Risk Owner

Person with the accountability and authority to be best placed to manage the risk.

            Responsible for securing agreement to:

  • The organisation’s assessment of the risk
    • Title; description; score; tolerance
  • The organisations response to the risk,
    • Identification and implementation of appropriate controls to mitigate the risk
  • Actions and their owners to take forward the agreed controls or mitigation
  • Key milestones and review dates
  • Appropriate indicators to monitor the risk

Action Owner 

In order to manage appropriately a risk it may be necessary for multiple tasks or actions to be undertaken to mitigate and monitor the risk over time.  Each task or action should have an identified action owner who is responsible for:

  • Implementing and/or delivering the agreed actions by the agreed time
  • Providing progress reports at the agreed review dates


  1. The Council, as "the governing and executive body of the College", has overall responsibility for ensuring there is a risk management strategy and a common approach to the management of risk throughout the institution through the development, implementation and embedment within the organisation of a formal, structured risk management process.
  2. In line with this policy, the Council requires that the risk management strategy and supporting procedures include:
    1. The adoption of common terminology in relation to the definition of risk and risk management
    2. The establishment of University-wide criteria for the measurement of risk, linking the threats to their potential impact and the likelihood of their occurrence together with a sensitivity analysis
    3. A decision on the level of risk to be accepted, together with tolerance levels expressed in terms of measurable outcomes
    4. A decision on the level of risk to be covered by insurance
    5. Detailed regular review at department or support function level to identify significant risks associated with the achievement of key objectives and other relevant areas
    6. Development of risk management and contingency plans for all significant risks, to include a designated ‘risk owner’ who will be responsible and accountable for managing the risk in question
    7. An annual review of the implementation of risk management arrangements

Risk Committee

  1. The Committee's primary objective is to consider the strategic risks facing the College and the actions proposed to mitigate these risks. It's Terms of Reference are at Appendix A
  2. On behalf of the Council, the Risk Committee will annually review the effectiveness of the College's approach to risk management.


  1. The Council has delegated responsibility for implementing the Risk Management Policy to the President, whose role is to:
    1. Implement the policies on risk management and internal control
    2. Identify, evaluate and control risks within the Institution, including emerging risks, and allocate responsibility for the control mechanisms
    3. Ensure that the procedures are embedded within the everyday management of the College.
    4. Ensure that there is ownership of risk management and internal controls throughout the College
    5. Ensure that there is adequate training and resources to permit the policy to be implemented.
    6. Report to the Risk Committee on significant and emerging risks during the year
    7. Ensure that the process of day-to-day risk management is adequately documented
    8. Oversee an annual review of the College's approach to risk management and its effectiveness.

Risk and Business Continuity Steering Committee

  1. The Risk and Business Continuity Steering Committee supports the President in discharging their responsibility for the implementation of the Policy.
    1. Terms of Reference are at Annex B

Principal Officers

  1. The Principal Officers are responsible for identifying and managing the risks germane to their areas. They will:
    1. Ensure that College risks connected to them are recorded in Empirical
    2. Ensure that these risks are broken down into component parts;
    3. Identify the people who will own the component risks;
    4. Confirm the improvement actions to be taken;
    5. Monitor progress in the management of their agreed risks;
    6. Ensure effective horizon scanning takes place to identify emerging risks;
    7. Oversee the management of lower level risks.
    8. Discuss their risk register at least annually at their management committee.

Heads of Academic and Support Services / Departments / Divisions / Schools and Institutes

  1. Departmental / Divisional Heads will ensure that:
    1. The opportunities and threats germane to the achievement of departmental objectives are identified and assessed;
    2. The more important risks are recorded in Empirical
    3. Members of their team who will take the actions necessary to manage these key risks agree and accept their actions;
    4. Their performance in completing this task is appraised at least annually
    5. Progress in managing key risks is monitored throughout the year;
    6. Mechanisms are put in place to ensure that significant risks or issues arising at the various levels within the department are referred up the line when necessary, the “bottom up” process. These would, for example, include risks that could affect the achievement of College objectives or cause significant embarrassment to the College’s reputation;
    7. Each departmental and / or directorate risk register is updated in Empirical during the planning round and again in November each year.
    8. Their risk register is discussed at an appropriate department management committee at least annually.

Internal Audit

Internal audit will audit the College Risk Management policy and procedures as agreed with the College Secretary