2.4 Risk Management
2.4.1 The University acknowledges the risks inherent in its business, and is committed to managing those risks that pose a significant threat to the achievement of its business objectives and financial health. Detailed guidance on the level of risk considered to be acceptable / unacceptable by the University will be set out in a separate risk management strategy.
2.4.2 Council has overall responsibility for ensuring there is a risk management strategy and a common approach to the management of risk throughout the University through the development, implementation and embedment within the organisation of a formal, structured risk management process.
2.4.3 In line with this policy, the governing body requires that the risk management strategy and supporting procedures include:
- The adoption of common terminology in relation to the definition of risk and risk management.
- The establishment of University-wide criteria for the measurement of risk, linking the threats to their potential impact and the likelihood of their occurrence together with a sensitivity analysis.
- A decision on the level of risk to be accepted, together with tolerance levels expressed in terms of measurable outcomes (see above).
- A decision on the level of risk to be covered by insurance.
- Detailed regular review at department or support function level to identify significant risks associated with the achievement of key objectives and other relevant areas.
- Development of risk management and contingency plans for all significant risks, to include a designated ‘risk owner’ who will be responsible and accountable for managing the risk in question.
- Regular reporting to the governing body of all risks above established tolerance levels.
- An annual review of the implementation of risk management arrangements.
The strategy and procedures must be capable of independent verification.
2.4.4 Heads of department must ensure that any agreements negotiated within their departments with external bodies cover any legal liabilities to which the University may be exposed. The Registrar and Secretary’s advice should be sought to ensure that this is the case.