CONFIDENTIAL

Risk Management 13 October 2015 Alan RossGlasgow Caledonian UniversityZurich Risk Engineering

CONFIDENTIAL 2© Zurich

Introduce you to the principles of effective risk management

Discuss the benefits of risk management

Prepare a mini Risk Register for– Your school or department – A project you are involved in

Provide an overview of Risk management in GCU

Purpose of the session

CONFIDENTIAL 3© Zurich

Why do we bother with risk management?

CONFIDENTIAL

Why do we bother?

03/05/23 4

Push Factors

Reasons we have to: -•Auditors & inspectors •Corporate governance / good management practice •Stakeholders & partners

Pull Factors

Reasons we like to: -•Feel more confident about achieving aims & objectives•Look forward to predict & avoid problems •Proactive approach rather than reactive; or knee jerk •Protect and enhance your reputation •Feel better about taking risks•Ensure risks taken are within the University's ‘appetite for risk’

CONFIDENTIAL 5© Zurich

Ensures risks and uncertainties are considered early in the project management process

Provides increased confidence in investment and management decisions

Allows appropriate contingency plans or exit strategies to be put in place - without the delay of figuring out what to do

Risks and responses can be documented as an historic record for future reference; helps learn lessons for the future

Enables more effective communication between partners and stakeholders about risk

Benefits of Project Risk Management

CONFIDENTIAL 6© Zurich

Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

A definition

CONFIDENTIAL 7© Zurich

How do we do risk management ?

CONFIDENTIAL

GCU Risk Management Framework

8

CONFIDENTIAL

Risk Management Process

9

Manage

Evaluate

Identify

RisksMonitor & Review

CONFIDENTIAL 10© Zurich

Your turn – risk identification

In your view what are the most significant risks to your project?

– What might stop you delivering your aims & objectives? – Where have problems occurred in the past?– Are there lessons we can learn from others?– What can we not afford to go wrong?– What could prevent us from delivering?– What could impact on the quality of the ‘end product’?– What assumptions have we made that could turn out

differently? Think about each risk in terms of its cause(s) & possible

consequences

CONFIDENTIAL

Case Study

Heart of Campus

Major capital project for campus renovation - approx £25m over 5 years.

Step change in attractiveness of University to potential students

Increased opportunity for income

If successful will help the sustainability of the University in the medium to long term

11

CONFIDENTIAL

Risk Management Process

12

Manage

Evaluate

Identify

RisksMonitor & Review

CONFIDENTIAL

Evaluation / Prioritisation

1305/03/23

CONFIDENTIAL

Risk Management Process

14

Manage

Evaluate

Identify

RisksMonitor & Review

CONFIDENTIAL 15© Zurich

Risk Control / Management

What are our options for managing a risk?

Broadly there are 4 options:

1. Tolerate the risk2. Transfer the risk (critical when working with 3rd

parties) 3. Terminate the risk 4. Treat the risk

CONFIDENTIAL 16© Zurich

Risk Control / ManagementOptions: Early warning indicators, can be formal or informal Strategies and policies Quality assurance process Checking and control procedures Managerial and supervisory controls Monitoring key indicators Staff skills , training & qualifications Planning, budgeting & reporting Internal & external reviews Contractual arrangements Vetting of partners & suppliers Internal & external communications Physical controls Back up & recovery arrangements / contingencies or exit

strategies Project management governance arrangements

CONFIDENTIAL

Risk Management Process

17

Manage

Evaluate

Identify

RisksMonitor & Review

CONFIDENTIAL 18© Zurich

Risk Monitoring Discussion

Key questions to answer?

Reporting – Internal & External Who must see the risk register, when, and how often? Who should we share the risk information with, and how

often?

Updating How often should we review risk information?

– Monthly, quarterly etc

CONFIDENTIAL 19© Zurich

Risk Appetite – Overview

Definition “the amount or type of risk the University is prepared to

tolerate in order to achieve its strategic aims and objectives”

CONFIDENTIAL 20© Zurich

Risk Appetite – Overview

Why?Underpins the decision making process

Gives an indication of the risks which are acceptable to the University

Helps ensure the response to risk is appropriate

It’s about balancing risk and costs with benefits

CONFIDENTIAL 21© Zurich

Risk Appetite – Key Points

Little appetite for risks to University’s mission

Open to risks related to global engagement & enterprise & innovation

Significant risk exposure should only be accepted when benefits are also significant

If exposure exceeds appetite then this should be discussed with whoever signs off your project

CONFIDENTIAL 22© Zurich

Risk Appetite – Key Points

Even if the financial limitsare within an individual’s delegated authority, where the activity will result in a level of risk exposuregreater than the University’s risk appetite in that area, then delegated authority must be escalatedto Executive Board

CONFIDENTIAL

GCU Risk Management

CONFIDENTIAL 24© Zurich

Questions ?

CONFIDENTIAL

Risks you face?

Political situation (UK and abroad)

Over reliance on 1 or 2 income streams, e.g. 1 or 2 key customers, or students from a particular country

Economic situation Academic reputation Change management Major events or field trips Data protection / management

of information Skill sets & other workforce risks Recruitment & retention of staff Funding cuts or changes

• Compliance with regulations, law or internal policies & procedures, e.g. UK Visas & Immigration

• Loss of IT or other important infrastructure

• Contractual, supplier or partnership risks

• Change in government policies • Health & safety • Student / customer satisfaction • Competition with other

institutions • Major projects • Compliance

03/05/23 25