63 Virtual Brochure – March 2025 Confidential - only for use by the intended party Roles and responsibilities • Visibility of new risks. To enable real-time visibility of emerging risks, a pro-active approach to identifying and capturing potential new risks outside of the formal update cycle to the institutional risk register should be adopted. This could be either as they arise, or at least monthly as a standing executive agenda item. This supports a process that is ‘live’ and ensures institutions’ risk registers, at any given time, are an accurate reflection of the right strategic risks, their management and the reduction of the risk exposure. This extends to the relegation of existing risks in appropriate cases. • Constructive challenge. Where a Risk Management (or equivalent) Group for the oversight, monitoring and scrutinising of risk registers exists, or is considered for implementation, we would expect the role of such a group to include challenging the risks in the institutional risk register and their gross / residual scores. • Aligning local risk management practices. To ensure consistency and embedment across the institution, and there is linkage (both ways) between strategic and local risk management, there should be regular interactions between the Head of Risk Management (or equivalent) role holder and risk owners. Such interactions should be used to track actions and progress, changes to risks, the risk environment and institutional responses, and the action to be taken in response, and how the risk management process can be developed further to aid management in devolved areas. • Training, communications and awareness raising. To support the embedding of risk management policy and practice, including the associated benefits and value, the delivery of training to risk owners on risk management policy, processes and templates, complemented by online best practice resources (Government Orange Book and ALARM resources). The creation of university-specific training collateral, for example, slides, training documentation or a self-paced / service training / learning module. Risk management training and reference material should form part of management and leadership role inductions. • Risk deep-dives. In addition to routine updates on strategic risks to each meeting of the Audit and Risk Committee and / or other relevant Board Committees, undertake risk deep-dives to provide additional context to high scoring risks. • Continuity. Whilst risks and their management rests with risk owners, oversight and support through the development of the policy and associated framework, liaison with risk owners and the update and maintenance of supporting resources is usually the responsibility of a dedicated role holder. It should therefore be ensured that contingency arrangements are in place to maintain progress should they be absent.
RkJQdWJsaXNoZXIy NTI5NzM=