Statement on the System of Internal Controls

Scope of Responsibility
On behalf of the Board of An tÚdarás um Ard-Oideachas (Higher Education Authority), I acknowledge our responsibility for ensuring that an effective system of internal controls is maintained and operated. This responsibility takes account of the requirements of the Code of Practice for the Governance of State Bodies (2016).

Purpose of the System of Internal Control
The system of internal controls is designed to manage risk to an acceptable level rather than to eliminate it. The system can therefore provide only reasonable and not absolute assurance that assets are safeguarded, transactions authorised and properly recorded and that material errors or irregularities are either prevented or detected in a timely way.

The system of internal controls, which accords with guidance issued by the Department of Public Expenditure and Reform, has been in place in the Higher Education Authority for the year ended 31 December 2018 and up to the date of approval of the financial statements.

Internal Control
The Authority has taken steps to ensure an appropriate control environment by:
• Clearly defining management responsibilities, including segregation of duties;
• Establishing formal procedures for reporting significant control failures and ensuring appropriate corrective action is taken; and
• Establishing formal procedures to monitor the activities and safeguard the assets of the organisation.

The system of internal controls is based on a framework of regular management information, a system of delegation and accountability, a set of financial and administrative procedures and rigorous ongoing checks by the finance function. In particular it includes:

• A comprehensive budgeting system with an annual budget, which is reviewed and approved by the members of the Authority;
• Regular review by the members of the Authority of periodic and annual financial information and reports which indicate financial performance against budgets; and
• Setting authorisation limits for expenditure in relation to requisition of funds and disbursement of funds.

The Audit and Risk Committee meet on a regular basis to review the work of Internal Audit and report to the Authority. The work of Internal Audit was outsourced to a professional accountancy firm, ASM, following a tender under the Office of Government Procurement framework.

The Audit and Risk Committee is responsible for approving the internal audit work-plan; it is prepared having regard to the Authority’s risk analysis profile. The plan includes provision for a review of internal controls on an annual basis.

Ongoing Monitoring and Review
The Authority’s monitoring and review of the effectiveness of the system of internal controls is informed by the work of the internal auditor, the Audit and Risk Committee, the executive management team of the Authority which has responsibility for the development and maintenance of the internal control framework, and comments made by the Comptroller and Auditor General in his report as applicable.

The Authority’s outsourced internal auditors carried out a review of internal controls in November 2018. The latter report was considered by the Audit and Risk Committee at its meeting held on 19 November 2018. In addition the internal auditors carried out the following internal audit reviews during 2018:

  • Review on the implementation of recommendations of previous internal audit reviews (undertaken by previous internal auditors). This report was considered by the Audit and Risk Committee on 5 March 2018.
  • Review of Risk Management which was considered by the Audit and Risk Committee on 3 September 2018.

The Audit and Risk Committee received a report from the CEO on implementation of the Authority’s risk management framework at its meeting in May 2018. Following the internal audit review on risk management considered by the Audit and Risk Committee in September 2018 a revised Risk Management Framework was approved by the Board on the recommendation of the Committee on 11 December 2018. A draft Corporate Risk Register was considered by the Audit and Risk Committee in January 2019.

Annual Review of Effectiveness
I confirm that for the Year ended 31 December 2018, the Authority conducted a review of the effectiveness of the system of internal controls.

Procurement
I confirm that the Authority has procedures in place to ensure compliance with current procurement rules and guidelines as set out by the Office of Government Procurement. Matters arising regarding controls over procurement are highlighted under internal control issues below.

Internal Control Issues
No weaknesses in internal control were identified during the year, other than the procurement issues outlined below, that require disclosure in the financial statements.

During 2018, €282,393 of expenditure was identified as being not fully compliant with these procedures.

  • €252,427 relates to services provided by two recruitment agencies. This amount is made up of salary plus employer PRSI costs of €215,990 and commission payments of €16,449 and €19,988. Quotes were obtained from recruitment agencies in March 2018 and these two agencies were selected on the basis of their commissions on Public Service Executive Officer and Senior Executive Officer pay scales. Due to delays in recruitment of permanent staff, agency fees were higher than expected during the year. The Comptroller and Auditor General advised that the full value of the payment to the agencies should govern the procurement rather than the previous standard and well understood practice of the agency commission driving procurement.
  • €18,875 relates to the rollover of a contract for the Springboard online system for essential updates and maintenance before a new tender and contract was completed in mid-2018.
  • €11,091 was due to increased costs for offsite storage due to increased demand for office space. We will be reviewing our archive requirements with the Office of Government Procurement in 2019.

Michael Horgan
Chairperson
25 June 2019

Paul O’Toole
Chief Executive
25 June 2019