Risk management is much broader in scope than it once used to be. It is an integral part of the operation of any organisation and goes beyond individual risk assessments of specific scenarios to cover wide-ranging issues of governance, management, quality, reputation and finance. Its aim is to help an organisation achieve its objectives by being prepared for any threats (or opportunities) that may arise.
The use of a risk register is a simple exercise that prompts risk managers to identify and prioritise key risks and to consider whether and how these risks can be mitigated, eliminated, transferred to a third party, or whether they are simply accepted and monitored.
Risk management is applicable at all levels, from the University centrally to Schools, NSIs, Faculties and Departments as well as to individual projects. The University promotes a standard technique for assessing and monitoring risk. The emphasis is on simple but effective risk management practice; it is not about documenting every single risk or about overcomplicating the process.
HEFCE requires HEIs to ensure that they have appropriate arrangements in place to promote effective risk management. Widely reported benefits include:
- fewer shocks and unwelcome surprises;
- supporting achievement of objectives;
- more effective strategic planning;
- helping raise the profile of concerns;
- useful documentation for decision-making (e.g. in event of adverse outcomes);
- enabling quicker response to threats and opportunities;
- encouraging healthy self-criticism which may lead to new opportunities.