All the UK higher education funding bodies require audit committees to assess risk management, control and governance arrangements. The audit committee must form an opinion on these arrangements, and to do this it needs to establish how key risks are identified, evaluated and managed, and the rigour and comprehensiveness of the review process. However, this does not mean that the governing body should not be actively involved in risk: this is a matter for the whole board as well as the audit committee.
The role of the audit committee is considered separately , but it has been found that audit committees generally exercise their risk role in different ways, such as:
An issue to consider here is the balance of responsibility between the audit committee, the full board, and the executive, and whether any other body should be involved. A few institutions have introduced separate risk committees, perhaps combined with governance, to make a risk and governance portfolio. There is no requirement to do so, but those institutions that have such a committee may use it to develop and review the overall risk policy, or as an ad hoc committee to consider, for example, major project risks.
A number of issues relating to risk management processes, and the role and effectiveness of the audit committee in that area, are raised by Sir David Melville in his independent review arising from the clawback of funds from London Metropolitan University in 2009.
More information [PDF, 64KB]