The University's arrangements for risk management and business continuity planning form part of its system of corporate governance and internal control.
The Audit Committee is responsible for oversight of internal control, including risk management and business continuity planning.
The Risk Management Policy differentiates between strategic and operational risks. Strategic risks are risks that might threaten the University’s ability to meet its key objectives. Strategic risks are recorded in the Corporate Risk Assurance Register, managed by the University Executive Team and monitored by the Audit Committee. Operational risks are risks that are present in the day-to-day functions and services of the University. Every employee at the University will have some responsibility for managing operational risks. Operational risks are recorded in School / Service risk registers which are monitored locally.
The University has a Crisis Management Plan in place that details how the University will respond to crises. The Crisis Management Plan requires Crisis Response Plans for certain Services and Business Recovery Plans for Schools and Services. The plans are tested and reviewed regularly.