Risk management

The risk management policy defines risk management for the institution, and is approved annually by the Risk Audit and Efficiency Committee.

The Risk Audit and Efficiency Committee meets four times a year, and reports directly to Council and to Audit Committee.

The Risk Audit and Efficiency Committee has an annual reporting timetable, to highlight the institutional reporting responsibilities in relation to risk management.

The Risk Audit and Efficiency Committee has responsibility for approving policies, providing guidance, managing the strategic risk register, and overseeing local risk registers institution-wide.

The strategic risk register is the core risk management tool of the institution, comprising of 22 risks in 2021-2022. It is linked to the strategic vision where possible, and includes summary reports and explanatory appendices relating to risk scores and risk appetite.

Each strategic risk has a risk owner, and the content of the strategic risk register is updated in-between each meeting of the Risk Audit and Efficiency Committee by risk owners.

Amendments to the strategic risk register are managed by the Senior Governance Officer (Risk Mangement) and a revised document is considered at each meeting of the Risk Audit and Efficiency Committee, Council and Audit Committee.

A list of local risk registers is managed and agreed by the Risk Audit and Efficiency Committee.

There are three research institute risk registers, a register for the Centre for Allied Health and one for the Institute of Medical and Biomedical Educaltion.

Professional services and institutional projects also have management risk registers which are updated annually for submission to the Risk Audit and Efficiency Committee.