM is provided in guidance on theHEFCE website.

Audit committees in HEIs

Scope47. The governing body of an HEI must ensure thatit is fulfilling its responsibilities for adequate andeffective risk management, control and governance,and for the economy, efficiency and effectiveness (orVFM) of the HEI’s activities. To assist in this, eachHEI has appointed an audit committee.

Operation48. The way an audit committee in an HEI shouldoperate and be constituted is set down in guidancefrom the CUC, published in 2008.

49. HEFCE’s position is that governing bodies andaudit committees should conduct themselves in linewith the CUC’s principles and practices, and thatwhere they believe they differ in any materialrespects then this should be explained and madepublic. Overall we aim to be content to rely on theaccountability provided by an audit committeefollowing CUC practice and by a governing bodyable to exercise accountability on behalf of externalinvestors. We therefore support the principle of anexternal majority on an HEI governing body.

50. Audit committee members should not bemembers of a finance committee or its equivalentbecause this would create a potential conflict ofinterest when the audit committee is consideringdecisions involving the finance committee. If anHEI’s governing body determines that cross-representation involving one member is essential,

this should be the subject of an explicit, recordedresolution – but it should not normally be an optionfor the chair of either committee.

Reporting51. The audit committee must produce an annualreport for the governing body and the designatedofficer. The audit committee annual report mustcover the financial year and include any significantissues up to the date of preparation of the report.The audit committee annual report should normallybe submitted to the governing body before themembers’ responsibility statement in the annualfinancial statements is signed. The internal auditor’sannual report as well as the audit committee reportmust be submitted to HEFCEAS according to thetimetable to be published annually in a circularletter. This informs our institutional risk assessment.

52. The audit committee annual report mustinclude the committee’s opinion on the adequacyand effectiveness of the HEI’s arrangements for thefollowing:

• risk management, control and governance

• economy, efficiency and effectiveness (value formoney)

• management and quality assurance of datasubmitted to HESA and to HEFCE and otherfunding bodies. This latter assurance is to ensureadequate governance oversight of the systemsused to generate funding data by the HEI sincepoor data may represent a significant financialrisk for HEIs that audit committees need toconsider. The need for this particular assurancewill be reviewed in 2011. Further guidance foraudit committees on data assurance can befound on the HEFCE web-site, www.hefce.ac.ukunder Finance & assurance/Assuranceservice/Guidance/Audit arrangements.

These opinions should be based on the informationpresented to the committee. The data managementassurance does not require audit committees toverify data: that is the responsibility ofmanagement. The audit committee’s interest shouldbe in the management and quality assurance ofdata. Standards which can be used in audit or

HEFCE 2008/19 15

management evaluations are published in Appendix1 of ‘Improving information to support decisionmaking: standards for better quality data’ publishedby the Audit Commission in November 20073. Suchevaluations can be used to inform the auditcommittee.

53. The report should also record the work of thecommittee, and consider the following:

• the external auditors’ management letter

• the internal auditors’ annual report

• value for money work

• any HEFCE assurance service or other relevantevaluation.

54. The report might also identify any key issuesfor the HEI arising out of its activity over the year.

Internal audit arrangements inHEIs55. Each HEI is required by its FinancialMemorandum with HEFCE to have an internalaudit function.

56. Internal audit should follow a risk-basedapproach. The introduction of risk management inthe sector, following the adoption of the revisedCombined Code and associated principles fromother sectors, has brought considerable change inthe approach to governance, management andinternal audit – moving away from a purelysystems-based approach to one which primarilyreflects inherent and perceived risk.

57. HEFCE guidance on internal audit practice inHEIs is that we endorse the approach set out in theCode of Ethics and International Standards (March2004)4 of the Institute of Internal Auditors (IIA)and that organisation’s ‘Position statement on therole of internal audit in enterprise-wide riskmanagement’ (September 2004)5. Accordingly, wedo not include in this Code detailed guidance on thepractice of internal audit.

58. Within the HE sector, the prime responsibilityof the internal audit service is to provide thegoverning body, the designated officer and the othermanagers of the HEI with assurance on theadequacy and effectiveness of risk management,control and governance arrangements.Responsibility for these arrangements remains fullywith management, who should recognise thatinternal audit can only provide ‘reasonableassurance’ and cannot provide any guaranteeagainst material errors, loss or fraud. Internal auditalso plays a valuable role in helping management toimprove risk management, control and governance,thereby reducing the effects of any material adverserisks faced by the HEI.

59. Internal audit can also provide independent andobjective consultancy advice specifically to helpmanagement improve risk management, control andgovernance, thereby contributing to the achievementof corporate objectives. Such advisory workcontributes to the opinion which internal auditprovides on risk management, control andgovernance although care should be taken to ensureit does not compromise the auditor’s independence.

Operation60. An HEI must ensure that it has effective riskmanagement, control and governance arrangements.These help to ensure that:

a. The HEI’s objectives are achieved as far aspossible and associated risks are managed.

b. The economic, efficient and effective use ofresources is promoted.

c. There is adherence to management’s policies,directives and established procedures, andcompliance with any relevant laws orregulations including charities legislation.

d. The HEI’s assets and interests are safeguarded –particularly from losses arising from fraud,irregularity or corruption.

16 HEFCE 2008/19

3 Available at www.audit-commission.gov.uk under Reports and publications/Audit Commission reports.4 Available at www.theiia.org under Standards & Practices/Code of Ethics.5 Available at www.theiia.org under Standards & Practices/position papers.

e. As far as reasonably practicable, the integrityand reliability of accounting records, data andother information are maintained. This includesdata supplied to HESA, HEFCE and otherfunding bodies.

61. Accordingly, the internal audit service mustconsider the whole of the HEI’s risk management,control and governance arrangements, including allits operations, resources, staff, services andresponsibilities for other bodies. It should cover allactivities associated with the institution, includingthose not funded by HEFCE. For example, it shouldconsider controls that protect the HEI in its dealingswith any subsidiary or associated company orstudent union, or any other activity in which theHEI has an interest. In following a risk-basedapproach the internal auditors will undertakewhatever work they and their designated officerjudge necessary to provide assurance on themanagement and quality assurance of data, asdetermined by where data is positioned in theoverall institutional risk register or equivalent.

62. Internal auditors should also assess theadequacy of the arrangements to prevent and detectirregularities, fraud and corruption. However, theprimary responsibility for preventing and detectingcorruption, fraud and irregularities rests withmanagement, who should institute adequate systemsof internal control, including clear objectives,segregation of duties and proper authorisationprocedures.

63. Internal auditors may carry out additionalwork at the request of management, includinginvestigations, provided such work does notcompromise the objectivity of the audit service orthe achievement of the audit plan. Accordingly, eachHEI’s audit committee should satisfy itself that theobjectivity of the internal audit service has not beenaffected by the extent and nature of other workcarried out. Internal audit services should not haveany management responsibilities other than forinternal audit.

64. Internal audit should be seen to have sufficientstatus, respect and support within the HEI. To beeffective, the head of internal audit – or equivalentwhere the service is provided on a contract basis –

must have direct access to the HEI’s designatedofficer, to the governing body (normally through thechair of the audit committee) and, if necessary, tothe chair of the governing body. Whether providedinternally or externally, day-to-day line managementand overall reporting arrangements for the internalaudit service should be such as to preserve itsobjectivity by avoiding concentration ofresponsibility and reporting with any one seniorperson within the HEI. Internal auditors must alsohave unrestricted access to all records, assets,personnel and premises, and be authorised to obtainwhatever information and explanations areconsidered necessary by the head of the internalaudit service.

Reporting65. The reporting requirements for any internalaudit service are discussed in Government InternalAudit Standards and in IIA standards. It is arequirement of this Code that the internal auditservice produce an annual report of its activities.The internal audit annual report must relate to thefinancial year and include any significant issues, upto the date of preparing the report, which affect theopinion. This should be addressed to the governingbody and the designated officer, and should beconsidered by the audit committee. The auditcommittee may forward the report to the governingbody with its own report. The report must besubmitted to HEFCEAS after it has been consideredby the HEI’s audit committee.

66. The internal audit annual report should includethe internal auditor’s opinion on the adequacy andeffectiveness of the HEI’s arrangements for:

• risk management, control and governance

• economy, efficiency and effectiveness.

This opinion should be placed into its propercontext: that is, the work undertaken has beenbased on the agreed audit strategy and on the areasreviewed in the year, as well as incorporatingknowledge of areas audited in previous years(including from a previous auditor). Internal auditperformance measures should be provided,including stating coverage achieved against theoriginal audit plan. It should also draw attention to

HEFCE 2008/19 17

any significant audit recommendations which theinternal audit service considers have not receivedadequate management attention.

Provision of service67. There are a variety of ways to acquire aninternal audit service, and we do not favour oneapproach above the others. One option is toappoint a head of internal audit and staff asnecessary. An ‘in-house’ team may also besupplemented at a variety of levels by externalconsultants or contractors, under the direction ofthe head of internal audit, for instance to meetpeaks in workload or to provide specialist skills.

68. Another option is to form a consortium withone or more HEIs, on a geographical or commoninterest basis. A consortium may be organised in-house, be provided externally or as a mixture of thetwo. A number of HEIs have set up suchconsortium arrangements.

69. A third option is to contract directly with anexternal provider, such as another HEI or anaccountancy firm.

70. Each HEI, advised by its audit committee,should establish which is the most suitable and cost-effective way of obtaining internal audit services.However, every five years at least, it should considermarket testing internal audit services where thoseservices are provided by outside contractors, sincethis provides a powerful incentive to maintainquality and cost-effectiveness. Where internal auditis an in-house service, there should be periodicconsideration of whether this continues to be theappropriate type of provision for the institution.

71. In all cases the audit committee should monitorinternal audit effectiveness as discussed in this Code.In addition, where the internal audit service isprovided in-house, the audit committee chair shouldbe consulted on the annual performance appraisal ofthe head of internal audit. This appraisal process isthe responsibility of management.

Removal or resignation of auditors72. Subject to normal staffing arrangements (for‘in-house’ internal auditors) and any contractualarrangements in place, only the governing body (or

the audit committee where delegated authorityexists) may pass a resolution to remove the internalauditors before the end of their term of office ifserious shortcomings are identified.

73. Where internal auditors cease to hold office forany reason, they should provide the governing bodywith either a statement of any circumstancesconnected with their removal which they considershould be brought to the governing body’sattention, or a statement that there are no suchcircumstances. The internal auditors may alsorequest an extraordinary general meeting of thegoverning body to consider the statement. Any suchstatements should also be sent to the HEFCEassurance service by the HEI – or, if it fails to do so,by the outgoing internal auditors.

74. The governing body must inform HEFCEASwithout delay of the removal or resignation of theinternal auditors and of the reasons.

Restriction of auditors’ liability75. Where the internal audit service is providedthrough a contractual arrangement with an externalprovider, the provider may ask the HEI to agree toa restriction in the internal auditors’ liability arisingfrom any default by the auditors. Normally suchliability should be without limit. However, HEIsmay negotiate a restriction in liability so long as thedecision is made on an informed basis. Thegoverning body, through the audit committee,should be specifically notified of any request for aliability restriction.

Fraud and corruption76. The work of the internal audit service, inreviewing the adequacy and effectiveness of theinternal control system, should help management toprevent and detect fraud. The internal audit serviceshould ensure that it has the right to review,appraise and report on the extent to which assetsand interests are safeguarded from fraud. Wheninternal auditors suspect fraud, or are carrying outa fraud investigation, it is important to safeguardevidence. They should assess the extent ofcomplicity to minimise the risk of information beingprovided to those involved, and the risk ofmisleading information being obtained from them.

18 HEFCE 2008/19

77. The HEI should ensure that the internal auditoris informed, as soon as possible, of all attempted,suspected or actual fraud or irregularity. Theinternal auditor should consider any implications inrelation to the internal control system, and makerecommendations to management, as appropriate,to strengthen the systems and controls.

Relationship with other auditors78. There should be regular liaison betweeninternal auditors and the HEI’s external auditors tooptimise the service provided to the HEI. Externalauditors should be given access to the internal auditservice’s working papers and plans so that theirwork programmes can be adjusted accordingly, andso that the extent of their reliance on the work ofthe internal audit service can be determined.

79. Copies of the internal audit service’s reportsshould be available to the external auditors. Theinternal audit service should also receive copies ofthe external auditors’ plans and management letters,and any other relevant reports produced for theHEI by other agencies. HEFCEAS must be allowedaccess to any work of the internal auditor, includingthe annual report, or correspondence between theinternal and external auditors.

External audit arrangements in HEIs

Introduction80. External auditors in the sector are expected tofollow the Statement of Recommended Practice:accounting for further and higher education(SORP) published by Universities UK6 and theaccounts direction published as a circular letterevery year by HEFCE.

Role of external auditors81. The primary role of external auditors is toreport on the financial statements of HEIs and tocarry out whatever examination of the statementsand their underlying records and control systems isnecessary to reach their opinion on the statements.

Their report should also state whether, in allmaterial respects, recurrent and specific grants fromHEFCE (and other bodies and restricted fundswhere appropriate) have been properly applied forthe purposes provided, and in accordance with theinstitution’s Financial Memorandum with HEFCE;in other words, that the conditions of grant havebeen met.

82. We accept that we are not the direct client ofthe external auditor and that the auditor does nothave a duty of care to us. However, we require thatexternal audit engagements in the sector meet therequirements of this Code.

Qualification of external auditors83. The qualifications required for externalauditors of higher education corporations are setout in paragraph 59(b) of Schedule 8 of the Furtherand Higher Education Act 1992, which amendsparagraph 18(5) of Schedule 7 of the EducationReform Act of 1988. For other HEIs, therequirements are the same as under the CompaniesActs. Auditors should be registered with one of theappropriate professional bodies, and conform tothat body’s standards.

Selection criteria and procedures84. The governing body is responsible forappointing external auditors, although it willusually delegate the detail of the process to theaudit committee. Before receiving proposals, theHEI should determine selection criteria, proceduresand the frequency of external testing.

85. The duties of HEIs and external auditorsshould be clearly presented in the agreed terms ofreference.

Additional services86. HEIs may ask external auditors to provideservices beyond the scope of the audit of financialstatements, including special investigation work,taxation compliance and advice, consultancy andVFM reviews. Generally, it is a matter for HEIs andauditors to agree precise requirements, although the

HEFCE 2008/19 19

6 Available from www.universitiesuk.ac.uk under Publications/Management guides & codes of practice.

audit committee must be informed of all significantfacts and matters that have a bearing on theauditors’ objectivity and independence related to theprovision of non-audit services, including thesafeguards put in place. Any additional work mustnot impair the independence of the audit function,and so should normally be the responsibility ofdifferent staff within the firm of auditors.

87. The audit committee has a key role to playwhere the auditors supply a substantial amount ofnon-audit services. The committee must keep thenature and extent of such services under review,seeking to balance independence and objectivitywith the HEI’s needs.

88. In order to help judge the relationship betweenthe HEI and its external auditors, the HEI mustdisclose separately, by way of a note to its financialstatements, the fees paid to its external auditors forother services. Each HEI’s audit committee mustreview both the level of fees incurred and the futureplanned work, and satisfy itself that the extent andnature of other work does not affect the objectivityof the external audit.

Management letter89. External audit should report to the institution byway of a management letter which highlights anysignificant accounting and control issues arising fromthe audit. The HEI’s management should providewritten responses to any recommendations made orissues raised. The Code is not prescriptive about theformat or title of a management letter, but it shouldenable the HEFCE assurance service to see whatobservations have been made about the internalcontrol system and how management has responded.

90. External audit should also indicate in the letterwhether, or to what extent, it is content to rely onthe work of the internal auditors in support ofexternal audit work. These statements will be basedon work which should already be carried out for thepurpose of external audit. They provide informationwhich is useful to the audit committee and to us indetermining institutional risk assessments.

91. The letter, with management responses, shouldbe made available (in draft if necessary) to the HEI’saudit committee in time to inform the committee’s

annual report, and in any event no later than twomonths after issuing an opinion on the financialstatements. HEIs must send a copy of the finalmanagement letter (incorporating managementresponses) to the HEFCE assurance serviceaccording to the timetable published annually in acircular letter. External auditors should attend auditcommittee and/or finance committee meetings atwhich the audited financial statements arediscussed, and attend governing body and othermeetings when appropriate.

Audit report 92. The external auditors shall report whether inall material respects:

a. The financial statements give a true and fairview of the state of the HEI’s affairs, and of itsincome and expenditure, recognised gains andlosses, and statement of cashflow for the year.They should take into account relevant statutoryand other mandatory disclosure and accountingrequirements, and HEFCE requirements.

b. The financial statements comply whereappropriate with the Statement ofRecommended Practice (SORP) on Accountingin Further & Higher Education, and theCompanies Acts (where the HEI is incorporatedunder the Companies Act), and/or otherlegislative or regulatory requirements.

c. Funds from whatever source administered bythe institution for specific purposes have beenproperly applied to those purposes and, ifrelevant, managed in accordance with relevantlegislation.

d. Funds provided by HEFCE have been applied inaccordance with the Financial Memorandumand any other terms and conditions attached tothem. In particular, auditors should have regardto the specific requirements of the FinancialMemorandum, such as compliance with theshort-term and long-term borrowing conditions.

93. HEFCE publishes as a circular letter an annualaccounts direction (see paragraph 80) and institutionsand their external auditors are required to conformto it. The accounts direction summarises and updatesHEFCE’s financial reporting requirements.

20 HEFCE 2008/19

94. External auditors have a duty to consider thestatement of internal control with the annualfinancial statements and to comment if thestatement is inconsistent with their knowledge ofthe HEI. It is for each HEI to decide whether itwishes its external auditors to do more than thisrequired minimum. Each HEI needs to ensure thatprocesses are in place – including work by internalauditors, external auditors and management – toprovide assurance on the effectiveness of thearrangements underpinning the statement ofinternal control. External auditors may reportprivately to the governing body (through the auditcommittee) on the results of their work on this, ormay make reference to this in the financialstatements, either in their audit opinion report orthrough a separate report.

Reappointment of external auditors95. HEIs should reappoint external auditorsformally each year. The audit committee shouldassess the external auditors’ work each year toensure that it is of a sufficiently high standard andrepresents value for money. The committee shouldthen make a recommendation to the governing bodyregarding the reappointment of the externalauditors. Performance measures could be used aspart of the assessment. Provided that the externalauditors’ performance is satisfactory, it will not benecessary to repeat the full selection process eachyear. However, full market testing should beundertaken at least every seven years. One partnerin the firm is normally responsible for theinstitution’s audit; he or she should not hold thisposition for more than seven continuous years.

Removal or resignation of auditors96. The governing body may pass a resolution toremove the external auditors before the end of theirterm of office if serious shortcomings are identified.

97. External auditors who have resigned or beenremoved from office for whatever reason should beentitled to attend, and make representations to, thegeneral meeting of the governing body at whichtheir term of office would have expired, or at whichit is proposed to fill the vacancy caused by theresignation or removal. They are entitled to receivenotices of, or other communications relating to, that

meeting and to be heard on any part of the businesswhich concerns them as former auditors of the HEI.

98. As with internal auditors the governing body isresponsible for advising HEFCE where externalauditors cease to hold office and the reasons for this.

99. In deciding whether or not to accept theappointment, anyone proposing to take up theoffice of external auditor should obtain the HEI’spermission to communicate with the outgoingauditors. Outgoing auditors should also obtainpermission from the HEI to discuss its affairs freelywith the proposed auditors, and should disclose allinformation required by the proposed auditors thatis relevant to the appointment. These provisions areanalogous to those in the Guide to ProfessionalEthics of the Institute of Chartered Accountants inEngland and Wales.

Restriction of auditors’ liability100. HEIs must not agree to any restriction inexternal auditors’ liability in respect of the externalaudit of their annual financial statements, unless aliability limitation agreement has been entered intounder the terms of the Limited LiabilityPartnerships Act 2000 and the Companies Act 2006or, in the case of HEIs that are not incorporatedunder the Companies Act 2006, as if the relevantprovisions of that Act applied to HEIs.

101. For other types of work performed by theexternal auditors, the provider may ask the HEI toagree to a restriction in the auditors’ liability arisingfrom any default by the auditors. Normally, suchliability should be without limit. However, HEIsmay negotiate a restriction in liability if the decisionis made on an informed basis. The governing body,through the audit committee, should be notified ofany liability restriction agreed.

HEFCE access to external auditors102. HEFCEAS may wish to meet with HEIs’external auditors, particularly in connection with avisit to the HEI. The HEI should not limit access inany way. Formal discussion should normally bearranged through the HEI’s designated officer orrepresentative. HEFCEAS will exchange letters wherenecessary with both parties to deal with confidentialityand the terms under which access is given.

HEFCE 2008/19 21

1. Each year we determine how much money toallocate to each institution. In doing so we maydistinguish between recurrent and capital funds, andbetween formula capital and project capital.

2. Higher education institutions (HEIs) should usethis money only for the proper purposes, as definedin the Further and Higher Education Act 1992 orother relevant legislation.

3. The above condition applies if an HEI passes onmoney to another body or organisation to provideeducation, research or related activities. The HEIremains responsible for overseeing such activities.There should be a written agreement with the otherbody covering financial accountability and qualityassurance. However, this is not necessary if the otherbody is an HEI or HEFCE agrees to the arrangement.

4. Sometimes we pay funds to an HEI or furthereducation college (FEC) as the lead institution for aconsortium of universities and colleges. In suchcases, there should be a consortium agreementsetting out how the money is passed on to theconsortium members. Guiding principles foragreements are published in HEFCE 00/54.

5. An institution must use specific or capitalfunding for those purposes only. If it uses them forother purposes, it must let us know as soon as itbecomes aware of the fact.

6. We will tell institutions their allocation offormula funds as soon as we can in advance of theacademic year to which they relate: normally by 31March. We will normally pay such funds in monthlyinstalments. The profile of payments will take intoaccount the expected needs of the sector as a wholeand the receipt of tuition fees from students and theStudent Loans Company.

7. We will pay formula funding for widening accessand improving retention only where institutionshave sent us widening participation strategies andaction plans that we find acceptable.

8. We will consider requests from individualinstitutions to alter the profile of payments,provided that such payments are not in advance ofthe institution’s need to spend the money.

9. Our capital grants are administered through ourCapital Investment Framework. Institutions thatmeet the framework requirements will havediscretion over the use of capital funds in line withtheir estates’ strategies. We will continue to requireother institutions to send us details of capitalprogrammes and projects to which we maycontribute costs, in line with criteria we set. We willset out conditions for such grants and agree apayment profile with the institution. All institutionsare expected to work towards satisfying therequirements of the Capital Investment Framework.

10. We may require an institution to repay part orall of a grant payment if it does not comply withthe conditions we attach to the grant. We mayreduce or withdraw funding from an HEI or FECthat fails an audit re-inspection by the QualityAssurance Agency for Higher Education. In thesecases we may require the institution to pay interest,at 2 per cent above the Bank of England base rate,for the period before it repays the funding to us.

11. If we overpay grant as a result of usingestimated data, we may recover the amountoverpaid amount, plus interest, as set out in theprevious paragraph.

22 HEFCE 2008/19

Annex CAllocating and paying funds

Introduction1. This strategy sets out how we will engage withand support higher education institutions (HEIs)and our related bodies (RBs) on matters relating toperformance, accountability and risk assessment. Italso describes what will happen when, as a result ofour assessment, we find there to be significant riskseither to the organisation itself or to HEFCE’sfunctions or interests.

2. The principles underlying our institutionalengagement and support strategy are that we will:

• respect the independence of HEIs and the formalstatus of each related body: the operation of ourengagement and support strategy underwrites theindependence of institutions when they are not athigher risk

• maintain an open dialogue on matters of mutualinterest

• seek to intervene only when necessary

• be open with the HEI or RB in our riskassessment and requirements

• ensure our involvement is proportionate to therisks

• end our involvement as soon as possible.

3. In broad terms there are three levels at whichHEFCE may engage with institutions:

• normal contact (in all cases)

• focused dialogue (in some cases)

• HEFCE’s support strategy (exceptionally).

Normal contact4. As part of our routine engagement withinstitutions and RBs we will want to understand theirmission, strategy and operational plans. This willhelp us to make appropriate responses to their needsand the sector’s, and to gain assurance about mattersthat affect the delivery of our own objectives. Therewill often be a formal visit by the HEFCE regionalteam to the institution in each year, and in thecontext of a more frequent exchange of informationand views. It is also part of our normal contact todiscuss an institution’s accountability returns and givefeedback, as part of the single conversation process.

Focused dialogue5. There are occasions when it is to the advantageof both HEFCE and institutions to explore issues inmore detail. For example, an institution may wishto make a bid to our Strategic Development Fund,and we will want to understand how such financialsupport might meet its development needs and fitwith our wider objectives for the sector. Likewise,we may wish to discuss with an institution whetherthere are opportunities to improve its performanceor work collaboratively with others. We emphasisethat we wish to work with the sector and are notassuming a planning role.

Support strategy6. We have a risk assessment system covering allinstitutions and RBs. This draws on the informationwe routinely collect through the single conversationprocess and on other information such as researchand teaching quality assessments. Sometimes wewill ask for more information to clarify ourunderstanding. There are currently two riskcategories: ‘not at higher risk’ (the vast majority ofthe sector at any time) and ‘at higher risk’ (for asmall number of institutions).

7. Through these annual returns or our regularcontact with an institution or RB, there may beissues that require further discussion. Allinstitutions face business and operating risks. Theissue is therefore about managing risk; putting inplace systems to identify, mitigate and report onrisk. In many cases, as a result of furtherdiscussions, we will conclude quickly there is nocause for concern.

8. We will consider an institution or RB to bepotentially at higher risk if there remain significantconcerns in one or more of the following areas:

• financial position or prospects

• student recruitment and the student experience

• reliability or use made of the institution’ssystems of financial control

• assessments of teaching or research quality

• rates of student non-continuation and/or non-completion

HEFCE 2008/19 23

Annex DInstitutional engagement and support strategy

• management and governance processes

• risk management

• management and sustainability of theorganisation’s infrastructure including its estateand information systems

• overall market position and strategic direction

• non-compliance with the FinancialMemorandum – including the requirements touse funds for the purposes intended, to providedata that has been subject to effectivemanagement and quality assurance, and to meetthe annual Accounts Direction.

9. When we have major concerns we need tointervene to protect the public interest. We will firstlydiscuss these issues with senior management, andspecifically the designated officer (of an HEI) or chiefexecutive (of an RB). We will seek a commonunderstanding of the issues, clarify what actions have

already been taken or are planned, and then agree anappropriate support strategy. Table 1 sets out therange of possible actions, though sometimes we willagree a different approach with an HEI or RB.

10. The associate director responsible for dealingswith the HEI or RB will lead our support activity,but a relevant senior manager – the HEFCEregional consultant, relationship manager (in thecase of an RB) or assurance consultant – willmanage the day-to-day engagement. In exceptionalcases, our chief executive will become involved. Allcases will be overseen by our audit committee andreported to the HEFCE Board.

11. If an institution or RB fails to address itsproblems, it might be in the public interest for us todisclose our risk assessment. We expect this to be avery rare occurrence, because in our experienceinstitutions generally do take appropriate action.

24 HEFCE 2008/19

Table 1 HEFCE support strategy for HEIs and related bodies ‘at higher risk’

Possible HEFCE actions Likely frequency

At governor and senior manager level

Engage with senior management, including the In all cases

designated officer

Assess the designated officer’s compliance with the Consider in the light of management response

Financial Memorandum, including the requirement to

have effective management and quality assurance

arrangements over data supplied to the Higher Education

Statistics Agency, HEFCE and other funding bodies

Inform the governing body of our change in risk assessment In all cases

Engage with the chair of the board and/or chair of the Where this might assist timely and appropriate action by

audit committee the institution

Engage with the whole governing body Exceptionally

Seek observer status at governing body or audit Exceptionally; if risks threaten viability or if we lack

committee meetings confidence in the response

Request the appointment of interim managers or If management capacity needs to be strengthened to

secondments from HEFCE mitigate risks to HEFCE’s interests or where viability is

threatened

HEFCE 2008/19 25

Possible HEFCE actions Likely frequency

Regarding information and audit

Require additional information, reports and data relating to In all cases

the risks

Require that information and reports be audited If information has proved to be inadequate or unreliable

Request changes to internal or external audit arrangements If audit work has failed to identify major risks

Undertake or commission audit investigations Where we need an independent assessment of risks and

action plans

Regarding planning and strategy

Require a recovery or action plan In all cases

Discuss possible changes to strategic plans and market If there are risks associated with the strategy or market

positioning position

Explore collaborative opportunities with other institutions If the risks might be mitigated through collaboration

Regarding funding

Re-profile grant If cash flow or liquidity are major concerns

Consider the use of special funding If additional funding might mitigate risks, and if the plan

meets HEFCE’s funding objectives

Attach special conditions to grant If this will promote action or prevent inappropriate action

Reduce or withdraw funding Only in extreme circumstances, and then proportionately

Use our own estimates of data If data supplied to us is not fit for purpose

As risks decline

Inform the institution about changes in our risk assessment In all cases

Remove special conditions and requirements Where appropriate

This return is to be submitted as part of the single conversation return, the timetable for which will be specifiedannually in a circular letter. The purpose of the return is to confirm that the institution has met its obligations toHEFCE under the Financial Memorandum. The return should be signed by the designated officer and should becopied to the institution’s governing body.

26 HEFCE 2008/19

Annex EAnnual assurance return from institutions

Institution

Year ended

Return completed by designated officer (enter nameof head of institution)

Can you confirm that in this period the institution hasmet its responsibilities to HEFCE (conditions of grant)as set out in paragraphs 11 to 29 of the FinancialMemorandum?

In particular can you confirm that the institution haseffective arrangements for the management andquality assurance of data submitted to the HigherEducation Statistics Agency, HEFCE and otherfunding bodies? (The requirement for this specificassurance will be reviewed in 2011.)

Have there been any changes of senior officer in theperiod which have not been notified to HEFCE,including the chairs of the governing body and auditcommittee and the heads of finance and internal audit?

Has there been any confirmed instance of seriousweakness, such as fraud, that should have beennotified as required under the HEFCE Code ofPractice? If so, please provide details.

Signed

Dated

Introduction1. An institution must get written consent from usbefore it agrees to any new financial commitmentsas follows:

a. Long-term commitments – where the annualisedservicing cost (ASC) of its total financialcommitments would increase to above 4 per centof total income.

b. Short-term financial commitments – wherenegative net cash exceeds 5 per cent of totalincome for more than 35 consecutive days.

Definitions

Total income2. Total income is as reported in the latest auditedfinancial statements, or the estimated amount forthe current year if that is lower.

Short-term commitments3. ‘Negative net cash’ is determined on a cash bookbasis and as defined by FRS 1 (revised 1996): ‘CashFlow Statements’.

Long-term commitments4. The requirements of paragraph 19 of theFinancial Memorandum only apply when aninstitution intends to do one of the following:

• take out additional financial commitments,including repayable grants from us

• refinance existing financial commitments,including fixing the interest rate.

5. There is no need to seek our consent where theASC increases above the 4 per cent threshold, orany other threshold approved by the Council,solely as a result of either an increase in theinterest rate on variable rate borrowings or areduction in total income. Similarly, consent is notrequired if refinancing existing commitmentsresults in a lower ASC.

6. In all cases, the ASC calculation should reflectthe economic substance, which may differ from thelegal form.

7. Long-term financial commitments mean amountswhich are due for payment after more than 12months, in accordance with Generally AcceptedAccounting Practice. These include:

• all borrowing, whether self-financing or not

• finance leases, subject to the exclusion below

• inherited debt and leases which are not fullyreimbursed by us

• Private Finance Initiative (PFI) arrangementswhich are accounted for as loans or financeleases in accordance with the requirements ofSSAP 21 or FRS 5.

And exclude:

• lease payments where the combined ASC of suchleases does not exceed 0.5 per cent of totalincome.

8. The ASC of the financial commitments consistsof total expected net cash payments (capital andinterest) over the period of the loan, divided by theloan period in years. This includes lump sums at theend of the term.

9. Where the financing involves a lease-and-leasebackof existing assets (that is, the institution receives rentalincome linked to rental expenditure), the ASC shouldbe calculated on the net cash outflow.

10. For new loans, the interest rate to be used inthe calculation is the one in force at the start of theloan, whether this is fixed (for all or part of theloan period) or variable. For existing loans, theinterest rate to be used is the one currently in force.

11. The loan period is as defined at the time whenthe commitments are agreed. It starts when the firstpart of the loan is drawn down and ends when thefinal liability is repaid. If there is an option toextend at a later date any part of the commitmentsto a longer term, the ASC will still be measured onthe original term.

12. Where the loan period is to be shortened orextended, the ASC calculation should be reworkedusing the revised term and rates of interest in forceat that time. If this increases the ASC above the 4per cent threshold, the institution must get (revised)written consent from the Council.

HEFCE 2008/19 27

Annex FConsent for financial commitments (this annex is under review in 2007-08)

Our response13. The Council will try to give a response to arequest for consent within 15 working days of thereceipt of all relevant information. Where theproposed ASC for long-term financial commitmentsis above 7 per cent, approval must come from theHEFCE Board. This will extend the period requiredto deal with the request and institutions shoulddiscuss this with us when they are planning to seekconsent. We accept, however, that very occasionallyan institution may need to get a faster response, inwhich case it should discuss this with us at an earlystage in developing its plans.

14. In responding to requests for consent we aim tobe helpful and pragmatic, applying the generalprinciples outlined here to the circumstances of eachproposal. If an institution is unsure how to calculatethe ASC or whether consent is required, it shoulddiscuss this with us.

Information requiredWe set out in Table 2 the information we require toconsider a request for consent. This addresses theissues we would expect the institution’s owngoverning body to seek assurance on beforeapproving additional financial commitments. Themain focus is on affordability and risk, notnecessarily on the individual project.

28 HEFCE 2008/19

Table 2: Information required by HEFCE to consider a request for consent for new financialcommitment(s)

Long-term financial commitments

1. There should be a reasonable case for the new investment.

Information required:

a. Brief description of the new investment.

b. An explanation of how it broadly fits with the institution’s mission and strategic priorities.

c. Confirmation that the institution has followed HEFCE guidance on appraising investment decisions.

2. The new financial commitment or refinancing arrangement should be consistent with the institution’s financialstrategy and represent good value for money.


a. An explanation of why additional finance or refinancing is necessary and how this fits with the financial strategy.

b. The forms of finance considered and the selection process and criteria.

c. The net present value for each financing option and a brief explanation of why the chosen method was selected.

3. Details of the new financial commitments.

a. Details of the chosen option, including: name of lender, sum borrowed, loan period and basis of repayment.

b. Terms and conditions of the financing (for example, a copy of the offer letter) and an evaluation of the risks anduncertainties.

4. The new investment and financial commitments must be affordable.


An update of the latest financial forecasts, to include the impact of the new investment and financial commitments, anddemonstration that they are affordable. This update must include any other material changes in the institution’s financialprospects, including guarantees to third parties.

HEFCE guidance that may be helpfulThe following documents may be helpful, and are all available on the HEFCE web-site www.hefce.ac.uk under Publications:

• ‘Financial strategy in higher education institutions’ (HEFCE 2002/34)

• ‘Investment decision making: a guide to good practice’ (HEFCE 2003/17)

• ‘Practical guide to PFI for higher education institutions’ (HEFCE 2004/11)

• ‘Guide for Members of Higher Education Governing Bodies in the UK’ (HEFCE 2004/40)

• ‘Borrowing in the higher education sector: 2004 update’ (HEFCE 2004/44).

HEFCE 2008/19 29

5. The institution’s governing body has made an informed decision about the new investment and financialcommitments.


a. Details of when the governing body approved the new investment and financial commitments and a minute of thedecision reached.

b. A summary of the information the governing body received in reaching its decision.

6. Details of the new threshold.


a. Details of continuing financial commitments (including the lender, loan term and ASC) and of the new financialcommitment.

b. A calculation of the new threshold required.

Short-term financial commitments

1. Short-term financing should be an appropriate solution.


a. Brief description of why increased short-term finance is necessary, and how this fits with the financial strategy.

b. Cash flow forecasts which show the need for the increased borrowing.

c. The forms of finance considered and the selection process and criteria.

d. Brief explanation of why short-term finance was selected.

2. Details of the new financial commitments.

a. Details of the arrangement, including: name of lender, sum borrowed, loan period and basis of repayment.

b. Terms and conditions of the arrangement (for example, a copy of the offer letter) and an evaluation of the risks anduncertainties.

3. The institution’s governing body has made an informed decision about the short-term financing arrangements.


a. Details of when the governing body approved the arrangements and a minute of the decision reached.

b. A summary of the information the governing body received in reaching its decision.

4. Details of the new threshold.


The revised threshold (in £) and the period for which this is required.

Introduction1. This Annex reflects the revised system forexchequer interests which will provide betteraccountability for public funding while reducing theexisting administrative burden upon institutions andenabling them to manage their estates more flexibly(see Circular Letter 12/2006).

Requirements2. The institution, having entered into anagreement with HEFCE effective on 1 August 2006to enable the retrospective elements of a new systemof accounting for exchequer interests to be enacted,shall follow the conditions set out below. Until thisagreement is signed, the institution is bound by thepre-existing terms and conditions as set out in thepre-existing version of this model FinancialMemorandum (HEFCE 2003/54).

3. The exchequer interest identified and agreedwith HEFCE in this agreement will form theopening balance of a simple exchequer interestregister maintained by HEFCE. The register will beadjusted immediately for the addition of capitalgrants received in the year and annually for both ofthe following:

• indexation of the opening balance and allgrants received in subsequent years

• writing down grants over the prescribed period.

4. The indexation rate used will be the GDPdeflator published by the Treasury. This will takeaccount of changes in value and ensure that thevalue of the exchequer interest is not erodedthrough inflation.

5. All capital grants made after 1 August 2006 thatcreate an exchequer interest will be entered onto theregister, regardless of how they are treated foraccounting purposes.

6. The opening exchequer interest balance as at 1 August 2006 will be written down over a 10-yearperiod on a straight-line basis. All further grantswill be written down annually over 15 years fromthe year of the grant in question on a straight-linebasis, to recognise their consumption through theprovision of education over that period.

7. The closing balance of the register as at 31 July2007 and annually thereafter will provide a singlereportable sum for the exchequer interest, and willbe confirmed annually with the institution byHEFCE.

8. As repayment of exchequer interest is a remoteevent contingent upon the occurrence of what arelikely to be exceptional circumstances (see below), itdoes not need to be disclosed as a contingentliability in the institution’s annual accounts.

Circumstances in which theexchequer interest becomesrepayable9. If either of the following remote events occur,they will trigger immediate liability for theinstitution to repay HEFCE the full amount of theexchequer interest (as shown in the exchequerinterest register at that date). The institution willrecognise HEFCE as an unsecured creditor untilsuch repayment is made. If a liability to makerepayment arises, HEFCE may agree to acceptrepayment of some other sum, or to delayrepayment, at its absolute discretion, and suchagreement may be on terms and conditions asHEFCE thinks fit.

10. The first trigger event will be if the institutionbecomes insolvent, including going into liquidationor administration, or if it dissolves or transfers itsundertaking to some other body (for example, bythe exercise of the Secretary of State’s powers underthe Education Reform Act 1988 or otherwise), or ifit experiences any analogous event.

11. The second trigger event is if there is asignificant reduction in the level of HEFCE-fundedactivity by the institution, using the followingindicators:

• the absolute level of HEFCE income

• the absolute level of total income

• the percentage of total income represented byHEFCE income.

12. A base level for each of these indicators willbe set as at 31 July 2006 by reference to the

30 HEFCE 2008/19

Annex G Exchequer interests

institution’s 2005-06 financial statements. Thetrigger event will only occur if two or more of thethree indicators reduce to at least 50 per cent fromthe base level.

13. This second trigger has been designed to ensurethat HEIs are not discouraged from generatingother sources of income, providing they continue tooffer the same level of HEFCE-funded education.HEIs may activate the trigger if, for example, theycease to educate publicly funded students,significantly downsize or go into liquidation, but areunlikely to do so if activities continue as normal orthey expand. We will not use our exchequer interestrules to penalise institutions that are successful indiversifying their income.

14. The agreed base level for each indicator will bereviewed every five years by HEFCE and may bereset if appropriate to reflect the changing nature ofthe provision of education and more generalchanges within public sector funding.

15. If two or more of the trigger indicators reduceto at least 30 per cent from the base level, this willlead to discussions between HEFCE and theinstitution about the impact of further downsizing,including consideration of whether to reset the baseindicators.

16. If the triggers are activated, HEFCE has theright, but not the obligation, to request repayment.It has discretion to waive the requirement forrepayment.

HEFCE 2008/19 31

1992 Act Further and Higher Education Act 1992

1998 Act Teaching and Higher Education Act 1998

ASC Annualised servicing cost

CAG Comptroller and Auditor General

Capital expenditure Expenditure used to create or purchase a new asset, replace an existing asset, or refurbish or remodel an existing asset

CIPFA Chartered Institute of Public Finance and Accountancy

Combined Code ‘The Combined Code on Corporate Governance’, July 2003, Financial ReportingCouncil

CUC Committee of University Chairmen

CUC Code of Practice Guide for Members of Higher Education Governing Bodies in the UK: GovernanceCode of Practice and General Principles (HEFCE 2004/40a)

DEL Department for Employment and Learning in Northern Ireland

Designated officer Head of an institution responsible and accountable to HEFCE (and ultimately toParliament) for ensuring that the institution uses HEFCE funds in ways that areconsistent with the purposes for which those funds were given, and complies withthe conditions attached to them. These include the conditions set out in theFurther and Higher Education Act 1992 and in this Financial Memorandum

DIUS Department for Innovation, Universities and Skills

FEC Further education college

FRS Financial Reporting Standard

GIAS Government Internal Audit Standards

Governing body The university council, board of governors or other body ultimately responsible forthe management and administration of the institution’s revenue and property, andthe conduct of its affairs

HE Higher education

HEFCE Higher Education Funding Council for England

HEFCEAS HEFCE assurance service

HEI Higher education institution

HESA Higher Education Statistics Agency

ICAEW Institute of Chartered Accountants in England and Wales

IIA Institute of Internal Auditors

32 HEFCE 2008/19

Annex HDefinitions and abbreviations

JANET High-speed computer network supported by the seven higher and furthereducation funding bodies, which links universities and colleges in the UK.SuperJANET is the enhanced network

Legally distinct entity An organisation receiving HEFCE grant funding from an HEI to which it isaccountable, but operating independently from that HEI

LSC Learning and Skills Council

NAO National Audit Office

QAA Quality Assurance Agency for Higher Education

RB Related body (a non-HEI/FEC body through which significant levels of HEFCEfunding are distributed or activities promoted)

Secretary of State Secretary of State for Innovation, Universities and Skills

Single conversation A streamlined accountability process between HEFCE and institutions, linked to anassessment of institutional risk, which comprises an exchange of documents anddialogue during a specific period each year

SORP Statement of recommended practice

the Code Accountability and Audit: HEFCE Code of Practice

TDA Training and Development Agency for Schools

TRAC Transparent Approach to Costing

VFM Value for money

References to the financial position, financial statements, financial commitments or borrowings of the institution meanthe consolidated financial position, financial statements, financial commitments or borrowing of the institution and itssubsidiary undertakings, as defined in the Companies Act 1985 and revised by the Companies Act 1989 and 2006,and in accordance with generally accepted accounting principles.

Shall and must denote mandatory requirements, and should denotes our view of good practice.

HEFCE 2008/19 33

Higher Education Funding Council for EnglandNorthavon HouseColdharbour LaneBRISTOLBS16 1QD

tel 0117 931 7317fax 0117 931 7203www.hefce.ac.uk

Documents

Model Financial Memorandum between HECE and institutions