6 Sutton Park Road, Sutton, SM1 2GD
Risk Management Policy
Policy Statement
The School is committed to a comprehensive Risk Management Policy that proactively identifies, assesses, and mitigates risks across all operations. This policy underpins our governance framework, ensuring the safety, resilience, and sustainable growth of our academic community. Through rigorous oversight, continuous improvement, and strategic risk management, we safeguard our institution’s objectives and uphold the highest standards of educational excellence and corporate governance.
Principles
- Proactivity: Risks are anticipated and addressed before they escalate, fostering a culture of forward-thinking and prevention.
- Accountability: Clear roles and responsibilities are defined, ensuring individuals and teams understand their part in managing risks.
- Transparency: Open and honest communication about risks is essential, promoting trust and informed decision-making within the School community.
- Engagement: The whole School community is involved in the risk management process to ensure a broad range of perspectives and knowledge.
- Integration: Risk management is embedded within all levels of decision-making processes, enhancing strategic outcomes and operational effectiveness.
- Adaptability: The School’s approach to risk management is flexible, responding to changing contexts and emerging threats.
- Compliance: Adherence to legal, regulatory, and ethical standards is paramount, protecting the School’s integrity and reputation.
- Empowerment: Staff and students are encouraged and enabled to manage risks within their areas of control and expertise.
- Sustainability: Decisions account for long-term risks and opportunities, ensuring the resilience and longevity of the School.
- Innovation: Encourages and safeguards the creative approaches necessary for academic and operational advancement.
- Education: Continuous learning and development in risk management practices are promoted, building a knowledgeable community.
- Collaboration: Partnerships and alliances are fostered, both internally and externally, to share knowledge and strengthen risk management capabilities.
Regulatory Context
This Policy has been developed in line with the applicable laws, regulations, regulatory advice, and sector best practices, including the following:
Risk Register and Management Procedures
Title |
---|
Rule
Risk Management Through the Automated Governance System (AGS) All risks must be recorded and managed through the School's automated governance system (AGS) using the dedicated risk register functionality. The AGS risk register provides a structured and efficient method for tracking and addressing risks, ensuring consistent management and mitigation across the School. |
Rule
Risk Probability Assessment The likelihood of each risk materialising within the following 12 months (24 months for strategic risks) should be regularly assessed on a scale of 1 to 5:
|
Rule
Granular Impact Assessment The potential maximum impact of every risk, should it materialise, should be assessed in the following categories:
Rating the potential impact in each aspect individually helps to ensure that impact assessments are carried out thoroughly and with good granularity. It also enables more insightful and detailed reporting and governance intelligence. |
Rule
Risk Impact Rating The impact of each risk should be rated in each category on a scale of 1 to 5, taking into account any existing mitigating controls and assurances already present to mitigate the impact of the risk should it materialise:
The rating should be selected based on the most credible and probable worst-case, given the available information, rather than simply a best-case or worst-case scenario. |
Rule
Academic Impact Rating For every risk, the maximum academic impact, should it materialise, should be rated as either of the following:
|
Rule
Staff Impact Rating For every risk, the maximum impact on staff or working practices, should it materialise, should be rated as either of the following:
|
Rule
Student Experience Impact Rating For every risk, the maximum impact on the overall student experience, should it materialise, should be rated as either of the following:
|
Rule
Financial Impact Rating For every risk, the maximum financial impact, should it materialise, should be rated as either of the following:
|
Rule
Reputation Impact Rating For every risk, the maximum reputational impact, should it materialise, should be rated as either of the following:
|
Rule
Risk Overall Impact Rating Based on the granular impact assessment, the overall impact rating of each risk will be calculated (automatically by the AGS) based on the following weighted formula: (3 x Academic + 2 x Student experience + Staff + Financial + Reputation) / 8 This formula is to emphasise the School's strategic prioritisation of the student's interests and wellbeing in our risk management and prioritisation. |
Rule
Risk Overall Score An overall score shall be calculated (automatically by the AGS) for each risk based on the following formula: Since each factor is on a scale of 1 to 5, the overall score will be on a scale of 1 to 25, labelled as: Operational:
Strategic:
|
Rule
Systematic Risk Mitigation and Monitoring The School must systematically mitigate risks by documenting the following in the risk register:
Departmental directors, in support of the Quality and Audit Committee, must routinely monitor and use the risk register in their operations and regularly report on risks and mitigation strategies to the Executive Committee. This structured approach ensures risks are effectively controlled, minimised, and reported, enabling proactive management and safeguarding the School’s objectives. |
Rule
Responsibilities and Meetings of the Quality and Audit Committee The Quality and Audit Committee will meet at least three times a year, aligned with key dates in the operating cycle. Its responsibilities, as outlined in the Governance Structure Statement, include:
These structured responsibilities ensure the School maintains robust governance, risk management, and compliance, safeguarding institutional integrity and accountability. Regular meetings allow the Committee to effectively oversee and advise on critical aspects of the School’s operations. |
Rule
Project Risk Management and Reporting Projects may require their own risk register and management. When proposing any substantial new initiative or change to ongoing activities, departmental directors must:
This ensures that all significant risks associated with new projects are effectively managed and communicated, safeguarding the School’s overall stability and strategic objectives. |
Rule
Strategic and Operational Risk Management The Executive Committee will identify, assess, and mitigate strategic and operational risks affecting the School, including student protection, using the risk register. This may involve collaboration with the Board of Governors and the Quality and Audit Committee, particularly for risks related to key partners and regulatory bodies. The Board of Governors will review risk management at each meeting, with the Executive Committee and Quality and Audit Committee reporting on risks. This ensures a proactive approach to risk management, safeguarding the School’s strategic objectives and compliance with regulatory requirements. Regular reporting to the Board of Governors enhances oversight and informed decision-making. |
Metrics and KPIs
The following metrics will be measured and regularly reviewed as key performance indicators for the School to ensure the effectiveness of this policy and associated operations.
Title |
---|
Annual Risk Review Completion
Monitor the completion of a full risk review for each department annually, with a target of 100% by the end of each academic year. Ensures that all departments are regularly reassessing risks, contributing to the overall resilience of the institution. |
Incident Response Time
Monitor the average time taken to respond to critical incidents identified in the risk register, aiming for a response time of under 24 hours. Ensures rapid response to incidents, reducing potential damage and disruption to School operations. |
Mitigation Plan Implementation Rate
Track the percentage of risks with mitigation plans implemented within the specified timeline, targeting 95% completion within the deadline. Ensures that mitigation strategies are applied promptly, reducing the impact of identified risks on the School’s operations. |
Monthly Risk Report Submission Rate
Track the percentage of departments submitting monthly risk reports to the Executive Committee on time, targeting 100% compliance. Ensures regular monitoring and communication of risks, facilitating proactive management. |
Risk Identification Compliance Rate
Measure the percentage of identified risks documented in the Risk Register within 5 working days of discovery, aiming for 100% compliance. Ensures all risks are promptly recorded and addressed, reducing the likelihood of unmonitored risks impacting the School. |
Risk Register Update Frequency
Track the number of updates made to the Risk Register each quarter, with a target of at least one update per department per quarter. Keeps the Risk Register current and reflective of the School's evolving risk landscape. |