Secretariat

Risk Management

These pages provide information on risk management activities at the University and is a resource to assist any staff such as heads of departments or project managers who will use risk management techniques as part of their overall management approach.

The University and its staff have been facing and managing risk successfully for a long time resulting in a unique institution that has exploited opportunities to become one of the UK's and the world's best known universities.

However, in recent years there has been increasing focus on the corporate governance arrangements of both public and private companies with the aim of achieving greater transparency. During the 1990's there was a series of reports on corporate governance and financial reporting culminating in the Turnbull Report in 1999. The Turnbull Report, titled "Internal Control: Guidance for Directors on the Combined Code", drew together many of the recommendations of the previous reports and was adopted by the London Stock Exchange. The report emphasises the need for the governing body to ensure a high-level, risk-based approach to establishing a reliable system for internal control, is implemented, and reviewed on a regular basis. Although written for Stock Exchange listed companies the principles of the guidance have been adopted by the public sector.

The Financial Memorandum between the University and HEFCE requires that the Council ensure that the University has a 'sound system of internal financial management and control' and the HEFCE Audit Code of Practice (HEFCE 2002/26) requires that the Audit Committee should provide an annual report, which should include the committee's opinion on the extent to which the governing body may rely on the institution's internal control system and the arrangements for promoting economy, efficiency and effectiveness. The basis for the report being internal and external audit reports using risk assessment as the primary method for an audit programme linked to the University's objectives. These new arrangements came into force on 1 August 2002.

Additionally, the 'Accounts Direction to Higher Education Institutions for 2001-2002' (HEFCE 14/01) states the requirement for sound corporate governance and effective risk management and sets a timetable for all institutions to comply with the principles of the Turnbull Report.

The principles of risk management proposed by HEFCE, are specified in the British Universities Finance Directors Group (BUFDG) guidance 'Corporate Governance in Higher Education' and are based on the Turnbull Report. They are that:

  • the identification and management of risk should be linked to the achievement of institutional objectives;
  • the approach to internal control should be risk-based, including an evaluation of the likelihood and impact of risks becoming a reality;
  • review procedures must cover business, operational and compliance risks as well as financial risk;
  • risk assessment and internal control should be embedded in ongoing operations;
  • the governing body, or relevant committee, should receive regular reports during the year on internal control and risk; and
  • the principal results of risk identification, evaluation and management review should be reported to, and reviewed by, the governing body.

Further information

The following web sites provide more detailed risk management information: