The Risk Management Framework is an integral part of the internal control framework and is designed to support delivery of Imperial’s strategy and its academic mission and comply with all its regulatory obligations. We consider risks in the short, medium and longer term, to help prioritise and direct management time and investment to the right risks. The core principles of the Risk Management Framework are based on the ‘three lines of defence’ model for the management of risk:
Line of defence and responsibilities
First line of defence
The first line of defence lies with the faculties, schools, institutes, departments and process owners whose activities create and manage the risks that can facilitate or prevent Imperial’s objectives from being achieved. This includes taking the right risks. The first line owns the risk, and the design and execution of the university’s controls to respond to those risks.
Second line of defence
The second line of defence is responsible for the design and maintenance of frameworks, polices, procedures and instructions that support risk and compliance to be managed in the first line. It is also responsible for monitoring and judging how effectively the first line is achieving its aims and is more commonly referred to as functional oversight. The second line is directed by management.
Third line of defence
The third line of defence is independent assurance that management operate an effective framework of controls to manage risk and that governance is appropriate around management of risk. The third line is directed by the Audit and Risk Committee and has organisational independence from management.
Principal Risk Dashboard
Our principal risks and approach to responding to them are set out in a Principal Risk Dashboard in the table below. The updated principal risks were reviewed by the Audit and Risk Committee in June 2025 before being approved by Council in July 2025.
Principal Risk Dashboard
- Financial sustainability
- Cyber attack
- Delivery of major estates projects
- NHS partnerships
- Great Service Programme
- Attracting, recruiting and retaining talent
- Research
- Education and student experience
- Environmental sustainability
- Infrastructure – resilience, redundancy, capacity, safety
- Digital infrastructure
Strategic risk: insufficient cash flow to deliver Imperial’s academic mission over the long term.
Our approach
Our financial performance is monitored by the Council and the University Management Board.
The University Management Board oversees the annual planning round, which ensures we manage our expenditure appropriately and operate within our budget. The five-year financial plan, operating and capital budgets are all approved by Council.
The Operations and Infrastructure Committee reviews and prioritises competing investments in our estate.
We undertake financial stress testing and contingency planning exercises including sensitivity analysis. We ensure appropriate financing arrangements are in place, should the university need to draw on these.
Strategic risk: cyber attack by hostile actors causing major disruption to our Information Technology environment, research plus products and services used by Imperial with the potential for significant data loss.
Our approach
We have a dedicated Cyber Security function focused on countering this risk, which maintains a comprehensive risk monitoring platform to identify ICT services and infrastructure at the highest risk. In case of a breach, we have a detailed plan to limit any damage to university operations.
Information Security Awareness training is mandatory for all staff and requires the learning to be repeated every two years.
Strategic risk: failure to deliver the full benefits of significant capital projects on time and within budget.
Our approach
We have implemented a detailed engagement plan with stakeholders to ensure projects meet requirements.
We ensure efficient financial planning and contingencies are in place, overseen by the University Management Board.
Strong procurement controls are in place, prioritising cost control.
Robust change controls are in place.
We undertake a coordinated approach to the development of our estate with detailed delivery strategy reviews of masterplan sequencing, phasing and infrastructure delivery to monitor potential impacts across our estate.
Strategic risk: disruption to our working relationship with our NHS Partner Trusts impact delivery of the academic mission of the Faculty of Medicine.
Our approach
The Imperial College Academic Health Science Centre (AHSC) manages the key relationships between the university and its main acute NHS partners in North-West London. We have a Joint Working Agreement and a Memorandum of Understanding on HR-related issues with the major NHS Trusts in the AHSC partnership.
Legal agreements (based on national templates) underpin individual research projects between the university and any NHS partner.
Where we have co-located premises with NHS Trusts, any issues arising are managed by our Property Team with their NHS Trust counterparts, in consultation with the Faculty of Medicine. Members of our Property Team are also members of NHS estates committees where appropriate.
Strategic risk: our Great Service Programme aims to deliver a range of improvements, across HR, Procurement, Finance and Research Administration through implementing a new cloud-based operating system and improving our processes and ways of working.
Failure to successfully implement this major change programme represents a risk to the university’s ability to operate on a day-to-day basis.
Our approach
A detailed programme plan is in place. Monthly reviews are undertaken by the Great Service Programme Board, comprising programme leadership, senior Professional Services staff, executives from the software vendor and system implementation partner, to scrutinise progress, discuss any risks that are escalated and identify actions and agree prioritisation.
An external assurance partner has been appointed to conduct deep dives into risk areas, as well as regular reviews at each stage of programme delivery and is part of the Programme Board.
An Academic Advisory Board is consulted regularly to ensure there is support for the direction of travel.
Strategic risk: the inability to attract, recruit, and retain talent undermines Imperial’s core mission and long-term viability.
Our approach
The People and Culture Committee, a sub-committee of the University Management Board, is responsible for considering strategic issues relating to people, culture and EDI (Equality, Diversity and Inclusion).
The Remuneration Committee annually reviews Imperial’s reward strategy and determines the remuneration of senior staff.
We aim to pay median to upper-quartile rates of pay for staff wherever possible, whilst also ensuring the university stays within what is affordable. We annually benchmark salaries against the London market for all job families.
The annual Equity and Achievement Pay Review processes allow managers to address equal pay and internal benchmarking disparities in their area and to reward staff for exceptional contribution and achievement.
Strategic risk: Calibre and ability – our ability to conduct high calibre research is restricted by facilities, personnel, student quality and our research output and impact falls. Funding – changes in the research funding landscape or our ability to access research funding results in a fall in research funding.
Our approach
Our Research Office oversees our research and champions professional standards and consistency in research administration across Imperial to ensure that institutional governance responsibilities and obligations are met, including checking compliance with funder requirements.
Grant applications require departmental approval and departments provide wider support, such as grant proposal clinics, mock interviews and peer review, to maximise the likelihood of success. Faculties are expected to have action plans to improve research success rates and quality.
We work closely with external partners such as research councils, UK Research and Innovation and the Advanced Research and Invention Agency to understand changes in the research environment. We engage in strategic bilateral partnerships with other institutions in Europe and the rest of the world, as well as through the Horizon programme to maximise research opportunities.
Our strategy supports our research activities, including establishing four new School of Convergence Science. Our Imperial Global Network is designed to foster long-term international collaboration opportunities with partners, governments and knowledge organisations.
Our research is based on working with partners across the world and we have developed Guiding Partnership Principles. These proactively support our community in creating and sustaining values-based collaborations with partners. Our approach to research risks relating to facilities are personnel are covered by risks on attracting, recruiting and retaining talent and delivery of major estates projects.
Strategic risk: failure to deliver a world-class education and student experience results in a drop in student satisfaction and rankings with associated financial and reputational impact.
Our approach
Imperial has various governance groups tasked with the oversight of education. Each faculty has an education committee. The Senate is the academic authority of Imperial and regulates our teaching work. Registry is responsible for the administration of all academic matters, including the approval of new programmes of study, quality assurance, assessments and examinations.
Our Learning and Teaching Strategy articulates our institution-wide approach for the development of our education. The strategy enables us to share best practice, collaborate and partner internally, as well as deliver the infrastructure and resources needed to support perpetual innovation.
The Student Lifecyle Board oversees an ambitious five-year roadmap working collaboratively between faculties, Registry and ICT to improve the student experience.
A new Access and Participation Plan has been developed for the period 2025 to 2029 and has been approved by the Office for Students.
We have a Mental Health and Wellbeing Strategy. The strategy includes a commitment to taking a proactive approach to support student and staff mental health and wellbeing. During the year, we commissioned an external review of student provision and an implementation plan has been developed in response to this.
Strategic risk: our operations, finances and/or plans are adversely affected by climate change:
- Transition risk – impact of Imperial operations on climate change
- Damage to our reputation – impact on Imperial should we be seen to be acting against our commitment to our transition to zero carbon and what our own research is telling us
- Physical risks – impacts on Imperial from climate change
Our approach
Sustainable Imperial is a key part of our overall university strategy. A Sustainability Strategy Committee oversees the goals, priorities and implementation of Imperial's strategy, including management of our transition to meet our net zero ambition. We are currently preparing our sustainability strategy for 2026–31.
We have also built a central sustainability hub to support implementation of our sustainability strategy. We have also refreshed our communications through our Sustainable Imperial initiative to better explain what we are doing in this area.
Our capital plan includes resource to continue decarbonisation of our South Kensington Campus and develop a roadmap to support the long-term transition to zero carbon. Our decarbonisation plan is a comprehensive roadmap to reach net zero for scope 1 and 2 emissions by 2040.
Strategic partnerships have been developed between industry and academics to facilitate research into sustainability, cleantech and decarbonisation.
Further information on the physical risks arising from climate change and how the university adapts to them can be found here.
Strategic risk: a serious incident that severely impacts Imperial’s ability to operate critical facilities to service education and research delivery.
Our approach
Imperial has an established Risk Management Framework and business continuity capabilities. Through business impact assessments, Imperial has developed business continuity plans for its most critical operations. Exercises test these plans and improvements identified are incorporated into updates.
When plans are invoked to respond to an incident or event, we carry out a lessons learned review to improve our future response to similar incidents or events and the University Emergency Plan is revised.
Strategic risk: failure of our digital infrastructure to meet demands of our current operations, as well as future strategic requirements.
Our approach
A Digital Plan is in place that outlines the roadmap for providing the digital infrastructure required to deliver Imperial’s objectives over the medium term.
We are replacing legacy technology through initiatives such as Imperial 360, our new customer relationship management tool to support management of the student lifecycle, as well as other change projects such as modernised identity governance and the Great Service Programme.