No 6809
Wednesday 7 January 2026
Vol clvi No 14
pp. 196–209
7 January, Wednesday. First ordinary issue of the Reporter in Lent Term.
13 January, Tuesday. Discussion by videoconference at 2 p.m. (see below).
20 January, Tuesday. Full Term begins. Discussion in the Senate-House at 2 p.m. (see below).
24 January, Saturday. End of first quarter of Lent Term.
25 January, Sunday. Preacher before the University at 11.30 a.m., The Rt Revd Dr Dagmar Winter, Bishop of Huntingdon and acting Bishop of Ely (Select Preacher).
30 January, Friday. Congregation of the Regent House at 2 p.m. (degrees in absence only).
|
Discussions (Tuesdays at 2 p.m.) |
Congregations (at 10 a.m. unless otherwise stated) |
|
13 January 20 January 17 February 17 March |
30 January, 2 p.m. (degrees in absence only) 28 February 16 March, 2.45 p.m. (ceremonial installation of the Chancellor) 28 March 11 April |
The Vice-Chancellor invites members of the Regent House, University and College employees, registered students and others qualified under the regulations for Discussions (Statutes and Ordinances, p. 111) to attend a Discussion by videoconference on Tuesday, 13 January 2026 at 2 p.m. The following item will be discussed:
1.Topic of concern to the University: Support for the Veterinary course (Reporter, 6808, 2025–26, p. 162).
Those wishing to join the Discussion by videoconference should email UniversityDraftsman@admin.cam.ac.uk, ideally from their University email account and providing their CRSid (if a member of the collegiate University), by 10 a.m. on the date of the Discussion to receive joining instructions. Alternatively contributors may email their remarks to contact@proctors.cam.ac.uk, copying ReporterEditor@admin.cam.ac.uk, by no later than 10 a.m. on the day of the Discussion for reading out by the Proctors,1 or may ask someone else who is attending to read the remarks on their behalf.
In accordance with the regulations for Discussions, the Chair of the Board of Scrutiny or any ten members of the Regent House2 may request that the Council arrange for one or more of the items listed for discussion to be discussed in person (usually in the Senate-House). Requests should be made to the Registrary, on paper or by email to UniversityDraftsman@admin.cam.ac.uk from addresses within the cam.ac.uk domain, by no later than 9 a.m. on the day of the Discussion. Any changes to the Discussion schedule will be confirmed in the Reporter at the earliest opportunity.
For general information on Discussions see the Reporter website at https://www.reporter.admin.cam.ac.uk/discussions.
1Any comments sent by email should please begin with the name and title of the contributor as they wish it to be read out and include at the start a note of any College and/or Departmental affiliations held.
2https://www.scrutiny.cam.ac.uk/ and https://www.admin.cam.ac.uk/reporter/regent_house_roll/.
The Vice-Chancellor invites members of the Regent House, University and College employees, registered students and others qualified under the regulations for Discussions (Statutes and Ordinances, p. 111) to attend a Discussion on Tuesday, 20 January 2026. Following a request from the Chair of the Board of Scrutiny the Council has arranged for the Discussion to take place in person at 2 p.m. in the Senate-House.
The following items will be discussed:
1.Report of the Council on changes to Statutes G II and G III concerning College contributions, the Colleges Fund and College accounts (Reporter, 6808, 2025–26, p. 169).
2.Report of the Council on the statutory exclusion of the Commissary’s jurisdiction in relation to staff disputes (Reporter, 6808, 2025–26, p. 175).
3.Annual Report of the Council for the academic year 2024–25 (Reporter, 6808, 2025–26, p. 176).
4.Annual Report of the General Board to the Council for the academic year 2024–25 (Reporter, 6808, 2025–26, p. 183).
Attendees should aim to be seated in the Senate‑House by 1.55 p.m. with the Discussion starting promptly at 2 p.m. Matriculated members of the University are requested to wear gowns; a small number of gowns are kept on site and may be borrowed on arrival.
Contributors unable to attend the Discussion in person may email their remarks to contact@proctors.cam.ac.uk, copying ReporterEditor@admin.cam.ac.uk, by no later than 10 a.m. on the day of the Discussion for reading out by the Proctors,1 or may ask someone else who is attending to read the remarks on their behalf.
1Any comments sent by email should please begin with the name and title of the contributor as they wish it to be read out and include at the start a note of any College and/or Departmental affiliations held.
The Council has received the annual report of the Audit Committee for the financial year 1 August 2024–31 July 2025. The report is published below for the information of the University. Appendix A to the report is provided below; Appendices B and C are not reproduced.
The Audit Committee is required to submit an annual report to the Council.1 The purpose of the report is to set out the current membership and constitution of the Audit Committee, to report on its work and activity over the last financial year and to provide the Committee’s and the auditors’ opinions on the adequacy and effectiveness of the University’s systems of risk management, control, governance and value for money.
This Audit Committee Annual Report is for the 2024–25 financial year (1 August 2024–31 July 2025). The report includes any significant issues arising during the financial year and the period up to the date of the report.
A copy of this report will be published in the University’s official journal, the Reporter, for the information of the University.
The Constitution of the Audit Committee is set out in the Statutes and Ordinances of the University of Cambridge. Further information on the Committee’s membership, terms of reference and meetings are provided in Appendix A.
The University’s internal audit work was undertaken by Deloitte LLP for a fee of £470,740 plus VAT for delivery of the internal audit plan and a further £7,882 plus VAT for additional assurance pieces commissioned in year. The University appointed Deloitte LLP as the internal auditor from 1 August 2021 for four years (with provision for a one-year extension) following a tender exercise. The performance of the internal auditor and their lead partner is considered annually by the Committee. At its meeting in March 2025, the Audit Committee approved a one-year extension of Deloitte’s contract to 31 July 2025.
Since August 2021, the University has operated under a hybrid internal audit model. The outsourced internal audit function is facilitated by the Head of Assurance, based in the Governance and Compliance Division. This approach allows the University to combine external and independent audit expertise with an in-depth knowledge of the academic and administrative processes at the University.
The 2024–25 audit plan was approved in July 2024. The plan provided a balance between audits focusing on key strategic risks and cyclical audits of functional areas of University operations. Different teams of auditors were assigned to undertake the work depending on the level of specialism required, and audits typically involved visits to a range of departments and institutions to follow up on particular functions.
Deloitte LLP provide an assurance rating for each internal audit report, based on their assessment of the adequacy and effectiveness of the system of internal control. The assurance ratings given are as follows:
|
Rating |
Description |
|
Full |
There is a sound system of internal control designed to achieve the University’s objectives. The control processes tested are being consistently applied. |
|
Substantial |
While there is a basically sound system of internal control, there are weaknesses, which put some of the University’s objectives at risk. There is evidence that the level of non-compliance with some of the control processes may put some of the University’s objectives at risk. |
|
Limited |
Weaknesses in the system of internal controls are such as to put the University’s objectives at risk. The level of non-compliance puts the University’s objectives at risk. |
|
Nil |
Control processes are generally weak leaving the processes/systems open to significant error or abuse. Significant non-compliance with basic control processes leaves the processes/systems open to error or abuse. |
During 2024–25 and up until the date of this report, the Committee received and considered fourteen internal audit reports. Of these reports, seven received an assurance rating and seven were advisory. Where a rating was ascribed, 57% of reports were given Substantial assurance (up from 36% in 2023–24). A full list of internal audit reports considered by the Audit Committee during 2024–25 is provided in Appendix A.
The internal auditor’s annual report was considered by the Committee at its meeting on 16 October 2025 and is provided in Appendix B [not reproduced].
The Head of Internal Audit opinion provides reasonable assurance that the University has an efficient and effective system of risk management and governance and limited assurance that the University has an efficient and effective system of internal control for the year ending 31 July 2025. The scope of the opinion excludes audits deferred from the 2024–25 audit plan.
The Committee discussed the audit opinion and noted that the 2024–25 audit plan had been risk-based and included several topics where the University had identified issues and had used internal audit to inform how its approach to these areas could be enhanced. These topics and their findings had been taken into account and contributed to the overall limited assurance opinion on internal controls. The audit opinion acknowledged the significant progress made on implementing internal audit actions in a more timely manner and a corresponding reduction in the number of overdue actions. Where progress in resolving audit actions was delayed, the Committee has full visibility of these and receives regular progress updates.
The Committee also considered the outcome of the internal Head of Institution Assurance Statement exercise, which provided second line assurance of the effectiveness and consistency of internal controls operated at a devolved level. The exercise was starting to drive improvements in certain areas of activity, providing assurance to the Committee and raising awareness of policies and processes at a departmental level.
The Committee considered the Head of Internal Audit opinion to be fair, based on the coverage of audit work undertaken during the year. Overall, the Committee was of the view that the internal control environment was starting to improve, but it felt the University should continue to accelerate the pace in driving change in response to audits and more generally in raising the quality of its internal controls. Key themes identified across audit topics included a lack of clarity and consistency around expectations (exacerbated by fragmentation of approach and a lack of understanding of roles and responsibilities), oversight of institutional compliance, the need for a culture of proportionality, and a lack of data to support monitoring and reporting.
The Head of Assurance oversees a continuous programme of follow-up of actions agreed in response to internal audits and to the Audit Committee on the implementation of internal audit actions at every meeting. On 30 September 2025, the number of overdue audit actions stands at 10, down from 15 reported in last year’s annual report.
The Committee has continued to actively monitor progress in implementing the outstanding actions from the Travel Safety and Health and Safety Risk Management and Assurance audits conducted in 2021–22. Five actions have been closed since last year’s annual report, with ten actions remaining open and overdue. The Travel Safety actions are dependent on the rollout of the Peregrine Foresight travel risk assessment system to all departments, which is expected to be completed in early 2025–26. The remaining Health and Safety Risk Management and Assurance actions will be addressed as part of a review of safety governance during 2025–26.
In light of previous concerns around the slow implementation of actions, the Committee will continue to monitor the implementation of these actions until they have been completed.
PricewaterhouseCoopers LLP (PwC) was reappointed as the external auditor for the University for the financial year 2024–25. The fees payable for work completed in the financial year 2024–25 were £2,116,601 plus VAT for the external audit2 and £62,852 plus VAT for non-audit work. These fees are subject to final confirmation and audit.
In accordance with OfS’s terms and conditions of funding for Higher Education Institutions, the external auditor is appointed or reappointed annually. The Statutes and Ordinances of the University of Cambridge also require that the accounts of the University are audited annually by qualified accountants appointed by Grace on the nomination of the Council.
Following a market testing exercise in 2018, PwC was reappointed to provide the external audit provision (subject to annual reappointment). However, the University agreed that PwC would discontinue the audits of low materiality subsidiaries as this work was more suitable for a smaller firm. It was agreed that for the 2023–24 audit, the audit of these subsidiaries would be undertaken by a local firm, Peters Elworthy and Moore.
At its March 2025 meeting, the Committee received feedback from the University and its subsidiary organisations in regard to the performance of the external auditor. The Committee agreed to recommend to the Council that a Grace be promoted for the annual reappointment of PwC as the external auditor for the Financial Year 2024–25.
The University will be required to change its current external auditor at the end of the Financial Year 2027–28. During 2024–25, the Audit Committee undertook a market testing exercise to appoint the University’s next external audit provider. The Committee recommended to the Council the appointment of a new external audit firm by Grace of the Regent House for the Financial Year 2027–28.
The Committee reviewed the Financial Statements with particular reference to the Corporate Governance Statement (including the Internal Control Statement), the Statement of Council’s Responsibilities and the Report of the External Auditors included within the Statements.
During 2024–25, the external auditor and PwC affiliate firms carried out non-audit work in the following areas for the University: Financial Conduct Authority client asset work3, assurance of environmental sustainability data, attestations on legal books for Cambridge Assessment Overseas Limited and access to online financial reporting reference material. In each significant case, the engagement was subject to the Audit Committee’s policy on non-audit services to ensure that the external auditor’s independence was not put at risk.
The Committee received PwC’s external audit annual report 2024–25 at its meeting on 13 November 2025.
The Committee considered the report and was satisfied with the remarks on auditing and accounting matters, detailed control observations and other observations from around the University group.
The University’s approach to risk management is set out in its risk management policy and framework. Under this framework, the Audit Committee has risk management as a standing item on its agenda to ensure routine monitoring. The Audit Committee alerts the Council to any emerging issues arising with the management of risks as necessary.
In addition, the Committee also undertakes regular ‘deep dives’ into individual risks on a rotating basis, which provides an opportunity for risk owners and the Audit Committee to discuss the management of risks in greater depth than is otherwise provided through a review of the University Risk Register. This helps to provide the Audit Committee with assurance that risks are being actively managed. The Audit Committee welcomes the increased maturity of the University’s risk management processes over the past five years.
Last year, the Committee recommended that a calibration of the University Risk Register be undertaken to ensure that risk scoring accurately reflected the top risks faced by the University. This calibration was completed by the extended senior leadership team in July 2024 and confirmed the existing ranking of the University Risk Register.
In January, the Committee reviewed updates to the University Risk Register and, noting the risk scores for the University’s IT and cyber-related risks, agreed to highlight to the Council its concerns about the significant cost implications should these risks materialise. The Committee will continue to actively monitor progress in addressing the University’s cyber and IT-related risks through a combination of internal audit coverage and by actively seeking regular progress updates on mitigation activities such as IT Service Unification (formerly defragmentation of the digital estate).
The Committee commissioned an advisory audit to understand the support Departments needed to help with the implementation of the System Management Policy (SMP) by the end of the transition period in April 2026. The SMP sets out minimum technical standards that will help to improve the University’s IT control framework. The Policy was introduced with a two-year implementation period in recognition of the level of work required by some institutions to comply with the standards.
The audit found that the SMP implementation date was at risk unless Departments received further support to help them develop implementation plans and in tackling common challenges. Resource shortages, technical obstacles and skills gaps emerged as the most pressing challenges. Colleagues in University Information Services (UIS) will work collaboratively with School IT Leads to develop a plan to support Departments with these challenges. That plan will be shared with the Audit Committee in Michaelmas Term 2025. The Committee will seek assurances on progress ahead of the April 2026 implementation date.
The Committee has continued to request regular updates on progress with work to defragment the digital estate. The Committee has repeatedly expressed concern over pace of execution and the lack of overall plan to address the structural and people elements of defragmentation.
In November, the Committee heard that the Clinical School Computing Service (CSCS) IT incident that occurred in February 2024 had disrupted original plans for defragmentation but had also provided an opportunity to defragment some parts of the estate. The requirement to adopt the SMP was also expected to further drive demand from some parts of the estate. The Committee cautioned against a demand-based approach to defragmentation and requested a plan against which progress could be tracked.
In January, a further update was provided which set out plans to co-create a business case between UIS and the Schools to set out several options for defragmentation of the IT infrastructure and the associated capital investment. The draft business case for the newly retitled IT Service Unification Programme Pilot was shared with the Audit Committee at its meeting in March and feedback was provided on the need to demonstrate long-term savings that could be achieved, a clear demonstration of why the work was essential and clarity on the people and change management elements of the Programme which would be key to success.
In July, the Committee met with the new Chief Information Officer (CIO), who updated the Committee that development of the business case had been put on hold at the request of the Information Services Committee (ISC) to allow further engagement with School IT stakeholders to develop a shared vision and future operating model. The Committee requested appropriate updates on progress whilst acknowledging that the ISC would be responsible for oversight.
The Committee welcomes the appointment of the CIO and continues to reiterate its strong advice on IT Service Unification work and the further mitigation of IT risks. In the meantime, the University’s IT infrastructure will continue to operate in a hybrid model, with growing central provision of infrastructure, systems and standards delivered through UIS but with individual departments and faculties managing their own technology in the interim. The Committee will continue to seek assurances on the mitigation of IT-related risks in 2025–26, including other emerging risks that may fast become material.
Last year’s annual report noted that the Audit Committee had emphasised a need for operational management and leadership at the portfolio level and that it would continue to seek assurance over the delivery of the change programmes during 2024–25.
Much of the discussion during 2024–25 focused on the recommendations from the Change at Cambridge review conducted by Damian Mayer and the actions being taken by the University in response. The Committee discussed the report in depth with the Pro-Vice-Chancellor (Resources and Operations) at a session in February 2025. The Committee took a degree of assurance that the position of the change programmes had improved since May 2024 and that strong leadership was in place to take forward the recommendations from the report. The Committee will continue to actively monitor risks relating to the transformation portfolio during 2025–26, with a focus on the assurance frameworks in place over the portfolio and the Finance Transformation Programme now that it had entered into a crucial phase of delivery. The Committee notes that optimal delivery will only be achieved if new systems and controls are adopted across the University and that this may require a cultural shift in some areas.
The Committee continues to welcome the assurance over controls operated at a devolved level provided by the Head of Institution Assurance Statements exercise. This self-assessment exercise complements and adds to the assurance received through the University’s programme of internal audits, by seeking assurance that policies and procedures are operating as intended.
The results of the 2024 exercise provided assurance over nineteen areas of activity. The list of statements had been expanded to provide more coverage of activities that ensured compliance with legal or regulatory requirements. Fifteen areas were identified as strong, two as satisfactory and two as weak. The two weak areas aligned with the findings of recent internal audit reports for which improvement actions had been agreed. Progress would be monitored as part of the 2025 Assurance Statements exercise and normal internal audit action tracking. The Committee approved a proposal to run the exercise in ‘steady state’ for 2025, with minimal changes.
As 2024 was the second time the exercise had run, a comparison was made between the 2023 and 2024 results for eleven statements common to both years. This showed an improvement in the number of institutions reporting themselves to be ‘working well’ for nine statements, with large increases (18, 27 and 30%) for three statements in particular. There was also a slight decrease in the number of institutions reporting themselves to be working well for two statement areas, although the percentage change was much smaller (down 1.1 and 1.5%). The Committee will continue to monitor whether this exercise is helping to drive improvements in the University’s control environment at a devolved level and to validate this through the internal audit programme.
The 2024–25 exercise was launched in May 2025 and the outcome will be reported to the Audit Committee in Michaelmas Term 2025.
The Audit Committee monitors the effectiveness of the University’s management and quality assurance of data returns submitted to the Higher Education Statistics Agency, the Student Loans Company, the Office for Students (OfS), Research England and other bodies through its programme of internal audit and an Annual Data Return Assurance Report. This report provides the Committee with an overview of statutory data returns submitted during the year and provides with assurance that the data submitted by the University conformed to requirements and published guidance and had been subject to effective oversight and management review.
The Committee also ensures that the process used to produce the University’s Transparent Approach to Costing (TRAC) return is compliance with guidance published by OfS. This year, an issue was identified in respect of non‑compliance for some research facilities following a late change in requirements from the OfS. However, the OfS clarified in January that non-compliance for the 2023–24 TRAC return did not need to be declared and institutions should aim to be fully compliance for the 2024–25 TRAC return which would be submitted in early 2026. The Committee also received the outcome of an internal audit of TRAC processes, which carried substantial assurance.
The Audit Committee receives an annual value for money (VfM) report, which outlines progress with initiatives that enable, or will enable, the achievement and measurement of value for money. The 2024–25 report focused on major University-wide transformation programmes, which are expected to deliver efficiencies through redesigned processes and improved systems. The Committee noted that, given the University’s distinctive structure, these programmes are critical to achieving VfM. Success will depend on collaboration across central administrative services and academic units, as well as addressing cultural challenges associated with new ways of working. The Committee also acknowledged the significant effort required to implement these changes and the importance of maintaining momentum.
In relation to the University-wide 5% savings target for 2025–26, the Committee observed that while engagement is strong, progress will be limited without new tools and systems. Current measures largely involve vacancy management and marginal reductions. The Committee agreed to monitor these developments closely and return to the topic during the year. The University continues to promote efficiency and VfM through local level and University-wide initiatives and collaborates with the Colleges through the Bursars’ Committee to ensure value for money across the collegiate University.
In addition, the Committee receives assurance that the public funds received by the University from the Student Loans Company and transferred between the University and Colleges are used by the Colleges for educational purposes.
(a)Office for Students (
OfS)
The Committee receives an annual assurance report about how the
University complies with its Conditions of Registration with the OfS and regular updates
in its meetings of any Reportable Events submitted to the OfS during the year. In July,
the Committee received an update from a Steering Group established to oversee the
University’s arrangements required for compliance with a new Condition of Registration
relating to harassment and sexual misconduct, which comes into force on 1 August 2025.
(b)Research funder requirements
The Committee has continued to monitor improvement actions to strengthen
the University’s research control environment in light of changing research funder
requirements. The Committee discussed the report from a routine Wellcome Trust
institutional audit undertaken during 2025 and noted actions agreed in response to the
findings. The Committee recognises that successful implementation of actions is heavily
dependent on compliance at a local level and welcomed steps being taken by Research
Services to provide more proactive support to departments. Further internal audit work
around pre‑award research administration processes was planned for 2025–26 following the
introduction of Worktribe during the 2024–25 academic year.
(c)Estates statutory compliance
Following concerns expressed in 2023–24 around estates statutory
compliance activities and the number of areas reported to be unsatisfactory or
non-compliant, the Committee requested further updates from the Director of Estates
Operations on changes to improve compliance delivery and reporting around the
University’s physical estate. In January, the Committee noted that 8 of 9 actions had
been completed, with the final action due for completion later in 2025. The transparency
of compliance reporting had improved following implementation of the new Invida
compliance system and asset digitization programme. An internal audit of buildings
statutory compliance was conducted during Easter Term 2025 and the outcome will be
reported to the Audit Committee at its meeting in October 2025.
The University Audit Committee has a duty to satisfy itself as to the appropriateness of risk management, assurance and audit processes of Cambridge University Press & Assessment (CUPA). CUPA is a department of the University governed by the Press and Assessment Syndicate and with its own Press and Assessment Board (PAB) Audit and Risk Committee.
The PAB Audit and Risk Committee has oversight of the internal audit arrangements for CUPA and reviews the findings of internal audit reports and management responses. A full list of internal audits considered by the PAB Audit and Risk Committee during 2024–25 is provided in Appendix C [not reproduced]. At each Audit Committee meeting, the Chair of the PAB Audit and Risk Committee provides an oral update on the business of CUPA and the items of discussion at the latest PAB Audit and Risk Committee meeting. In addition, a written annual report of the PAB Audit and Risk Committee is received at the Audit Committee’s November meeting, and a half-year report at a meeting in Easter Term.
The Audit Committee continues to acknowledge the significant income stream that CUPA provides to the University.
In May, the Committee received its first annual report from University of Cambridge Investment Management (UCIM), following agreement in 2023 that UCIM would establish, implement and maintain an independent internal audit function. The report covered activities of the internal audit function and other related control activities, which were satisfactory. UCIM is required to report annually to the Audit Committee and the Cambridge University Endowment Trustee Body (CUETB) on their internal audit activities.
The Committee undertook a self-effectiveness review at the end of Michaelmas Term 2024. The outcome of the review was broadly positive, with some improvement actions identified and implemented to further strengthen the effectiveness of the Committee. The Committee also agreed to trial a new meeting schedule for 2025–26 in the spirit of meeting effectiveness, quality of discussion and efficiency savings.
Under the Financial Regulations, any member of staff must report immediately to the Registrary and the Director of Finance any suspicion of bribery, fraud or other irregularity. The Audit Committee receives an Annual Report on the implementation of the University’s Anti-Bribery and Corruption Policy and details of incidents of fraud.
In the 2024–25 academic year, there were two reports of financial irregularities in the University which are under investigation. The Audit Committee was updated on progress with both investigations at its meeting in October 2025, including proposed next steps in relation to one. The Committee will continue be kept informed of the outcome of those investigations and any steps taken to tighten controls.
Since 1 June 2024, there have been five new cases recorded under the Whistleblowing Policy. Investigations for one is ongoing and four have been closed. Three were deemed not to be whistleblowing disclosures and were dealt with under other policies or processes.
In accordance with the Committee of University Chairs HE Audit Committees Code of Practice, the Committee has reached the following opinions on the adequacy and effectiveness of the University of Cambridge’s arrangements for:
(a)Risk management, control and
governance
The Audit Committee is satisfied that the University’s risk management
and governance arrangements support the University in fulfilling its policies, aims and
objectives, enabling the University to identify, understand and manage its principal
risks, and to be accountable and transparent in its governance. The Committee is
satisfied that the University’s internal control environment is effective but encourages
the University to continue to accelerate the pace in raising the quality of its internal
controls.
(b)Sustainability, economy, efficiency and effectiveness (value for money)
The Audit Committee is satisfied that the arrangements for economy,
efficiency and effectiveness are appropriate and effective.
(c)The quality of data returned to
regulatory bodies
The Audit Committee is satisfied that the management control and quality
assurance of data returns submitted to the Higher Education Statistics Agency, the
Student Loans Company, the Office for Students, Research England and other bodies are
adequate and effective.
The Committee acknowledges the progress the University has made in addressing concerns raised in previous Audit Committee annual reports. However, further work is required to mitigate key risks and to continue to strengthen the University’s internal control environment. The Committee notes that in some areas, a culture of optionality continues to hinder consistency and clarity in compliance and risk management. Tackling this issue will be critical to ensuring that improvements are embedded and that the University’s assurance arrangements are both transparent and effective.
In light of this, the Committee has identified several areas for further scrutiny during the 2025–26 academic year. These include the Finance Transformation Programme and the assurance framework supporting the wider transformation portfolio. The Committee encourages the University to prioritise the implementation of robust financial tracking controls, enabling timely mitigating actions where projects encounter difficulties.
The Committee also intends to explore the University’s approach to environmental sustainability in greater depth during 2025–26. As noted in last year’s report, there are opportunities for the University to highlight the positive impact of its activities on society and the environment.
In addition, the Committee will continue to actively monitor progress in reducing the University’s cyber security risk, unifying IT services, and addressing outstanding health and safety internal audit actions. The Committee will seek updates on these areas during the year and will escalate any concerns about progress to the Council for further discussion.
1Specified in Chapter XIII of the University’s Statutes and Ordinances (2024, p. 1077).
2For the Academic University, Cambridge University Press & Assessment, subsidiaries, standalone CUEF financial statements and University of Cambridge Investment Management Ltd (Client Asset work).
3For the University of Cambridge Investment Management Ltd.
The Constitution of the Audit Committee is set out in Special Ordinance A (v) of the University’s Statutes and Ordinances of the University of Cambridge, as follows:
1. There shall be a standing committee of the Council, called the Audit Committee, which shall consist of:
(a)a member of the Council in class (e) (as referred to in Statute A IV 2(e)) appointed by the Council to serve as Chair of the Committee,
(b)two members of the Council appointed by the Council from among its members who are members of the Regent House, provided that neither the Vice-Chancellor, a Pro-Vice-Chancellor, nor the Head of a School shall be eligible to serve,
(c)four persons, not being members of the Regent House or employees of the University, appointed by the Council with regard to their professional expertise and experience in comparable roles in corporate life, including at least two members with experience of finance, accounting or auditing,
(d)not more than three persons co-opted by the Committee, provided that it shall not be obligatory for the Committee to co-opt any person or persons. If there are co-opted members, at least one shall be a member of the Regent House who is not a member of the Council, and, if there is more than one, there shall be either one further member of the Regent House who is not a member of the Council and/or one external member, or two external members, provided that only one of the external members may be a member of the Council in class (e) (as referred to in Statute A IV 2(e)).
2. Members in classes (a), ( b) and (c) shall be appointed in the Michaelmas Term to serve for four years from 1 January next following their appointment or for the same period plus the remainder of the term of the departing member if that remainder is less than one year. In the event that Council membership ceases, Audit Committee membership will expire simultaneously. No member may serve for more than two consecutive periods of appointment or eight consecutive years, whichever is the longer. Co-opted members shall serve for such period as the Committee shall determine at the time of their co-optation.
3. No person may be a member of the Audit Committee who is a member of the Finance Committee. If a member of the Audit Committee becomes a member of the Finance Committee, their place shall thereupon become vacant.
4. No decision of the Audit Committee shall have any binding effect unless there are at least five members, three at least of these being external members, present at a meeting of the Audit Committee. If a decision is the subject of a vote and there is an equality of votes cast, the Chair, or Acting Chair, as the case may be, shall be entitled to give a second or casting vote.
5. In the absence of the Chair of the Committee, the Audit Committee shall elect an acting Chair from the external members present.
The Audit Committee’s terms of reference are set out in Chapter XIII of the University’s Statutes and Ordinances (2024, p. 1077), as follows:
1. The Audit Committee shall meet at least once a term in each financial year. It shall be the duty of the Committee:
(a)to keep under review the University’s risk management strategy and implementation;
(b)to keep under review the effectiveness of the University’s systems of financial and other internal control;
(c)to satisfy itself that satisfactory arrangements are adopted throughout the University for promoting economy, efficiency, and effectiveness;
(d)to advise the Council on matters relating to the external auditors, including their appointment, their services, their remuneration, and any questions relating to the resignation or dismissal of auditors;
(e)to review annually with the external auditors the nature and scope of the external audit;
(f)to consider, in consultation with the external auditors, (i) any statements annexed to the annual accounts of the University, including the auditors’ report, and (ii) any statement provided by the Council on the governance of the University;
(g)to approve the approach to internal audit;
(h)to approve proposals for the programme of internal audit work put forward by the internal auditors and to ensure that sufficient resources are made available to implement the internal audit programme effectively;
(i)to consider any reports submitted by the auditors and to monitor the implementation of any recommendations made by the auditors, both external and internal;
(j)to monitor annually the performance and effectiveness of the external and internal auditors;
(k)to oversee the University’s policy on fraud and irregularity, and to ensure that the Committee is informed of any action taken under that policy;
(l)to ensure that all significant losses are properly investigated and that the internal and external auditors, and where appropriate, other authorities and regulators, are informed;
(m)to satisfy itself as to the appropriateness of risk management, assurance and audit processes of Cambridge University Press and Assessment;
(n)to make an annual report to the Council, and to other authorities and regulators as required;
(o)to receive reports from authorities and regulators, and to advise the Council thereon;
(p)to forward minutes of the Committee’s meetings to the Council.
Chair: Professor Andrew Wathey
Secretary: Dr Elle Bateman, Head of Assurance
Assistant Secretary: Ms Rowena van Asselt, Risk
and Assurance Manager
There were changes in membership over the course of the year which are noted in the table below.
|
Class of membership |
Name of member |
Limit of tenure |
|
(a) Chair and External member of the Council |
Professor Andrew Wathey |
31 December 2027 |
|
(b) Members of the Council |
Dr Pieter van Houten (until 31 December 2024) |
31 December 2026 |
|
Dr Ewa Marek (from 1 May 2025) |
31 December 2028 |
|
|
Baroness Sally Morgan |
31 December 2026 |
|
|
(c) External members |
Ms Suzi Brennan |
31 December 2027 |
|
Mr Gary Ernest |
31 December 2027 |
|
|
Mr David Germain |
31 December 2028 |
|
|
Ms Elly Hardwick |
31 December 2028 |
|
|
(d) Co-opted members |
Professor Ruth Cameron |
31 December 2025 |
|
Ms Nicola Robert |
31 December 2025 |
(a) Process of appointment
Members are appointed to the Audit Committee by the Council of the University. Membership nominations are made to the University Council’s Advisory Committee on Committee Membership and External Nominations, except in the case of class (d) members who are co-opted by the Committee on the basis of recommendations received.
(b) University officers and auditors
The Audit Committee invites certain senior University officers and the University’s external and internal auditors to attend unreserved meetings. It also invites other colleagues and external speakers to attend for specific agenda items or to present on a particular area of operation or risk.
The Audit Committee also invites the Chair of the Press and Assessment Board (PAB) Audit and Risk Committee to attend all meetings and to make biannual reports. The Chair of the PAB Audit and Risk Committee is Mr Jonathan Scott, who represents the PAB Audit and Risk Committee on the University Audit Committee.
The Vice-Chancellor is invited to address the Audit Committee annually.
|
Position |
Name |
|
Vice-Chancellor |
Professor Deborah Prentice |
|
Registrary |
Emma Rampton |
|
Chief Financial Officer |
Anthony Odgers |
|
Director of Finance |
David Hughes |
|
Director of the Governance and Compliance |
Dr Regina Sachers |
|
Chair of the Press and Assessment Board Audit and Risk Committee |
Jonathan Scott |
|
Internal Auditor – Deloitte LLP |
Morag Childs |
|
External Auditor – PricewaterhouseCoopers LLP |
Claire Lake |
|
Pro-Vice-Chancellor (Resources and Operations) |
Professor Anna Philpott |
|
Director of Estates Operations, Estates Division |
Andrew Smart |
|
Head of Policy, Integrity and Governance, Research Office |
Dr Rhys Morgan |
|
Assistant Director, Assurance, Risk and Compliance, Research Office |
Sebastian Ashenden-Field |
|
Head of Group Procurement, Finance Division |
Ken Bruce |
|
Head of the School of Technology |
Professor Richard Penty |
|
Director of Human Resources, Human Resources Division |
Andrea Hudson |
|
Head of Group Reporting and Financial Accounting, Finance Division |
Stephen Peacock |
|
Finance Manager, Academic and Financial Planning and Analysis |
Ellen Friel |
|
Interim Director (until 1 April 2025) and Chief Operating Officer, University Information Services |
Chris Russell |
|
Pro-Vice-Chancellor (Research) |
Professor John Aston |
|
Interim Director of Finance (from 1 January 2025) |
Daniel Benham |
|
Senior Property Manager, Estates Division |
Andrew Brooker |
|
Head of Property, Estates Division |
Richard Griffin |
|
Chief Executive Officer, Cambridge University Press & Assessment |
Peter Phillips |
|
Chief Information Officer, Cambridge University Press & Assessment |
Mark Maddocks |
|
Head of Infrastructure, University Information Services |
Jon Holgate |
|
Head of Resourcing, Human Resources Division |
Sarah Botcherby |
|
Resourcing Advisor, Human Resources Division |
Andrew Rowland |
|
Deputy Director of Health and Safety, Health, Safety and Regulated Facilities |
Stuart Males |
|
Interim Head of the Safety Office, Health, Safety and Regulated Facilities |
John Dalton |
|
Head of Safety Assurance and Auditing, Health, Safety and Regulated Facilities |
Rory Feilen |
|
Head of Helpdesk Operations, Health, Safety and Regulated Facilities |
Gillian Weale |
|
Interim Head of Group Reporting and Financial Accounting, Finance Division (from 1 May 2025) |
Paul Adams |
|
Head of Research Operations, Research Office |
Dr Jo Dekkers |
|
Chief Operating Officer, University of Cambridge Investment Management |
Karen Whinney |
|
Chief Information Officer and Director of University Information Services (from 1 April 2025) |
David Hill |
|
Director of Research Services |
Dr Andrew Jackson |
The table below provides information on meeting dates and attendance.
|
Date |
Members and associated class |
Senior officers and guests |
Auditors |
Apologies1 |
Quorate |
||||
|
(a) |
(b) |
(c) |
(d) |
Total |
|||||
|
10/10/2024 |
1 |
1 |
4 |
1 |
7 |
15 |
Internal: 2 External: 3 |
4 |
Yes |
|
14/11/2024 |
1 |
2 |
4 |
1 |
8 |
11 |
Internal: 2 External: 3 |
1 |
Yes |
|
23/01/2025 |
1 |
1 |
3 |
1 |
6 |
17 |
Internal: 2 External: 1 |
1 |
Yes |
|
20/03/2025 |
1 |
1 |
4 |
2 |
8 |
18 |
Internal: 2 External: 1 |
2 |
Yes |
|
15/05/2025 |
1 |
2 |
3 |
2 |
8 |
14 |
Internal: 2 External: 3 |
1 |
Yes |
|
03/07/2025 |
1 |
1 |
3 |
2 |
7 |
11 |
Internal: 2 External: 2 |
4 |
Yes |
The table below lists those internal audit reports considered by the Audit Committee at its meetings during the 2024–25 academic year.
|
Audit Committee meeting |
Audit title |
Included in the Internal Auditor’s 2024–25 Annual Report? |
|
10 October 2024 |
Conflicts of Interest |
No |
|
Estates Lifecycle Works |
No |
|
|
Procurement |
No |
|
|
Export Controls |
No |
|
|
UKRI Timesheets |
No |
|
|
MRC Assurance Framework |
No |
|
|
23 January 2025 |
Risk Management |
Yes |
|
Student Complaints |
Yes |
|
|
Reshaping our Estate |
Yes |
|
|
20 March 2025 |
Professional Services Recruitment |
Yes |
|
Software Asset Management |
Yes |
|
|
3 July 2025 |
System Management Policy Implementation (Survey) |
Yes |
|
System Management Policy Implementation (Case Study) |
Yes |
|
|
Business Cases |
Yes |
|
|
Transparent Approach to Costing |
Yes |
The table below lists those internal audits where fieldwork was completed during the 2024–25 academic year, but which were reported to the Committee during the 2025–26 academic year.
|
Audit Committee meeting |
Audit title |
Included in the Internal Auditor’s 2024–25 Annual Report? |
|
16 October 2025 |
Radiation Safety |
Yes |
|
Buildings Statutory Compliance |
Yes |
|
|
Integrated Research Finance Assurance |
Yes |
|
|
Off Payroll Workers |
Yes |
|
|
Procurement: SPP Closure |
Yes |
1Figures refer to Committee members, senior officers and the Chair of the Press and Assessment Board Audit and Risk Committee.