• No results found

How To Write A Risk Management Policy For The University Of Kerry

N/A
N/A
Protected

Academic year: 2021

Share "How To Write A Risk Management Policy For The University Of Kerry"

Copied!
5
0
0

Loading.... (view fulltext now)

Full text

(1)

Risk Management Policy

Originator name:

Ruth Anderson

Department:

Finance

Implementation

date:

1 August 2013

Date of next review:

1 August 2016

Related policies:

Health & Safety Policy, Equality & Diversity Policy

Version History

Version

Author

Revisions Made

Date

1 R Anderson First Draft July 13

Approval History

Equality Analysis

Version

Reviewed by

Date

1 Jo McCarthy-Holland 11/07/13

Committee Sign Off

Version

Committee Name

Date of Sign Off

1 Executive Board 23/7/13

1 Audit Committee 25/7/13

(2)

1

Introduction

1.1

Purpose

This risk management policy forms part of the University’s internal control and corporate governance arrangements.

The internal control system encompasses a number of elements that together facilitate an effective and efficient operation, enabling the University to respond to a variety of operational, financial and commercial risks.

The policy sets out the University’s definition of risk and describes the purpose of risk management. It explains the University’s underlying approach to risk management and documents the roles and responsibilities of key parties.

1.2

Scope

This policy applies to Executive Board members; senior managers; members of Council and its Committees; and the University’s internal audit service.

1.3

Equality Analysis

The University is strongly committed to equality of opportunity and the promotion of diversity for the benefit of all members of the University community. Equality analysis is a tool which helps consider the effect of activities on different groups of people and to ensure that policies, decisions and services work well for everyone.

The policy itself is considered to have a broadly neutral impact for groups with protected characteristics under the Equality Act 2010.

Failure to manage risk effectively, where it relates to an activity involving a particular group / community, could lead to equality issues .Equality analysis is recognised as a useful tool in assessing risk.

1.4

Definitions

• Risk – anything that can impede or enhance an organisation’s ability to achieve its

objectives.

• Risk Management – the process, structure and culture put in place to identify, assess

and control the uncertainties which may impact on the organisation’s ability to achieve its objectives.

• Level 1 Risk Register – the University’s High Level Risk Register, reflecting the key

risks to the University’s strategic aims and objectives.

• Level 2 Risk Register – a risk register owned at individual Executive Board member

level reflecting the key strategic and operational risks within a Faculty or Support Area.

• Risk Appetite - the level of risk that an organisation is prepared to take to achieve its

strategic objectives.

1.5

Legislative / Regulatory Context

Under the terms of its Financial Memorandum with HEFCE, Council must take reasonable steps to ensure that there are sound arrangements for risk management, control and governance within the University.

1.6

Health & Safety Implications

N/A

(3)

2

Policy

2.1

Principles

2.1.1 Effective risk management is essential to the continuation, growth and prosperity of the University in line with its strategic objectives.

It is not a process for avoiding risk. If used well, it will actively allow the University to take on activities with a higher level of risk because the risks have been identified, are understood and well managed and the residual risk is thereby lower.

2.1.2 The University adopts an open and receptive approach to the management of risk.

2.1.3 Risk management is intrinsic to the management of the University’s business and not simply a compliance issue.

2.1.4 Risk management requires a proactive rather than a reactive approach.

2.2

Procedures

2.2.1 Role of Council

Council has responsibility for overseeing risk management within the University as a whole. Its role is to:

• Set the tone and influence the culture of risk management within the University. • Determine the appropriate risk appetite or level of exposure for the University and

formally document this in a risk appetite statement that is reviewed, and where necessary updated, on at least a triennial basis.

• Approve major decisions which may affect the University’s risk profile or exposure e.g.

major capital investments, mergers and overseas partnerships.

2.2.2 Role of the Audit Committee

On behalf of Council, the Audit Committee is responsible for:

• Ensuring that appropriate arrangements are in place to ensure that risks are identified,

assessed and effectively managed.

• Monitoring the management of significant risks which could threaten the achievement

of the University’s strategic objectives.

• Ensuring that internal auditors have plans to review the adequacy and effectiveness of

risk management and provide an annual assessment of the University’s risk management arrangements.

Audit Committee will:-

• Report to Council on risk management and alert Council members to any emerging

issues.

• Prepare an annual report of its review of the effectiveness of the University’s risk

management, control and governance arrangements for consideration by Council and the President & Vice-Chancellor as Accounting Officer. In preparing its report, the Audit Committee will draw on information provided by the internal audit service, external audit and the Executive Board.

(4)

2.2.3 Role of the Executive Board

Key roles of the Executive Board are to:

• Implement policies approved by Council on risk management and internal control. • Own the University’s High Level Risk Register (Level 1 Risk Register), specifically:-

To identify and evaluate the significant risks faced by the University.

To agree ownership of risks.

To ensure that appropriate actions are taken to mitigate risks.

• Ensure that the High Level Risk Register remains effective by: Appraising the register formally on at least an annual basis

Ensuring that emerging risks are added as required and mitigating actions and risk indicators are monitored regularly and updated as appropriate

Reviewing the High Level Risk Register at all regular meetings of the Executive Board

• Develop strategies, policies and procedures to assist in the management of major

risks.

Individual members of the Executive Board are responsible for:-

• Encouraging good risk management practice within their area of responsibility,

ensuring that Faculty and Departmental risks are identified and assessed and that appropriate actions are taken to mitigate the risks. Specifically:-

Establishing and maintaining Level 2 Risk Registers in the same format as the High Level Risk Register for faculties and major support areas (including Corporate Services, Registrar’s Division and IT).

Establishing and maintaining risk registers, in the same format as the University’s High Level Risk Register, for projects of major strategic and/or operational importance

2.2.4 Role of Internal Audit

The Internal Audit Service adopts a risk-based approach to its work with the overall objective of evaluating and improving the effectiveness of the University's risk management, internal control and governance processes.

This involves conducting an annual review of the adequacy of the University's risk management arrangements and a programme of reviews based substantially on the University's assessment of high level risks.

3

Governance & Directory Requirements

3.1

Responsibility

The Chief Financial Officer has overall responsibility for this policy.

The Deputy Director, Corporate Finance, has responsibility for ensuring it is effectively implemented, progress monitored and that the policy is regularly reviewed.

3.2

Implementation / Communication Plan

(5)

Finance Department website. It will be communicated directly to members of the Executive Board, Faculty Managers and other Senior Managers responsible for Level 2 and/or Project Risk Registers.

3.3

Exceptions to this Policy

N/A

3.4

Supporting documentation

Level 2 Risk Register Guidelines can be found on the Finance website in Resources, then Risk Management:

References

Related documents

Importance of an Organized Proactive Approach Effective Care Coordination and Skills Needed Reducing Avoidable Hospital Stays.. Quality and Safety Outcomes Health

categories to consider, we focused on insights in relation to brand (what feelings/emotions characterize the City of Ramsey?), culture (what do people in Ramsey enjoy doing?),

Professor Michael Power, Professor of Accounting The role of internal and external auditing in the corporate governance process; internal control systems and corporate risk

Finally, HPV positive TSCC or OSCC with high CD8+ TIL counts or with absent/weak HLA class I intensity staining presented a very good clinical outcome, suggesting that these

with the platform, given by equation (20). A typical standby vessel is a supply vessel with length of 80 metres and displacement of 5000 tons. The energy of such a vessel

This was the first time we used a new grading system for lab reports, with separate marks for style, content, and analysis. My 

Supports the youth program vice president to help determine the interest of members, plan the year’s program, and ensure that the crew calendar is maintained. Advises youth

The City & Guilds 2365 at Level 2 is now the recognised route into the electrical installation industry (from 2012) and will cover underpinning knowledge necessary to work