Office for Students
Consultation

Part 2: Proposals for new initial condition E7 - Effective governance

Published 06 February 2025

Annex C: Part A of proposed initial condition E7 and related guidance

Requirements

E7A.1 The provider must have a set of documents which will enable the effective governance of the provider in practice.

E7A.2 The set of documents referred to in E7A.1 must include:

  1. documents which establish the provider as an institution, including (where applicable to the provider’s legal form) its Royal Charter, memorandum and articles of association or trust deed:
    • governing body documents;
    • risk and audit documents;
    • decision making documents;
  2. a conflict of interests policy; and
  3. any other documents (including shareholder agreements) which contain rules which govern the operation of the provider’s governing body;

E7A.3 The requirement in E7A.1 will be assessed by reference to factors such as the provider’s size, complexity, context and business plan, and includes that the set of documents must:

  1. provide clear and appropriate arrangements for the constitution and operation of the governing body including by providing for mechanisms to ensure that:
    1. the governing body is of an appropriate size;
    2. the members of the governing body have appropriate expertise and skills;
    3. where the provider is applying for registration in the Approved (fee cap) category, the provider’s governing body has at least one independent member;
    4. (where appropriate) the governing body has access to advice from persons who are external to the provider;
    5. the effectiveness or performance of the governing body is subject to appropriate review;
    6. meetings of the governing body take place at appropriate intervals;
  2. provide clear and appropriate arrangements for decision making within the provider, including by:
    1. clearly identifying any persons (including committees) with decision making responsibilities that have been delegated by the provider’s governing body, and the nature of those responsibilities;
    2. imposing delegated decision making responsibilities on persons suitable to hold those responsibilities;
    3. providing for appropriate governing body oversight in relation to delegated decision making;
  3. provide clear and appropriate arrangements for discharging risk and audit functions, including by:
    1. clearly identifying any persons (including the governing body and committees) with responsibilities in relation to any risk and audit functions, the nature of those responsibilities, and how the person intends to discharge those responsibilities in practice;
    2. imposing responsibilities in relation to risk and audit functions on persons suitable to hold those responsibilities;
    3. where responsibility in relation to risk and audit functions has been delegated by the provider’s governing body, providing for appropriate governing body oversight in relation to those functions;
  4. provide clear and appropriate arrangements for the constitution and operation of any committee with responsibility for any risk and audit functions (where the provider has one or more such committees), including by:
    1. articulating clear and appropriate roles and responsibilities of the committee, including in relation to commissioning or overseeing internal or external audit of the provider;
    2. providing for mechanisms to ensure that:
      1. its members have appropriate expertise and skills;
      2. meetings of the committee take place at appropriate intervals;
      3. the governing body has appropriate oversight of the committee’s activities;
      4. the committee operates with appropriate input from independent persons;
  5. provide clear and appropriate arrangements for managing any actual or potential conflicts of interests in relation to individuals responsible for management and governance of the provider, where they are making decisions on behalf of the provider;
  6. is clearly drafted, including in respect of English language, spelling, grammar and formatting, such that the contents of the documents are properly understandable;
  7. is coherent both within documents and between documents, with no material inconsistencies, contradictions or discrepancies either within or between documents.

Further definitions

E7A.4 For the purposes of this condition E7A:

  1. business plan” means a business plan as required under condition E7B;
  2. conflict of interests policy” means a policy which governs how the provider will manage any actual or potential conflicts of interests in relation to individuals responsible for management and governance of the provider where they are making decisions on behalf of the provider and which, at a minimum:
    1. contains a definition or guidance of what would constitute a conflict of interests, that would enable users to identify whether a conflict existed;
    2. contains an explanation of how and when conflicts of interests should be declared to the provider;
    3. contains mitigations to address conflicts of interests declared;
  3. decision making documents” means documents which set out the following:
    1. any persons (including committees) with decision making responsibilities that have been delegated by the provider’s governing body, and information setting out those delegations (in a scheme of delegation or equivalent);
    2. arrangements for governing body oversight in relation to this delegated decision making, including arrangements for reporting to the governing body;
  4. governing body” has the meaning given by section 85 of the Higher Education and Research Act 2017;
  5. governing body documents” means documents which set out the following information in relation to the governing body:
    1. its purposes or objectives;
    2. the number of governing body members and the roles of each of its members;
    3. processes for appointing members;
    4. roles and responsibilities of the body;
    5. procedures for its decision making;
    6. arrangements for meetings of the body (including meeting frequency);
    7. arrangements for reviewing the body’s effectiveness or performance;
  6. independent member” means an external member of the provider’s governing body who is independent of the provider;
  7. risk and audit documents” means documents which set out the following:
    1. any persons (including the governing body and committees) with responsibilities in relation to any risk and audit functions, the nature of those responsibilities, and how the person intends to discharge those responsibilities in practice;
    2. where responsibility in relation to risk and audit functions has been delegated by the provider’s governing body, arrangements for governing body oversight in relation to those functions, including arrangements for reporting to the governing body;
    3. where the provider has one or more committees with responsibility for any risk and audit functions, the following additional information in relation to each committee:
      1. its purposes or objectives;
      2. the number of committee members and the roles of each of its members;
      3. processes for appointing members;
      4. roles and responsibilities of the committee, including any role of the committee in relation to commissioning or overseeing internal or external audits of the provider;
      5. procedures for its decision making;
      6. arrangements for meetings of the committee (including meeting frequency);
      7. arrangements for governing body oversight of the committee, including arrangements for reporting to the governing body;
    4. risk and audit functions” means functions which relate to:
      1. identifying and managing risks;
      2. overseeing internal or external auditing of the provider, as well as the provider’s financial reporting and disclosures;
    5. “shareholder agreement” means an agreement between the shareholders of a company governing the relationship between the shareholders.

Summary

Applies to: all providers seeking registration

Initial or general ongoing condition: initial condition

Legal basis: section 5 of HERA

Conditions E7A.1 and E7A.2

  1. The range of documents a provider will need to submit to satisfy E7A.1 will depend on the provider’s management and governance structures. This will depend on factors, including the provider’s size, complexity and legal form. The form, structure and number of these documents may be different for different providers. Some providers may, for example, include the various elements within a single document, whereas others may submit separate documents. A provider must have a ‘conflict of interests’ policy to satisfy the condition.
  2. ‘Governing body documents’ will normally mean the terms of reference, or equivalent, for the governing body, and any other documents needed to demonstrate the information set out in E7A.4.e. This may include additional policies that set out governing body procedures in more detail, such as a separate ‘appointments policy’ or ‘code of conduct’ for members of the governing body. It may also include or overlap with other documents submitted in relation to this condition, such as a provider’s articles of association and shareholder agreements that include provisions that influence governing-body decision making.
  3. ‘Risk and audit documents’ may mean the terms of reference for a provider’s risk and audit committee, or similar, where a provider has such a committee. It may be, or include, a provider’s governing body documents. The OfS expects that risk and audit functions will be different for different providers and be based on a provider’s own context and circumstances. A provider may have different individuals or committees to discharge risk and audit functions (e.g. an audit committee and a separate risk committee, or risk dealt with by the governing body and audit dealt with by a separate finance committee). Whatever a provider’s arrangements, they should be clearly explained in its documents.
  4. ‘Decision making documents’ will normally mean any scheme of delegation that the provider has in place but may also include any descriptions or diagrams of a provider’s committee structure, where necessary to explain the interactions between the governing body and any committees or individuals to which it has delegated authority. The information required may be contained in a broader document which sets out a provider’s overarching governance framework. The OfS will, however, only assess information about decisions delegated by the governing body, rather than wider information about a provider’s committees and their operation. A provider does not need to provide documents which govern the detailed operation of committees of the governing body, except any committee or committees which have delegated authority related to a provider’s risk and audit functions.
  5. A ‘conflict of interests policy’ may be a standalone document or covered by content of a ‘code of conduct’ for members of the governing body, or similar. To satisfy the requirement, the document must cover all the content described in E7A.4.b.

Condition E7A.3

  1. E7A.3 provides further information about the set of documents that a provider must have at registration to enable the effective governance of the provider in practice. The arrangements set out in those documents must be both clear and appropriate. Clear documentation will be easily understandable and written in plain English. It will not contain contradictions or inconsistencies with other documentation submitted in relation to this condition, or elsewhere within a provider’s application.
  2. ‘Appropriate arrangements’ are those which reflect the size, complexity, context and business plan of the provider, and the OfS expects governing documents will vary accordingly. It is more likely that a small provider with a simple business model would have simpler governance arrangements than a large, more complex provider. E7A.3a sets out requirements relating to the constitution, operation and mechanisms of the governing body and the mechanisms by which it would discharge its duties. These include the following provisions:
    1. Appropriate size – the appropriate size is one that will enable the effective governance of the provider in practice. Small providers which deliver a smaller range of courses may require fewer members on the governing body whereas large providers with multiple faculties may benefit from additional oversight and expertise. A provider with an inappropriately sized governing body is unlikely to meet this requirement. A provider of any size is unlikely to meet this requirement if it has an exceptionally small or large governing body.
    2. Appropriate expertise and skills – the governing body needs to include a range of suitable knowledge and experience so that it can manage the provider effectively. The required expertise and skills will vary between providers. It may include risk management, knowledge of regulatory and legal requirements, financial management, academic experience specific to the needs of the provider, and the ability to represent the perspectives and interests of students.
    3. Independent member – the provider may not have appointed the independent member, but the OfS expects the relevant governing documents to set out the requirement and process for appointing them (for a provider seeking registration in the Approved (fee cap) category). An independent member should have no ‘material relationship’ with the provider before they are appointed that could create a conflict of interest in performing their duties independently. ‘Material relationships’ will include, but not be limited to, being an employee, customer or supplier of the provider, or having any other affiliations (for example, familial or business affiliations) that could influence, or be perceived to influence, their decisions.
    4. External advice – it may be appropriate for a governing body to have in place arrangements to access external advice in circumstances where it has identified gaps in its knowledge or expertise in specific areas, or on high-risk issues. It may achieve this, for example, by establishing an advisory board to provide expert advice on particular issues as an interim measure, or seeking external, independent advice to provide additional scrutiny on particular issues. In such circumstances, the provider’s governing body documents should clearly set out how these arrangements will work.
    5. Review of governing body – governing body documents should clearly set out the arrangements for reviews, including the frequency, responsibilities and mechanisms for undertaking reviews. These reviews should enable the effective governance of the provider in practice.
    6. Meetings – an appropriate interval for meetings of the governing body ensures it can receive timely information, scrutinise relevant reports on activity that it oversees, and make timely decisions. The frequency should not impede efficient operation or conflict with reasonable competing commitments of members.
  3. E7A.3.a.ii. requires that the relevant governing documents include clear mechanisms and processes that make sure the governing body as a whole has appropriate expertise and skills. When the OfS assesses the mechanisms and processes in the relevant governing documents, it will consider:
    1. Whether the governing body incorporates a sufficiently diverse mix of expertise, skills and perspectives, for the size and complexity of its operations.
    2. The role of effectiveness reviews of the governing body and its members in ensuring sufficient skills and expertise.
    3. The role of governing body appointment procedures in ensuring sufficient skills and expertise.
    4. Any senior management roles which are defined as members of the governing body, and their areas of responsibility and the expertise that they bring.
  4. E7A.3.b requires documents which demonstrate how the provider discharges delegated decision making responsibilities. When the OfS assesses whether the provider has delegated decision making arrangements to suitable individuals to enable effective governance of the provider in practice, this will consider:
    1. The level of authority and seniority necessary to take the decisions which have been delegated, and whether the governing body retains ultimate responsibility for major decisions.
    2. Whether individuals, committees, and members of those committees to which decision making responsibilities have been delegated, have the skills, knowledge and experience to discharge decision making duties in areas requiring specific expertise.
  5. In assessing whether arrangements for governing body oversight of delegated decision making are appropriate to enable the effective governance of the provider in practice, the OfS will consider:
    1. Whether the documents provide clear information about the individuals or committees responsible for taking delegated decisions, and the terms on which those delegations have been made, including any conditions or limitations.
    2. How frequently and when delegated decisions are reported to the governing body and the mechanisms it has to scrutinise delegated decisions.
    3. Processes the governing body follows to review whether delegated decision making is effective.
    4. Whether the governing body has chosen to delegate matters which are appropriate to indirectly oversee rather than deal with directly. Matters which are likely to be appropriate to delegate include matters which need detailed or expert scrutiny or those which are operational rather than strategic.
  6. E7A.3.c sets out requirements for documents which describe how a provider will discharge its risk and audit functions. E7A.3.d sets out requirements for documents which govern the operation of any committee with responsibility for any risk and audit functions.
  7. A provider must clearly set out in its documents:
    • which individuals or committees have responsibility for risk and audit functions
    • what those responsibilities are
    • how the provider will ensure that these functions are undertaken by suitable persons
    • how governing body oversight is secured.
  8. If a governing body discharges risk and audit functions, information about how it does so must be set out in the provider’s governing body documents. Where a provider has delegated these functions to a separate committee or committees, it must submit the documents which govern the operation of that committee or committees. In either case, these documents must make clear how the provider will effectively deliver those functions in practice. If the body responsible for these functions intends to use the services of an external person, this should be clearly set out.
  9. The condition defines ‘risk and audit functions’ in broad terms. The OfS will consider audit activity in the broadest sense, including, but not limited to:
    • a provider’s arrangements for securing independent auditing of its financial statements
    • auditing of a provider’s internal controls
    • Any other internal programme of audit undertaken in relation to other areas of the provider’s business, whether or not these involve external input.
  10. The arrangements a provider has in place to manage risk and to oversee its audit activity are likely to overlap. Risk and audit documents should clearly identify responsibilities, describe the nature of those responsibilities and set out how these will be discharged in practice. Examples of the types of information that would help satisfy this requirement include but are not limited to:
    1. Documents which describe the provider’s risk management framework, including:
      1. How it categorises and rates risks, and its tools for doing so (such as a risk register).
      2. Mechanisms for risk reporting and monitoring, including who undertakes this and with what frequency.
      3. How risk appetite is set and communicated.
      4. Processes for ensuring all employees are aware of their responsibilities in relation to risk management.
    2. Documents which demonstrate the operation of the provider’s risk management framework, including risk registers or other records which demonstrate how key risks have been considered and measured, and describes key mitigations that are in place.
    3. Documents setting out how a provider will carry out or commission different audit activities, including:
      1. Responsibilities and processes for appointing and supporting external auditors, including but not limited to auditing of the provider’s annual financial statements.
      2. The arrangements the provider has in place for internal audit, including identifying and agreeing the programme of cyclical reviews and any external input into these.
      3. Any responsibilities and processes for ensuring deficiencies or recommendations identified as part of internal or external audit are addressed.
    4. Documents which set out responsibilities and processes for scrutinising a provider’s financial reporting including, but not limited to, at the financial year end.
    5. Documents which set out mechanisms for overseeing a provider’s internal controls, including the process through which the statement of internal controls required in the audited accounts is produced.
  11. The OfS’s assessment of whether suitable individuals hold responsibilities for risk and audit functions will include all the factors set out in paragraphs 9a-b. It will also consider whether individuals, committees and members of those committees to which the governing body has delegated risk and audit functions:
    1. Have sufficient understanding of risk management in the context within which the provider is operating or intends to operate. This may be demonstrated by the membership of the committee, or the rules and procedures for appointment to the committee, or the appointment of external input to provide this function.
    2. Have sufficient independence from the senior management of the provider within its membership to enable appropriate and objective challenge to the disclosures and information provided to the committee. Where such independence is not possible internally, this must be delivered by other means.
  12. The OfS will assess whether meetings of any committee discharging risk and audit functions take place at appropriate intervals. This will include whether the meeting’s frequency allows the committee to receive timely information, scrutinise relevant reports on activity which it oversees, and make timely decisions. The frequency should not impede efficient operation or conflict with reasonable competing commitments of members. The OfS will consider any available information from the provider’s application about other positions to which an individual has been appointed, or responsibilities the individual holds.
  13. The OfS’s assessment of whether risk and audit documents contain appropriate mechanisms to ensure the governing body has appropriate oversight of the committee’s activities, to enable the effective governance of the provider in practice, will include:
    1. Whether the oversight mechanisms reflect the size, complexity and context of the provider, and the scale and complexity of business considered by the committee.
    2. Whether the documents provide clear information about responsibilities and accountability for delegated decision making by the committee.
    3. How frequently and when the committee reports to the governing body and the mechanisms the governing body has to scrutinise delegated decisions.
    4. Processes the governing body follows to review whether the committee’s work and decision making is effective.
  14. When the OfS assesses whether the documents contain appropriate mechanisms that make sure the committee operates with appropriate input from independent persons, it will consider:
    1. The rules that the documents set out about membership of the committee, including the requirements for independent members of any such committee, and procedures for appointment to it.
    2. Procedures that the documents set out to ensure the independence and objectivity of the external auditor, which will make sure that the provider’s financial statements meet the requirements of the OfS’s accounts direction.23
    3. Any authority granted to the committee to engage independent advisers.

Assessing compliance

  1. The OfS’s assessment of this condition will involve a review of the documents a provider submits in relation to the requirements set out in the condition. The OfS may request additional information or documentation as it considers appropriate.

23 See Regulatory advice 9: Accounts direction - Office for Students.

Published 06 February 2025
Help us improve your experience

Describe your experience of using this website

Improve experience feedback
* *

Thank you for your feedback