The following guidance outlines the key risk areas, how risk is measured within the College and the possible mitigating actions that could be put in place to manage risk:
Frequently asked questions Managing Risk
1) What are the key risk areas to consider?
When planning research activities which involve working with a new or existing third party organisation, PIs should consider potential risks in the following key areas:
1) Financial Probity
It is important to consider a third party's financial probity and governance structure to ensure the organisation can receive payments from Imperial and manage expenditure related to its share of the work. To minimise the financial risk, the proposed third party is expected to:
- Operate in a country that can receive funding from foreign sources
- Hold a bank account in its legal name which can be reconciled against a finance management system
- Be able to identify individual transactions and retain supporting evidence of income and expenditure
- Have financial procedures, processes and systems in place to manage and control expenditure
- Be subject to an institutional-level financial audit on an annual basis
NOTE: Countries that are subject to Sanctions and Embargoes may be restricted, which means it may not be possible to transfer funds to them.
2) Ability to Deliver
It is important to consider why the third party organisation is suitable for the project, how the original relationship was established and how governance will be managed during the lifetime of the relationship. To minimise the risk of scientific non-delivery (especially when a third party does not have an established relationship with the College), the third party is expected to:
- Have a track record of working with other universities and research organisations, delivering research activities and managing external research funding
- Set up a project governing board which is responsible for overseeing project performance, decision making and risk management
- Have suitable processes for the collection, management, analysis and dissemination of data
- Have measures in place to prevent and mitigate conflicts of interest
3) Ethics and Integrity
It is important to consider how the third party organisation manages standards of conduct and the integrity of its staff. Copies of relevant policies should be obtained (or weblinks to online versions) so they can be checked against UK standards of ethics and integrity. To minimise the associated risks, the third party is expected to have suitable policies and procedures to:
- Promote and maintain the highest standards of ethics and research integrity
- Investigate allegations of research misconduct
- Safeguard the proper use of finances and investigate allegations of fraud, bribery and corruption
- Pomote equality, diversity and inclusion
- Combat modern slavery
- Foster safeguarding of children, vulnerable adults and others directly affected by research activities
- Corruption Perceptions Index collated by Transparency International
4) Political, Economic and Geographical
It is important to consider any potential risks resulting from the location of the third party organisation and the wider political and economic status of the host country, as well as the safety of Imperial staff and local workers employed by the project. NOTE: Countries that are subject to Sanctions and Embargoes may be restricted, which means it may not be possible to transfer funds to them.
2) How do we measure risk?
The College has an established assessment criteria for managing risk which may be useful in considering the potential pitfalls in any third party relationship. The process focusses on the potential ‘Impact’ if something occurs and the ‘Likelihood’ of it occurring. Visit the risk management webpage for guidance on applying the assessment criteria to your project.
The Research Office's independent risk assessment process uses the College's risk scoring criteria to provide a robust and consistent assessment of the risks. Mitigating actions are then recommended to PIs, Departments and Faculty Contracts teams to lessen the College's exposure to risk. More information can be found on the Undertaking Due Diligence webpage.
PIs should discuss the management of any risks identified by the Research Office process with their Head of Department and Department Manager / Departmental Operations Manager in the first instance, taking account of the size and value of the project. Any discussion determining the nature of the risk and departmental decisions to accept or mitigate it should be documented and retained for audit purposes.
3) Possible mitigating actions
Any risk identified by the Research Office's independent risk assessment process will be given a risk score and the recommended mitigating actions will depend on the severity of the risk. Examples include (but are not limited to) the following:
- Requesting detailed transaction listings to support invoices received from the third party
- Credit checks for high risk organisations
- Payment terms to be specified as quarterly in arrears
- Requirement to provide ethical policies or to abide by Imperial's or the Funder's own policies
- Limiting travel to high risk countries or regions
- Follow-up review of the relationship at a later date
- Escalation to the Director of the Research Office, Faculty Operating Officer, Faculty Dean or Vice-Provost (Research and Enterprise)