University Risk Management Policy

Similar documents
ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Risk Management Policy

RISK MANAGEMENT FRAMEWORK OVERVIEW

Risk Management Policy and Procedures.

GOV : Enterprise Risk Management Policy

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Understanding Enterprise Risk Management: An Overview

RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

Practical aspects of determining and applying a risk appetite for SMEs

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

RISK MANAGEMENT POLICY

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Goodman Group. Risk Management Policy. Risk Management Policy

POLICY. Policy Title: Integrated Risk Management. Director, Strategic and Governance Services Centre

Applying COSO s Enterprise Risk Management Integrated Framework

Effective Assurance Frameworks

HEALTH RESEARCH CAPACITY STRENGTHENING INITIATIVE. Program Risk Management Policy. September Imperial : +265 (0)

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

South Lanarkshire College Risk Management Policy and Procedures

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

RISK MANAGEMENT POLICY AND STRATEGY

Perpetual s Risk Management Framework

D7 Risk Management Policy

University of the Sunshine Coast (USC) Risk Appetite Statement

Risk management policy

Risk Management Policy

Risk Management at ANZ

Risk Management Policy

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Enterprise Risk Management Program

Thirty-Second Board Meeting Risk Management Policy

INTEGRATED RISK MANAGEMENT GUIDELINE

SOL PLAATJE MUNICIPALITY

Insurance Bulletin. New OSFI Guideline on Operational Risk Management. September 2015

Risk Management Policy Adopted by:

RISK MANAGEMENT POLICY

Risk Management Policy (v7.0)

Risk Management Policy

An Introductory Presentation for ECU Staff

Risk Management Policy

Risk Management. Policy and Procedures

Bournemouth Primary MAT Risk Management Policy

Risk Management Framework

Procedures for Management of Risk

Enterprise Risk Management Integrated Framework

CAPITAL ONE FINANCIAL CORPORATION CHARTER OF THE RISK COMMITTEE OF THE BOARD OF DIRECTORS

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

Risk Management Framework

Identifying and taking opportunities to improve performance as well as taking action to avoid or reduce the chances of something going wrong

RISK MANAGEMENT FRAMEWORK

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

RISK MANAGEMENT POLICY

Risk Management Policy

RISK MANAGEMENT POLICY Dublin & Dun Laoghaire ETB May 2016

RISK MANAGEMENT POLICY

Draft Application Paper on Group Corporate Governance

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK

Energize Your Enterprise Risk Management

RISK MANAGEMENT POLICY October 2015

Kidsafe NSW Risk Management Plan. August 2014

Risk Management Strategy

Version: th November 2010 RISK MANAGEMENT POLICY

Risk Management Policy and Processes

THE RISK MANAGEMENT FRAMEWORK FOR THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA

DEPOSIT INSURANCE CORPORATION OF ONTARIO BY-LAW NO. 5 STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES

SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY

AIA Group Limited. Terms of Reference for the Board Risk Committee

The Central Bank of Ireland Risk Appetite: A Discussion Paper

West Coast District Municipality. Risk Management Policy

College Procedure. 1. Introduction

Risk Management Plan PURPOSE: SCOPE:

Approved by: Diocesan Council 17 December 2015

Summary of Risk Management Policy PT Bank CIMB Niaga Tbk

Risk Management Policy

28 July May October 2016

M_o_R (2011) Foundation EN exam prep questions

BOARD OF DIRECTORS TERMS OF REFERENCE

FIT FOUNDATION BOARD OF DIRECTORS Roles and Responsibilities

Policy Number: 040 Risk Management August 2018

Risk Management Policy and Framework

MINDA INDUSTRIES LIMITED RISK MANAGEMENT POLICY

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

RISK COMMITTEE CHARTER THE CHARLES SCHWAB CORPORATION

Housing Risk Management

Draft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017

Home Capital Group Inc. Home Trust Company Home Bank Risk and Capital Committee Charter

Enterprise Risk Management

Section Defining Risk Management. 11. Principles of Risk Management

Board Risk & Compliance Committee Charter

RISK MANAGEMENT FRAMEWORK

Business Auditing - Enterprise Risk Management. October, 2018

Senior Director, Fire Life Safety & Risk Management

Excellence in Risk Management via Enterprise Risk Management. Presentation to: Audit Committee Ashok K. Roy, Ph.D., CIA, CFSA, CBA September 18, 2015

JCU Risk Management Framework and Plan

CORPORATE RISK MANAGEMENT POLICY

RISK MANAGEMENT RISK MANAGEMENT GOVERNANCE

RISK MANAGEMENT POLICY

Transcription:

Preamble University Risk Management Policy Approving Authority: Board of Governors Original Approval Date: June 7, 2007 Date of Most Recent Review/Revision: October 20, 2017 Responsible Officer: Vice-President (Finance, Administration and Risk) Responsible Office: Vice-President (Finance, Administration and Risk) Risk is inherent in all academic, administrative and business activities at the University of Guelph ( the University ) and to varying degrees, members of the University community are continuously involved in managing these Risks. In order to respond most effectively as an institution, the University employs an enterprise approach to Risk management. The University Risk Management Policy outlines this approach. The University s approach to Risk, adopted for the purpose of University Risk Management (URM), is as follows: The University is committed to continuous quality improvement and will make choices that assess the opportunities and threats inherent in that commitment 1. The University seeks to foster a culture that is Risk-aware without being Risk-averse, pursuing opportunities that further strategic and operational priorities, while effectively managing Risk. It is recognized that virtually all activities carry a degree of uncertainty and require the University to strike an appropriate balance between managing Risks and pursuing strategic opportunities. University Risk Management is an important factor for the setting of priorities and strategic decisionmaking in the best interests of the University, as it facilitates the identification of potential Risks and opportunities that may significantly impact the ability of the institution to achieve its strategic goals or maintain its operations. 1. Purpose 1.1. The University is committed to thoughtful consideration and integration of Risk in decisionmaking. This policy outlines the University s approach to risk management, in support of its strategic goals and objectives. 1.2. The University Risk Management policy does not replace but complements other university internal controls and is the foundation of the Risk management framework to be implemented at the University. 2. Jurisdiction/Scope 2.1. This policy applies to all administrative and academic units of the University and to all faculty and staff. 1 University of Guelph Strategic Risk Assessment, KPMG 2006

3. Definitions 3.1. Risk: Any event or action that may adversely affect the University s ability to achieve its strategic and operational priorities. 3.2. Inherent Risk: Risk in the absence of any controls, actions or Risk mitigation to alter either the Risk s likelihood or impact. 3.3. Residual Risk: The remaining level of Risk after taking into consideration controls, actions and Risk mitigation measures intended to minimize either the Risk s likelihood or impact. 3.4. Risk Appetite: The level of Risk the University is willing to accept in order to meet its strategic objectives. 3.5. Risk Management: The planned and systematic approach to the identification, evaluation and control of Risk to maximize opportunities and minimize losses. 3.6. Risk Tolerance: The willingness to accept or reject a given level of residual Risk aligned with the overall risk appetite. 3.7. Risk Treatment: The process of selecting and implementing measures to manage the Risk exposure through avoidance, reduction, transfer/sharing, or acceptance. 3.8. University Risk Management (URM): Includes the methods and processes used to manage Risk and opportunities related to the achievement of the University s objectives. 4. University Risk Management 4.1. The University will support a deliberative approach to Risk assessment and treatment to avoid, mitigate or manage Risks in support of University activities and strategic and operational priorities. At the institutional level, the University s senior leadership determines the appropriate level of acceptable Risk based on a balanced view of the Risk, considering both the threat of adverse impacts, and the opportunities that arise from properly managed Risk. (See also s.5 of this policy.) 4.2. An objective of the URM program is effective management of a balanced portfolio of institutional Risks, which fall within the following five areas 2 : 2 Adapted from Meeting the Challenges of Enterprise Risk Management in Higher Education, Association of Governing Boards of Universities and Colleges, 2007

Strategic Operational Financial/ Reporting Compliance Reputational Risks that are aligned with and support the University s mission, vision and strategic directions Risks that are associated with on-going management processes, including those related to business continuity Risks associated with sound financial practices, protection of the University s assets and reliability of reporting Risks associated with institutional compliance with applicable legislation and regulations Risks that may be triggered by a serious event in any category 4.3. As an additional level of consideration, the following categories are used to assess the types of risks identified 3. These categories assist in determining Risk treatment options: Category I: Preventable Risks Category II: Strategic Risks Category III: External Risks Risks which arise from within the University that are controllable and should be eliminated or avoided; offer no strategic benefit; are managed through active prevention and monitoring operational processes Risks which are strategic and associated with innovations or new opportunities; not inherently undesirable but requiring management systems designed to reduce the probability that assumed Risks materialize, or by advancing the ability to manage or contain risks should they occur. Risks which arise from events outside the University and are beyond its influence or control; managed through identification of Risk and mitigation of impact. 4.4. The University Risk Management process is designed to: a. Map to the University s Strategic Framework and planning, and integrate Risk management into the culture of the institution b. Assess Risks and opportunities against the University s level of Risk tolerance c. Anticipate and respond to social, environmental and legislative conditions d. Manage Risk according to best practice and demonstrated due diligence in decisionmaking e. Document the framework within which Risk is managed at the University f. Foster a culture of identifying, assessing and mitigating Risks 4.5. The University Risk Management approach is outlined in Figure 1 and in the University s Risk Management Framework 4. The process is continuous and should be applied at all levels of the institution (i.e. at the University level as well as individual academic and administrative units). 3 Adapted from Managing Risks: A New Framework, Kaplan, R. & Mikes, A., Harvard Business Review, June 2012 4 In development (as of October 2017)

Figure 1 - The Risk Management Process (ISO 30001) 5. Roles and Responsibilities 5.1. The University utilizes a three lines of defence governance model to manage its Risks and identify those individuals or functions responsible for Risk ownership, Risk oversight and Risk assurance. The President and Vice-Presidents and the University Risk Management Committee, along with the Board of Governors, provide oversight and support to the Risk program and the three lines of defence. 5.2. First Line of Defence Risk Owners: a. All University employees have a role in the effective management of Risk within the context of their area responsibilities, including the identification and disclosure of potential or emerging Risks. b. Academic department and administrative unit managers are responsible for implementing good operational Risk management practices and maintaining appropriate internal controls that support the effective management of Risk. Effective Risk management requires timely recognition and disclosure of potential Risks and should be incorporated into departmental and unit planning processes and management activities.

5.3. Second Line of Defence Risk Oversight: University Risk Management Policy a. Various functional groups and committees at the University assist with defining Risk management practices and provide oversight to some of the activities undertaken within the academic and administrative units. Examples of the groups whose activities support this second line of defence include finance, legal, information technology security and human resources teams, and the Joint Health and Safety Committees. b. While the second line of defence is clearly defined for certain Risks, in other cases, the primary responsibility for Risk oversight resides within the academic department or administrative unit itself. 5.4. Third Line of Defence Risk Assurance: a. The activities of the University s internal audit function, and the external auditors provide assurance to management and the Board of Governors on the effectiveness of the risk management practices. 5.5. Executive and University Risk Management Committee Support and Oversight: a. The President and Vice-Presidents are responsible for embedding Risk management within the strategic and operational management processes of the University. This includes: (i) identification of strategic Risks impacting the University; (ii) determining priorities; (iii) assessing Risk tolerance; (iv) developing strategic Risk management plans; and (v), monitoring progress and implementation of plans. b. The Vice-President (Finance, Administration and Risk) serves as the Chief Risk Officer for the University and has specific accountability for the coordination and implementation of URM activities, procedures and reporting. The Vice-President (Finance, Administration and Risk) will report to the Audit and Risk Committee at least once annually on the execution of URM activity at the University. c. The University Risk Management Committee (URMC) provides advice and recommendations to the Vice-President (Finance, Administration and Risk) as follows: i. Oversees the formulation of URM strategy and policy ii. Reviews and advises on the University s Risk Register, including recommendations on emerging Risks and changes to the University s Risk environment iii. Advises on, and recommends initiatives to manage identified threats and opportunities iv. Ensures appropriate and effective related communication

d. Membership of the URMC shall be appointed by the Vice-President (Finance, Administration and Risk), who will chair the Committee, and include those responsible for major operational functions of the University. 5.6. Board of Governors Oversight: a. The Board of Governors and its Audit and Risk Committee are responsible for support and oversight of the implementation of the URM process, including approval of the Risk appetite statement and assessment of the Risk program against the Risk appetite. 6. Related Policies, Procedures & Documents University Risk Management Framework [In Development, Fall 2017] University of Guelph Risk Register Board of Governors Audit and Risk Committee Terms of Reference N:\Policy\University Policies\Risk Management\Policy\University Risk Management Policy_FINAL_2017 10 20.docx

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback