Risk Committee Terms of Reference

Constitution

The Governing Authority, at its meeting of September 5th, 2013, approved the establishment of a sub-committee of the Governing Authority to be known as the ‘Risk Committee’, hereinafter referred to as the ‘Committee’. 

Purpose

The purpose of the Committee is to support the Governing Authority in its oversight of risks that could affect the University’s ability to achieve its strategic objectives or compromise its mission and core values. 

The purpose of this document is to set out the Committee’s Terms of Reference and other related matters. 

Membership

3.1) The membership of the Committee shall be appointed by the Governing Authority. 

The Committee shall consist of at least four members, two of whom shall be external members of the Governing Authority, and two of whom shall be University members of staff. One additional member, external to the University, may also be appointed. 

In appointing members, using formal assessment criteria, consideration shall be given to the skills and independence of members and any relevant risk management experience.

3.2) The following members of the Governing Authority shall not be members of the Committee: President

3.3) The Chair of the Committee shall be appointed by the Governing Authority and will be an external member of the Authority. The Chair may also be a member of the Audit Committee. 

3.4) New members of the Committee will receive a formal Letter of Appointment from the Governing Authority specifying their term of appointment. 

3.5) Formal induction training will be provided for new Committee members. 

Frequency & Conduct of Meetings 

4.1) The Committee shall meet at least three times a year.

4.2) Meetings may be held on any of campus of the University or held remotely utilising video conferencing technology.   

4.3) The meeting agendas for all Committee meetings shall include an item requiring committee members to declare any interests or conflict of interests.  Where necessary a committee member may be required to leave the meeting for the duration of any related discussions and abstain from any related proposals or decisions.  

4.4) Any member of the Committee may request, through the Chair, to have an item placed on the agenda for a meeting of the Committee. 

Quorum

​​​​​​​​5.1) The quorum required for the transaction of business shall consist of at least three members of the Committee, at least two of whom must be external members.

In the event that an external member is not available to attend a meeting, another external member of the DCU Governing Authority, or one of its committees, may substitute for that member for the purpose of ensuring the meeting's quorum.  

5.2) A duly convened meeting of the Committee at which a quorum is present shall be competent to exercise all or any of the authorities, powers and discretions vested in, or exercisable by, the Committee.
 

Attendance at meetings

6.1) The following may attend for all or part of Committee meetings at the invitation of the Chair:

-    Chief Operations Officer and Deputy(s);
-    Risk & Compliance Officer;
-    Any employee of the University or its subsidiaries; &
-    Any external person relevant to the work of the Committee.

Governing Authority members shall also have the right of attendance with prior agreement by the Chancellor of the Governing Authority and the Chair of the Committee.

6.2) The Chair may also invite the Head of Internal Audit (or nominee)  and/or the University’s External Auditor(s) to attend Committee meetings.

6.3) The Office of the Chief Operations Officer will provide secretarial services to the Committee.

6.4) At least once a year the Committee will meet separately with each of the following postholders without members of University management being present:

(a)    Head of Internal Audit; 
&
(b)    Risk & Compliance Officer.

Decisions and voting

7.1) Each question at a meeting of the Committee shall be determined by consensus, but where in the opinion of the Chair, consensus is not possible, the question shall be decided by a majority of the members present voting on the question and, in the case of an equal division of votes, the Chair shall have a second and casting vote. All votes taken shall be referred to the Governing Authority for noting.

Authority

8.1) The Committee is authorised by the Governing Authority to investigate any activities within its terms of reference and to seek any information it may require from any employee of the University or its subsidiaries. All employees are directed to co-operate with any request made by the Committee.

8.2) The Committee is authorised by the Governing Authority to co-opt expertise to provide specialist skills, knowledge and experience, and to obtain outside legal or other independent professional advice, if it considers this necessary.

8.3) In addition to these Terms of Reference the Committee may also draw up its own working procedures.
 

Committee Duties

9.1) Committee Duties

The duties of the Committee shall be to advise, and/or make recommendations to, the Governing Authority on the following matters:

a)    Review the University’s Risk Management Policy and recommend any changes to the policy for approval to the Governing Authority;

b)    Determine, at least annually, whether the Risk Management Policy is appropriate for the purposes of the Governing Authority in discharging its responsibilities for ensuring that risks are properly identified, assessed, reported and controlled.

c)    Review the University’s draft Strategic Risk Register and recommend same to the Governing Authority for approval.

d)    Review the University’s Business Continuity arrangements and Crisis Management Framework for approval by the Governing Authority;  

e)    Review the effectiveness of the University’s framework for:

-    overseeing compliance with all relevant laws and regulations, including University policies;
& 
-    identifying and managing compliance risks;

f)    Receive the annual report of logged compliance breaches and a summary of any remedial actions taken to prevent recurrence or to better manage compliance risks in the future;

g)    Advise the Governing Authority in its consideration of an overall risk appetite(s) and risk tolerance(s) for the University;

&

h)    Advise the Governing Authority of any need for a periodic external review of the effectiveness of risk management for the University.

9.2) Committee Obligations 

The obligations of the Committee shall be:

a)    The approval of the annual Risk Management Plan;

b)    Preparation of an annual Committee Work Plan with a subsequent review of whether the intended elements of the plan were achieved;

c)    Provision of Key Performance Indicators (KPIs) to assess the performance of the Committee and to review these at least once a year; 

d)    Review of the key risks to the achievement of the University’s strategic goals, and the adequacy of any planned responses to managing those risks;

e)    Monitor the effectiveness of the risk management framework along with its continuing functioning and appropriateness;  

f)    Review reports of any significant risk incidents, escalation protocols and the adequacy of responses to both;

g)    Seek assurance that risk management policy and practice are embedded across the University;

h)    Ensure that the risk management function is adequately resourced and supported, and has an appropriate standing within the University;

i)    Liaise with the Internal Audit function, the Audit Committee, and other committees of the Governing Authority as necessary, to assist with the review of internal controls and the implications for the Risk Management process;

j)    Review, in consultation / cooperation / conjunction with the Audit Committee, the risk related disclosures made in the University’s draft Annual Governance Statement (AGS) and the separate Statement on Internal Control and, if appropriate, recommend their adoption by the Governing Authority.  

k)    Recommend to the Audit Committee those areas of the University’s Risk Management Framework to be reviewed each year, if any;  

l)    Evaluate its own performance on an annual basis and, as appropriate, commission an external evaluation;

m)    Hold at least one annual joint meeting with the Audit Committee to discuss any items of mutual interest or concern as determined by the Chairs of both Committees;

n)    Consider other topics, as requested by the Governing Authority or initiated by the Committee;

o)    Consider any external risk reports where these may assist with the Committee meeting its obligations under these Terms of Reference;

p)    Conduct the tasks assigned to the Committee as set out in the University’s Risk Process; &

q)    Establish a protocol for reviewing and, if considered appropriate, recommending for later approval by the Governing Authority any contract which contains an unlimited liability clause or section that places an obligation on the University.

Reporting Arrangements

10.1) The Committee shall report at least annually on its activities to the Governing Authority. The report will include:

a)    Committee’s opinion on the governance, effectiveness, quality and adequacy of the University’s Risk Management Framework;

b)    Committee’s Key Performance Indicators; &

c)    Committee’s assessment on its own operations.  

10.2) The Committee will report to meetings of the Governing Authority on such other occasions as requested.

10.3) The Risk & Compliance Officer will keep the final approved minutes of the Committee’s meetings and will circulate draft minutes to all members in advance of the next scheduled meeting.

10.4) Final approved minutes of meetings of the Committee will be circulated to the Governing Authority for noting.

10.5) The Committee shall arrange for an annual review of its terms of reference and shall submit any changes necessary to the Governing Authority for approval.

Definitions

11.1) Risk Management Framework 
The combination of policies, procedures, processes, controls, oversight and resources applied to the robust management of risk across the University and its wholly owned campus companies.  

11.2) Risk Management Policy 
The Risk Management Policy sets out the University’s approach, at a high level, as to how it intends to ensure risks to the delivery of the University’s Strategic Plan are identified, analysed and managed so that they are maintained at acceptable levels. The goal of the policy is to identify risks and determine how they may be treated, tolerated, transferred or terminated.

11.3) Risk Management Plan
The Risk Management Plan is set out in the annual Strategic Risk Register and is composed of the mitigation controls, both current and future, to manage the risks as described in the register.

The plan is intended to:

•    provide assurance to the Risk Committee and the Governing Authority that the University’s key risks (Principal, Emerging and High Impact/Low Probability (HILPs)) have been adequately assessed, evaluated and controlled / mitigated;
•    set out how the likelihood and impact of operational losses will be mitigated; 
•    ensure opportunities are pursued; & 
•    provides a platform for future conversations with the Risk Committee on key risk topics.
The Risk Management Plan sets out in detail the annual process adopted by the University to give effect to the Risk Management Policy.

11.4) Strategic Risk Register (SRR)
The Strategic Risk Register is the highest-level risk register prepared by the University. It is a component part of the Risk Management Plan.

11.5) Risk Appetite
Risk Appetite represents the types and aggregate levels of risk an organisation, such as the University, is willing to take on to actively pursue its strategic objectives.