This page will provide further guidance on risk management.
Risk treatment is the process of modifying the risk. This will involve deciding on one or more options to modify the risk and then the implementation of these. The 'treatments' then modify existing controls or create new controls.
Risk treatment would be included in 'existing controls' and 'actions for further control' in the risk register template.
- Avoid: the decision to not start or not continue with the activity which led to risk.
- Reduce: controls will be put in place to aim to reduce the impact/likelihood of the risk.
- Accept: where the risk lies within the appetite/tolerance range, the risk may be taken in order to pursue opportunity.
- Monitor: monitoring a risk will include monitoring the status of the risk, the status of the controls in place to mitigate the risk, the status of the associated causes and the status of the associated consequences.
Continual monitoring of a risk means that, where required, the treatment option can be changed; for example, if the likelihood of a risk occurring decreases, it might then fall within the appetite/tolerance range to 'accept' the risk.
What is risk appetite and risk tolerance?
Risk appetite and risk tolerance refers to the willingness of the institution to take a certain amount of risk. The diagram below depicts risk appetite, risk tolerance and risk capacity:
Risk Appetite: risk appetite refers to the amount of risk the University/School/Directorate is willing to accept in the pursuit of its objectives.
Risk Tolerance: risk tolerance refers to the boundaries of risk taking outside which the University/School/Directorate is not willing to venture in pursuit of its objectives.
Risk Capacity: risk capacity is the amount of risk the University/School/Directorate cannot exceed.
The red area in the diagram shows where the University/School/Directorate cannot venture in relation to risk. The area in green depicts where risk is in a comfortable range.
The University Court has determined an approach to risk for the University. This approach seeks to minimise exposure to reputational, compliance and undue financial risk whilst encouraging a more open stance to risk in the achievement of the University's strategic objectives as set out in the strategy wheel of the Strategy to 2022. The University accepts that the level of risk appetite varies from one activity to another depending on the potential for that risk to materialise and have a detrimental effect on the reputation and financial sustainability of the University and whether that risk might undermine the University's ability to comply with relevant laws, regulations, codes and practice.
The University defines its risk appetite by reference to a five-point, qualitative non-linear scale: averse - minimal - cautious - open - hungry.
The risk appetite statement sets out the University's stance on the core operational risks relating to reputation, compliance, financial sustainability and infrastructure as well as the University's stance in terms of risk relating to the delivery of its strategic objectives. In response to feedback from the Court, the University takes a much more open approach to risk in the delivery of its strategic objectives, encouraging risk-taking within the context of an averse/minimal approach to reputation, compliance, finance and infrastructure risk.