Risk Management Policy
Policy
The objectives of the Risk Management Policy are to:
-
Establish a comprehensive risk management framework for all University activities.
-
Ensure that management decisions take into account relevant risks.
-
Integrate operational risk processes into the management of University programs.
-
Cultivate an environment and culture of risk accountability, where faculty and staff take responsibility for governing risk management.
1. The University will demonstrate a commitment toward implementing its risk management to protect and preserve its financial, physical and human assets.
2. The University RMC has been established as a committee to provide advice and counsel to the UD Senior Management pertaining to risks related management issues.
3. The University will allocate appropriate levels of responsibility to specific personnel to oversee related insurance coverage or allocated financial resources in the implementation of its operational risk to ensure an adequate mitigation plan.
4. The risk management plan, delegation of responsibilities to RMC members, and risk mitigation strategies will undergo approval by the President on an annual basis, with additional reviews as necessary.
5. To ensure the successful execution of the risk management strategy, the University will provide comprehensive training in risk management principles, methodologies, and processes to all staff involved in institutional governance. This includes the VPAA, Deans, Directors, Managers, and all UD employees.
6. The University integrates risk management principles and practices seamlessly into both strategy development and day-to-day operational processes. The risk management process is systematically applied in the following key activities:
- Annual strategic planning.
- Launching new projects/initiatives.
- Change management processes.
- Incident management procedures.
- RMC (Risk Management Committee) meetings.
The University's risk management process follows a systematic approach, involving the assessment, treatment, monitoring, review, recording, and reporting of risks across all departments. The University's Risk Management Plan details the following five iterative and cyclical steps:
-
Step 1 – Establish the context
-
Step 2 – Identification of risks
-
Step 3 – Analyze the risks
-
Step 4 – Evaluating the risks
-
Step 5 – Treating the risks
This process is illustrated in Figure 1 below:
Figure 1: Risk Management Process
A. The results of these steps are documented and reported as part of the monitoring and review activities, as detailed in Section 3.
B. Risk appetite: The University recognizes that its risk appetite is continually changing as it responds to internal and external changes. At any one time, the University may be willing to accept additional risk in one area while reducing in another. As part of the annual UD risk review, the risk appetite will be assessed against current strategic and operational needs & formalized within the Annual Risk Management Plan.
C. Risk Dimension: The assessment of all identified risks is based on the appraisal of five risk dimensions which have been determined to effectively align with the CAA Standards for Institutional licensure (SIL) and the Standards for Program Accreditation (SPA). These risk dimensions are:
S. No
|
Risk Impact Areas
|
Definition
|
1
|
Strategic
|
The risk that an event or action may adversely affect the university’s ability to achieve its strategic objectives as a licensed HEI in the UAE.
|
2
|
Operational
|
The risk that inadequate or failed internal processes, people and/or systems, or external events may adversely affect the university’s ability to achieve its operational objectives as a licensed HEI in the UAE.
|
3
|
Legal & Financial
|
Any risk that will affect the legal status or financial stability of the university and its ability to continue as a licensed HEI in the UAE.
|
4
|
Academic
|
The risk of failing to achieve academic objectives and the maintenance of academic quality and standards, specifically relating to learning, teaching, and research, will adversely affect the university’s ability to achieve its strategic objectives as a licensed HEI in the UAE.
|
5
|
International
|
The risk of not achieving equitable National Classification, international ranking, or international accreditation as compared to peer institutions within the UAE
|
7. Responsibilities
A.Risk management is a collective responsibility among all University employees.
B. Appendix I provides specific details regarding the allocation of responsibilities for Enterprise Risk Management processes. These responsibilities are designated to the following:
-
President
-
Internal Audit Team Members
-
Risk Management Committee
-
QAIE Department
-
Risk Management Executive
-
Deans/Department Managers/Risk Champions
-
Risk Owners
C. Recording and Reporting
The University reporting relating to risks and their management utilizes a hierarchical risk reporting structure, represented in the figure below.
As outlined in Appendix III, the University has established specific documents for the recording and reporting of risks. These documents encompass:
-
Risk assessment worksheet (Appendix IV)
-
Risk Register (Appendix V)
-
Master Risk register
-
Annual Risk assessment report
The Risk Management Committee is responsible for maintaining a comprehensive master risk register for UD, which meticulously documents all identified risks along with the corresponding mitigation strategies. This register serves as a consolidated compilation of individual departmental risk registers, accessible for senior management. Additionally, the committee will deliver an annual risk report to senior management, facilitating a thorough review and soliciting valuable feedback.
D. Monitoring and Review
The University shall maintain a system of continuous monitoring of identified risks to assess their changing nature and significance.
Risk owners and designated responsible parties shall conduct periodic reviews of risk indicators and events to ensure that the risks remain controlled and that mitigation strategies are effective.
The University will regularly conduct scheduled reviews of the risk management implementation activities and keep the Risk Management Implementation Action Plan (Appendix II) updated with progress.
8. Related Documents
8.1 University Documents
-
Risk management committee terms of reference
-
Risk Management Plan
8.2 Reference Documents
-
ISO 31000: 2018 Risk Management Guidelines
-
OSHAD-SF Technical Guideline- Process of Risk Management
-
IEC 31010, Risk management — Risk assessment techniques
-
ISO 31073:2022(en) Risk management — Vocabulary
-
PD ISO/TR 31004:2013: Risk management — Guidance for the implementation of ISO 31000
Appendices
Appendix I: Risk Management Responsibilities
Appendix II: Risk Management Implementation Action Plan Template
Appendix III: Risk Management Records
Appendix IV: Risk Assessment Worksheet
Appendix V: Risk Register