Higher Education Strategic Risk Analysis Report 2025/26 26 Appendix A - Methodology This year our analysis examines the strategic or corporate risk registers across a group of institutions. our analysis covers a broad range of 20 universities from small and specialist, to large metropolitan and research intensive. As set out in Section 1, these risk registers embrace a range of different methodologies, scoring matrices and approaches. Each of the risks has been documented and categorised against one of the 23 common sector themes which are set out in the table below. We recognise that certain risks may span more than one risk theme area. For these risks, we have categorised them in accordance with their primary description. For instance, a risk around the downturn in international applications would be classed as student recruitment risk. If, however, this risk was framed as a driver placing downward pressure on income under an overarching financial sustainability risk, it would be classed as a financial sustainability risk. Analysis undertaken includes: • An assessment of the total risks recorded under each theme and the frequency of risk themes across the set of institutions. Where risks cut across the risk themes, risks have been allocated to the most prevalent or significant theme. • An assessment of the inherent, unmitigated score given to each risk and the subsequent residual score post-mitigation. Scores have been normalised using a 0-1.0 scoring system, and averages calculated for each risk theme. Analysis of variance between institutions. • Calculation of the difference between the average normalised inherent and residual risk scores for each theme to examine the extent to which institutions believe that risks are being managed. Analysis of variance between institutions. • An analysis of the distribution of risk scores for each theme across institutions. We use a dense ranking approach to rank risks. Theme Risk areas included Apprenticeships Department for Education and Ofsted compliance, including planning, resourcing, management, and oversight of degree apprenticeship activities. Business continuity Planning and management of major incident management, IT and other disaster recovery and business continuity. Cybersecurity Risk arising from cybersecurity threats, including understanding the changing risk environment and digital estate, monitoring, and testing. Data Risks around data quality, data governance, analytical capability and ability to comply with statutory reporting. Digital estate Failure of aspects of the digital estate and/or non-delivery of planned changes and improvements, failure to exploit technology and AI opportunities. Environmental sustainability Non-realisation of net zero by target date Estates infrastructure Capital projects, condition and utilisation of the University estate, security of the university estate, and availability of accommodation for students. Financial sustainability Overarching risks relating to financial sustainability, inflation, erosion of unit of resource from tuition fees, pension costs and control of cost base. This includes risks relating to the realisation of efficiency benefits from changes to the organisational operating models. Geopolitics Range of risks relating to economic and policy factors outside of the UK impacting education and research partnerships, student recruitment, and security. Governance Effectiveness of academic and institutional governance.
RkJQdWJsaXNoZXIy NTI5NzM=