Risk Management

Introduction

Risk management forms part of GCU University’s governance and internal control arrangements, and it is a requirement of the SFC Financial Memorandum that the University Court has ultimate responsibility for risk management.

A refresh of the The University’s Risk Management Policy was approved by the University Court in May 2019 and the revised Policy can be accessed here:

Risk Appetite Framework

The Risk Appetite Framework also forms part of the Risk Management Policy. It supports institutional decision-making and monitoring of a portfolio of activities in different business areas, by establishing risk thresholds in terms of finance, resources and potential impact on reputation. The Risk Appetite Framework is an integral component of institutional decision-making and the Committee Paper Cover Sheets refer to the Framework to ensure all new proposals are considered alongside the approved Risk Appetites. The University’s current Risk Appetite Framework can be accessed below:

Corporate Risk Register

A key element of risk management at GCU is the Corporate Risk Register. This is intrinsically linked to the University Strategic Plan, and identifies risks that have a fundamental impact on the University’s ability to operate as a business and/or deliver its Strategic Plan. Risk management is incorporated into the strategic planning process to ensure that the University is able to monitor risks which could affect the University’s ability to achieve its objectives and determine which risks have the most significant impact.

Academic Schools, Support Departments and Project Registers

The high level strategic risks identified in the Corporate Risk Register, are underpinned and informed by Risk Registers overseen at the local operational level – in Academic Schools, Support Departments, significant institutional projects, all research and commercial projects and other projects where appropriate. These local registers identify risks that impact upon and are managed by operational areas or project teams.

The University’s Risk Register templates can be accessed here.

Risk Management Training

To support effective implementation of GCU’s Risk Management Policy, the University offers Risk Management Workshops on a regular basis, ensuring that appropriate training and development opportunities are in place for staff. A Risk training presentation with audio commentary is available to download here:

In addition, for training purposes, we have created a template Project Risk Register which has includes notes to provide guidance on completion as well as some generic examples of the typical Risk entries that may be appropriate for Project Risk Registers in particular. These are not an exhaustive list and are merely provided as examples of the types of risks that could be considered.

In addition, Academic Schools and Departments, Support Departments and staff running major projects may request facilitated workshops to develop or fundamentally revise Risk Registers.

Please contact Paul McFadden in Management Accounting for further information.

A schedule with GCU Risk Examples

Risk Management Forum and Risk Register Monitoring

During 2013 the University’s Risk Management Forum (RMF) was established. Reporting to the Executive Board, it is responsible for overseeing the successful implementation of the University’s Risk Management Policy, including responsibility for the co-ordination of risk management activity. The RMF will ensure that the necessary processes are in place to manage University risk and achieve compliance with governance requirements.

The RMF reviews the Corporate Risk Register each quarter and local risk registers on a routine basis to ensure that risk is being accurately identified and managed and that the University continues to operate within the agreed risk tolerances.

The RMF reports to the University Executive after each quarterly meeting proposing appropriate revisions to the Corporate Risk Register and annually in relation to overall risk management activity.

Governance

Audit Committee acts on behalf of Court to maintain an overview of risk management, control and governance arrangements. It receives the Corporate Risk Register twice a year and makes recommendations to Court on changes to the corporate risks and their ratings.

Court’s role is to determine the overall policy for risk management within the University. This includes:

  • Determining institutional risk appetite
  • Approval of major decisions affecting the University’s risk profile or exposure
  • Reviewing the University’s approach to risk management and approve changes or improvements to key elements of its processes and procedures

Court reviews the Corporate Risk Register in detail on an annual basis, receive quarterly updates on any material changes to the Corporate Risk Register and have access to the current Corporate Risk Register throughout the year.

Further Information

If you'd like to discuss Risk Management, please email Jane Hoey.