• Home
  • Risk Management

Risk Management


Risk management forms part of GCU University’s governance and internal control arrangements, and it is a requirement of the SFC Financial Memorandum that the University Court has ultimate responsibility for risk management.

The University’s Risk Management Strategy can be accessed here:

Corporate Risk Register

A key element of risk management at GCU is the Corporate Risk Register. This is intrinsically linked to the University Strategic Plan, and identifies risks that have a fundamental impact on the University’s ability to operate as a business and/or deliver its Strategic Plan. Risk management is incorporated into the strategic planning process to ensure that the University is able to monitor risks which could affect the University’s ability to achieve its objectives and determine which risks have the most significant impact.

Academic Schools, Support Departments and Project Registers

The high level strategic risks identified in the Corporate Risk Register, are underpinned and informed by Risk Registers overseen at the local operational level – in Academic Schools, Support Departments, significant institutional projects, all research and commercial projects and other projects where appropriate. These local registers identify risks that impact upon and are managed by operational areas or project teams.

The University’s Risk Register templates can be accessed here. The Project Sizing Tool sets out the parameters under which certain projects may not be required to complete a Risk Register.

Commercial Project Risk Registers

The Project Sizing Tool, included at the link above, sets out the parameters under which certain commercial projects may not be required to complete a Risk Register. If the Project Sizing Tool is to be used to forego the need for a Project Risk Register then please contact Martin Hay to discuss further.

Risk Management Training

To support effective implementation of GCU’s Risk Management Strategy, the University offers Risk Management Workshops on a regular basis, ensuring that appropriate training and development opportunities are in place for staff. A Risk training presentation with audio commentary is available to download here:

In addition, for training purposes, we have created a template Project Risk Register which has includes notes to provide guidance on completion as well as some generic examples of the typical Risk entries that may be appropriate for Project Risk Registers in particular. These are not an exhaustive list and are merely provided as examples of the types of risks that could be considered.

In addition, Academic Schools and Departments, Support Departments and staff running major projects may request facilitated workshops to develop or fundamentally revise Risk Registers.

Please contact Paul McFadden in Management Accounting for further information.

A schedule with GCU Risk Examples


Risk Management Forum and Risk Register Monitoring

During 2013 the University’s Risk Management Forum (RMF) was established. Reporting to the Executive Board, it is responsible for overseeing the successful implementation of the University’s Risk Management Strategy, including responsibility for the co-ordination of risk management activity. The RMF will ensure that the necessary processes are in place to manage University risk and achieve compliance with governance requirements.

The RMF reviews the Corporate Risk Register each quarter and local risk registers on a routine basis to ensure that risk is being accurately identified and managed and that the University continues to operate within the agreed risk tolerances.

The RMF reports to the University Executive after each quarterly meeting proposing appropriate revisions to the Corporate Risk Register and annually in relation to overall risk management activity.


Audit Committee acts on behalf of Court to maintain an overview of risk management, control and governance arrangements. It receives the Corporate Risk Register twice a year and makes recommendations to Court on changes to the corporate risks and their ratings.

Court’s role is to determine the overall policy for risk management within the University. This includes:

  • Determining institutional risk appetite
  • Approval of major decisions affecting the University’s risk profile or exposure
  • Annual approval of the Corporate Risk Register
  • Reviewing the University’s approach to risk management and approve changes or improvements to key elements of its processes and procedures

Court receives the Corporate Risk Register on an annual basis.

Risk Appetite Framework

The Risk Appetite Framework also forms part of the Risk Management Strategy. It supports institutional decision-making and monitoring of a portfolio of activities in different business areas, by establishing risk thresholds in terms of finance, resources and potential impact on reputation. The University’s current Risk Appetite Statements and Tolerances, as agreed by Court, are set in the document which can be accessed below:

 Further Information

If you want to discuss Risk Management please contact: