University of Edinburgh Risk Policy and Risk Appetite



Similar documents
Principles for An. Effective Risk Appetite Framework

Relationship Manager (Banking) Assessment Plan

Programme Specification

RISK MANAGEMENT POLICY

Risk appetite How hungry are you?

INVESTMENT POLICY April 2013

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

This section outlines the Solvency II requirements for a syndicate s own risk and solvency assessment (ORSA).

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Solvency II Own Risk and Solvency Assessment (ORSA)

Understanding and articulating risk appetite

Achieve. Performance objectives

Risk Management Framework

Consultation Document: Review of the Treatment of Charitable and Religious Organisations under the Non-bank Deposit Takers Regime

Capital Requirements Directive Pillar 3 Disclosure. December 2015

RISK MANAGEMENt AND INtERNAL CONtROL

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

EIB Group Risk Management Charter

University of Edinburgh Procurement Strategy updated May 2013

UNDERSTANDING INVESTMENT RISK

GOLDSMITHS University of London COUNCIL. FINANCE AND RESOURCES COMMITTEE 18 March 2014

Governance, Risk and Best Value Committee

Fundamental Principles of Financial Auditing

SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT

Risk Management Policy Adopted by:

Policy Statement: Licensing Policy in respect of those activities that require a permit under the Insurance Business (Jersey) Law 1996

Education programme standards for the registered nurse scope of practice Approved by the Council: June 2005

Corporate Governance Report

Guideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016

RISK MANAGEMENT AND COMPLIANCE

PRINCIPLES FOR THE MANAGEMENT OF CONCENTRATION RISK

EAST AYRSHIRE COUNCIL CABINET 21 OCTOBER 2009 TREASURY MANAGEMENT ANNUAL REPORT FOR 2008/2009 AND UPDATE ON 2009/10 STRATEGY

Risk Management & ORSA. kpmg.ca/insuranceconference2014

Final Report on Public Consultation No. 14/017 on Guidelines on own risk and solvency assessment

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

Guidance Note: Stress Testing Class 2 Credit Unions. November, Ce document est également disponible en français

EIOPA-CP-11/008 7 November Consultation Paper On the Proposal for Guidelines on Own Risk and Solvency Assessment

EIOPACP 13/09. Guidelines on Forward Looking assessment of own risks (based on the ORSA principles)

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

High level principles for risk management

RISK MANAGEMENT POLICY (Revised October 2015)

Solvency II Own risk and solvency assessment (ORSA)

A Risk Management Standard

Issued on: 1 March Risk Governance

Guidelines on Investment in Shares, Interest-in-Shares and Collective Investment Schemes for Islamic Banks

Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference

SAI GLOBAL LIMITED Risk Management Policy

GUIDELINES ON INVESTMENT MANAGEMENT FOR LABUAN INSURANCE AND TAKAFUL BUSINESS

Implementation of Solvency II: The dos and the don ts

RISK MANAGEMENT POLICY

How to achieve excellent enterprise risk management Why risk assessments fail

Solvency II Detailed guidance notes

Insurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

Risk management systems of responsible entities

FINANCIAL REPORTING COUNCIL GOING CONCERN AND LIQUIDITY RISK: GUIDANCE FOR DIRECTORS OF UK COMPANIES 2009

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

MERCHANT NAVY OFFICERS PENSION FUND STATEMENT OF INVESTMENT PRINCIPLES

CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value. May 2012.

Goal Based Investment Risk Profile

ARB's overarching goals The Board has identified two objectives from the Act which underpin all of our work:

The Scottish Investment Trust PLC

Care service inspection report

Anti-Bribery and Corruption Policy

From ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca

Board oversight of risk: Defining risk appetite in plain English

Business-critical Insurance

AUDIT AND NON-AUDIT SERVICES SUPPLIED BY AUDIT FIRMS

Internal Control Integrated Framework. May 2013

Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement.

Terms of Reference - Board Risk Committee

Risk Concentrations Principles

CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS

Audit Quality Thematic Review

UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Practice Note. 23Revised. October 2009 AUDITING COMPLEX FINANCIAL INSTRUMENTS INTERIM GUIDANCE

How To Write An Insurance Profile Summary

APRIL Economic Impact of AIM

Higher audit threshold for charities

Guidelines on Investment in Shares, Interest-in-Shares and Collective Investment Schemes

Market and Liquidity Risk Assessment Overview. Federal Reserve System

Annual funding statement

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management

A GOOD PRACTICE GUIDE FOR EMPLOYERS

Policy on the Management of Country Risk by Credit Institutions

Registrar of Community Housing 5. Financial Viability

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Strategic Plan

Prudential Practice Guide

Introduction to Social Compliance & Its Business Benefits

People & Organisational Development Strategy

Charities and investment matters: a guide for trustees

and Risk Tolerance in an Effective ERM Program

Transcription:

University of Edinburgh Risk Policy and Risk Appetite 1. Pushing the boundaries of knowledge, innovating, and implementing strategic developments will always have risks. Effective risk management increases the probability of successful outcomes, whilst protecting the reputation and sustainability of the University. 2. The management of risks in the University is undertaken within a framework comprising governance processes a defined Risk Policy and Appetite statement. identification, evaluation and management of significant risks assurance and audit processes, the underlying policy and control environment. 3. The Statement of Risk Policy and Appetite specifies the amount of risk the University is willing to seek or accept in the pursuit of its long term objectives. It indicates the parameters within which the University would want to conduct its activities. The statement below has been considered by the University Central Management Group and was formally adopted by the University Court at its meeting on 24 June 2013. 4. Good practice in Risk Management indicates that organisations should specify their appetite for risk at a granular level related to the nature of activities in the organisation. The attached Appendix provides the background to the developments in risk management practice that lie behind the adoption of this Statement of Risk Policy and Appetite by the University. 5. In terms of priorities, the need to avoid reputational, compliance and overall financial risk will take priority over other factors e.g. it will be acceptable to undertake risks in research activities providing they do not expose the University to undue reputational, compliance or financial risk. A balanced assessment has to be taken of risks in many cases there are risks attached to both doing something and doing nothing. 6. Given the devolved nature of the University, the Statement is intended to act as a guide to academic and professional managers and committees indicating the areas where colleagues should step out and be innovative, the areas where colleagues should be conservative and compliant in their activities, and the lines across which the University Court and senior management would not wish to cross, and where the University s senior management and Court would need to be notified 7. Where appropriate, the implementation of the Statement will be incorporated into processes and procedures of the University 8. Responsibility for managing the activities of the University within the Statement of Risk Policy and Risk Appetite lies with the management of the University in particular Heads of Colleges, Schools, Support Services and Subsidiary Companies, as well as key University and College Committees.

Statement of Risk Policy and Risk Appetite The University s approach is to minimise its exposure to reputational, compliance and financial risk, whilst accepting and encouraging an increased degree of risk in pursuit of its mission and objectives. It recognises that its appetite for risk varies according to the activity undertaken, and that its acceptance of risk is subject always to ensuring that potential benefits and risks are fully understood before developments are authorised, and that sensible measures to mitigate risk are established. The University s appetite for risk across its activities is provided in the following statements, and is illustrated diagrammatically. Unacceptable Higher Willingness to take risks to take risks 1 2 3 4 5 6 7 8 9 10 Reputation < > Compliance < > Financial < > Research < > Education & Student Experience < > Knowledge Exchange < > International Development < > Major change activities < > Environment and Social Responsibility < > People and culture < > Reputation It is regarded as critical that the University preserves its high reputation. The University therefore has low appetite for risk in the conduct of any of its activities that puts its reputation in jeopardy, could lead to undue adverse publicity, or could lead to loss of confidence by the Scottish and UK political establishment, and funders of its activities. Compliance The University places great importance on compliance, and has no appetite for any breaches in statute, regulation, professional standards, research or medical ethics, bribery or fraud. It wishes to maintain accreditations related to courses or standards of operation, and has low appetite for risk relating to actions that may put accreditations in jeopardy Financial The University aims to maintain its long term financial viability and its overall financial strength. Whilst targets for financial achievement will be higher, the University will aim to manage its financial risk by not breaching the following minimum criteria 1 : It will - achieve a surplus of a minimum of 2% of gross income over any 3 year period - operate with a Staff Cost/Total Expenses ratio of less than 60% - achieve a rate of return of at least 2% above inflation on its endowment investments over a 3 year period - ensure long term borrowings never exceed 20% of net assets - ensure its surplus before interest always exceeds 2 times net interest charge - ensure that at least three months equivalent spend is held cash or cash equivalents or in negotiated bank facilities The above statements take priority over the statements of areas of risk appetite below 1 These have been developed in conjunction with the Director of Finance

Research The University wishes to be at the leading edge in the creation of knowledge and making a difference to society. It wishes to grow its research activities, and improve its performance in each REF assessment compared to the previous assessment. It recognises that that this will involve an increased degree of risk in developing research activities, and is comfortable in accepting this risk subject to a) limitations imposed by ethical considerations, and b) ensuring that potential benefits and risks are fully understood before developments are authorised and that sensible measures to mitigate risk are established. Education and Student Experience The University wishes to stimulate students to develop a lifelong thirst for knowledge and learning, and encourage a pioneering innovative and independent attitude and an aspiration to achieve success. It expects as a minimum to be in the top quartile of surveys related to student experience. It recognises that this should involve an increased degree of risk in developing education and the student experience, and is comfortable in accepting this risk subject always to ensuring that potential benefits and risks are fully understood before developments are authorised and that sensible measures to mitigate risk are established. Knowledge Exchange The University wishes to be amongst the leaders in transforming knowledge, ideas, skills, and expertise into advice, innovation, intellectual property, and enterprise, thereby enriching society. It recognises that developing this may involve an increased degree of risk, and is comfortable in accepting this risk subject always to ensuring that potential benefits and risks are fully understood before developments are authorised and that sensible measures to mitigate risk are established. International Development the University aims to achieve global impact in its activities and to promote research and other collaborations and staff/student exchanges with leading institutions across the world. It has a strong appetite for developing such networks to the extent that they support the mission and reputation of the University, a medium appetite for investing in research facilities overseas, and a low appetite for investing in the development of student campuses outside of the UK. Major Change activities (e.g. projects, collaborations, mergers) Major change activities are required periodically to develop the University, and to adapt to changes in the regulatory and technological environment and in the nature and conduct of the University s activities. The University expects such changes to be managed according to best practice in project and change management, and has low appetite for deviating from such standards. Environment and Social Responsibility The University aims to make a significant, sustainable, and socially responsible contribution to Scotland, the UK and the world through its research, education, knowledge exchange and operational activities. It recognises that this should involve an increased degree of risk and is comfortable in accepting this risk subject always to ensuring that potential benefits and risks are fully understood before developments are authorised and that sensible measures to mitigate risk are established. People and culture The University aims to value, support, develop and utilise the full potential of our staff to make the University a stimulating and safe place to work. It places importance on a culture of academic freedom, equality and diversity, dignity and respect, collegiality, annual reviews, the development of staff, and the health and safety of staff, students and visitors. It has low appetite for any deviation from its standards in these areas.

Appendix Developments in Practice - Risk Appetite Risk Appetite is "the amount of risk that an organisation is willing to seek or accept in the pursuit of its long term objectives." 2 One of the key developments arising from the global financial crisis, the sovereign debt crisis, as well as individual major corporate failures that took place from 2008/9, has been a recognition of the increasing importance of defining and communicating Risk Appetite and integrating it into the strategic decision making and operations of an organisation. The key question that has been posed is why boards failed to see crises coming, and exposed themselves to risks that they had little capacity to manage. A number of reviews and changes to recommended governance codes of practice have taken place to address this issue, some of which are noted below. 1) In 2009/10 a review of the corporate governance of Banks and Other Financial Institutions ( BOFI s ) was undertaken by Sir David Walker at the request of the UK Government. 2) This was followed by a review of the broader corporate governance landscape in the UK by the Financial Reporting Council (the FRC ). 3) The FRC updated the UK Corporate Governance Code (2010). Under the newly expanded Section C, a board is explicitly tasked with being responsible for determining the nature and extent of the significant risks it [the board] is willing to take in achieving its strategic objectives. This inserts the concepts of risk appetite and risk tolerance into the Code. 4) The Financial Reporting Council (FRC) subsequently issued a guidance document - "Boards and Risk: A Summary of Discussions with Companies, Investors and Advisers" (Sept 2011). The main findings included: the Board s overall responsibilities include determining the company s approach to risk, setting its culture, risk identification, oversight of risk management, and crisis management.. better risk decision-taking should not automatically mean less risk-taking, which was essential to entrepreneurial activity different board committee structures may be appropriate to different industries and companies the Board needs to agree its appetite or tolerance for key individual risks; to understand the company s exposure to risk and how this might change, as a result of changes to strategy and the operating environment; and to take a view on these changes. Boards need to focus especially on those risks capable of undermining the strategy or long-term viability of the company or damaging its reputation. reputational risk has grown in importance and required greater attention. 5) The financial services community in particular are focused on articulating Risk Appetite due to the increased regulatory and supervisory focus, and the requirement for financial institutions to hold adequate capital and maintain a satisfactory level of solvency. One example is the EU Solvency 2 Directive which required insurance companies to produce a Risk and Solvency Assessment (ORSA) statement 6) When assessing the quality of an organisation s risk management, credit rating agency Standard & Poor s reportedly now examines whether an enterprise has a clearly articulated risk appetite process and to what degree this process is integrated with its strategy and culture. 2 There are various definitions of Risk Appetite being used in the literature, the above being the one taken from the Institute of Risk Management - Risk Appetite and Tolerance Guidance Paper (2011)

7) As well as meeting the requirements imposed by corporate governance standards, organisations in all sectors are increasingly being asked by key stakeholders including investors, analysts and the public, to express clearly the extent of their willingness to take risk in order to meet their strategic objectives. Major accountancy/consultancy firms have issued guidance notes on developing and implementing Risk Appetite / Risk Tolerance statements 3. The key messages coming from these guidance notes are: 1) Defining risk appetite is very much a task for the board and top management, as it is intimately linked to defining the overall strategy of an organisation 2) Organisations are distinguishing between those risks that are core to their business where appetite needs to be articulated and controlled, and those which are a consequence of business where mitigating actions are important. 3) Risk appetite is not a single fixed concept. There will be a range of appetites for different risks which need to be articulated and these appetites may vary over time 4) Risk appetite should be developed in the context of an organisation s risk management capability, which is a function of capacity, capability, and risk management maturity. 5) Risk appetite should take into account differing views at a strategic, tactical and operational level, and also take into account the expectations of shareholders, regulators and other stakeholders 6) Risk appetite should be integrated with the control culture of the organisation. 7) In a corporate context, discussions on risk appetite will usually include a variety of topics such as solvency, liquidity, earnings and earnings volatility; credit rating; reputation and brand; expansion into new products, customer groups or countries; supply chain management; acquisitions; environmental impact; corporate governance and compliance; human resources. 8) The risk appetite should also be consistent with the culture of the organisation and with the capacity of the organization to manage risks inherent in its business activities. 9) A good description of a company s risk appetite will have both qualitative and quantitative elements. On various issues, it may include definitions of what is acceptable and what is not. 10) Once the organization s overall risk appetite has been clearly defined, the board and executive management should communicate it broadly throughout the organization to ensure actions of the organisation are in line with the risk appetite. Executive management should operationalize the risk appetite in various steps and for all relevant risks and business units. 11) Risk tolerance levels should be considered for specific categories of risk, e.g., strategic, operational, financial and compliance risks. Risk tolerance expresses the specific maximum risk that an organization is willing to take regarding each relevant risk (sub-) category, often in quantitative terms e.g. by reference to upper and a lower risk limits or using a traffic light alert process. Breaching risk limits will typically act as a trigger for corrective action at the process level. 3 Risk Appetite - A market study (Grant Thornton 2012); Risk appetite A Strategic Balancing Act (E&Y 2010); Risk Appetite How Hungry Are You (PWC); Risk Appetite and Tolerance Guidance Paper (Institute of Risk Management 2011); Understanding and Articulating Risk Appetite (KPMG 2008); Business risk A Practical Guide for Board Members (IOD 2012)

12) A definition of risk appetite cannot be a one-off exercise. Risk appetite, tolerance, targets and limits are not static. Risks change continuously. They must be updated with changes in a company s environment (economy, markets, regulations, technology etc.), strategy and performance. Whilst the above has a corporate focus, Higher Education institutions are expected to read across and adopt the UK Corporate Governance Code as relevant to the Higher Education setting. Updating the University's Risk Strategy and Risk Appetite should therefore take into account the above, as appropriate to this institution. N A L Paul May 2013

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information