Risk & Resilience Management
Welcome to the Risk & Resilience Management section of the University's website.
This section is owned by the Office of the Chief Operations Officer (COO) and is managed by the University Risk and Compliance Officer (RCO).
The section is intended to provide information on the management of risk and resilience (hereinafter collectively referred to as 'risk') across the University, and its wholly owned subsidiary campus companies, and is intended to assist staff, students, members of the public and any other interested parties in understanding the University's approach to the management of risk.
The COO is responsible for the management of the University's risk process at the University's Executive Board level, with the day-to-day administration of the process being the responsibility of the RCO.
In relation to their risk roles the COO, Deputy COOs & the RCO are collectively referred to as the 'Risk Function'.
Role of the Risk Function
- Assist all units across the University (including its wholly owned Campus Companies) in meeting their obligations with regard to the management of risk;
- Maintain unit level Risk Registers and the University level Strategic Risk Register;
- Report to the Risk Committee and the Executive on progress in relation to the management of risks; &
- Provide appropriate training, guidance and support to facilitate the University's Risk Framework.
In recent years there has been an increasing focus on corporate governance arrangements within Ireland and abroad in both the public and private sectors. One element of a strong governance framework is an effective system of risk management.
To address this obligation a formal Risk Management Function was set up within the University in 2011 and since then the function has gone through a number of changes which have sought to enhance the effectiveness of risk management across the University.
Purpose of the Risk Management Framework
- Document risks which may prevent the achievement of operational and strategic goals at both a unit and university level;
- Address identified risks through the implementation of tailored controls and solutions;
- Track the trends in risks over time (e.g. are they improving, stable or deteriorating); &
- Identify and address significant and common risks.
The primary output of the University's annual risk process/cycle is a Strategic Risk Register (SRR).
The purpose of the SRR is to document the most significant risks and issues that have the potential to affect the University and the steps taken, or to be taken, to address them.
The guide referenced below to the SRR process is intended as an introduction to the theory of risk management and it outlines the University's approach to creating an annual SRR.
The guide should be read by anyone who is required to engage with the risk management process or who has an interest in this area of corporate governance within the University.
Each risk cycle culminates with the approval and adoption by the Governing Authority of an annual Strategic Risk Register (SRR) for the University.
The SRR is the primary output of the Risk Management Process and it documents the strategic risks and issues affecting the University at a point in time.
The current year's SRR, along with an archive of prior year registers, is available on the University's website and may be accessed at the link below by Staff of the University.
Current & Prior Year SRRs (Staff Access Only)
The purpose of the University's Risk Management Policy is to ensure that risks to the University’s strategic plan are identified, analysed and managed so that they are maintained at acceptable levels and are treated, tolerated, transferred or terminated as deemed necessary.
The policy was last approved by the Governing Authority on June 30th 2022.
A 'Risk Appetite' refers to the amount of risk that an organisation is prepared to accept, tolerate or be exposed to at any given point in time and is primarily used to aid in decision making.
In the context of the University, its Risk Appetite Statement (RAS) seeks to summarise its tolerance for risks across a broad range of activities that third level institutions commonly engage in.
The RAS was approved by the Governing Authority on December 6th 2019.
The Governing Authority Risk Committee (GARC) is part of the University's overall risk management framework and its role and responsibilities are detailed in its Terms of Reference available at the link below. The terms were approved by the DCU Governing Authority on February 9th 2022.
The GARC is a sub-committee of the University's Governing Authority and details of the committee's current membership are set out below. The GARC's membership is composed of both external individuals and internal staff.
| Name | Position |
|---|---|
| Ms Marie Sinnott | Risk Committee Chair & ESB Group Company Secretary |
| Mr Justin Doyle | Director of ISS, DCU |
| Prof. Caroline McMullan | Professor of Business & Society, DCU Business School |
| Mr Padraig McKeon | PR & Communications, McKeon Ireland |
A risk register is a formal tool used by an organisation to document risks. While there is no definitive format for a risk register they do share certain common elements such as:
a) Description of the risk and its potential impact;
b) Assessment of the likelihood of the risk materialising;
c) Indication of the level of seriousness of the risk's impact;
d) Controls or solutions which are, or can be, put in place to reduce the likelihood of a risk materialising or, if it does materialise, to reduce its potential harmful impact; &
e) Assignment of a risk owner (i.e. the individual or group within the organisation responsible for the management of a specified risk).
Once documented, the various risks are then placed in a hierarchy with the highest weighted risks at the top of the register followed by lower weighted risks below.
The University's risk process is based upon the regular updating and review of risk registers across three different levels. The bottom tier registers are referred to as 'Operational or Unit Registers' and the process to update one is:
a) Identify the operational and strategic goals of the Unit.
b) Identify the risks or issues which may prevent the achievement of those goals e.g. by discussing potential risks with relevant members of Unit staff or, alternatively, by arranging a 'Brain Storming' session.
c) Assess the likelihood and possible impact of the risk.
d) Identify and document both the current and future controls which are, or can be, put in place to manage the risk.
A detailed guide to preparing a unit level risk register can be found at the link below.
The University's standard risk register template for use at a unit or operational level may be accessed at the link below.
Once a unit risk register is completed the next steps are:
a) The final version of the register is to be forwarded to the Risk & Compliance Officer;
b) For current controls/actions listed against each risk the Head of Unit must seek to apply them in practice; &
c) For future controls/actions listed against each risk the Head of Unit must seek, where possible, that they are developed and applied in practice.
Heads of University Units (or General Managers in the case of the University's Campus Companies) should contact the Risk and Compliance Officer if they wish to arrange a risk management training session.
An online risk management training course for staff involved in the risk process will be made available in the final quarter of 2024. The training will be accessed via the link below to HR's staff training webpage.
For further University information on certain risk management issues and topics please refer to the internal links below.
Guidance on running an event on a DCU campus
Guidance for Sub-Contractors
In relation to the broader topic of risk management generally within the Irish university sector the website of the Higher Education Authority (HEA) summarises the relevant legislation, codes and guides at the link below.
As stated in the introduction section above the overall management of the Risk Function within the University is the responsibility of the Chief Operations Officer.
The administrative arrangements that underpin the risk management process across the University, and its wholly owned campus companies, is the responsibility of the Risk & Compliance Officer (RCO).
If you have any queries regarding the University's risk process, please contact the RCO at the contact details below:
Noel Prior
Office of the Chief Operations Officer
Room A201 Albert College Extension
DCU Glasnevin Campus
Collins Avenue Extension
Dublin 9
D09 V209
Ph: +353 1 7008706
Or alternatively send an email to the Risk & Compliance Officer.
Return to the Homepage of the Office of the Chief Operations Officer