- An important element of good governance is the independence and objectivity of the external and the internal auditors. This Policy sets out the University’s objectives for protection of the independence of the external and the internal auditors, and the arrangements it has adopted to enable it to safeguard the independence of the audit firms engaged by the University.
- The provision of any non-audit related services to the University by the external or the internal auditors must not compromise this independence and objectivity.
- The provision of any services (courses, training, consultancy, publishing or other academic or commercial services) to the external or the internal auditors by the University or any member of University staff must not compromise this independence and objectivity.
- Philanthropic support or sponsorship must only be accepted from the external or the internal auditors where it does not affect, or cannot be perceived to affect, the auditors’ independence and objectivity.
Auditor Independence Policy
University policy to safeguard the independence of the external and the internal auditors
- The University’s objectives in respect of the independence of the external and the internal auditors are:
- to safeguard the independence and the objectivity of the external and the internal auditors, in accordance with good governance;
- to comply with guidance from the Office for Students and relevant professional, legal, ethical and regulatory standards on auditor independence;
- to have procedures for the engagement of the external and the internal auditors for the conduct of non-audit related work;
- to have procedures for the acceptance of donations from or sponsorship by the external or the internal auditors; and
- to have procedures for the engagement of the University or its staff by the external and the internal auditors for the provision of academic, publishing or other commercial services.
- This Policy has been adopted by Council and applies throughout the University excluding the Press.
- This Policy applies in full to the University’s subsidiary companies (save for those controlled by the Press).
- The Press, which is a department of the University, has its own governance arrangements under the University Statutes and Regulations, and the annual accounts of the Delegates of the Press are audited according to instructions received from the Delegates by an auditor appointed annually by Council. The Press has a separate policy on auditor independence which is approved by the Press’s Finance Committee. The Press’s policy mirrors the objectives contained in paragraph 5 above, and reflects the restrictions referred to in paragraph 12 below in relation to the Press.
- The Press’s policy applies to subsidiary companies of the University controlled by the Press.
- The Finance Directors of the University and of the Press will consult under the terms of this Policy and the Press’s Policy to ensure that the University including the Press meets its objectives for auditor independence, and that fees paid to the external auditors for non-audit services do not exceed 70% of the average of the total external audit fees paid in the last three consecutive financial years.
- The University follows best practice in the safeguarding of auditor independence. The University is mindful of guidance from the Office for Students and of relevant professional, ethical and legal standards, including the Financial Reporting Council’s ‘Ethical Standard’ [1]. The University notes that external and internal auditors are subject to different professional and ethical obligations in relation to their independence and objectivity, as a result of the different services that they provide. This is reflected in the provisions of this Policy.
- On the issuing of a bond in December 2017, the University became a Public Interest Entity [2]. This brings into scope additional restrictions under the Financial Reporting Council’s ‘Ethical Standard’ on the provision of non-audit services by the external auditors. The restrictions that particularly affect the University and are reflected in this Policy are (a) a list of prohibited non-audit services (at Appendix A) and (b) a limit on the total fees for non-audit services, which must not exceed 70% of the average of the total external audit fees paid in the last three consecutive financial years. These restrictions are reflected in the provisions of the Policy at paragraphs 24 to 25 below.
[1] www.frc.org.uk/auditors/audit-assurance/standards-and-guidance/current-ethical-standards, direct link: www.frc.org.uk/getattachment/601c8b09-2c0a-4a6c-8080-30f63e50b4a2/Revised-Ethical-Standards-2019-Updated-With-Covers.pdf
[2] A Public Interest Entity (PIE) is a UK entity with securities traded on a UK-regulated exchange.
Responsibilities of Council
- Council is responsible for approving the Policy and has overall responsibility for safeguarding the independence and objectivity of the external and the internal auditors.
Responsibilities of the Audit and Scrutiny Committee
- The Audit and Scrutiny Committee is responsible for proposing and maintaining the University’s Policy to safeguard the independence of the external and the internal auditors.
- The Committee receives an annual report on the fees paid to the external and the internal auditors for audit and permitted non-audit services, and an annual report on donations and sponsorship received from the external and internal auditors.
- The Committee is responsible for ensuring that, in accordance with the Ethical Standard, the total fees for non-audit services paid to the external auditors do not exceed 70% of the average of the total external audit fees paid in the last three consecutive financial years[1].
- The Committee has delegated authority for approving permitted non-audit work from the external auditors in the University (excluding the Press) up to 30% of the annual external audit fee of the University (excluding the Press) in any year to the Assurance Management Group, in line with the provisions of this Policy.
- Above this level, the Committee is responsible for approving permitted non-audit services from the external auditors, as referred to it by the Assurance Management Group following consultation between the Finance Directors of the University and the Press, in order to ensure that the total combined University and Press fees for non-audit services will not exceed 70% of the average of the audit fees paid in the last three consecutive financial years.
- The Committee has delegated authority for approving permitted non-audit work from the internal auditors to the Assurance Management Group up to the value of 50% of the annual internal audit fee of the University (excluding the Press), in line with the provisions of this Policy. Above this level, the Committee is responsible for approving non-audit services from the internal auditors, as referred to it by the Assurance Management Group.
Responsibilities of the Assurance Management Group[2]
- The Assurance Management Group is responsible for considering proposals for permitted non-audit work from the external and internal auditors in the University (excluding the Press) on behalf of the Audit and Scrutiny Committee, in line with the provisions of this Policy.
- In respect of external audit
The Assurance Management Group has delegated authority from the Audit and Scrutiny Committee to approve proposals for permitted non-audit work from the external auditors up to the value of 30% of the annual external audit fee of the University (excluding the Press).
The Assurance Management Group refers proposals relating to the appointment of the external auditors for the conduct of non-audit related work to the Audit and Scrutiny Committee as necessary, including all proposals for work from the external auditors where the total non-audit fee would exceed 30% of the annual external audit fee of the University (excluding the Press). Referral of such proposals to the Audit and Scrutiny Committee must only be made following consultation between the Finance Directors of the University and the Press, in order to ensure that the total combined University and Press fees for non-audit services will not exceed 70% of the average of the audit fees paid in the last three consecutive financial years.
- In respect of internal audit
The Assurance Management Group has delegated authority from the Audit and Scrutiny Committee to approve proposals for permitted non-audit work from the internal auditors up to the value of 50% of the annual internal audit fee of the University (excluding the Press).
The Assurance Management Group refers proposals relating to the appointment of the internal auditors for the conduct of non-audit related work to the Audit and Scrutiny Committee as necessary, including all proposals for work from the internal auditors where the total non-audit fee would exceed 50% of the annual internal audit fee of the University (excluding the Press).
- The Assurance Management Group also considers proposals to engage the University or its staff to provide academic services (including courses) to the auditors or to engage in joint academic activity with the auditors; and considers proposals for donations to or sponsorship of the University and colleges by the auditors.
- The Assurance Management Group makes an annual report to the Audit and Scrutiny Committee on fees paid to and donations or sponsorship received from the external and the internal auditors.
[1] Fees: the total external audit fee is the external audit fee of the University Group, which includes the University and the Press and their subsidiaries. Reference to the external audit fee of the University (excluding the Press) is the University’s external audit fee plus its subsidiary company audit fees.
[2] The Assurance Management Group comprises University staff and representatives of the internal auditors. In this Policy, references to the Assurance Management Group are to the University members of the Group only; that is, the internal auditors are not party to discussions relating to auditor independence.
- The University may engage the external or the internal auditors for the conduct of certain non-audit related work, according to the provisions of this Policy, and subject to the approval process in paragraphs 31 to 34. Separate provisions apply for the external auditors and the internal auditors, reflecting the different services that they provide and the different professional, ethical and legal standards to which they are subject.
Proposals to engage the external auditors to provide non-audit services
- The Policy defines non-audit services that the external auditors are prohibited from providing to the University, and non-audit services that the external auditors are permitted to provide.
- Prohibited non-audit services
Prohibited non-audit services are those activities that the external auditors are prohibited from undertaking as the activities are generally perceived to involve the external auditors making judgments or decisions that are the responsibility of the University’s senior officers or would interfere with the external auditors’ objectivity when undertaking the external audit. The external auditors are therefore explicitly excluded from providing any services for the University and any of its worldwide subsidiaries except in the case of services:
- specified in Appendix B; and/or
- provided to Joint Ventures and Associates where the University group does not exercise control over the entity; where the entity is not material to the University group, and where the Joint Venture or Associate is audited by a different firm from that serving as the University’s auditor.
- Permitted non-audit services
It may be permissible to instruct the external auditors to undertake non-audit services that are not prohibited, rather than another body, because of the external auditors’ detailed understanding of the University’s business; this may result in cost efficiencies and, where relevant, may assist with the maintenance of confidentiality. A list of specific considerations to be borne in mind when considering whether to approve a proposal for a non-audit service is attached to this Policy as Appendix B; this is taken from the Ethical Standard section 5Bs.
Work that, in the view of the Assurance Management Group, can be undertaken without risk to the external auditors’ independence will be classified as permitted non-audit services.
- The Ethical Standard defines a cap on the level of fees for permitted non-audit services from the external auditors, at 70% of the average audit fees for the preceding 3-year period. The calculation of the fee cap is set out in the Ethical Standard and any proposed non-audit services will be considered in the light of this limit.
- Specific approval (see paragraphs 31 to 34) is required before the external auditors are contracted to deliver non-audit related services.
- Where there is any doubt over the categorisation as prohibited or permitted non-audit service, please contact the Director of Assurance or the Director of Finance for guidance.
Proposals to engage the internal auditors to provide non-audit services
- Work that, in the view of the Assurance Management Group, can be undertaken by the internal auditors without risk to their independence will be classified as permitted non-audit services.
- The Assurance Management Group may refer proposals to engage the internal auditors to provide non-audit services to the Audit and Scrutiny Committee for approval.
- Specific approval (see paragraphs 31 to 34) is required from the Assurance Management Group before the internal auditors are contracted to deliver non-audit related services.
- The advance written approval of the Assurance Management Group must be obtained prior to the engagement of the external or the internal auditors with respect to any permitted non-audit services on a case by case basis. It is also necessary to obtain the approval of the Assurance Management Group for any proposed fee to be charged by the external or the internal auditors for providing the permitted non-audit service.
- A specific written request for authorisation for the provision of non-audit services must be submitted to the Assurance Management Group. Each request must include:
- a description of the nature of the non-audit service to be provided;
- whether there are any safeguards in place to eliminate or reduce to an acceptable level any potential threat to the auditors’ objectivity and independence that may result from the provision of the services; and
- an estimate of the total fees (including reasonable expenses) that will accrue to the external or the internal auditors in the provision of the services, both for individual services and in aggregate, noting the period over which they will be incurred and the amount relative to the audit fee (including the basis on which fees are calculated).
- The external or internal auditors may only be engaged to provide the services in question once the written submission has been formally approved by the Assurance Management Group.
- The Assurance Management Group may refer proposals to the Audit and Scrutiny Committee for approval, in line with the provisions of this Policy.
- The external or the internal auditors may seek to make donations in support of, or to sponsor activity in, the collegiate University (excluding the Press). Acceptance of donations from, or sponsorship by, the external or the internal auditors may affect, or be perceived to affect, their independence and objectivity. If the external or internal auditors wish to make a donation to the University or to a college, or to sponsor a University or college activity or event, the external or the internal auditors shall first put the proposal to the Assurance Management Group for consideration.
- If, having taken account of the University’s policy on gifts and hospitality[1] and of guidance set out in the ethical standards for the auditors[2] the Assurance Management Group agrees that the proposed donation or sponsorship proposal would not affect, or be perceived to affect, the external or the internal auditors’ independence or objectivity, the proposal shall be:
- in the case of a proposed donation to the University, passed to the Development Office for processing in the usual way, including, where appropriate, the seeking of approval from the Committee to Review Donations and Research Funding;
- in the case of a proposal for sponsorship of a University event or activity, referred to the General Purposes Committee or other body (as appropriate) for further consideration; or
- in the case of a proposed donation to, or sponsorship of an event or activity at, a college, the auditors shall be free to take forward its discussions with the college.
- If the Assurance Management Group considers it appropriate it may, at its discretion, set an approval threshold below which certain donations or sponsorship received from the audit firms, such as donations to student sports clubs and societies, would not require specific approval.
- If the Assurance Management Group is of the view that the proposed donation or sponsorship proposal, whether concerning the University or a college, would affect or be perceived to affect the external or the internal auditors’ independence or objectivity, then that proposal shall no longer be pursued by the auditors.
- All donations and sponsorship received from the external and internal auditors will be reported annually to the Audit and Scrutiny Committee.
[2] Taking into account the University’s own policy on gifts and hospitality and guidance set out in the Ethical Standards for the auditors (https://www.frc.org.uk/getattachment/601c8b09-2c0a-4a6c-8080-30f63e50b4a2/Revised-Ethical-Standards-2019-Updated-With-Covers.pdf)
- The University and its staff may from time to time supply the external or the internal auditors with consultancy, research, or other academic services. In general, such provision of services will not be considered to compromise the independence and objectivity of the external or the internal auditors. The following conditions apply.
Courses
- Attendance by the auditors’ staff on a course or a series of courses designed and delivered by the University and provided on normal commercial terms (i.e. not bespoke courses) is permitted under this Policy.
- Separate provisions apply to the provision of bespoke courses by the University to the audit firms, reflecting their different professional and ethical obligations in relation to their independence and objectivity.
- For the external auditors: attendance by the external auditors’ staff on a course or a series of courses designed and delivered by the University specifically for the external auditors (i.e. bespoke courses) is prohibited under this Policy.
- For the internal auditors: specific approval is required from the Assurance Management Group before the University can be engaged to deliver bespoke courses to the internal auditors’ staff. Bespoke courses that, in the view of the Assurance Management Group, can be delivered without risk to the internal auditors’ independence will be permitted. The Assurance Management Group will report its decisions on proposals to deliver bespoke courses to the internal auditors to the Audit and Scrutiny Committee, and in certain cases may refer proposals to the Committee for approval.
Other academic services
- Consultancy, research, advice or other academic services provided on normal commercial terms will in general not be considered to compromise the independence and objectivity of the external or the internal auditors.
Obligation to notify the Assurance Management Group
- Departments are required to notify the Assurance Management Group of proposals to provide the auditors with services in case the work is of such a scale, nature or risk to the University that there is a potential threat to the auditors’ objectivity and independence.
- If the Assurance Management Group considers that the auditors’ objectivity and independence is threatened by the provision of work for the external or the internal auditors, the work will not be permitted to proceed.
- This Policy interacts and overlaps with a number of other University policies and procedures, including but not limited to:
- Financial Regulations;
- Conflict of Interest Policy;
- Anti-Bribery Policy;
- Anti-Fraud Policy;
- Gifts and Hospitality Policy; and
- the policy framework in place at Oxford University Press, including the Press’s own policy in respect of auditor independence.
- This Policy also takes account of the University’s wider legislative obligations including the Terms and conditions of funding for higher education institutions from the Office for Students.
External auditors: List of prohibited non-audit services for Public Interest Entities
The external auditors of Public Interest Entities (of which the University is one) are prohibited from providing any services for the University and any of its worldwide subsidiaries except those set out in Appendix B of this policy[1].
[1] This is taken from section 5B, clause 5.40 of the 2019 FRC Ethical Standard. See also Appendix B of the same standard for summary of prohibited non-audit services.
External auditors: considerations for approving permitted non-audit services for Public Interest Entities
Specific approval is required before the external auditors are contracted to undertake any non-audit work. Consideration will be given to proposals for non-audit work in accordance with the following sections from the Financial Reporting Council’s Ethical Standard Section 5B[1], (5.40 – 5.42) as well as Appendix A of this University policy.
SECTION 5B - Approach to Non-audit / Additional Services Provided to Public Interest Entities
Permitted Non-audit / Additional Services for Public Interest Entities
5.40 An audit firm carrying out statutory audits of public interest entities and, where the audit firm belongs to a network, any member of such network, shall not provide to the audited entity, to its UK parent undertaking or to its worldwide controlled undertakings, services other than those set out in the rest of this paragraph, subject to the approval of the audit committee after it has properly assessed threats to independence and the safeguards applied in accordance with this Ethical Standard[2]:
Services required by law or regulation and exempt from the non-audit services cap
• Reporting required by a competent authority or regulator under law or regulation for example;
- Reporting to a regulator on client assets;
- in relation to entities regulated under the Financial Services and Markets Act 2000 (FSMA), reports under s166 and s340 of FSMA;
- Reporting to a regulator on regulatory financial statements;
- Reporting on a Solvency and Financial Condition Report under Solvency II.
• In the case of a controlled undertaking incorporated and based in a third country, reporting required by law or regulation in that jurisdiction where the auditor is permitted to undertake that engagement;
• Reporting on internal financial controls when required by law or regulation;
• Reporting on the iXBRL tagging of financial statements in accordance with the European Single Electronic Format for annual financial reports[3];
• Reports, required by or supplied to competent authorities / regulators supervising the audited entity, where the authority / regulator has either specified the auditor to provide the service or identified to the entity that the auditor would be an appropriate choice for service provider;
• Services which support the entity in fulfilling an obligation required by UK law or regulation, including listing requirements where: the provision of such services is time critical; the subject matter of the engagement is price sensitive; and an it is probable that an objective, reasonable and informed third party would conclude that the understanding of the entity obtained by the auditor for the audit of the financial statements is relevant to the service, and where the nature of the service would not compromise independence;
Services subject to the non-audit services cap
• Reviews of interim financial information; and providing verification of interim profits not otherwise required by law or regulation;
• Where not otherwise required by law or regulation, non-audit and additional services, as defined in this Ethical Standard provided as auditor of the entity, or as reporting accountant, in relation to information of the audited entity for which it is probable that an objective, reasonable and informed third party would conclude that the understanding of the entity obtained by the auditor is relevant to the service, and where the nature of the service would not compromise independence;
• Extended audit or assurance work that is authorised by those charged with governance performed on financial or performance information and/or financial or operational controls, in an entity relevant to an engagement or a third-party service provider, where this work is closely linked with the audit work;
• Additional assurance work or agreed upon procedures, authorised by those charged with governance performed on material included within or referenced from the annual report of an entity relevant to an engagement;
• Reporting on government grants;
• Reporting on covenant or loan agreements, which require independent verification, and other reporting to third parties with whom the entity relevant to an engagement has a business relationship in accordance with Appendix C of this Ethical Standard;
• Services which have been the subject of an application to the Competent Authority in accordance with Regulation 79 of The Statutory Auditors and Third Country Auditors (Amendment) (EU Exit) Regulations 2019 (SI 2019/177);
• Generic subscriptions providing factual updates of changes to applicable law, regulation or accounting and auditing standards.
Where such services are provided, they shall not include any elements of those services subject to outright prohibition in Regulation 80 of The Statutory Auditors and Third Country Auditors (Amendment) (EU Exit) Regulations 2019 (SI 2019/177)51. The prohibitions in this Regulation have been amended to require an extended cooling in period for services linked to an audit entity’s internal audit function. No other non-audit or additional services shall be provided to the audited entity, its UK parent undertaking and its worldwide controlled undertakings by the audit firm or any member of the firm’s network.
5.41 If a non-permitted service is inadvertently provided, the audit firm may continue to carry out the statutory audit of the public interest entity only if it can justify, that such provision of services does not affect its professional judgment and the audit report. The audit firm shall report this in its auditor’s report on the entity’s accounts in accordance with paragraph 45-1(d) of ISA (UK) 700.
5.42 An audit firm undertaking the statutory audit of an entity relevant to an engagement, which is not a public interest entity, but meets the definition for an other entity of public interest shall follow the requirements in paragraphs 5.40-5.41.
[2] In accordance with this Ethical Standard and Schedule 1 to the Statutory Auditors and Third
Country Auditors Regulations 2016.
[3] Further to Brexit, it is understood that where the Standard references EU law, it is understood this is now only relevant to ‘retained EU law’ (which is part of UK law).
Approved by Council on 29 November 2021.
Contact us
For further information contact the Risk and Resilience Team.
Email: compliance@admin.ox.ac.uk