University of Reading cookie policy

We use cookies on reading.ac.uk to improve your experience, monitor site performance and tailor content to you.

Read our cookie policy to find out how to manage your cookie settings.

Outcome of the Audit Process

At the end of the audit we produce a report which will contain recommendations for improvements together with our opinion on the effectiveness of the controls in place.

Audit Recommendations

We grade the recommendations according to their significance. There are 3 gradings:

1 = of fundamental importance and/or to be resolved immediately;

2 = of significant importance to ensure effective control and/or achieve value for money;

3 = of lower significance, but merits attention.

Grade one recommendations should be actioned within three months. Any which remain outstanding after this period are reported to and monitored by the Audit Committee.

Audit Opinion

At the end of an audit we come to an opinion as to how well the risks are managed/controls are operating. How we derive our opinion is detailed in the table below:

Overall Rating

Rating Explanation

Good

A standard of control that is appropriate for the area under review (taking account of relevant financial and non-financial risks, including potential damage to the University's reputation).This opinion will be given if there are no key issues and few, if any, verbal or written recommendations required to enhance the adequacy and/or effectiveness of risk management, control and governance areas.

Satisfactory

A standard of control which has some minor control shortcomings for the area under review (taking account of relevant financial and non-financial risks, including potential damage to the University's reputation).This opinion will be given if, typically, there are no key issues, but some written recommendations and/or a number of verbal recommendations are required to enhance the adequacy and/or effectiveness of risk management, control and governance areas.

Limited effectiveness

A standard of control which is not fully appropriate for the area under review (taking account of relevant financial and non-financial risks, including potential damage to the University's reputation).Typically this opinion will be given if there are key issues and written recommendations arising. This opinion may also be given when the general standard of control is indifferent, with no specific areas where the adequacy or effectiveness of risk management, control and governance is particularly weak.

Weak

A standard of control which displays significant weaknesses for the area under review (taking account of relevant financial and non-financial risks, including potential damage to the University's reputation).This opinion will be given if there are key issues and written recommendations arising, usually in several areas, but also when there are one or more very significant issues that may adversely affect the ability to achieve adequate or effective risk management, control and governance.

Unacceptable

Controls have broken down to such an extent that assurance cannot be given that the area under review is operating in the required way (adequate and effective). There is a significant concern that the system will fail to meet its objectives (taking account of relevant financial and non-financial risks, including potential damage to the University's reputation).This opinion should be given when there is a widespread breakdown in controls likely to result in risks materialising and in very significant key issues. Note that an opinion, which would otherwise be weak, can become unacceptable, simply because of the potential materiality of the area under review.
Things to do now

Contact us