Academic Handbook Risk Management

Risk Management Strategy

Introduction

Purpose

  1. The Risk Management Strategy is designed to support Northeastern University London’s (the University’s) Mission, by assessing and managing the risks to the University achieving its stated Mission, and by ensuring that the University is also protecting its stakeholders, such as students, staff, funding bodies, partners, suppliers and the general public, to whom it has responsibilities.
  2. This strategy forms part of the University’s internal controls and governance structure, and is designed to give a summary guidance for those different parts of the University that are responsible for managing risk and for ensuring that their decisions are implemented.

Definitions

  1. In the context of this strategy, risk is defined as the possibility that an action, event or set of circumstances will adversely affect the University’s ability to achieve its objectives and deliver on its obligations.
  2. Risk management is defined as the planned approach to the identification, evaluation and mitigation of risk.

Overarching Approach 

  1. The University’s overarching approach to risk management is primarily to adequately understand the nature of the risks involved, their potential impact, and the ability to mitigate those risks. Secondarily, the University strives to advance its Mission in a way that strikes a balance between stability and innovation.
  2. Effectively, the University adopts good practice in the identification, evaluation and cost-effective mitigation of risk, to ensure that risks are either i) avoided, ii) reduced to an acceptable level, or iii) managed and contained.
  3. The mitigation of risk is communicated across the University’s different constituencies, and a dialogue is encouraged by all affected parties about the risk management measures taken.
  4. All relevant parties must understand the nature of risk and accept responsibility for managing the risks associated with their area of authority or personal responsibility.

Objectives

  1. The risk management objectives of the University are to:
    1. Integrate an awareness of managed risk taking and effective risk management into the culture of the University. 
    2. Manage risk in accordance with good practice.
    3. Embed risk management within strategic and operational processes.
    4. Consider statutory and regulatory compliance as a minimum standard.
    5. Anticipate and respond to changing economic, social, environmental and legislative requirements.
    6. Prevent injury and damage, and reduce the cost of risk.
  2. These objectives will be achieved by:
    1. Developing and maintaining a Risk Register, which details risks which, in the view of senior management and the Northeastern London Board, pose the greatest challenge to the achievement of the University’s Mission and its continued operation.
    2. Assessing the likelihood of these risks occurring and the likely impact of an occurrence.
    3. Putting in place arrangements to manage and monitor risk. 
    4. Maintaining effective communication and the active involvement of staff.
    5. Preparing contingency plans in areas where there is a potential for an occurrence having a wholly negative effect. 
    6. Monitoring and reviewing risk management arrangements on an ongoing basis.
    7. Insuring against risk where this is deemed to be cost effective.

Allocation of Roles and Communication of Expectations

  1. Northeastern London Board has ultimate responsibility for the total risk exposure of the University and manages this by:
    1. Setting the tone and influence of the culture of risk management across the University.
    2. Determining the extent to which the University is “risk taking” or “risk averse” as a whole and setting the University’s “risk appetite”.
    3. Approving major decisions that affect the University’s risk profile or exposure.
    4. Determining what types of risk are acceptable/unacceptable, monitoring significant risks, and controlling improvements to mitigate risks.
    5. Annually reviewing the University’s approach to risk management, and approving changes or improvements to key elements of the process and procedures.
    6. Establishing, maintaining and reviewing controls for monitoring risks.
    7. Having particular focus on the financial risks that could impact the University and its provision of world class higher education.
  2. To support it in exercising these responsibilities, Northeastern London Board will receive an annual report from Executive Committee (ExCo) on the effectiveness of the risk management process at the University, making recommendations where appropriate.
  3. ExCo is responsible for corporate risks and manages these by:
    1. Identifying and evaluating the significant risks faced by the University.
    2. Providing adequate information in a timely manner to Northeastern London Board on the status of risks and controls.
    3. Implementing policies on risk management and internal control.
    4. Annually reviewing the University’s risks and the effectiveness of the system of internal control and risk management, and reporting the outcomes to Northeastern London Board.
  4. In each Northeastern London Board meeting, ExCo will report any incidents and/or changes to the level of risk faced by the University and the approach to managing those changed circumstances. 
  5. The framework for these discussions at Northeastern London Board will be the Risk Register as discussed below. 
  6. Each Chair of a University committee in the University’s governance structure is responsible for the risk management that sits within the remit of their committee within the overall framework and approach dictated by the Northeastern London Board.

Approach to Risk Management 

  1. The Risk Register will review the risks faced by the University with those rated on the likelihood that a particular event will occur; and on the potential adverse impact (consequences) of the event if it did happen.
  2. Mitigation efforts focus on risks with a high combined score of Likelihood and Impact. Additionally, the controls available to manage each identified risk will be assessed.
  3. This is considered using the matrix below:

With the following definitions:

Likelihood Scale

Impact Scale: Characteristics for Each Rating

Mitigation Scale (expected effectiveness of preventive measures/mitigation)

Title: Risk Management Strategy

Approved by: Northeastern London Board

Location: Academic Handbook/ Strategies

Version number Date approved Date published Author Proposed next review date
23.3.3 April 2024 April 2024 CEO April 2025
22.3.2 May 2023 May 2023 CEO April 2024
Version numbering system revised March 2023
3.1 November 2022 November 2022 COO April 2024
3.0 April 2021 September 2021 COO April 2024
2.0 February 2019 February 2019 COO February 2021
1.0 November 2017 November 2017 COO November 2019
 
Referenced documents Risk Register.
External Reference Point(s) UK Quality Code Theme: Admissions, Recruitment and Widening Access; Assessment; Concerns, Complaints and Appeals; Course Design and Development; Enabling Student Achievement; External Expertise; Learning and Teaching; Monitoring and Evaluation; Partnerships; Student Engagement.