The University's arrangements for risk management and business continuity planning form part of its system of corporate governance and internal control.
The Audit Committee is responsible for oversight of internal control, including risk management and business continuity planning. The revised risk management policy was approved by the Board of Governors on 25 September 2014.
The risk management policy differentiates between strategic and operational risks. Strategic risks are risks that might threaten the University’s ability to meet its key objectives. This includes risks that may threaten the University’s ability to meet the Strategic Plan, its policies and procedures. Strategic risks are recorded in the corporate risk register, managed by the University Executive Team and monitored by the Audit Committee. Operational risks are risks that are present in the day-to-day functions and services of the University. Every employee at the University will have some responsibility for managing operational risks. Operational risks are recorded in school / service risk registers, monitored by school / service areas and reported to the Audit Committee.
The University has a Crisis Management Plan in place that details how the University will respond to crises. The Crisis Management Plan requires crisis response plans for certain services and business recovery plans for all schools and services. The plans will be tested and reviewed regularly.