Risk Management

Overview

Risk Management at the University is overseen by the Directorate of Planning, within Professional Services.

The University has in place a comprehensive Risk Management Framework, which is applicable across the institution at all levels.  The University’s risk management arrangements are an integral part of its wider strategic planning function; risk management is a key mechanism which both underpins and supports delivery of strategic objectives, both institutionally and within Schools.

 In line with this, identified risks will generally reflect identified strategic objectives and areas of strategic importance, as outlined in the University’s Strategic Plan 2015-2020 at institutional level, and below that, within individual School Plans. As such, risk management should be seen as an important tool which helps facilitate management and delivery of the activities and objectives that support of our strategic ambitions.

If you have any queries about University risk management or the University's Strategic Risk Register, please contact Iain Grant.

Governance and Reporting Arrangements

At institutional level, the University has a Strategic Risk Register, comprised of 10 key risk areas. Each risk area is managed by a Risk Owner who has overarching accountability, and a Risk Manager, who has overarching responsibility for effective management of the risk. The Risk Owner will normally be a Vice Principal or senior academic manager; the Risk Manager will normally be a Director, based on their area of responsibility and the corresponding risk areas.

The Strategic Risk Register is managed as part of a comprehensive corporate governance system, designed to ensure that the appropriate level of checks and balances are in place. First, the University Management Group (UMG) receive detailed bi-annual risk management reports, variants of which go on to Operating Board and Audit Committee.  In turn, a high-level report is submitted to University Court twice per year; Court is the institutional body with ultimate accountability for risk management.

Within Schools, Professional Services and on projects, Risk Management is addressed locally, and is considered an important management tool. At School level, Risk Management is overseen by Executive Committees, and it is fully integrated as part of the School strategic planning process. Information on the management of risk at this level is included in the biannual reports to Court.

Key Documentation
  • Risk Management Framework: this is the overarching institutional document for risk management. It sets out the University’s policy statement on risk management, its risk appetite and it also provides comprehensive guidance on the risk management proces.
  • Risk Register Technical Guide: this is a supporting document which provides a detailed overview on how to use the University’s Risk Register template.
  • Risk Register Template: the standard University template for creating and developing a risk register.

Audit

The role of the Audit Committee; internal and external audit

Audit Committee

It is a Scottish Funding Council (SFC) requirement that all Higher Education institutions in Scotland appoint an Audit Committee.

The role of the Audit Committee is to oversee the effectiveness of the University’s, risk management, control and governance arrangements and to provide assurance to the SFC that the institution has arrangements in place to promote economy, efficiency and effectiveness in the conduct of all aspects of its business.

Internal Audit

Internal audit provides the University Court, through the Audit Committee, with an independent and objective opinion on governance, risk management and internal control and their effectiveness in achieving the organisation’s agreed objectives. It also has an independent and objective advisory role to help senior managers improve governance, risk management and internal control. The work of internal audit forms a part of the University’s overall assurance framework.

To ensure objectivity, the University outsources its Internal Audit function. In the academic year 2014-15, Internal Audit services are provided by PricewaterhouseCoopers.

Further details are available from the Clerk to the Audit Committee Ruth MacLure, who coordinates the Internal Audit Plan on behalf of the University.

External Audit

External audit services are provided to the University by KPMG until 31 December 2014.

External Audit is focussed on the production of the audited annual financial statements at the end of the University financial year (31 July). It is the External Auditor’s role to confirm that the accounting policies, judgements and estimates made by the University’s Finance managers are appropriate and in line with generally accepted practice.

Following approval by Court, the External Auditor’s report forms part of the University’s annual financial assurance submission to the SFC.