Company number: 12497951
6 Sutton Park Road, Sutton, SM1 2GD

Risk Management Policy

Policy Statement

The School is committed to a comprehensive Risk Management Policy that proactively identifies, assesses, and mitigates risks across all operations. This policy underpins our governance framework, ensuring the safety, resilience, and sustainable growth of our academic community. Through rigorous oversight, continuous improvement, and strategic risk management, we safeguard our institution’s objectives and uphold the highest standards of educational excellence and corporate governance.

Principles

Proactivity: Risks are anticipated and addressed before they escalate, fostering a culture of forward-thinking and prevention.
Accountability: Clear roles and responsibilities are defined, ensuring individuals and teams understand their part in managing risks.
Transparency: Open and honest communication about risks is essential, promoting trust and informed decision-making within the School community.
Engagement: The whole School community is involved in the risk management process to ensure a broad range of perspectives and knowledge.
Integration: Risk management is embedded within all levels of decision-making processes, enhancing strategic outcomes and operational effectiveness.
Adaptability: The School’s approach to risk management is flexible, responding to changing contexts and emerging threats.
Compliance: Adherence to legal, regulatory, and ethical standards is paramount, protecting the School’s integrity and reputation.
Empowerment: Staff and students are encouraged and enabled to manage risks within their areas of control and expertise.
Sustainability: Decisions account for long-term risks and opportunities, ensuring the resilience and longevity of the School.
Innovation: Encourages and safeguards the creative approaches necessary for academic and operational advancement.
Education: Continuous learning and development in risk management practices are promoted, building a knowledgeable community.
Collaboration: Partnerships and alliances are fostered, both internally and externally, to share knowledge and strengthen risk management capabilities.

Regulatory Context

This Policy has been developed in line with the applicable laws, regulations, regulatory advice, and sector best practices, including the following:

Authority	Name	Url
UK Government	Higher Education and Research Act 2017 (HERA) A UK legislation that reformed the higher education and research sector, particularly by establishing the Office for Students and UK Research and Innovation.
Office for Students (OfS)	Regulatory Notices and Advice Regulatory notices are additional information about OfS' regulatory requirements and are part of the regulatory framework. Regulatory advice helps providers understand and meet OfS requirements.
Quality Assurance Agency (QAA)	The Quality Code This code represents a shared understanding of quality practice across the UK higher education sector, protecting public and student interests and championing the UK's reputation for quality.
Advance HE	Code of Governance for Universities A code of governance that sets out the principles and standards that universities in the UK should follow.
Committee of University Chairs	The Higher Education Code of Governance A code aimed at ensuring the highest levels of governance at higher education institutions.

Authority

Name

Url

UK Government

Higher Education and Research Act 2017 (HERA)
A UK legislation that reformed the higher education and research sector, particularly by establishing the Office for Students and UK Research and Innovation.

Office for Students (OfS)

Regulatory Notices and Advice
Regulatory notices are additional information about OfS' regulatory requirements and are part of the regulatory framework. Regulatory advice helps providers understand and meet OfS requirements.

Quality Assurance Agency (QAA)

The Quality Code
This code represents a shared understanding of quality practice across the UK higher education sector, protecting public and student interests and championing the UK's reputation for quality.

Advance HE

Code of Governance for Universities
A code of governance that sets out the principles and standards that universities in the UK should follow.

Committee of University Chairs

The Higher Education Code of Governance
A code aimed at ensuring the highest levels of governance at higher education institutions.

Risk Register and Management Procedures

Title
Rule Risk Management Through the Automated Governance System (AGS) All risks must be recorded and managed through the School's automated governance system (AGS) using the dedicated risk register functionality. The AGS risk register provides a structured and efficient method for tracking and addressing risks, ensuring consistent management and mitigation across the School.
Rule Risk Probability Assessment The likelihood of each risk materialising within the following 12 months (24 months for strategic risks) should be regularly assessed on a scale of 1 to 5: Rare - Highly unlikely, but still some remote possibility of materialising. Unlikely - Possible but quite improbable and not expected. Plausible - Reasonably conceivable to materialise. Likely - Quite probable and expected to occur. Impending - Highly likely or almost certain to materialise.
Rule Granular Impact Assessment The potential maximum impact of every risk, should it materialise, should be assessed in the following categories: Academic: Impact on teaching effectiveness and learning outcomes. Staff: Impact on working practices, employment or employee experience. Student experience: Impact on student satisfaction and overall experience. Financial: Impact on budgets, financial viability and sustainability of the organisation. Reputation: Impact on the external approval of the School and the credibility of its awards. Rating the potential impact in each aspect individually helps to ensure that impact assessments are carried out thoroughly and with good granularity. It also enables more insightful and detailed reporting and governance intelligence.
Rule Risk Impact Rating The impact of each risk should be rated in each category on a scale of 1 to 5, taking into account any existing mitigating controls and assurances already present to mitigate the impact of the risk should it materialise: Very low Low Moderate High Severe The rating should be selected based on the most credible and probable worst-case, given the available information, rather than simply a best-case or worst-case scenario.
Rule Academic Impact Rating For every risk, the maximum academic impact, should it materialise, should be rated as either of the following: Very low - No reduction in learning or teaching quality, student satisfaction, or award quality. Low - No discernible impact on learning or teaching quality, student satisfaction, or award quality. Moderate - Impact on learning or teaching quality, student satisfaction, or award quality that can be resolved without impacting student retention, progression, or success. High - Material but manageable impact on learning or teaching quality, student satisfaction, or award quality that can be resolved without impacting student retention, progression, or success. Severe - Significant and unmanageable impact on learning or teaching quality, student satisfaction, or award quality that can be resolved without impacting student retention, progression, or success.
Rule Staff Impact Rating For every risk, the maximum impact on staff or working practices, should it materialise, should be rated as either of the following: Very low - Small modifications necessary to how tasks are completed. Low - Adjustments to working practices or modifications to staff roles. Moderate - Potential changes to employment positions which may require formal processes. High - Formal change processes to manage potential employment issues, including the risk of redeployment, or redundancies. Severe - Possibility of critical skills/personnel not being available or needing to downsize staff through redundancies.
Rule Student Experience Impact Rating For every risk, the maximum impact on the overall student experience, should it materialise, should be rated as either of the following: Very Low - No noticeable change to the student's overall campus life, access to resources, engagement opportunities, or sense of belonging. Low - Minimal disruptions to certain aspects of student life, but the overall experience remains largely unchanged. Temporary inconveniences might be experienced, but they don't significantly detract from the holistic student journey. Moderate - Changes that can be felt in specific areas of the student experience, such as in extracurricular activities, campus facilities, or support services. However, with proper interventions, the impact can be mitigated, ensuring a continuity of the student experience. High - Substantial disruptions that might lead to students reconsidering their choice of institution or course of study. This could include extensive limitations in campus resources, lack of access to essential services, or severe disruptions in communal and social activities. Immediate action would be required to ensure student retention and satisfaction. Severe - Drastic changes to the student experience where the essence of campus life, culture, or sense of community is lost. There might be long-term repercussions, affecting the reputation of the institution, with potential drops in enrolment rates or student recommendations. Major strategic interventions would be necessary to restore trust and rectify the situation.
Rule Financial Impact Rating For every risk, the maximum financial impact, should it materialise, should be rated as either of the following: Very low - Little to no effect on budgets Low - An effect on one or more budgets that is manageable within those budget(s). Moderate - Financial consequences to the budget or budgets involved, which can be managed by underspending in unaffected budgets. High - Financial repercussions that require the use of cash reserves, in-year transfers from unaffected budgets, or, transitional funding from external sources. Severe - Significant financial losses we can only address through external funding.
Rule Reputation Impact Rating For every risk, the maximum reputational impact, should it materialise, should be rated as either of the following: Very low - No outside opposition or disapproval projected. Low - Some external criticism that is unlikely to be significant enough to cause reputational damage. Moderate - External criticism of the School that it is within our power to address or mitigate, thereby minimising the impact or degree of reputational damage. High - Potential external criticism of the School that could lead to substantial reputational damage. Severe - Negative press coverage and regulatory or governmental intervention due to significant national and international criticism.
Rule Risk Overall Impact Rating Based on the granular impact assessment, the overall impact rating of each risk will be calculated (automatically by the AGS) based on the following weighted formula: (3 x Academic + 2 x Student experience + Staff + Financial + Reputation) / 8 This formula is to emphasise the School's strategic prioritisation of the student's interests and wellbeing in our risk management and prioritisation.
Rule Risk Overall Score An overall score shall be calculated (automatically by the AGS) for each risk based on the following formula: *(Probability of materialising) X (Overall impact rating)* Since each factor is on a scale of 1 to 5, the overall score will be on a scale of 1 to 25, labelled as: Operational: Very low (1 to 3) Low (4 to 6) Strategic: Medium (8 to 10) High (12 to 16) Very high (Over 16)
Rule Systematic Risk Mitigation and Monitoring The School must systematically mitigate risks by documenting the following in the risk register: Prevention: Measures to reduce the likelihood of risk materialisation. Alleviation: Measures to minimise adverse effects if the risk occurs, such as backup plans. Plans: Current and future steps to improve risk scores. Target Score: Expected risk rating (red, amber, green) after mitigation. Departmental directors, in support of the Quality and Audit Committee, must routinely monitor and use the risk register in their operations and regularly report on risks and mitigation strategies to the Executive Committee. This structured approach ensures risks are effectively controlled, minimised, and reported, enabling proactive management and safeguarding the School’s objectives.
Rule Responsibilities and Meetings of the Quality and Audit Committee The Quality and Audit Committee will meet at least three times a year, aligned with key dates in the operating cycle. Its responsibilities, as outlined in the Governance Structure Statement, include: Reviewing and reporting on the School’s internal control, mitigation systems, and risk management processes. Reviewing and reporting on insurance and other risk management mechanisms. Advising the Board of Governors and other bodies on quality and compliance matters. Overseeing, reviewing, and reporting on the Strategic and Operational Risk Registers. Reviewing and reporting on the integrity of financial statements, formal financial announcements, and communications with the Office for Students. Reviewing and advising on the effectiveness of internal and external audit functions. Reviewing and advising on legal and regulatory compliance. Reviewing and advising on ethical standards compliance. Reviewing and reporting on the operational efficacy of Health and Safety arrangements. Investigating, resolving, and reporting on alleged ethical or other breaches involving the Executive Committee or Academic Board, while breaches by other principal bodies are addressed by the Board of Governors. Advising on the appointment and removal of accountants and auditors. Advising on annual financial statements, performance, and reports. Investigating and reporting on suspected financial irregularities. These structured responsibilities ensure the School maintains robust governance, risk management, and compliance, safeguarding institutional integrity and accountability. Regular meetings allow the Committee to effectively oversee and advise on critical aspects of the School’s operations.
Rule Project Risk Management and Reporting Projects may require their own risk register and management. When proposing any substantial new initiative or change to ongoing activities, departmental directors must: Identify and assess potential risks. Maintain a project-specific risk register. If the project impacts the entire School, include these risks in the School's risk register. Regularly submit a summary report to: Executive Committee Quality and Audit Committee Board of Governors (only if strategic, sensitive, or high-impact risks are identified) This ensures that all significant risks associated with new projects are effectively managed and communicated, safeguarding the School’s overall stability and strategic objectives.
Rule Strategic and Operational Risk Management The Executive Committee will identify, assess, and mitigate strategic and operational risks affecting the School, including student protection, using the risk register. This may involve collaboration with the Board of Governors and the Quality and Audit Committee, particularly for risks related to key partners and regulatory bodies. The Board of Governors will review risk management at each meeting, with the Executive Committee and Quality and Audit Committee reporting on risks. This ensures a proactive approach to risk management, safeguarding the School’s strategic objectives and compliance with regulatory requirements. Regular reporting to the Board of Governors enhances oversight and informed decision-making.

Title

Rule
Risk Management Through the Automated Governance System (AGS)

All risks must be recorded and managed through the School's automated governance system (AGS) using the dedicated risk register functionality.

The AGS risk register provides a structured and efficient method for tracking and addressing risks, ensuring consistent management and mitigation across the School.

Rule
Risk Probability Assessment

The likelihood of each risk materialising within the following 12 months (24 months for strategic risks) should be regularly assessed on a scale of 1 to 5:

Rare - Highly unlikely, but still some remote possibility of materialising.
Unlikely - Possible but quite improbable and not expected.
Plausible - Reasonably conceivable to materialise.
Likely - Quite probable and expected to occur.
Impending - Highly likely or almost certain to materialise.

Rule
Granular Impact Assessment

The potential maximum impact of every risk, should it materialise, should be assessed in the following categories:

Academic: Impact on teaching effectiveness and learning outcomes.
Staff: Impact on working practices, employment or employee experience.
Student experience: Impact on student satisfaction and overall experience.
Financial: Impact on budgets, financial viability and sustainability of the organisation.
Reputation: Impact on the external approval of the School and the credibility of its awards.

Rating the potential impact in each aspect individually helps to ensure that impact assessments are carried out thoroughly and with good granularity. It also enables more insightful and detailed reporting and governance intelligence.

Rule
Risk Impact Rating

The impact of each risk should be rated in each category on a scale of 1 to 5, taking into account any existing mitigating controls and assurances already present to mitigate the impact of the risk should it materialise:

Very low
Low
Moderate
High
Severe

The rating should be selected based on the most credible and probable worst-case, given the available information, rather than simply a best-case or worst-case scenario.

Rule
Academic Impact Rating

For every risk, the maximum academic impact, should it materialise, should be rated as either of the following:

Very low - No reduction in learning or teaching quality, student satisfaction, or award quality.
Low - No discernible impact on learning or teaching quality, student satisfaction, or award quality.
Moderate - Impact on learning or teaching quality, student satisfaction, or award quality that can be resolved without impacting student retention, progression, or success.
High - Material but manageable impact on learning or teaching quality, student satisfaction, or award quality that can be resolved without impacting student retention, progression, or success.
Severe - Significant and unmanageable impact on learning or teaching quality, student satisfaction, or award quality that can be resolved without impacting student retention, progression, or success.

Rule
Staff Impact Rating

For every risk, the maximum impact on staff or working practices, should it materialise, should be rated as either of the following:

Very low - Small modifications necessary to how tasks are completed.
Low - Adjustments to working practices or modifications to staff roles.
Moderate - Potential changes to employment positions which may require formal processes.
High - Formal change processes to manage potential employment issues, including the risk of redeployment, or redundancies.
Severe - Possibility of critical skills/personnel not being available or needing to downsize staff through redundancies.

Rule
Student Experience Impact Rating

For every risk, the maximum impact on the overall student experience, should it materialise, should be rated as either of the following:

Very Low - No noticeable change to the student's overall campus life, access to resources, engagement opportunities, or sense of belonging.
Low - Minimal disruptions to certain aspects of student life, but the overall experience remains largely unchanged. Temporary inconveniences might be experienced, but they don't significantly detract from the holistic student journey.
Moderate - Changes that can be felt in specific areas of the student experience, such as in extracurricular activities, campus facilities, or support services. However, with proper interventions, the impact can be mitigated, ensuring a continuity of the student experience.
High - Substantial disruptions that might lead to students reconsidering their choice of institution or course of study. This could include extensive limitations in campus resources, lack of access to essential services, or severe disruptions in communal and social activities. Immediate action would be required to ensure student retention and satisfaction.
Severe - Drastic changes to the student experience where the essence of campus life, culture, or sense of community is lost. There might be long-term repercussions, affecting the reputation of the institution, with potential drops in enrolment rates or student recommendations. Major strategic interventions would be necessary to restore trust and rectify the situation.

Rule
Financial Impact Rating

For every risk, the maximum financial impact, should it materialise, should be rated as either of the following:

Very low - Little to no effect on budgets
Low - An effect on one or more budgets that is manageable within those budget(s).
Moderate - Financial consequences to the budget or budgets involved, which can be managed by underspending in unaffected budgets.
High - Financial repercussions that require the use of cash reserves, in-year transfers from unaffected budgets, or, transitional funding from external sources.
Severe - Significant financial losses we can only address through external funding.

Rule
Reputation Impact Rating

For every risk, the maximum reputational impact, should it materialise, should be rated as either of the following:

Very low - No outside opposition or disapproval projected.
Low - Some external criticism that is unlikely to be significant enough to cause reputational damage.
Moderate - External criticism of the School that it is within our power to address or mitigate, thereby minimising the impact or degree of reputational damage.
High - Potential external criticism of the School that could lead to substantial reputational damage.
Severe - Negative press coverage and regulatory or governmental intervention due to significant national and international criticism.

Rule
Risk Overall Impact Rating

Based on the granular impact assessment, the overall impact rating of each risk will be calculated (automatically by the AGS) based on the following weighted formula:

(3 x Academic + 2 x Student experience + Staff + Financial + Reputation) / 8

This formula is to emphasise the School's strategic prioritisation of the student's interests and wellbeing in our risk management and prioritisation.

Rule
Risk Overall Score

An overall score shall be calculated (automatically by the AGS) for each risk based on the following formula:
(Probability of materialising) X (Overall impact rating)

Since each factor is on a scale of 1 to 5, the overall score will be on a scale of 1 to 25, labelled as:

Operational:

Very low (1 to 3)
Low (4 to 6)

Strategic:

Medium (8 to 10)
High (12 to 16)
Very high (Over 16)

Rule
Systematic Risk Mitigation and Monitoring

The School must systematically mitigate risks by documenting the following in the risk register:

Prevention: Measures to reduce the likelihood of risk materialisation.
Alleviation: Measures to minimise adverse effects if the risk occurs, such as backup plans.
Plans: Current and future steps to improve risk scores.
Target Score: Expected risk rating (red, amber, green) after mitigation.

Departmental directors, in support of the Quality and Audit Committee, must routinely monitor and use the risk register in their operations and regularly report on risks and mitigation strategies to the Executive Committee.

This structured approach ensures risks are effectively controlled, minimised, and reported, enabling proactive management and safeguarding the School’s objectives.

Rule
Responsibilities and Meetings of the Quality and Audit Committee

The Quality and Audit Committee will meet at least three times a year, aligned with key dates in the operating cycle. Its responsibilities, as outlined in the Governance Structure Statement, include:

Reviewing and reporting on the School’s internal control, mitigation systems, and risk management processes.
Reviewing and reporting on insurance and other risk management mechanisms.
Advising the Board of Governors and other bodies on quality and compliance matters.
Overseeing, reviewing, and reporting on the Strategic and Operational Risk Registers.
Reviewing and reporting on the integrity of financial statements, formal financial announcements, and communications with the Office for Students.
Reviewing and advising on the effectiveness of internal and external audit functions.
Reviewing and advising on legal and regulatory compliance.
Reviewing and advising on ethical standards compliance.
Reviewing and reporting on the operational efficacy of Health and Safety arrangements.
Investigating, resolving, and reporting on alleged ethical or other breaches involving the Executive Committee or Academic Board, while breaches by other principal bodies are addressed by the Board of Governors.
Advising on the appointment and removal of accountants and auditors.
Advising on annual financial statements, performance, and reports.
Investigating and reporting on suspected financial irregularities.

These structured responsibilities ensure the School maintains robust governance, risk management, and compliance, safeguarding institutional integrity and accountability. Regular meetings allow the Committee to effectively oversee and advise on critical aspects of the School’s operations.

Rule
Project Risk Management and Reporting

Projects may require their own risk register and management.

When proposing any substantial new initiative or change to ongoing activities, departmental directors must:

Identify and assess potential risks.
Maintain a project-specific risk register. If the project impacts the entire School, include these risks in the School's risk register.
Regularly submit a summary report to:
- Executive Committee
- Quality and Audit Committee
- Board of Governors (only if strategic, sensitive, or high-impact risks are identified)

This ensures that all significant risks associated with new projects are effectively managed and communicated, safeguarding the School’s overall stability and strategic objectives.

Rule
Strategic and Operational Risk Management

The Executive Committee will identify, assess, and mitigate strategic and operational risks affecting the School, including student protection, using the risk register. This may involve collaboration with the Board of Governors and the Quality and Audit Committee, particularly for risks related to key partners and regulatory bodies.

The Board of Governors will review risk management at each meeting, with the Executive Committee and Quality and Audit Committee reporting on risks.

This ensures a proactive approach to risk management, safeguarding the School’s strategic objectives and compliance with regulatory requirements. Regular reporting to the Board of Governors enhances oversight and informed decision-making.

Metrics and KPIs

The following metrics will be measured and regularly reviewed as key performance indicators for the School to ensure the effectiveness of this policy and associated operations.

Title
Annual Risk Review Completion Monitor the completion of a full risk review for each department annually, with a target of 100% by the end of each academic year. Ensures that all departments are regularly reassessing risks, contributing to the overall resilience of the institution.
Incident Response Time Monitor the average time taken to respond to critical incidents identified in the risk register, aiming for a response time of under 24 hours. Ensures rapid response to incidents, reducing potential damage and disruption to School operations.
Mitigation Plan Implementation Rate Track the percentage of risks with mitigation plans implemented within the specified timeline, targeting 95% completion within the deadline. Ensures that mitigation strategies are applied promptly, reducing the impact of identified risks on the School’s operations.
Monthly Risk Report Submission Rate Track the percentage of departments submitting monthly risk reports to the Executive Committee on time, targeting 100% compliance. Ensures regular monitoring and communication of risks, facilitating proactive management.
Risk Identification Compliance Rate Measure the percentage of identified risks documented in the Risk Register within 5 working days of discovery, aiming for 100% compliance. Ensures all risks are promptly recorded and addressed, reducing the likelihood of unmonitored risks impacting the School.
Risk Register Update Frequency Track the number of updates made to the Risk Register each quarter, with a target of at least one update per department per quarter. Keeps the Risk Register current and reflective of the School's evolving risk landscape.

Title

Annual Risk Review Completion
Monitor the completion of a full risk review for each department annually, with a target of 100% by the end of each academic year.
Ensures that all departments are regularly reassessing risks, contributing to the overall resilience of the institution.

Incident Response Time
Monitor the average time taken to respond to critical incidents identified in the risk register, aiming for a response time of under 24 hours.
Ensures rapid response to incidents, reducing potential damage and disruption to School operations.

Mitigation Plan Implementation Rate
Track the percentage of risks with mitigation plans implemented within the specified timeline, targeting 95% completion within the deadline.
Ensures that mitigation strategies are applied promptly, reducing the impact of identified risks on the School’s operations.

Monthly Risk Report Submission Rate
Track the percentage of departments submitting monthly risk reports to the Executive Committee on time, targeting 100% compliance.
Ensures regular monitoring and communication of risks, facilitating proactive management.

Risk Identification Compliance Rate
Measure the percentage of identified risks documented in the Risk Register within 5 working days of discovery, aiming for 100% compliance.
Ensures all risks are promptly recorded and addressed, reducing the likelihood of unmonitored risks impacting the School.

Risk Register Update Frequency
Track the number of updates made to the Risk Register each quarter, with a target of at least one update per department per quarter.
Keeps the Risk Register current and reflective of the School's evolving risk landscape.