Trinity Information » College Policies » Risk Management
(Revised Policy approved by Board on 24 September 2008)
On this page:
1. Risk Management
1.1 The governance of the College lies ultimately with the Board. Governance is the system by which College is directed and controlled in order to achieve its objectives and meet the necessary standards of accountability, probity and compliance. Risk management is an essential element of the process of governance.
1.2 The College defines risk as any threat to the achievement of objectives and recognises that risk is unavoidable and that the effective management rather than elimination of risk is its objective. It is further recognised that the level of risk that is tolerable is dynamic and depends upon many factors including potential rewards, the nature of operations and the appetite of College for risk, any of which may vary over time. It therefore requires that risk management is kept constantly under review and becomes an integral component of all decision making.
1.3 Risk management involves the following: -
- the identification of risks that threaten achievement of objectives;
- the evaluation of the likelihood of occurrence and potential impact of the risks identified;
- the segregation of risks according to their gravity;
- an appraisal of the techniques employed to manage the major risks and identification of any further steps that should be taken;
- an appraisal of the levels of residual risk: after the application of management techniques and whether the residual level is acceptable;
- continuous monitoring of the effectiveness of controls and management techniques; and
- decision making informed by the risk management process.
2. Purpose of this policy
2.1 This process involves the full College community and the purpose of this document is to define for all staff: -
- the College’s approach to risk management;
- the roles and responsibilities;
- the procedures to compile and report risk information; and
- the process to evaluate the effectiveness of the College’s procedures.
3. Key Principles
3.1 The following key principles outline the College’s approach to risk management and internal control:
3.1.1 The Board has responsibility for overseeing the management of risk within the College as a whole.
3.1.2 All members of the College community have a responsibility to engage in effective risk management. Heads of units will be responsible for encouraging good risk management practice within their area.
3.1.3 Risks will be identified, within a general risk framework, by considering them in the context of the units and College objectives as set out in the Strategic Plan and unit business plans.
3.1.4 Risks will need to be managed and not necessarily avoided. This will be achieved by transferring the risk via insurance cover, employing controls to mitigate or avoid the risk, altering activity to reduce the level of risk or perhaps withdrawing from the activity entirely. Any one or a combination of techniques may be employed.
3.1.5 Controls as well as risks will be identified, evaluated and assessed so that judgements may be made about the residual levels of risk to be borne and to focus a review on the effectiveness of the control systems.
3.1.6 The risk management process will be fully embedded in the normal management structures and processes so that risk issues are considered by those involved in the day to day running of College who are charged with the achievement of objectives. All significant proposals brought forward for decisions should include a specific section on the assessment of risk and how it will be managed. The Executive Officers Group will have overall responsibility for managing the process.
3.1.7 The assessment of risks will be completed at both a high strategic level that is concerned with risks of significance to the College as a whole as well as at a unit level. The high-level risk assessment will, in due course, be informed by the assessments carried out at the lower level in the units.
4. Risk Appetite
4.1 The risk appetite is the tolerance level for risk. The approach to risk taking is conservative except in the areas of research and strategy. Risks scoring up to 90 may be tolerated in these areas. 4.2 Risks scoring above 30 in other areas should not be tolerated and steps should be taken to reduce the risk to acceptable levels. Risks being carried above the appetite level should be brought to the attention of Board immediately they are identified.
5. Reporting and Review
5.1 The risk assessment process will be regularly reviewed and updated as circumstances change and at least once per annum.
5.2 The Principal Committee with responsibility for each area will be apprised of the risks identified, and the process for addressing them. All units should submit their risk assessment to the relevant Committee in their area.
5.3 The Administrative Management Group will be responsible for reviewing the risks arising across the administrative units. The Chief Operating Officer will advise the Executive Officers’ Group of risks that might have College wide significance for consideration in compiling the high level register.
5.4 The Academic Management Group will be responsible for reviewing the risks arising across academic units and identified in the quality review process. The Vice-Provost/Chief Academic Officer will advise the Executive Officers’ Group of risks that might have College wide significance for consideration in compiling the high level register.
5.5 At its regular meetings the Executive Officers’ Group will consider both new risks arising and progress on key actions in response to previously identified risks. Risk management will be a standing item on its agenda and risk assessment will form a part of all significant proposals presented to or by the Group and the decisions and recommendations of the Group.
5.6 On an annual basis the Executive Officers’ will formally consider the high level risks and the Provost will bring forward a report to Board by the first meeting in Hilary Term.
5.7 The Audit Committee, on behalf of Board, is responsible for reviewing the effectiveness of the risk management process. The Audit Committee will review the high-level risk register and form an independent view of the risks identified, the likelihood of their occurrence, the potential impact and the adequacy of steps taken to manage them. The Audit Committee may also review individual unit registers. On an annual basis, or more often should the need arise, the Audit Committee will report to Board an opinion, based on its review, on the effectiveness of operation of the risk assessment process and management of the risks including the effectiveness of the key controls.
5.8 In order to further enhance the embedding of the process within the normal operations of the College, risk assessment and management will be incorporated as part of other processes such as quality review, capital programme planning, decision making, etc. and all proposals requiring decisions should have a specific section on risk and controls.