Risk Management at Edinburgh Napier University
Risk Management is "a process which provides assurance that objectives are more likely to be achieved: damaging things will not happen or are less likely to happen; and beneficial things will be or are more likely to be achieved" .
The Risk Management Policy forms part of the institution's internal control and corporate governance arrangements. The policy explains the institution's underlying approach to risk management, documents the roles and responsibilities of the members of Court, the University Leadership Team (ULT) and other key parties. It also outlines key aspects of the risk management process, and identifies the main reporting procedures.
The Risk Policy refers to the Risk Appetite statement approved Court in October 2019 and projects and initiatives should be aligned to the statement and tolerance levels specified within. Risk appetite is the amount or type of risk the University is prepared to tolerate in order to achieve its strategic aims and objectives. The statement is a guide to all staff (and a reference for students and other stakeholders) indicating the areas where a conservative, compliance focussed approach to risk should be taken and areas where an innovative approach embracing a degree of risk would be tolerated to deliver the aspirations set out in the University strategy, subject to ensuring careful control and mitigation of adverse compliance, legal, reputational and financial aspects. Further information can be found here.
A key strand of Risk Management is Business Continuity Management (BCM). BCM is the term used to describe the process of ensuring that organisations can continue to provide services in the event of suffering a major incident with the potential to cause severe disruption.
The University has a range of business continuity management processes and procedures in place to ensure that the institution is able to remain resilient and provide continuity of services in the event of a major incident. These include Emergency Response Procedures, Crisis Response Plan and Contingency Plans for specific risks such as Communicable Diseases, Pandemic Flu and Sudden Death. Information about each of these plans can be found via the navigation menu on the left hand side of this page.
As part of the Risk, Resilience and Recovery Programme that was launched in 2007 all Faculties and Professional Services are working towards detailed business recovery plans for their areas. These plans sit alongside dedicated Campus Continuity Plans and a specific plan for Information Services.
The Risk and Resilience Committee which meets twice per academic year and is chaired by the University Secretary, ensures that the university complies in all areas of business with relevant codes of good practice in corporate risk management (HEFCE 01/24 et seq.), and is operationally resilient when significant risks materialise.
If you would like to discuss risk management or business continuity or would like further information, please contact:
Maureen Masson, Governance Officer (Risk & Governance)
Tel: 0131 455 6408
 HEFCE, Risk Management - A Guide to Good Practice for Higher Education Institutions, 01/28 May 2001