Add to collection(s) Add to saved
  1. Business
  2. Management

Risk Management Policy

advertisement 
University Campus Suffolk
Risk Management Policy
Risk is the threat or possibility that an action or event will affect our ability to achieve our
objectives. Risk Management is the planned and systematic approach to identify, assess
and mitigate the impact of those risks which may impact on the achievement of our aims,
objectives and opportunities
With good Risk Management
 planned objectives are more likely to be achieved
 adverse events are less likely to happen
 if an adverse event does occur, the impact is reduced
Approved by the UCS Audit and Risk Committee, this Policy explains our underlying
approach to Risk Management. Risk Management at UCS should be enabling, allowing
innovative and creative initiatives that are balanced by well considered safety nets. Risk is
not just avoiding threats; a major risk could be the failure to seize an opportunity.
Purpose
This risk management policy forms part of the institution’s internal control and corporate
governance arrangements.
The policy explains the institution’s underlying approach to risk management, documents the
roles and responsibilities of the UCS Executive team, the UCS Audit and Risk Committee
and the UCS Board. It also outlines key aspects of the risk management process, and
identifies the main reporting procedures.
Underlying approach to risk management
The following key principles outline the UCS approach to risk management and internal
control:

the UCS Audit and Risk Committee has responsibility for overseeing risk management
within the institution as a whole and reporting all aspects of risk management to the UCS
Board

an open and receptive approach to solving risk problems is adopted by the UCS Audit
and Risk Committee

the Provost and the Executive team supports, advises and implements policies approved
by the Board

the institution makes conservative and prudent recognition and disclosure of the financial
and non-financial implications of risks

Heads of School/Directors are responsible for encouraging good risk management
practice within their areas

All staff have a shared responsibility for good risk management
UCS Board
UCS Audit and Risk Committee
UCS Executive
All School and Departments
Role of the UCS Board
a.
Determines the risk appetite of the institution
b. Approves major decisions affecting the risk profile or exposure
Role of the UCS Audit and Risk Committee
a. Manages the risk appetite of the institution, and sets the standards and expectations
with respect to risk and opportunity.
b. Approves major decisions affecting the risk profile or exposure.
c.
Monitors the management of significant risks to reduce the likelihood of unwelcome
surprises.
d. Satisfies itself that the less significant risks are being actively managed, with the
appropriate controls in place and working effectively.
e. Annually reviews the approach to risk management and approves changes or
improvements to key elements of its processes and procedures.
Page 2 of 5
f.
Ensures appropriate audit work on risk management is undertaken.
Role of the Provost and Executive
a. Implements the Risk Management Policy and internal control.
b. Identifies and evaluates the significant risks faced by UCS for consideration by Audit
and Risk Committee.
c.
Provides adequate information in a timely manner to the Audit and Risk Committee
on the status of risks and controls.
d. Embeds Risk Management as part of the system of internal control within all
Schools/Departments.
Risk Management in UCS
Managing risk can become a process with success measured merely by adherence to the
process. However, in order to be effective, risk management must be embedded into all
undertakings, so risks are identified, managed, opportunities are taken and ambitions are
achieved.
A standard format is provided for Risk Registers. All Schools/Departments should produce a
Risk Register as part of the annual Planning Cycle. The Risk Registers should be dynamic
and reviewed regularly at School/Department meetings. Risk elements are removed when
the objective is reached and new risks must be added as they appear. Any major changes
(new risk, change of status to a higher risk category) should be brought to Executive. A
central UCS Risk Register is produced based on the School/Department Risks but also
encompassing high level Corporate Risks. This Register will be updated at Executive and
managed by the Director of Planning and Partnerships. The UCS Risk Register will be
signed off by the Executive annually.
The UCS Audit and Risk Committee will receive the UCS Risk Register in its entirety but will
usually only consider the major risks. The UCS Audit and Risk Committee will be advised of
any major changes to risk status and new risks as they arise.
The UCS Audit and Risk Committee is required to report to the UCS Board on internal
controls and alert board members to any emerging issues. In addition, the committee
oversees internal audit, external audit and management as required in its review of internal
controls. The committee is therefore well-placed to provide advice to the board on the
effectiveness of the internal control system, including the system for the management of risk.
Page 3 of 5
Appendix
Risk Appetite
Risk Appetite is defined as the level of risk that is acceptable and is determined by the
UCS Board, and managed by the UCS Audit and Risk Committee.
UCS can maintain a higher appetite for risk than many other institutions in the sector
as it is supported by both the University of East Anglia and the University of Essex.
However, the impact of some risks would be greater for UCS than other more
established institutions. Therefore in order to move forward, UCS must have an
appetite for these risks, to be bold and innovative in order to achieve its aims.
Risk Scoring
All risks are scored with a numerical system, considering impact and likelihood
Impact
Likelihood
10
The organisation would certainly not
survive (Fatal)
10
9
The organisation might survive but
with grave damage (Fatal)
9
Certain
(100%)
Very Probable (80- 99%)
8
Major impact on the achievement of
the organisations business plan and
the quality of its overall services
(Major)
8
Probable (60 – 80%)
Significant impact on the success of
the business and quality of its services
(Significant)
6
Some impact on the organisations staff
and minor effect on students
(Minor)
4
Marginal impact on the organisations
staff and minor effect on students
Insignificant impact on the organisation
or staff
(Insignificant)
2
Remote (5-10%)
1
Very Remote
(less than 5%)
7
6
5
4
3
2
1
7
Possible (30- 60%)
5
Unlikely (10- 30%)
3
Risk = impact x likelihood
For example, it is considered that a risk would have a very minor impact on the organisation
but it is quite likely that it will happen. Risk = 2 x 8 = 16
Page 4 of 5
Gross and Net Risk
The score for the risk before any control measures are introduced is the Gross Risk.
If there are actions that can be taken to reduce the risk, they should be introduced and the
risk recalculated with these measures. This is the Net Risk. In most cases, the Net Risk will
be lower than the Gross Risk. However, until the actions have been seen to have impacted
on the risk, the higher score stands.
The Gross and Net Risk scores will fall in the table below. Any in the green region are
usually monitored locally and unless there are any changes that could increase the risk, will
not be considered by the UCS Risk and Audit Committee. Risks that are considered to be in
the Amber region will be considered by Executive and any changes noted. The UCS Audit
and Risk Committee may choose to consider these risks. All risks that fall into the red
shaded areas are considered to be above the risk appetite of UCS and must be considered
by the UCS Audit and Risk Committee to determine if they will be tolerated or if further action
must be undertaken
Likelihood
1
2
3
Remote
4
5
Unlikely
6
7
Possible
8
Probable
9
10
Almost
Certain
Certain
1
Insignifi
1
2
3
4
5
6
7
8
9
10
2
cant
3
Minor
2
3
4
5
6
7
4
6
8
10
12
14
6
9
12
15
18
21
8
12
16
20
24
28
10
15
20
25
30
35
12
18
24
30
36
42
14
21
28
35
42
49
16
24
32
40
48
56
18
27
36
45
54
63
20
30
40
50
60
70
8
16
24
32
40
48
56
64
72
80
9
10
18
20
27
30
36
40
45
50
54
60
63
70
72
80
81
90
90
100
I
4
m
5
Signific
p
6
ant
a
7
Major
c
t
8
9
10
Fatal
Page 5 of 5
Related documents
UCS_-_Defense_Daily_SUMMIT_-OCT_2012v2
UCS_-_Defense_Daily_SUMMIT_-OCT_2012v2
Cisco UCS 6324 Fabric Interconnect UCS-FI-M-6324
Cisco UCS 6324 Fabric Interconnect UCS-FI-M-6324
Learning Modules PowerPoint
Learning Modules PowerPoint
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
3_learning_fall09
3_learning_fall09
Stress Management, Test Taking & Test Anxiety
Stress Management, Test Taking & Test Anxiety
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Classical Conditioning
Classical Conditioning
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Avnet TS FY12 PPT Template - Avnet Technology Solutions
Avnet TS FY12 PPT Template - Avnet Technology Solutions
Download
advertisement