College Procedure. 1. Introduction

Transcription

1 College Procedure PROCEDURE TYPE: Administrative PROCEDURE TITLE: Risk Management Procedure PROCEDURE NO.: ADMIN RESPONSIBILITY: Chief Administrative Officer and Chief Financial Officer APPROVED BY: Durham College Leadership Team EFFECTIVE DATE: April 2017 REVISED DATE(S): REVIEW DATE: April Introduction The purpose of this document is to outline the overall procedure for risk management, which is directed towards realizing opportunities and managing adverse effects on Durham College. This document provides a general overview and guiding principles for risk management as well as the roles and responsibilities for managing, monitoring and improving risk management practices within Durham College. 2. Definitions 2.1. Campus-wide risk management 2.2. Risk Campus-wide risk management refers to the systematic application of management practices and procedures to identify, analyze, prioritize, treat/mitigate, transfer, avoid, monitor, accept and/or communicate risk. Risk refers broadly to internal and/or external factors (known and unknown) that may impact the college s ability to achieve its objectives, including, but not limited to, accidents, legal action, natural disasters, health and safety responsibilities, financial constraints, legislative requirements, staffing limitations, partnerships, procurement needs, training deficiencies, theft, loss or destruction of resources, information system security breaches, negligence and/or infrastructure capabilities Risk assessment Risk assessment refers to the process of risk identification, analysis, evaluation, prioritization and remediation, in both qualitative and quantitative forms. Risk assessment gauges both the likelihood and the overall impact of an adverse or a favourable event on college operations and/or goals. Page 1 of 6

2 2.4. Risk management Risk management refers to the culture, processes and actions employed by Durham College to effectively manage liability, reduce risk and also to realize opportunities Risk register Risk register is a comprehensive list of identified risks. The register describes the risks, analyzes and evaluates the risks, lists risk treatments, identifies risk owners and provides an action plan for a risk if it is rated high or extreme Risk identification Risk identification is the process of finding, recognizing and describing risks Risk analysis Risk analysis is the process of examining the identified risk to ascertain its likelihood of occurring and its impact should it occur, hence determining the level of a risk Risk evaluation Risk evaluation is the process of comparing the results of risk analysis with risk criteria to determine whether the risk and the level of the risk are acceptable, unacceptable or acceptable with treatment Risk treatment Risk treatment is the process of identifying specific actions or steps that will be taken to modify, mitigate, eliminate or capitalize on a particular risk. This could include, but would not be limited to, removing the source of the risk, changing the likelihood or consequence of the risk occurring, sharing the risk with other parties, retaining the risk by informed decision or taking/increasing risk in order to pursue an opportunity. Page 2 of 6

3 3. Procedure 3.1. Establishing the context This includes defining the external and internal environments to be taken into consideration when managing risk Communication and Consultation Continual and iterative dialogue that is necessary in order to identify, analyze, evaluate and treat risks. The dialogue is a two-way process and involves both sharing and receiving information about the management of risk Risk assessment This is the overall process of risk identification, risk analysis and risk evaluation Risk treatment This is a risk modification process. It involves selecting and implementing one or more options to modify or treat a risk. When a treatment is fully implemented, it becomes a control, in some cases, it can modify existing controls. Treatment options include avoiding the risk, reducing the risk, removing the source of the risk, sharing the risk, retaining the risk or modifying the likelihood or consequence of the risk. Page 3 of 6

4 3.5. Monitoring and Review Once the current status of the risk along with the treatment options are determined, monitoring occurs. Monitoring means to supervise, continually check and critically observe to determine the status and to assess whether or not required or expected performance levels are actually being achieved Review is an activity done to determine whether the risk management processes, including but not limited to risk treatments and controls, are suitable, adequate and effective in achieving established objectives. 4. Roles and responsibilities 4.1. Board of Governors Responsible for approving the risk appetite of the College through the Integrated Risk Management (IRM) Framework Board Governance policy Responsible for reviewing, at least once per fiscal year, a register of extreme and high risks and ensuring mitigation plans are in place Durham College Leadership Team (DCLT) Responsible for approving the risk management policy and procedure; Oversee and supporting the risk management framework for all business processes and key decision-making within the college; and Review extreme and high-level strategic risks presented by the chief administrative officer and chief financial officer that impact Durham College s strategic plan and objectives Chief Administrative Officer and Chief Financial Officer Ensure that an effective risk management framework/process is established, implemented and maintained; and Identify and present extreme and high-level strategic risks to the president. Working with members of the leadership team, ensure mitigation strategies are developed and remedies identified for extreme and high-level strategic risks. Page 4 of 6

5 4.4. Executive deans and deans, associate vice-presidents or directors who are assigned by their respective DCLT member Determine who is to participate in the risk management framework development; With the input of identified staff, determine and manage both strategic and operational risks within their portfolio that may impact the college s strategic and operational objectives, in consultation with the manager, Insurance and Risk Management; Participate in the development, review and update of the institutional risk register; Address, monitor and report on the status of the key risks they are accountable for; Integrate risk management principles into business processes and the management of day-to-day college activities; and Foster a culture of risk awareness Manager, Insurance and Risk Facilitate the development, approval, adoption and implementation of Durham College s risk management policy and associated procedures; Develop and implement a college-wide risk register and risk management process; Provide risk management support, advice and assessment tools to all areas; Biannually complete a review of significant risks and their controls; Identify risks and controls that should be reported and communicated to stakeholders; Review and update all risk registers in conjunction with the necessary individuals; Ensure extreme or high risks are reported to the Board of Governors; and Raise the profile of risk management within the college and ensure a culture of risk management is sustained. Page 5 of 6

6 5. Accessibility for Ontarians with Disabilities Act (AODA) Considerations Durham College s commitment to accessibility and AODA standards has been considered in the development of this policy and related procedure and adheres to the principles outlined in the AODA standards, Durham College Accessibility Policy (ADMIN-203), and Academic Accommodation for Students with Disabilities Policy (ADMIN-225). 6. Related policies, procedures and directive Durham College Accessibility Policy ADMIN-203 Durham College Accident Reporting Procedure EMPL Durham College Alcohol Policy ADMIN-204 Durham College Business and Travel Expense Reimbursement Policy ADMIN-215 and Procedure ADMIN Durham College Emergency Preparedness Policy ADMIN-211 Durham College Emergency Closure Procedure ADMIN Durham College Harassment and Discrimination Policy ADMIN-202 and Procedure Durham College Health and Safety Policy EMPL-301 Durham College Notice of Service Disruption Procedure ADMIN Durham College Registration and Records Policy ADMIN-207 Durham College Risk Management Policy ADMIN-223 Durham College Security Policy ADMIN-212 Durham College Student Unpaid Work Placement Risk and Injury Management Policy ACAD-119 and Procedure Page 6 of 6