Risk & Resilience Management
Welcome to the Risk & Resilience Management section of the University's website.
The section is owned by the Office of the Chief Operations Officer (COO) and it is managed by the University Risk and Compliance Officer (RCO).
It provides information on the management of risk and resilience across the University, and its wholly owned subsidiary campus companies, and it is designed to assist staff, students, members of the public and any other interested parties in understanding the University's approach to risk & resilience management.
If you wish to contact the RCO, for example to report a new significant risk or to request specific risk management training, please see the Contact Details section below.
The COO is responsible for the management of the University's risk and resilience process at the University's Executive Board level, with the day-to-day administration of the process being the responsibility of the RCO.
In relation to their risk & resilience roles the COO, the Deputy COOs & the RCO are collectively referred to as the 'Risk Function'.
Role of the Risk Function
- Assist all units across the University (including its wholly owned Campus Companies) in meeting their obligations with regard to the management of risk management and resilience;
- Maintain both unit level Risk Registers and the University level Strategic Risk Register;
- Report to the Risk Committee and the Executive on progress in relation to the management of risks; &
- Provide appropriate training, guidance and support to facilitate the University's Risk Framework.
In recent years there has been an increasing focus on corporate governance arrangements within Ireland and abroad in both the public and private sectors. One element of a strong governance framework is an effective system of risk and resilience management.
To address this obligation a formal Risk Management Function was set up within the University and since its inception in 2011 the function has gone through a number of changes which have sought to enhance risk management across the University.
Details of the current framework for the management of risk are provided on this web page.
Purpose of the Risk Management Framework
- Document those risks which may prevent the University from achieving its operational and strategic goals at both a unit level and at a wider University level;
- Address identified risks through the implementation of tailored controls and solutions;
- Track the trends in identified risks over time (e.g. are they improving, stable or deteriorating); &
- Identify and address significant and common risks across the University.
The primary output of the University's annual risk process / cycle is a Strategic Risk Register (SRR).
The purpose of the SRR is to document the most significant risks and issues that have the potential to affect the University and the steps being taken, or to be taken, to address those risks and issues.
The guide below to the SRR process is intended to be a short introduction to the theory of risk management and it outlines the approach taken to provide a SRR in each cycle.
The guide should be read by anyone who is required to engage with the University's risk management process or who has an interest in this of corporate governance.
Each annual risk cycle culminates with the approval by the Governing Authority of a Strategic Risk Register (SRR) for the University.
The SRR is the primary output of the Risk Management Process and it documents the strategic risks and issues affecting the University at a point in time.
The current year's SRR, along with an archive of prior year registers, is available on the University's website and may be accessed at the link below by Staff of the University.
Current & Prior Year SRRs (Staff Access Only)
The purpose of the University's Risk Management Policy is to ensure that risks to the University’s strategic plan are identified, analysed and managed so that they are maintained at acceptable levels by being treated, tolerated, transferred or terminated as deemed necessary.
The policy was last approved by the Governing Authority on June 30th 2022.
A 'Risk Appetite' refers to the amount of risk that an organisation is prepared to accept, tolerate or be exposed to at any given point in time and is primarily used to aid in decision making.
In the context of the University, its Risk Appetite Statement (RAS) seeks to summarise its tolerance for risks across a broad range of activities that third level institutions commonly engage in.
The RAS was approved by the Governing Authority on December 6th 2019.
The Governing Authority Risk Committee (GARC) is part of the University's overall risk management framework and its role and responsibilities are detailed in its Terms of Reference available at the link below. The terms were approved by the DCU Governing Authority on February 9th 2022.
The GARC is a sub-committee of the University's Governing Authority and details of the committee's current membership are set out below. The GARC's membership is composed of both external individuals and internal staff.
Name | Position |
---|---|
Ms Marie Sinnott | Risk Committee Chair & ESB Group Company Secretary |
Mr Justin Doyle | Director of ISS, DCU |
Prof. Caroline McMullan | Professor of Business & Society, DCU Business School |
Mr Padraig McKeon | PR & Communications, McKeon Ireland |
A risk register is a formal tool used by an organisation to document risks. While there is no definitive format for a risk register they do share certain common elements as follows.
a) Description of the risk and its potential impact;
b) Assessment of the likelihood of the risk materialising;
c) Indication of the level of seriousness of the risk's impact;
d) Controls or solutions which have been, or can be, put in place to reduce the likelihood of a risk materialising or, if it does materialise, to reduce its potential harmful impact; &
e) Assignment of a risk owner (i.e. the individual or group within the organisation responsible for the management of a specified risk).
Once documented, the various risks are then placed in a hierarchy with the highest weighted risks at the top of the register followed by lower weighted risks below.
The University's risk process is based upon the regular updating and review of risk registers across three separate levels. The bottom tier registers are referred to as 'Unit Registers' and the process to update one is summarized below.
a) Identify the operational and strategic goals of the Unit.
b) Identify the risks or issues which may prevent the achievement of those goals e.g. by discussing potential risks with relevant members of Unit staff or, alternatively, by arranging a 'Brain Storming' session.
c) Assess the likelihood and possible impact of the risk.
d) Identify and document both the current and future controls which are, or can be, put in place to manage the risk.
A detailed guide to preparing a unit level risk register can be found at the link below.
The University's standard risk register template for use at a unit level may be accessed at the link below.
Once a unit risk register is completed the following sequence of events takes place.
a) The final version of the register is to be forwarded to the Risk & Compliance Officer;
b) For current controls/actions listed against each risk the Head of Unit will ensure that they are applied in practice; &
c) For future controls/actions listed against each risk the Head of Unit will ensure, where possible, that they are developed and implemented.
Heads of University Units (or General Managers in the case of the University's Campus Companies) should contact the Risk and Compliance Officer if they wish to arrange a risk management training session.
For 2024 it is planned that an online Risk Management training course will be provided for all staff. It is envisioned that the training will be made available via Loop (the University's Teaching Module) and will be accessed at the link below via HR's staff training webpage.
For further University information on certain risk management issues and topics please refer to the internal links below.
Guidance on running an event on a DCU campus
Guidance for Sub-Contractors
In relation to the broader topic of risk management generally within the Irish university sector the website of the Higher Education Authority (HEA) summarises the relevant legislation, codes and guides at the link below.
As stated in the introduction section above the overall management of the Risk & Resilience Function within the University is the responsibility of the Chief Operations Officer.
The administrative arrangements that underpin the risk management process across the University, and its wholly owned campus companies, is the responsibility of the University Risk & Compliance Officer (RCO).
If you have any queries regarding the University's risk and resilience process, please contact the RCO at the contact details below:
Noel Prior
Risk & Compliance Officer
Office of the Chief Operations Officer
Room A201 Albert College Extension
DCU Glasnevin Campus
Collins Avenue Extension
Dublin 9
D09 V209
Ph: 7008706
Or alternatively send an email to the Risk & Compliance Officer.
Return to the Homepage of the Office of the Chief Operations Officer