13 November 2012

Risk Management @ London Met

Sean Connolly Director of the Programme Office

Background
A risk management system that didnt work
Problem identified as to how we claimed for students but nothing done 34m incorrectly claimed to repay

Change in VC, Governors and senior staff

SPO given responsibility for Risk Management April 2010

Starting point
Buy-in and support of Governors, senior management, Internal Audit and our Regulator, (HEFCE) Simple MS Word based system, easy to understand, easy to use Developed policy and strategy, and eventually statement of risk appetite, all available on Intranet https://intranet.londonmet.ac.uk/staff/spo/riskmanagement.cfm

Policy main points

Underlying approach to risk management Role of the Board of Governors Role of the Audit Committee Role of the Executive Group Risk management and internal control Reviewing effectiveness

Strategy main points

Identification of risks who? Dean, Director or other senior manager Evaluation of risks how? 25 point scoring scale 1-5 x 1-5 Documentation of risks where? Held by faculty, PSD and SPO Managing and reporting risks To Executive Group, Internal Audit, Audit Committee and full Board of Governors by SPO

Statement of Risk Appetite principles

Challenging and uncertain future Risk-taking is essential at times Risks associated with major projects, need to be clearly identified Any activities with residual risk greater than 20 should immediately be referred to the Chair of Governors and VC Governors have grouped the major risks facing the University into five main headings

Five headings are:

1. Risks to financial sustainability. 2. Risks associated with the student experience including recruitment, retention and academic progression. 3. Reputational risks, including relationship management with our key partners. 4. Risks associated with our academic standards, including in teaching and research. 5. Risks associated with the Universitys support systems and processes, in particular the management and quality assurance of data and other information

Corporate Risk Register

Examples of faculty and PSD risk registers LGIR Risk Register FoLs Risk register FoC Risk register Estates Risk Register

So how does it work?

Corporate system works to a point Further mitigations column needs to be SMARTer Problems with consistency of scoring at faculty and PSD level System for following up actions needs to be improved

What next
Working to improve consistency with risk management working group Developing risk management key performance indicators Continually checking with Internal Audit and HEFCE

Your questions and comments

Sean Connolly s.connolly@londonmet.ac.uk

Risk register
1. Corporate 2. Estates 3. Faculty of Computing

Risk register: Corporate

1. Failure to achieve financial sustainability 2. Failure to deliver required return
Partnerships, joint ventures, Shared Services Initiative

3. Failure to manage student population

Home, international, PG, CPD

4. Failure to deliver high quality student experience 5. Failure to sustain culture of high expectations and high performance 6. Failure in timely delivery of strategic plan

Risk register: Corporate

7. Failure in relationship with stakeholders 8. Loss of confidence in academic standing of the University 9. Failure to provide accurate returns 10. Failure to deliver information infrastructure transformation 11. Risk of staff or student action in opposition to changes
Back to main risk register

Risk register: Corporate 1

Risk register: Corporate 2

Risk register: Corporate 3

Risk register: Corporate 4

Risk register: Corporate 5 & 6

Risk register: Corporate 7

Risk register: Corporate 8

Risk register: Corporate 9

Risk register: Corporate 10

Risk register: Corporate 11

Risk register: Estates

1. Financial
Failure to meet targets revenue, capital expenditure, value

2. Capital Projects
Failure to deliver projects meeting specifications on time and budget

3. Failure of major contractors 4. Potential litigation from MITIE 5. Failure to maintain and improve the estate 6. Service delivery
Failure to deliver good quality service

Risk register: Estates

7. Failure to deliver
Building Management operations and/or Departmental Business Continuity plan

8. IT systems
Risk of failure CMIS, EMIS and Helpdesk systems

9. Legal and statutory compliance, inc. H&S 10.Carbon reduction

Failure to achieve targets

11.Risk of organisational failure 12.Failure to deliver the

Estates Master Plan

Back to main risk register

Risk register: Estates 1

Risk register: Estates 2

Risk register: Estates 3

Risk register: Estates 4 & 5

Risk register: Estates 6

Risk register: Estates 7

Risk register: Estates 8

Risk register: Estates 9

Risk register: Estates 10, 11, 12

Risk register: Computing

Under-recruitment and significantly reduced fee income Failure to secure KT and 3rd stream projects Loss of a major collaborative partner Failure to improve completion rates Failure to improve student satisfaction

Risk register: Computing

Failure to maintain and extend professional accreditation of courses Failure to achieve new CISCO Academy status Reduction in Quality Research funding Major lab or equipment failures and lack of replacement facilities

Back to main risk register

Risk register: Computing

Risk register: Computing

Risk register: Computing

Risk register: Computing

Dealing with Risk