New Delhi: Taking a leaf from the governance practices of leading global universities, the Comptroller and Auditor General (CAG) of India will roll out a new governance and risk-assessment framework from April 2026 to strengthen systems financial controls and internal management in higher education institutions.
The framework will be rolled out in phases, beginning with 66 higher education institutions in the first phase. Of these, 44 are central universities, while the remaining 22 are state universities.
Addressing a stakeholder workshop with representatives from central and state universities, CAG K. Sanjay Murthy said on Monday that the proposed Risk-Controls Maturity Scorecard (RCMS) will act as a self-monitoring tool for institutions to assess whether financial prudence and internal controls are being followed. The framework is not intended to be an additional audit but rather a mechanism for universities to review their own governance systems.
The model draws on governance practices used by leading global universities, such as Oxford, Harvard, and Cambridge, where structured risk management frameworks are already in place.
The CAG held a workshop attended by officials from the Department of Higher Education, vice chancellors from universities across the country and officers from the audit institution.
In the first phase, the RCMS will be introduced across 66 higher education institutions, with the rollout expected to begin next month and be completed within the next eight months of FY27.
Murthy said the CAG currently audits about 1,400 autonomous institutions, a number expected to grow along with the scale of public investment in the sector. In such a scenario, tools such as RCMS will help identify areas where governance and financial controls require strengthening, he said.
risk mapping
RCMS enables universities to identify risks in advance rather than reacting after problems surface. Traditionally, issues such as financial irregularities, procurement lapses or delays in utilization certificates are detected during audits. The RCMS framework allows institutions to regularly review their internal systems and identify weaknesses early, helping prevent them from escalating into major compliance or governance issues.
Officials from the ministry of education present at the workshop said that the initiative marks a shift from compliance-based oversight to proactive risk management.
Vineet Joshi, secretary for higher education, and Anandrao V. Patil, additional secretary, encouraged universities to actively engage with the framework and said the government would support capacity building to help institutions adopt the system and improve governance practices.
Deputy CAG AM Bajaj said the primary responsibility for identifying risks and maintaining effective controls lies with institutional management, and the RCMS framework has been designed to provide a structured mechanism to support that responsibility.
“By mapping risks in areas such as procurement, asset management, treasury operations, grants and HR systems, the tool helps university leadership understand where governance gaps exist. This makes decision-making more data-driven and systematic,” he said.
The initiative aims to strengthen oversight across autonomous educational bodies that collectively manage significant public funds. Central autonomous bodies under the ministry of education manage assets worth about ₹1.77 lakh crore and receive grants of roughly ₹Rs 75,645 crore.
Under the framework, key functional areas such as procurement, revenue management, estate management, treasury operations, human resources and financial reporting will be mapped against potential risks and corresponding control measures. Institutions will be scored through evidence-based checks and monitored through dashboards and risk indicators, enabling auditors and administrators to track governance standards over time.
According to a presentation made at the workshop, the framework also seeks to move beyond traditional audit approaches by introducing a forward-looking assessment of internal controls. It will allow institutions to identify risk hotspots and improve administrative processes before issues escalate into financial or compliance lapses.
