UNIVERSITY of GLASGOW

Finance
Home > Services A-Z > Finance > Staff Sections > Insurance and Risk > Risk Management Policy

Insurance and Risk Quick Links

Insurance Information

Insurance Cover

Revalutation of Contents

Other Insurance Matters

Insurance and Risk - Risk Management Policy

 1.    Introduction
     
 1.1    The University is accountable to a wide audience, including funding bodies, students, staff, the general public, and the University Court. The environment in which the University operates is also subject to a wide range of risks, and the need for adequate risk management is recognised by the University.
     
 1.2    This risk management policy forms part of the University's internal control and corporate governance arrangements. It is intended to summarize the view of the University Court to risk, and to define the risk management framework within which Colleges and Schools are expected to operate.
     
 1.3    The policy explains the responsibilities of the different elements of the organisation, outlines key aspects of the risk management process, and identifies the main reporting procedures.
     
 2.  

 Definition of Risk and Risk Management  
 
  Risk is defined as:
- the possibility that an action, event or set of circumstances will adversely or beneficially affect an organisation's ability to achieve its objectives

Risk Management is defined as:

- the planned and systematic approach to identification, evaluation and control of risk
     
  3.    Policy and Objectives 
     
 3.1    The risk management policy of the University of Glasgow is to adopt good practices in the identification, evaluation and cost effective control of risks to ensure that risks are either i) avoided, ii) reduced to an acceptable level, or iii) managed and contained.
     
 3.2    As a diverse institution, we will seek to embed risk management practices effectively within management and planning activities across the University.
 3.3    Our approach to risk management recognises that to advance and succeed the University needs to strike a balance between stability and innovation. In a changing and challenging environment risk management helps us to create and seize opportunities in a managed way.
     
 3.4    All employees must understand the nature of risk and accept responsibility for managing the risks associated with their area of authority.
     
 3.5  

 The risk management objectives of the University are to: 

  • Integrate an awareness of managed risk taking, and effective risk management into the culture of the University
  • Manage risk in accordance with good practice;
  • Embed risk management within strategic and operational management processes;
  • Consider legal compliance as a minimum standard;
  • Anticipate and respond to changing economic, social, environmental and legislative requirements;
  • Prevent injury and damage and reduce the cost of risk;
  • Raise awareness of the need for risk management.
     
3.6   

These objectives will be achieved by:

  • Embedding formal risk reviews into all planning and capital project documents.
  • Developing and maintaining a strategic risk register which details those risks which, in the view of senior management and representatives of Court, pose the greatest challenge to the achievement of the University's objectives and of its continuing function;
  • Assessing the likelihood of these risks occurring and the likely impact of an occurrence;
  • Putting in place arrangements to manage and monitor risk;
  • Including risk management within the Terms of Reference of all committees;
  • Continuing to demonstrate the application of risk management principles;
  • Maintaining effective communication and the active involvement of staff across the University;
  • Preparing contingency plans in areas where there is a potential for an occurrence having a wholly negative effect on the University and its business capability;
  • Monitoring and reviewing arrangements on an ongoing basis.
     
 3.7    All risks contained on the risk register will be subject to high level monitoring by the Senior Management Group. Further information on the monitoring systems is contained in section 6.
     
 4.   Underlying Approach 
     
   

The following key principles outline the University's approach to risk management and internal control:

  • the University Court via the Audit Committee, has responsibility for overseeing risk management within the University
  • the Principal and the Senior Management Group, support, give advice on and ensure implementation of policies approved by the Court
  • the timely and prudent recognition and disclosure of the financial and non-financial implications of risks by the Principal, and Senior Management Group.
  • Heads of College and Heads of School are responsible for encouraging good risk management practice within their Colleges and Schools.
  • key risk indicators are identified and closely monitored on a regular basis.
     
5.     Roles & Responsibilities
     
 5.1   The Principal, as the Chief Executive Officer, is responsible for ensuring that specific programmes and procedures are developed for establishing and maintaining risk management activities within the framework set out above. The Principal will be responsible for reporting to Court, via the Audit Committee, a summary of the University risk management process and the outcome of the risk management monitoring activities.  
     
 5.2    Day to day responsibility for risk management will be delegated to the Director of Finance. The Director will ensure the monitoring systems are robust, and will provide guidance and advice to those involved in the operational management of risk. 
     
 5.3    The Director of Finance will implement a system for collating information from Colleges and providing management information to the Principal and the Senior Management Group. 
     
 5.4    The risk events identified within the Strategic Risk Register are determined by the University's Strategic Framework. Each risk event is assigned to a Risk Manager, who will normally be a Senior Officer. The role of Risk Manager is to take responsibility for ensuring that suitable policies and abatement strategies are in place for dealing with each identified risk in line with Section 3 above. 
     
 6.   The Risk Management Monitoring System 
     
 6.1  

Colleges are required to report on the management of the risks for which they are responsible on an annual basis. These reports form the basis of the reports to the Budget Setting Committee and Audit Committee. The reporting takes the form of a 'traffic light system' that indicates the extent to which the risk has been successfully mitigated as a result of risk management activities.

Green:  Performance is satisfactory and on target. This aspect of the risk is likely to be well managed.
 
Amber:  Performance is adequate and some active risk management is occurring. Progress in managing this risk may have been delayed or a slight adverse trend may have arisen. May require attention to ensure they do not become 'Red.'
 
Red:  The risk management process is not currently working and/ or risk exposure continues to remain high.
     
 6.2   Responsibility for the management of operational risk is devolved to Heads of College and Heads of School. Each College is required to develop their own risk registers, based on the content and objectives of their annual plan.  
     
 6.3   Colleges are required to report regularly as part of the budget commentary on the management of risk in their area and these risk reports will be consolidated at the corporate level.
     
 6.4   College Risk Managers will be required to retain documentation to support their green / amber / red assessment and this may be subject to review by the University Internal and External Auditors. 
     
 6.5    Internal Audit will be required to review the risk management process as part of the audit cycle and to provide Audit Committee with an opinion as to the adequacy of the arrangements; and to propose improvements if required.