​Risk Management at Edinburgh Napier University

 

Risk Management is "a process which provides assurance that objectives are more likely to be achieved: damaging things will not happen or are less likely to happen; and beneficial things will be or are more likely to be achieved" [1]. 

 

The Risk Management Policy​ forms part of the institution's internal control and corporate governance arrangements.  The policy explains the institution's underlying approach to risk management, documents the roles and responsibilities of the members of Court, the University Leadership Team (ULT) and other key parties.  It also outlines key aspects of the risk management process, and identifies the main reporting procedures.

 

Risk Appetite

All new projects and initiatives must have regard to and be aligned with the University’s risk appetite and tolerances statement available here.  Risk appetite is the amount or type of risk that the University is prepared to tolerate to achieve its strategic aims and objectives.  The statement is a guide to all staff and stakeholders indicating the areas where a conservative, compliance focussed approach to risk should be taken and areas where an innovative approach embracing a degree of risk would be tolerated to deliver the aspirations set out in the University strategy, subject to ensuring careful control and mitigation of adverse compliance, legal, reputational and financial aspects.

A spreadsheet template setting out the risk categories and tolerance levels can be found here​ together with guidance and an illustrative example.  In addition, as part of the due diligence process, any projects being considered by ULT or other University Committees must include reference to the risk appetite statement in the committee paper.  The committee cover sheet is available here​​.  If the project does not fall within the specified tolerance levels, it may require further consideration as there may be exceptional occasions where the University would be willing to tolerate a greater degree of risk.  Consideration of the risk categories as expressed in the risk appetite statement provides transparency for decision making and a basis for further discussion where required.  

Business Continuity

A key strand of Risk Management is Business Continuity Management (BCM).  BCM is the term used to describe the process of ensuring that organisations can continue to provide services in the event of suffering a major incident with the potential to cause severe disruption. 

 

The University has a range of business continuity management processes and procedures in place to ensure that the institution is able to remain resilient and provide continuity of services in the event of a major incident.  These include Emergency Response Procedures, Crisis Response Plan and Contingency Plans for specific risks such as Communicable Diseases, Pandemic Flu and Sudden Death.  Information about each of these plans can be found via the navigation menu on the left hand side of this page.  In addition, all Schools and Professional Service Areas have Business Continuity Plans.​

The Risk and Resilience Committee which meets twice per academic year and is chaired by the University Secretary, ensures that the university complies in all areas of business with relevant codes of good practice in corporate risk management, and is operationally resilient when significant risks materialise. 

 

Further Information