Financial Memorandum and Internal Audit

Bob Gould made this Freedom of Information request to University of Stirling

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

Roedd y cais yn rhannol lwyddiannus.

Dear University of Stirling,

According to the Financial Memorandum between HEIs and the Scottish
Funding Council The head of internal audit (for each institution)
must produce an annual report for the governing body on its
activities during the year. The report must include an opinion on
the adequacy and effectiveness of the institution’s risk
management, internal control, and governance. The report must be
presented to the institution’s audit committee and a copy sent to
SFC.

1. Please therefore tell me who is/was the Head of Internal Audit
for the years 2006-2014 in each of those years?
2. Who is the current Head of Internal Audit?
3. Please provide copies of the Head of Internal Audit’s annual
report for each of the above years as presented to the audit
committee and SFC
4. The Financial Memorandum also states that ‘The institution must
have in place an effective internal audit service. The operation
and conduct of the internal audit service must conform to the
professional standards of the Chartered Institute of Internal
Auditors’. Please provide details of how the Internal Audit Service
is set up to conform to this requirement. Please tell me the names
of all the members of the Audit Service currently and in each of
the years in question.
5. Please provide details of the qualifications of the Head of
Internal Audit and members of the Internal Audit Service , and
particularly if in each case they are members of, or hold
qualifications from, the Chartered Institute of Internal Auditors.

Yours faithfully,

Bob Gould

Freedom of Information Unit, University of Stirling

Dear Mr Gould

We acknowledge receipt of your Freedom of Information request regarding internal audits. We will respond to your request as soon as possible.

Regards
Freedom of Information Unit
University of Stirling

dangos adrannau a ddyfynnir

Freedom of Information Unit, University of Stirling

9 Atodiad

Dear Mr Gould

I refer to your Freedom of Information request regarding internal audit. The responses to your questions are below:

1. Please therefore tell me who is/was the Head of Internal Audit for the years 2006-2014 in each of those years?

Between 2005-06 and 2013-14 the internal audit services were provided by PricewaterhouseCoopers LLP (PcW). We are unable to provide you with details lead contacts the University had with PwC during these years. The individuals concerned no longer work for PwC and it is therefore not possible to check with them that they are content for details about them to be released in response to a request. The details of the individuals concerned constitutes personal data as defined by section 1(1) of the Data Protection Act 1998 ("data which relate to a living individual who can be identified from those data") and its disclosure would breach the first data protection principle ("personal data shall be processed fairly and lawfully") in that the processing would not be fair to the individuals concerned as they would have a reasonable expectation that personal information relating them would not be publicly disclosed in response to requests. As such, this information is exempt from disclosure under sections 38(1)(b) and 38(2)(a)(i) of the FoISA.

2. Who is the current Head of Internal Audit?

Since 1 August 2014 Ernst & Young LLP have provided internal audit services.
The Head of Internal Audit since 1 August 2014 has been Kristine Dickson.

3. Please provide copies of the Head of Internal Audit’s annual report for each of the above years as presented to the audit committee and SFC

See attached. As you will see from the disclaimer included within the reports, the reports are addressed to, and prepared solely for the University of Stirling and were not prepared with the interests of anyone other than the University of Stirling in mind. On this basis, PricewaterhousCoopers LLP does not accept any duty or responsibility to anyone else.

Some information within the reports has been redacted as we believe the release of this information into the public would prejudice substantially the effective conduct of public affairs. Accordingly this information is exempt from disclosure in terms of section 30(c) of the Freedom of Information (Scotland) Act 2002.

Releasing information about weaknesses that were identified as part of the internal audit process could impact on the future operation of the University and the ability in the future to have full and frank reporting as part of the internal audit process.

We recognise that there is a public interest in the University operating as openly as possible, as a body in receipt of public funds. However, we consider that, in the circumstances of this case, the public interests in maintaining the security of the University and an effective internal audit process overrides the public interest in making public all the content of the annual audit reports.

4. The Financial Memorandum also states that ‘The institution must have in place an effective internal audit service. The operation and conduct of the internal audit service must conform to the professional standards of the Chartered Institute of Internal Auditors’. Please provide details of how the Internal Audit Service is set up to conform to this requirement. Please tell me the names of all the members of the Audit Service currently and in each of the years in question.

The internal auditors are appointed through a tendering process which ensures the company appointed will provide an internal audit service that complies with the relevant internal audit standards. In the case of Ernst & Young, their risk based internal audit methodology complies with Government Internal Audit Standards and the Chartered Institute of Internal Audit Standards and Ethics. The appointments of internal auditors are approved by the Audit Committee and University Court and it is the company as a whole that is appointed rather than any particular named individuals.

5. Please provide details of the qualifications of the Head of Internal Audit and members of the Internal Audit Service , and particularly if in each case they are members of, or hold qualifications from, the Chartered Institute of Internal Auditors.

Kristine Dickson, the Head of Internal Audit is a qualified chartered accountant, member of ICAS and has affiliate membership of the IIA. Ernst & Young use a range of other individuals to carry out particular audits or other review work, the University does not hold details of all the individuals employed by Ernst & Young to carry out this work.

You have a right under the Freedom of Information (Scotland) Act 2002 (FoISA) to request a review of this decision by the University of Stirling. If you wish to exercise this right, you must write to the University to request a review within forty working days of receipt of this decision. Your request for a review must be in writing and you must specify your name and address for correspondence. You must also identify the decision that you wish reviewed.

If you are dissatisfied with the outcome of a review, you have a right under the FoISA to appeal to the Scottish Information Commissioner. If you wish to do so, you must appeal to the Commissioner within six months following the date of receipt of the review notice. The Commissioner’s contact details are as follows:

The Scottish Information Commissioner
Kinburn Castle
Doubledykes Road
St Andrews
Fife
KY16 9DS
Tel: 01334 464610

You also have the right to appeal to the Court of Session on a point of law following a decision of the Commissioner.

Yours faithfully
Freedom of Information Unit

dangos adrannau a ddyfynnir