skip to content

The University initiated its formal risk management arrangements in early 2002. As a result of this work the Council approved the formation of a Risk Steering Committee, a Risk Management Policy and a Risk Management Strategy. The risk management governance relationships at the University are shown on the Risk Management Framework Diagram.


At the strategic level, the University maintains a Key Risk Register comprising just under twenty fundamental risks. Risks are those occurring at an institutional level. The Risk Steering Committee is responsible, on behalf of the Council, for reviewing the Key Risk Register at least twice a year.

School and Non-School Institutions

Schools and Non-School Institutions must maintain an up-to-date risk register; this is an obligatory component of annual planning submissions. The guidance to the annual planning round, which is available from the link below, highlights the importance of taking risk into account when drawing up plans.

School Councils / Heads of NSIs are responsible for reviewing School / NSI Registers on a termly basis. The Risk Steering Committee considers School / NSI registers on an annual basis.

Faculties and/or Departments

At the operational level, Faculties and/or Departments are required to maintain documented risk registers. These should be reviewed at least annually, but as a rule every six months, especially in departments with a higher level of risk owing to the nature of the research conducted and the materials, information, or high value assets housed. School Councils have responsibility for reviewing these Registers on at least an annual basis.