Add to collection(s) Add to saved
  1. Business
  2. Management

UNIVERSITY OF EXETER RISK MANGEMENT

advertisement 
UNIVERSITY OF EXETER
RISK MANGEMENT
A meeting of the Risk Management Dual Assurance Group was held on 26th November at 3pm in
Provost’s Office, Northcote House.
PRESENT:
Chief Operating Officer, Geoff Pringle (Chair)
Lay Lead, Judy Hargadon
Chair of Council, Sarah Turvill
Director of Strategic Planning, Steve Chadwick
IN ATTENDANCE:
Strategic Planning Officer, Iain Springate
1. Terms of Reference
1.1 The Terms of Reference (RiskDA/2014/01) were received and discussed. It was agreed that
these were a useful start, but may need to be reviewed as Dual Assurance developed its role.
The Lay Lead requested that the Terms of Reference be a standing agenda item.
1.2 Action: Include Terms of Reference as a standard item for Risk Dual Assurance agenda
(Strategic Planning Officer).
2. Risk Management Policy and Process
Draft Risk Management policy
2.1 The draft updated Risk Management policy (RiskDA/2014/02) was introduced by the
Director of Strategic Planning, who explained that whilst he was broadly happy with the
document, the consistency of language in places needed addressing, and a section needed
adding on Risk Appetite / approach to risk Appetite. The Lay Lead noted that she was
broadly content with the document, whilst highlighting a number of areas for change:






Section six, bullet two: more detail was needed on the approach to solving risk
problems.
Section six, bullets 11 and 12: Reword to make clear that all staff understand their
role in mitigating the risks that are relevant to them / their role.
Section 11a: Reword to make the point that VCEG manage and control resolution
and actions, ensuring actions / controls are followed through and risk is mitigated.
Dual Assurance Section (12-14): Add details about the generic role of the Lay lead in
Dual Assurance, and outline the areas for Dual Assurance; amend Risk Appetite
element of Terms of Reference to recommend what the appetite for risk should be,
and ensure it is embedded in practice; and, add a note to take account of Council’s
view of risk.
Section 15: Include the expectation that risk owners ensure their risks are properly
managed.
Section 18k: Reword to explain what takes place regarding risk education.
2.2 Risk as part of the business planning process was discussed, and there was concern that
some risks had their impact scores inflated in an attempt to draw attention to an issue and /
or gain resource. The Director of Strategic Planning explained that some risk scores appeared
too high against the criteria, and this was being addressed; a number of risks had fallen in
score at this review as a result of challenges to scoring. He also explained that risk was
discussed alongside strategy and performance at business planning meetings; risks relevant
to strategy were identified and discussed – although there was not time within the planning
meeting to examine the registers in detail line by line.
2.3 It was agreed that a revised version of the Risk Management policy, addressing the points
raised above, would be sent to Council for consideration at their May risk discussion.
2.4 Action: Revise draft Risk Management policy and present to Council for consideration at
their May risk discussion (Director of Strategic Planning).
Role of Audit Committee
2.5 The Director of Strategic Planning noted that the paper (RiskDA/2014/03) outlined the
current risk reporting process and the roles of those involved. It also described the impacts
on timings of the proposal for Audit Committee to review risk reports before Council
received them.
2.6 It was agreed that the risk process was managed by VCEG, Council had ultimate
responsibility for ensuring risks were within their risk appetite, and that the role of Audit
Committee was to provide assurance on the process. Dual Assurance assured the work of
VCEG relating to risk in an efficient way since it was able to consider risks in more detail. It
was noted that Dual Assurance could report its view of risk directly to Council. It was agreed
that Dual Assurance would, as set out for the 14/15 Risk process, consider reports before
they went to VCEG. If major changes were made by VCEG, the Lay Lead would be informed.
2.7 The Chair of Council agreed to discuss / clarify the role of Audit Committee with its Chair.
2.8 Action: Inform Lay Lead if major changes are made to Risk Management Updates by VCEG
(Strategic Planning Officer).
3. Risk Management Update
3.1 The draft Risk Management Update to be discussed by VCEG on 8th December
(RiskDA/2014/04) was introduced by the Director of Strategic Planning, who explained that:



The format of reporting would be discussed by Council in February, but this report
was the existing format
The Corporate Risk Register was presented as normal, and with risks broken into
categories; these were not yet right – a breakdown along the lines of compliance,
finance, reputational etc. was likely to be more appropriate since risk appetite could
be set separately for each category
The College risks placed in the red area of their heat maps were being reconsidered
by Colleges, with the exception of the Medical School’s ‘Growth strategy’ risk –
which was felt to be correctly scored.
3.2 The interconnected nature of some of the risks across Colleges was discussed, and the
Director of Strategic Planning explained that PRG’s high level approach looking across the
institution enabled decisions to be made that took into account all these risks. It was
stressed that the University would not normally expect Colleges to have financial risks in the
red zone of heat maps since that would imply they were not being correctly managed.
3.3 A number of Corporate Risks were also discussed:



Pensions: It was agreed that this was a significant risk over which the University had
limited influence, but the Chair of Council asked that the influencing activity that did
take place be reflected in the risk reporting.
Internationalisation: The Director of Strategic Planning explained that the scoring of
the risk had been challenged, but had remained the same. It was noted that Dual
Assurance felt that the risk was scored too highly, and this this should be
communicated to the Risk Owner and Facilitator. It was also felt that this risk should
be renamed ‘international recruitment’ as that was what the risks were focused on.
Cornwall Campus Development: It was felt that the risk and sub-risks did not merit
impact scores of 6; it was requested that these be reviewed with a view to reduce
them before Council.
3.4 The Chair of Council commented that the transformation and Change programme being
undertaken by the University was a significant risk, as the organisation was not used to such
change, and any failure to achieve the objectives would lead to serious consequences.
3.5 The Lay Lead noted that risk titles and descriptions needed to be clearer, and that a different
format could assist Council in understanding and assessing the risks. The Director of Strategic
Planning agreed, noting that the Corporate Risk Register, and the way it was reported, would
be reviewed at the discussion in February.
3.6 It was requested that the report to Council made clear that whilst the paper and the
Corporate Risk Register was presented in the usual format, Council would have opportunity
to discuss both the composition of the Register and risk reporting in February – which could
result in changes.
3.7 Action: Revise the Risk Management Update following review of College risks, include a
paragraph noting that risk reporting and the Corporate risk register are being reviewed, and
include Dual Assurance comments relating to internationalisation, pensions and a
transformation risk (Director of Strategic Planning).
3.8 Action: Request that Cornwall Campus Development Risk Owner / Facilitator review their
impact scores with a view to reducing them ahead of submission to Council (Director of
Strategic Planning).
4. Review of Corporate Risk Register
4.1 The Director of Strategic Planning outlined the intention to review the Corporate Risk
Register in order to simplify it, reduce the number of risks presented, and put risks into
categories. Categorisation would aid Council and VCEG in determining differential risk
appetites for different types of risk. He also noted that there might be risk targets in future –
outlining where Risk owners are expected to reduce risk levels to over a set period of time.
4.2 It was agreed that the Lay Lead would be kept informed about the progress of the Corporate
Risk Register review, and that at Council’s discussion of risk in February there would be
papers with discussion points / recommendations to aid Council in their discussion about
Corporate Risks and risk appetite.
4.3 The Lay Lead suggested that Dual Assurance should have some input into the issues that
Internal auditors examined. It was suggested that the transformation programme should be
audited once it was established; early in the 15/16 academic year was felt to be an
appropriate time.
4.4 Action: Undertake review of Corporate Risk Register, liaising with the Lay Lead (Director of
Strategic Planning).
4.5 Action: Bring to Council a set of papers with discussion points / recommendations relating to
the Corporate Risks and Risk Appetite (Director of Strategic Planning).
4.6 Action: Suggest to Audit Committee that the Transformation programme should be audited
in early 2015/16 (Director of Strategic Planning).
5. Risk Management Task List
5.1 The task list (RiskDA/2014/05) was noted by the group. Most tasks had begun and were
ongoing.
6. Any other business
6.1 The Lay Lead noted that she was no longer available on 10th March, but could attend on
other days in the same week.
6.2 Action: Organise a new date for Dual Assurance in March (Strategic Planning Officer).
7. Date of Next Meeting
7.1 To be confirmed: Week commencing 9th March 2015
ACTION TABLE
Minute Action
No.
Owner
1.2
Strategic
Officer
Director of
Planning
Strategic
Officer
Director of
Planning
2.4
2.8
3.7
3.8
4.4
4.5
4.6
6.2
Include Terms of Reference as a standard item for Risk
Dual Assurance agenda
Revise draft Risk Management policy and present to
Council for consideration at their May risk discussion
Inform Lay Lead if major changes are made to Risk
Management Updates by VCEG
Revise the Risk Management Update following review
of College risks, include a paragraph noting that risk
reporting and the Corporate risk register are being
reviewed, and include Dual Assurance comments
relating to internationalisation, pensions and a
transformation risk
Request that Cornwall Campus Development Risk
Owner / Facilitator review their impact scores with a
view to reducing them ahead of submission to Council
Undertake review of Corporate Risk Register, liaising
with the Lay Lead
Bring to Council a set of papers with discussion points /
recommendations relating to the Corporate Risks and
Risk Appetite
Suggest to Audit Committee that the Transformation
programme should be audited in early 2015/16
Organise a new date for Dual Assurance in March
Status
Planning
Complete
Strategic
Planning
Strategic
Complete
Director of Strategic
Planning
Complete
Director of Strategic
Planning
Director of Strategic
Planning
Director of Strategic
Planning
Strategic
Planning
Officer
Related documents
Document14889741 14889741
Document14889741 14889741
Quality Review and Assurance Committee Terms of Reference
Quality Review and Assurance Committee Terms of Reference
AUDIT INTERNSHIP
AUDIT INTERNSHIP
Two Words
Two Words
Download
advertisement