Risk Management


Risk Management at the University is overseen by the Directorate of Planning, within Professional Services.

The University has in place a comprehensive Risk Management Framework, which is applicable across the institution at all levels. The University’s risk management arrangements are an integral part of its wider strategic planning function; risk management is a key mechanism which both underpins and supports delivery of strategic objectives, both institutionally and within Schools.

In line with this, identified risks will generally reflect identified strategic objectives and areas of strategic importance, as outlined in the University’s Strategic Plan 2015-2020 at institutional level, and below that, within individual School Plans. As such, risk management should be seen as an important tool which helps facilitate management and delivery of the activities and objectives that support of our strategic ambitions.

If you have any queries about University risk management or the University's Strategic Risk Register, please contact Iain Grant.

Governance and Reporting Arrangements

At institutional level, the University has a Strategic Risk Register, comprised of 10 key risk areas. Each risk area is managed by a Risk Owner who has overarching accountability, and a Risk Manager, who has overarching responsibility for effective management of the risk. The Risk Owner will normally be a Vice-Principal or senior academic manager; the Risk Manager will normally be a Director, based on their area of responsibility and the corresponding risk areas.

The Strategic Risk Register is managed as part of a comprehensive corporate governance system, designed to ensure that the appropriate level of checks and balances are in place. First, the University Management Group (UMG) receive detailed bi-annual risk management reports, variants of which go on to Policy and Resources Committee and Audit and Risk Committee. In turn, a high-level report is submitted to University Court twice per year; Court is the institutional body with ultimate accountability for risk management.

Within Schools, Professional Services and on projects, Risk Management is addressed locally, and is considered an important management tool. At School level, Risk Management is overseen by Executive Committees, and it is fully integrated as part of the School strategic planning process. Information on the management of risk at this level is included in the biannual reports to Court.

Key Documentation
  • Risk Management Framework: this is the overarching institutional document for risk management. It sets out the University’s policy statement on risk management, its risk appetite and it also provides comprehensive guidance on the risk management proces.
  • Risk Register Technical Guide: this is a supporting document which provides a detailed overview on how to use the University’s Risk Register template.
  • Risk Register Template: the standard University template for creating and developing a risk register.
Contact Us
If you have any queries about University risk management or the University's Strategic Risk Register, please contact Iain Grant.


The role of the Audit and Risk Committee; internal and external audit

Audit and Risk Committee

It is a Scottish Funding Council (SFC) requirement that all Higher Education institutions in Scotland appoint an Audit and Risk Committee.

The role of the Audit and Risk Committee is to oversee the effectiveness of the University’s risk management, control and governance arrangements and to provide assurance to the SFC that the institution has arrangements in place to promote economy, efficiency and effectiveness in the conduct of all aspects of its business.

Internal Audit

Internal audit provides the University Court, through the Audit and Risk Committee, with an independent and objective opinion on governance, risk management and internal control and their effectiveness in achieving the organisation’s agreed objectives. It also has an independent and objective advisory role to help senior managers improve governance, risk management and internal control. The work of internal audit forms a part of the University’s overall assurance framework.

To ensure objectivity, the University outsources its Internal Audit function and these services are currently provided by PricewaterhouseCoopers.

Further details are available from the Clerk to the Audit and Risk Committee Ruth MacLure, who coordinates the Internal Audit Plan on behalf of the University.

External Audit

External audit services are currently provided to the University by KPMG.

External Audit is focussed on the production of the audited annual financial statements at the end of the University financial year (31 July). It is the External Auditor’s role to confirm that the accounting policies, judgements and estimates made by the University’s Finance managers are appropriate and in line with generally accepted practice.

Following approval by Court, the External Auditor’s report forms part of the University’s annual financial assurance submission to the SFC.

Danger sign