How To Write A Risk Management Policy For The University Of Kerry



Similar documents
RISK MANAGEMENT POLICY (Revised October 2015)

The University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17

Compliance Policy AGL Energy Limited

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

ACN Incorporated in Australia. Risk Management Guidelines and Policy

Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Risk Management Policy

How To Be Accountable To The Health Department

Data Quality Policy. October 2013

Bridgend County Borough Council. Corporate Risk Management Policy

Risk Management Policy Adopted by:

Risk Management Strategy

ENTERPRISE RISK MANAGEMENT POLICY

GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY. 1. Occupational Health and Safety Policy Statement 1

SAI GLOBAL LIMITED Risk Management Policy

Following up recommendations/management actions

Risk Management Policy

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

Application of King III Corporate Governance Principles

ORDINANCE 22 UNIVERSITY OF LONDON RISK MANAGEMENT POLICY

Application of King III Corporate Governance Principles

Macquarie Group Limited Board Charter

APPENDIX 50. Enterprise risk management - Risk management overview

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

CORPORATE GOVERNANCE. 1 Introduction. 2 Board composition and conduct

Internal Audit Standards

Confident in our Future, Risk Management Policy Statement and Strategy

Risk Management Strategy

MISSION VALUES. The guide has been printed by:

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

The report rated this area Substantial Assurance and made 2 housekeeping recommendations.

Policy : Enterprise Risk Management Policy

TRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT

National Occupational Standards. Compliance

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

ING Group Compliance Risk Management Charter and Framework

Standards for the Professional Practice of Internal Auditing

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

INTERNAL AUDIT FRAMEWORK

Fraud Prevention and Deterrence

Compliance. Group Standard

J u n e N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management.

Business Continuity Management

Internal Audit Practice Guide

Risk Management Strategy EEA & Norway Grants Adopted by the Financial Mechanism Committee on 27 February 2013.

Qualification details

Risk Management Policy

OSFI Updates Guidance on Regulatory Compliance Management. By Carol Lyons and Jared Grossman

Business Continuity Management Policy and Framework

PM Governance. Executive Team ADCA ADCA

Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference

Finance and Operations Manager

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Basel Committee on Banking Supervision. Consolidated KYC Risk Management

Code of Corporate Governance

Agency Board Meeting 28 July 2015

Best Value toolkit: Information management

Integrated Risk Management Policy

Version No: 2 Date: 27 July Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

Risk Management Policy

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

Risk Management Committee Charter

GOVERNMENT INTERNAL AUDIT COMPETENCY FRAMEWORK

Division of Insurance Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014

Business Continuity & Crisis Management

Sample risk committee charter

Risk Management Solution for NPO

AUDIT COMMITTEE TERMS OF REFERENCE

COMPLIANCE CHARTER 1

ESKITP Authorise strategy, policies and standards relating to IT service delivery performance metrics management

Risk Management Policy. Corporate Governance Risk Management Policy

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Corporate Health and Safety Policy Issue 9

How To Manage Risk In Ancient Health Trust

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

Public Sector Internal Audit Standards

Prudential Practice Guide

1.1 Terms of Reference Y P N Comments/Areas for Improvement

Effective Internal Audit in the Financial Services Sector

Transcription:

Risk Management Policy Originator name: Department: Implementation date: Ruth Anderson Finance 1 August 2013 Date of next review: 1 August 2016 Related policies: Health & Safety Policy, Equality & Diversity Policy Version History Version Author Revisions Made Date 1 R Anderson First Draft July 13 Approval History Equality Analysis Version Reviewed by Date 1 Jo McCarthy-Holland 11/07/13 Committee Sign Off Version Committee Name Date of Sign Off 1 Executive Board 23/7/13 1 Audit Committee 25/7/13 1 Council 25/7/13

1 Introduction 1.1 Purpose This risk management policy forms part of the University s internal control and corporate governance arrangements. The internal control system encompasses a number of elements that together facilitate an effective and efficient operation, enabling the University to respond to a variety of operational, financial and commercial risks. The policy sets out the University s definition of risk and describes the purpose of risk management. It explains the University s underlying approach to risk management and documents the roles and responsibilities of key parties. 1.2 Scope This policy applies to Executive Board members; senior managers; members of Council and its Committees; and the University s internal audit service. 1.3 Equality Analysis The University is strongly committed to equality of opportunity and the promotion of diversity for the benefit of all members of the University community. Equality analysis is a tool which helps consider the effect of activities on different groups of people and to ensure that policies, decisions and services work well for everyone. The policy itself is considered to have a broadly neutral impact for groups with protected characteristics under the Equality Act 2010. Failure to manage risk effectively, where it relates to an activity involving a particular group / community, could lead to equality issues.equality analysis is recognised as a useful tool in assessing risk. 1.4 Definitions Risk anything that can impede or enhance an organisation s ability to achieve its objectives. Risk Management the process, structure and culture put in place to identify, assess and control the uncertainties which may impact on the organisation s ability to achieve its objectives. Level 1 Risk Register the University s High Level Risk Register, reflecting the key risks to the University s strategic aims and objectives. Level 2 Risk Register a risk register owned at individual Executive Board member level reflecting the key strategic and operational risks within a Faculty or Support Area. Risk Appetite - the level of risk that an organisation is prepared to take to achieve its strategic objectives. 1.5 Legislative / Regulatory Context Under the terms of its Financial Memorandum with HEFCE, Council must take reasonable steps to ensure that there are sound arrangements for risk management, control and governance within the University. 1.6 Health & Safety Implications N/A 2

2 Policy 2.1 Principles 2.1.1 Effective risk management is essential to the continuation, growth and prosperity of the University in line with its strategic objectives. It is not a process for avoiding risk. If used well, it will actively allow the University to take on activities with a higher level of risk because the risks have been identified, are understood and well managed and the residual risk is thereby lower. 2.1.2 The University adopts an open and receptive approach to the management of risk. 2.1.3 Risk management is intrinsic to the management of the University s business and not simply a compliance issue. 2.1.4 Risk management requires a proactive rather than a reactive approach. 2.2 Procedures 2.2.1 Role of Council Council has responsibility for overseeing risk management within the University as a whole. Its role is to: Set the tone and influence the culture of risk management within the University. Determine the appropriate risk appetite or level of exposure for the University and formally document this in a risk appetite statement that is reviewed, and where necessary updated, on at least a triennial basis. Approve major decisions which may affect the University s risk profile or exposure e.g. major capital investments, mergers and overseas partnerships. 2.2.2 Role of the Audit Committee On behalf of Council, the Audit Committee is responsible for: Ensuring that appropriate arrangements are in place to ensure that risks are identified, assessed and effectively managed. Monitoring the management of significant risks which could threaten the achievement of the University s strategic objectives. Ensuring that internal auditors have plans to review the adequacy and effectiveness of risk management and provide an annual assessment of the University s risk management arrangements. Audit Committee will:- Report to Council on risk management and alert Council members to any emerging issues. Prepare an annual report of its review of the effectiveness of the University s risk management, control and governance arrangements for consideration by Council and the President & Vice-Chancellor as Accounting Officer. In preparing its report, the Audit Committee will draw on information provided by the internal audit service, external audit and the Executive Board. 3

2.2.3 Role of the Executive Board Key roles of the Executive Board are to: Implement policies approved by Council on risk management and internal control. Own the University s High Level Risk Register (Level 1 Risk Register), specifically:- To identify and evaluate the significant risks faced by the University. To agree ownership of risks. To ensure that appropriate actions are taken to mitigate risks. Ensure that the High Level Risk Register remains effective by: Appraising the register formally on at least an annual basis Ensuring that emerging risks are added as required and mitigating actions and risk indicators are monitored regularly and updated as appropriate Reviewing the High Level Risk Register at all regular meetings of the Executive Board Develop strategies, policies and procedures to assist in the management of major risks. Individual members of the Executive Board are responsible for:- Encouraging good risk management practice within their area of responsibility, ensuring that Faculty and Departmental risks are identified and assessed and that appropriate actions are taken to mitigate the risks. Specifically:- 2.2.4 Role of Internal Audit Establishing and maintaining Level 2 Risk Registers in the same format as the High Level Risk Register for faculties and major support areas (including Corporate Services, Registrar s Division and IT). Establishing and maintaining risk registers, in the same format as the University s High Level Risk Register, for projects of major strategic and/or operational importance The Internal Audit Service adopts a risk-based approach to its work with the overall objective of evaluating and improving the effectiveness of the University's risk management, internal control and governance processes. This involves conducting an annual review of the adequacy of the University's risk management arrangements and a programme of reviews based substantially on the University's assessment of high level risks. 3 Governance & Directory Requirements 3.1 Responsibility The Chief Financial Officer has overall responsibility for this policy. The Deputy Director, Corporate Finance, has responsibility for ensuring it is effectively implemented, progress monitored and that the policy is regularly reviewed. 3.2 Implementation / Communication Plan This policy will be communicated via the University s Corporate Policies website and the 4

Finance Department website. It will be communicated directly to members of the Executive Board, Faculty Managers and other Senior Managers responsible for Level 2 and/or Project Risk Registers. 3.3 Exceptions to this Policy N/A 3.4 Supporting documentation Level 2 Risk Register Guidelines can be found on the Finance website in Resources, then Risk Management: http://www.surrey.ac.uk/surreynet/departments/finance/resources/ 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information