UCD Ireland’s Global University
UCD Risk Management 1
UCD Risk Management
Initial Training Presentation
UCD Ireland’s Global University
2UCD Strategy 2020-2024
UCD Risk Management Framework • In December 2019, the new UCD
Risk Management Framework was approved by the UCD Governing Authority (GA).
• As part of its rollout, we are now providing you with this training presentation to help you to:
• understand this Framework;
• the role you as a member of staff play in it.
A copy of the UCD Risk Management Framework also forms part of these training materials
UCD Ireland’s Global University
3UCD Strategy 2020-2024
UCD Risk Management Framework • Risk management is essential to the achievement of organisational
objectives.
• Risk management is:
• part of effective university governance;
• a means for more effective management of the university;
• an important component of strategic management;
• reduces the likelihood that risks might be realised and minimises the impact in the event that they are.
UCD Ireland’s Global University
4UCD Strategy 2020-2024
Training / UCD Risk Management / Objectives
Risk Management Objectives
• Ensure risk management is integrated into and evidenced in the culture of the University;
• Manage risk in accordance with best practice at universities internationally;• Implement appropriate risk processes;• Inform key policy and operational decisions by identifying risks and their likely
impact;• Raise awareness of the need for risk management;• Assign accountability to relevant staff (risk owners) for managing risks in their areas;• Ensure that all significant risks to UCD are identified, assessed, controlled and
reported as appropriate to the Audit and Risk Management Committee (ARMC) and the GA.
UCD Risk Management Framework
UCD Ireland’s Global University
5UCD Strategy 2020-2024
Training / UCD Risk Management / Objectives
These objectives will be achieved by:
• Clearly defining the roles, responsibilities and reporting lines within the University for risk management;
• Emphasising the importance of effective risk management as part of the everyday work of UCD;
• Maintaining risk registers linked to the University’s objectives;
• Monitoring risk management arrangements continually and seeking continuous improvement.
UCD Risk Management Framework
UCD Ireland’s Global University
6UCD Strategy 2020-2024
Training / UCD Risk Management / University Strategy
University Strategy & Risk Management
• Risk Management supports delivery of UCD’s Strategic Plan. • Risk management aligns with the University’s strategic objectives and
institutional KPIs. • Risk management at College level directly correlates with and underpins
management of the objectives outlined in College/School Plans. • Similarly, in Support Units risk management ensures the effective
management of key risks which have the potential to impact areas of strategic importance.
UCD Risk Management Framework
UCD Ireland’s Global University
7UCD Strategy 2020-2024
Training / UCD Risk Management / UCD Risk Management Process
UCD Risk Management Process
• The President, UMT, GA and ARMC play central roles in the UCD risk process.• The President as the accountable officer is the overall university risk owner.• The GA has tasked the ARMC to (amongst other things) “advise the GA on risk
management issues” (Statute 25);• Moreover, the ARMC’s terms of reference specify ‘to keep under review and
advise on the effectiveness of the risk management system and processes and report regularly to the GA.’
• The ARMC discharges these responsibilities in the first instance by the risk registers for the university as follows:
• University risk register;• Vice-Presidents risk registers;• College risk registers;• Support unit risk registers.
UCD Risk Management Framework
UCD Ireland’s Global University
8UCD Strategy 2020-2024
UCD Risk Management Framework • The primary method for capturing
risks at UCD is through our Risk Registers. Risk Registers are maintained as follows:
1. High-Level i.e. for UCD as a whole
2. College level
3. For our larger schools
4. For our administrative units
• A sample risk register is attached to these training materials
UCD Ireland’s Global University
9UCD Strategy 2020-2024
Training / UCD Risk Management / UCD Risk Owners
UCD Risk Owners
• Risk Owners own risks in the unit(s) for which they have direct responsibility and accountability.
• Risk Owners are at the heart of the UCD risk process. Risk owners comprise 4 levels within UCD
• The President and the UMT• Heads of School and larger support units• Heads of smaller support units• All other UCD academics and support staff
UCD Risk Management Framework
UCD Ireland’s Global University
10UCD Strategy 2020-2024
UCD Risk Management Framework • Training / UCD Risk Process
• The process of assessing risks for inclusion in your Risk Register in essence comprises four steps detailed more fully below as follows:
1. Risk Appetite and Risk Tolerance
2. Risk Scoring
3. Mitigating Actions
4. Monitoring And Control
10
UCD Ireland’s Global University
11UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Appetite & Risk Tolerance
UCD’s Statement of Risk Appetite
• Risk appetite is the level of risk UCD or a unit is willing to accept in the pursuit of its objectives.
• UCD must take some risks in order to achieve its aims and objectives, and to realise expected benefits.
• UCD is committed to ensuring that all risks taken are proactively controlled, and exposure kept to an acceptable level.
• However, UCD will reject or closely manage any activity that has the potential to cause significant harm to the institution.
UCD Ireland’s Global University
12UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Appetite & Risk Tolerance
UCD Risk appetite matrix
Risk Appetite
Risk Level Definition
Avoid No appetite; not prepared to accept any level of risk.
Low Prepared to accept only low levels of risk, with a preference for safe or prudent options
Moderate A willingness to accept moderate levels of risk in order to achieve objectives; a more ambitious outlook, although still prudent
High Willing to pursue original, creative, pioneering options/activities to achieve objectives and to accept substantial risks in order to achieve successful outcomes and significant rewards.
UCD Ireland’s Global University
13UCD Strategy 2020-2024
UCD Risk Management Framework • 2.0. Training / UCD Risk Register process / Risk Appetite & Risk Tolerance
2.2. UCD Risk appetite matrix
o UCD’s overall risk appetite is defined as “moderate”.
o While maintaining an appropriate level of prudence, UCD is willing to accept moderate levels of risk in the pursuit of critical university objectives.
UCD Ireland’s Global University
14UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Appetite & Risk Tolerance
UCD Risk appetite matrix
UCD Risk Appetite Matrix
Risk Area Avoid Low Moderate High
Financial Sustainability
Governance
Infrastructure Development
Internationalisation
Academic Excellence and Integrity
Research Performance/Impact
Staff Recruitment and Retention
Student Experience
Student Recruitment
Technology Infrastructure
Health and Safety
UCD Ireland’s Global University
15UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Appetite & Risk Tolerance
Risk Tolerance
• The Risk Appetite will inform the Risk Tolerance for each risk; the Risk Tolerance is the point at which the level of risk incurred becomes unacceptable.
• The Risk Tolerance will correlate with Risk Appetite and will be assigned a risk score, as follows:
Risk Appetite and Risk Tolerance Level
Risk Appetite Risk Tolerance (as a risk score)
Avoid 1 – 10
Low 11 – 15
Moderate 16 - 20
High 21 - 30
UCD Ireland’s Global University
16UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Appetite & Risk Tolerance
Risk Tolerance (continued)• Risk Tolerances are aligned to the Risk Appetite rating applied to each risk giving each risk area its
own Risk Tolerance.Table 4: Risk Tolerance by Risk Area
Risk Area Risk Tolerance
Financial Sustainability 15
Governance 15
Infrastructure Development 20
Internationalisation 30
Academic Excellence and Integrity 20
Research Performance/Impact 20
Staff Recruitment and Retention 20
Student Experience 20
Student Recruitment 30
Technology Infrastructure 20
Health and Safety 15
UCD Ireland’s Global University
17UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Scoring
Risk Scoring
• Risks are scored to help Risk Owners evaluate their risks.• Scoring is decided by (1) a risk’s likelihood and (2) its impact;
Measuring Likelihood
Score Likelihood and Timeframe
1 Unlikely to occur even in the long-term
2 Unlikely to occur in the medium-term
3 Unlikely to occur in the short to medium term
4 Realistic likelihood of occurring in the next 3 to 5 years
5 Realistic likelihood of occurring in the next 1 to 3 years
6 Realistic likelihood of occurring in the next year
7 Probable in the next 3 to 5 years
8 Probable in the next 1 to 3 years
9 Probable in the next year
10 Risk is virtually certain to occur
UCD Ireland’s Global University
18UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Scoring
Risk Scoring• Impact will also be graded at 10 levels as set out in table 6 below.
Measuring Impact
Score Impact
1 Negligible impact
2 or 3 Measurable impact
4 or 5 Significant impact
6 or 7 Very significant impact
8 or 9 Major impact
10 Very severe impact
UCD Ireland’s Global University
19UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Scoring
Risk Scoring
o The risk score is obtained by multiplying the Impact by the Likelihood.
o We then match this risk score against the Risk Tolerance scores for the appropriate risk category
o This risk score is then measured against a “traffic light” system, with risks graded as Green, Amber or Red as follows.
UCD Ireland’s Global University
20UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Scoring
Risk Scoring
Traffic light risk scoring scheme
Definition Risk score is below the tolerance score.
Risk score equals or is close to the risk tolerance score.
Risk score exceeds the risk tolerance score;
Actions Monitor & review if score materially increases.
Actively manage them & review.
Risks in this are infrequent, but critical;Urgently manage to reduce below critical level & review.
UCD Ireland’s Global University
21UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Risk Scoring
Risk Scoring
• The Current Risk Score is compared to the Risk Tolerance in that area of activity e.g. Financial Sustainability, etc.
• Where the Current Risk Score is less than the Risk Tolerance the current controls may be deemed to be adequate.
• If it exceeds the Risk Tolerance, remedial action must be taken and additional or more effective controls must be put in place.
• And the Risk Owner will develop a ‘Path to Green’ setting out actions to reduce the risk score below its tolerance level e.g. actions to reduce and remediate a financial deficit. (A sample ‘Path to Green’ is included in these training materials
UCD Ireland’s Global University
22UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Mitigating Actions
Mitigating Actions
• Mitigating actions must be reduce a risk’s likelihood, or impact (or both).
• Each mitigating action should be prioritised, assigned a responsible Action Owner and set a target date for completion.
• These should be recorded on the Risk Register.
UCD Ireland’s Global University
23UCD Strategy 2020-2024
UCD Risk Management Framework Training / UCD Risk Process / Monitoring & Control
Monitoring & Control
• Risk Owners have primary responsibility for ongoing monitoring and control of reported risks.
• Hence the President with UMT will review the High-Level University Risk Register on a regular basis.
• The same process active monitoring and control applies to all other Risk Owners.
• And regularly updating the relevant Risk Register offers renewed opportunity for focusing attention on key objectives and risks to their attainment.
UCD Ireland’s Global University
24UCD Strategy 2020-2024
UCD Risk Management Framework • And finally…
• This training presentation has given you an understanding of the UCD Risk Management Framework, and specifically:
• UCD’s Risk Management Policy and
• UCD’s Risk Register process –and the elements involved in compiling your own unit’s risk register.
• More detailed guidance is available in the UCD Risk Framework document.
• And more person to person support will be offered when you are compiling your Risk Register.
UCD Ireland’s Global University
25UCD Strategy 2020-2024
Thank You