The purpose of the risk management policy is to explain the company’s underlying approach to risk management and to document the roles and responsibilities of the Board of Directors, and the senior management team. It outlines key aspects of the risk management process and identifies the main reporting procedures.
Risk management informs strategic development through the identification and treatment of risk so that strategic objectives are more likely to be achieved, damaging events are avoided or minimised and opportunities are maximised. Good risk management increases the probability of success and reduces the probability of failure and uncertainty of achieving the company’s objectives.
This risk management policy forms part of the Company’s governance and internal control arrangement. The Board of Directors as ultimate responsibility for risk management and is therefore responsible for the approval and review of the Risk Management Policy and for ensuring that it is appropriately managed.
A frequently used definition of risk is:
‘the threat or possibility that an action or event will adversely or beneficially affect an organisation’s ability to achieve its strategic objectives’
At an institutional level, risks can affect either positively or negatively the company’s ability to operate as a business and/or deliver its strategic objectives. Risk management is important to ensure that threats and opportunities affecting the successful delivery of operating and commercial plans are appropriately addressed and managed.
Risks are identified and assessed through the establishment of a Risk Register. For the Risk Register, the company uses a 5 x 5 risk rating mechanism to assess the impact (rated A to E) and likelihood of risk (rated 1 to 5), with a scoring of A1 denoting the highest risk on the scale as high impact and high likelihood.
Likelihood
I M P A C T |
L I K E L I H O O D |
||||
A5 |
A4 |
A3 |
A2 |
A1 |
|
B5 |
B4 |
B3 |
B2 |
B1 |
|
C5 |
C4 |
C3 |
C2 |
C1 |
|
D5 |
D4 |
D3 |
D2 |
D1 |
|
|
|
|
|
|
Impact
The score should reflect the higher of the financial value, the proportion of teaching programmes affected and the degree to which the whole company is affected
Score A (highest)
Score B
Score C
Score D
Likelihood
Score 1 (highest)
Score 2
Score 3
Score 4
Score 5
The criteria of the Risk Register are as follows:
CRITERIA |
DETAIL |
Risk Area |
Identifies the areas of risk |
Risk Description |
A summary risk description |
Contributing Factors |
Key factors that would contribute to the risk, including sub-risks |
Risk Ownership |
Assigns ownership of the risk to relevant members of the Senior Management Team |
Current Controls (Mitigating |
Describes controls and management actions already in place to mitigate against the risk |
Directions of Travel |
An indication of whether the risk is seen as stable, increasing or decreasing |
Planned actions/Contingency plans |
Describes planned actions or controls that are in the process of being implemented, and notes any contingency plans in place or planned that should prevent the risk from materialising |
The Board of Governors and the Board of Directors have joint responsibility for effective risk management for all academic and operational aspects of EM Normandie UK Limited.
The Principal’s role is to:
This policy will be reviewed at least once a year
This policy will be approved by the Board of Governors and the Board of Directors.