Authorization and Approval
Responsibility: President
Authorization: Board of Governors
Approval Date: Oct 6, 2016
Amended: Dec 11, 2018
Purpose and Objectives
The purpose of University Risk Management (URM) is to ensure that the portfolio of risks that could influence the achievement of both the university’s strategic and key operational objectives is being consistently and effectively managed. Implementing an effective URM process achieves the following key objectives:
- Roles and Responsibilities: To identify the key roles of the Board and senior management associated with managing the university’s risk exposure.
- Oversight: All significant, current and emerging risks have been identified and are being managed and monitored under a holistic approach consistent with the university’s risk management process.
- Ownership and Responsibility: The ownership of risk is inextricably linked with the ownership of goals and objectives. Individuals who are responsible for the completion of goals and objectives are therefore equally responsible for identifying, evaluating, mitigating and reporting associated risk exposures.
- Assurance: The Board and management have reasonable assurance that risk is being appropriately managed within defined levels to bring value to the organization.
Applicable key definitions have been included below.
Principles
The university follows best practices in risk management by embracing the following principles:
- Incorporate a consistent, standardized approach to risk management into the culture and strategic and operational planning processes of the university that supports decision-making and resource allocation at all levels.
- Apply a consistent approach to risk management across the university to ensure that risks priorities are identified appropriately.
- Ensure that appropriate measures are in place to address potential unfavourable impacts from risks as well as to be adequately positioned to take advantage of favourable benefits from opportunities.
- Manage a transparent approach to risk through open and meaningful communication and monitoring of all key risks.
Scope of this policy
This policy applies to all members and activities of the University of Saskatchewan.
Policy
The university is committed to utilizing a systematic approach to the identification, assessment and mitigation of risk to improve both planning and decision-making across the institution through:
- Establishing and maintaining a URM Program (the program).
- Applying the program in a standardized fashion, with a view to supporting and facilitating the achievement of the university’s strategic, operational and financial objectives, by identifying, analyzing, evaluating, treating and monitoring risks on an ongoing basis.
- Viewing the program as a valuable and integrated source of information to assist administrators in making informed, consistent decisions throughout the university, rather than an independent activity.
- Promoting a culture of risk management that will seek to evaluate and anticipate risk at the evaluation, planning and implementation stages of initiatives and projects.
- Managing risk and leveraging opportunities.
- Anticipating and responding to changing social, environmental and legislative requirements.
Responsibilities
It is the responsibility of all members of the university community to practice risk management as prescribed by this policy and its attendant procedures.
Board of Governors / Audit Committee of the Board of Governors:
- Approve the university’s URM policy and any required revisions to the policy from time to time.
- Overarching responsibility for oversight of the university’s risk management process and for providing institutional risk information to the university’s Board of Governors, in consultation with the other Board of Governors’ standing committees as directed by their individual mandates.
- In consultation with management, to identify the principal risks facing the university, review the university’s tolerance and appetite for risk and approve risk management policies as part of the university’s risk management process. In this context, the Committee shall focus on financial risk and gain reasonable assurance that financial risk is being effectively managed or controlled through the management reports and regular risk management updates.
- Inquire of the senior administrative officers (Administration) of the university (including the Chief Audit Executive) and the external auditor about significant risks or exposures and assess if the appropriate measures to manage or address the risk have been taken by Administration.
- Participates annually with senior administration for validating significant university risks.
President:
- In conjunction with the Board of Governors, set the tone and influence the culture of risk management within the university.
Vice President, Finance and Resources (VPFR)
- Leads the university-wide risk management program and reports on the university’s risks to the Audit Committee quarterly.
- Incorporates the identification, assessment and management of risks into the planning processes.
- Ensures accountability and transparency of activities, information and reports.
- Communicates and ensures compliance with University policies, federal and provincial laws and regulations and collective agreements.
- Ensures high standards with respect to health and safety.
- Implements and maintains an effective system of checks and balances with respect to financial management and assets, which general safeguarding and stewardship of all resources (financial, physical and human resources).
President’s Executive Committee (PEC):
- In conjunction with the VPFR, act as the university’s Risk Management Steering Committee and provide adequate leadership and oversight to the URM program.
- Create and promote a risk aware culture within the university, integrating risk in all strategic planning and decision-making.
- Implement the policy and processes pertaining to URM.
- Assign responsibility for addressing prioritized risks, as they are determined.
Administrative Heads (Deans, Executive Directors, AVPs/Vice Provosts, Directors, Heads of Academic & Administrative Units):
- Create and promote a risk aware culture within their college or unit.
- Implement the university’s policy and process pertaining to the URM Program.
- Identify and evaluate, and to the extent possible, mitigate key risks during planning or project development which may impact the university strategically, reputationally or financially.
- Undertake regular reviews of identified key risks and provide reports to the PEC of any material changes with their respective risk profile.
Audit Services:
- Through execution of the Internal Audit Plan, conducts reviews to assess compliance with this policy and the adequacy of URM program processes and controls implemented by the university to address the key risks.
- Reports its observations and recommendations to the VPFR and Audit Committee. Monitors the university’s responses to and implementation of its recommendations.
- Develop and facilitate the implementation of the URM Program.
- Ensure that the URM program remains fit for purpose and aligns with international standards and best practice.
- Conducts annual university-wide risk assessments with PEC and other stakeholders as agreed to with the VPFR and the Provost and VP Academic.
- Deliver training and mentoring for URM as appropriate.
- Work with risk owners to facilitate the identification and analysis of both strategic and operational risks.
- Assist risk owners in their identification of effective risk mitigations.
- Provide timely and accurate risk reporting to senior administration and the appropriate governing bodies through the maintenance of an up-to-date university risk register.
- Reports significant non-compliance with this policy to the President and the Audit Committee, if and when it arises.
Non-compliance
The University of Saskatchewan expects that all members of the university community will comply with this policy and that those identified as having responsibilities for the implementation of the policy will abide by the policy and co-operate in fulfilling it. Should there be reason to suspect non-compliance with the policy; the university may suffer reputational, financial or other harm. As a result, Audit Services shall report the circumstances to the Vice-President Finance and Resources to determine an appropriate course of action. If this does not prevent further violations or failure to co-operate, Audit Services shall refer the matter to the President and ultimately to the Board of Governors.
Definitions
Members – Faculty, staff and agents of the University of Saskatchewan.
Risk - means the chance of occurrence of an event or trend that will have a negative impact fulfillment of objectives at the institutional, academic unit and/or academic support unit levels.
Risk Management - is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risk management’s objective is to assure uncertainty does not deflect the endeavor from the business goals.
Risk owner - a person with the accountability and authority to manage a risk. This is a person who is both interested in resolving a risk, (i.e., someone who is very much interested in preventing such risks from happening) and positioned highly enough in the organization, so that his or her voice would be heard among the decision makers, to do something about it.
University Risk Management Program (the program) - includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives. A URM Program typically involves identifying particular events or circumstances relevant to the organization's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, organizations protect and create value for all of their stakeholders and society overall.
Questions?
If you have questions about this policy please contact:
Contact Person: Auditor and Risk Services
Phone: 306-966-4915