Risk Management within DCU
Welcome to the risk management section of the University's website. This section is managed by the Office of the Chief Operations Officer (COO) with day-to-day responsibility for its maintenance and contents being the responsibility of the University Risk and Compliance Officer (RCO).
This section deals primarily with risk management within both the University and its wholly owned subsidiary campus companies. A seperate webpage section deals with compliance issues within both the University and its campus companies - see link.
This section is designed to assist staff, students, members of the public and other interested parties in understanding the University's approach to risk management. The COO is responsible for the management of the University's risk management process at the University's Executive Board level, with the day-to-day administration of the process being the responsibility of the RCO who reports directly to the Deputy COO. In relation to their risk management roles the COO, the Deputy COO & the RCO are referred to as the 'Risk Management Function'. If you wish to contact the RCO, for example to report a new significant risk or to request specific risk management training, please see the RCO contact details section at the bottom of this page.
The primary roles of the Risk Management Function are as follows:
- to assist all units across the University, and its wholly owned campus companies, in meeting their obligations with regard to risk management;
- to maintain both unit level risk registers and the overall Institutional Risk Register for each risk review cycle;
- to report to the two University Risk Committees, and the Executive Board, on progress in relation to the management of risks overall, and in detail on key priority risks; &
- to provide risk awareness training, guidance and support to both the staff of the Universitand its wholly owned campus companies.
In recent years there has been an increased focus in both the public and private sectors, within Ireland and abroad, on corporate governance arrangements. One element of a strong governance framework is an effective system of risk management. To address this a formal, dedicated University risk management function was set up in 2011. Since its inception within the University the process of risk management has gone through a number of changes which have sought to enhance the process. Details of the current process and framework for risk management, both within the University and its wholly owned campus companies, are provided on this webpage.
The aims of the University's process for risk management are as follows:
- to document those risks which may prevent the University from achieving its operational and strategic goals at both a unit level and at a wider University level;
- to address identified risks through the implementation of tailored controls and solutions;
- to track the trends in identified risks over time (e.g. are they improving, stable or getting worse); &
- to identify and address significant and common risks across units of the University.
Risk Management Guide
The purpose of the Risk Management Guide is to briefly explain the theory behind risk management and to demonstrate how it is applied within the University and its wholly owned campus companies. The guide is intended to be an introduction to risk management and should be read by anyone who is required to engage with the University's risk management process or who has an interest in this area. The guide may be accessed at the link below.
Risk Management Guide (Staff Access Only)
Unit Impact Assessment Guide
The purpose of the Impact Assessment Guide is to assist Heads of Units in assessing and scoring a risk's impact at a unit level and should be referred to by Heads of Units when updating their respective Unit Level Risk Register in each review cycle. Separate criteria are used when assessing a risk's impact at a University level. The guide may be accessed at the link below.
Risk Management Policy
Risk Management Policy - As approved by the DCU Governing Authority in December 2014.
Purpose of the Policy
The purpose of the policy is to ensure that risks to the University’s strategic plan are identified, analyzed and managed so that they are maintained at acceptable levels. The overall goal of any system of risk management is to identify risks and then to determine how they may be properly treated, tolerated, transferred or terminated if deemed necessary.
Within the University's curent risk management framework there are two separate risk committees. Each committee has responsibilities for risk management as defined both by the University's Risk Management Policy and their respective Terms of Reference. Further details on each committee are listed below.
Risk Advisory Committee (RAC)
The RAC is a sub-committee of the Executive. Details of its current membership and terms of reference are set out below. Please note that all RAC members listed below are employees of the University.
|Dr Declan Raftery||Chair & DCU Chief Operations Officer|
|Mr Martin Ward||Deputy Chief Operations Officer|
|Ms Barbara McConalogue||Director of ISS|
|Mr Gerard McEvoy||Acting Director of Estates|
|Dr Caroline McMullan||DCU Buisness School - Associate Dean Teaching & Learning|
|Ms Marion Burns||Director of Human Resources|
|Mr Ciaran McGivern||Director of Finance|
|Ms Eileen Tully||Health & Safety Officer|
|Mr Noel Prior||Risk & Compliance Officer|
Terms of Reference
The RAC's Terms of Reference as approved by the Executive in April 2014.
Governing Authority Risk Committee (GARC)
The GARC is a sub-committee of the University's Governing Authority. Details of its current membership and terms of reference are set out below. Please note that the GARC's membership is composed of both external individuals and internal DCU staff members as indicated below.
|Ms Bernie Gray||Chair & Member of the Public Accountability Board (External)|
|Ms Marie Sinnott||Compliance Risk & Environment Manager - ESB Group (External)|
|Mr James Corcoran||Member of the DCU Governing Authority (External)|
|Mr Michael Burke||DCU Faculty of Science & Health - Facilities Manager (Internal)|
|Dr Caroline McMullan|
DCU Business School - Associate Dean of Teaching & Learning (Internal)
Terms of Reference
The GARC's Terms of Reference were approved by the DCU Governing Authority on June 22nd 2017.
A risk register is a formal method of documenting the specific details of risks. While there is no set format for a risk register there are elements common to most format types. It is therefore up to each entity to design a risk register which is suitable to it's own needs. The essential elements of a risk register are:
a) description of the risk and its potential impact;
b) assessment of the likelihood of the risk, as stated, materialising;
c) indication of the level of seriousness of the risk's impact;
d) controls / solutions which have been, or can be, put in place to reduce the likelihood of a risk materialising or, if it does materialise, to reduce its potential harmful impacts; &
e) indication of the risk's owner (i.e. the individual or group responsible for the management of the risk).
Risk Register Template
Within the DCU risk management process a standard risk register template, in Excel format, is used. A copy of the template, including advisory notes on how it may be used within a unit context is available at the link below. Excel versions of the template are available from the Risk & Compliance Officer.
Process for Updating / Compiling a Unit Level Risk Register
The University has a formal system in place for the regular review of, and reporting on, risk registers at a unit level. Where Heads of units are requested to update their their existing Unit Registers, or compile a new one, they must follow the process set out below:
a) identify the operational and strategic goals of the Unit;
b) identify the risks which may prevent the achievement of those goals. This can be accomplished by discussing potential risks with relevant members of staff or alternatively arranging a 'Brain Storming' session with all staff of the unit concerned. Such an approach will encourage buy in by staff to the process and will also encourage adoption of identified risks by those members of staff, or groups of staff, who may ultimately become the risk's owners for risk management purposes.
c) assess the likelihood and possible impact of the risk using the criteria supplied in each review cycle by the Risk & Compliance Officer; &
d) identify and document both the current and future controls which are, or can be, put in place to address the risk as stated.
Actions to be taken once a Unit Register is completed
Once a Unit's Risk Register is completed in each review cycle the following sequence of events should occur:
a) the final version of the register is to be forwared to the Risk & Compliance Officer;
b) for those current controls / actions listed against each risk the Heads of Unit should ensure that they are applied in practice; &
c) for those future controls / actions listed against each risk the Heads of Unit should ensure, where possible, that they are developed.
As part of its regular risk review cycle the University prepares an Institutional Risk Register (IRR) each year. The IRR is the primary output of the University's Risk Management Process and it seeks to document those risks, and their respective mitigations, which have the potential to affect the University at a strategic level or which may have a significant operational implication. Copies of recent IRRs may be accessed at links below.
2014 Institutional Risk Register (Staff Access Only) - Final
2015 / 2016 Institutional Risk Register (Staff Access Only) - Final
2016 / 2017 Institutional Risk Register (Staff Access Only) - Final
2017 / 2018 Instituional Risk Register (Staff Access Only) - Pending as of September 2017
This section contains links to training materials to assist staff in understanding the theory and practice of risk management within the University. Heads of University Units and the General Managers of the University's campus companies should contact the Risk and Compliance Officer as per the contact section below if they wish to arrange a risk management training session for their own unit or company staff.
Internal University Links
For further information on related risk management topics please refer to the links below.
In relation to the topic of risk management within the Irish university sector the following legislation and guidance is relevant.
As stated in the introduction section above the overall management of the Risk and Compliance Function within the University is the responsibility of the Chief Operations Officer. The administrative arrangements that underpin the risk management process across the University, and its wholly owned campus companies, is the responsibility of the University Risk & Compliance Officer (RCO). If you have any queries regarding the application of the University's risk management process please contact the RCO at the contact details below:
Risk & Compliance Officer,
Office of the Chief Operations Officer,
Room A201 Albert College Extension,
DCU Glasnevin Campus,
Collins Avenue Extension,
Or alternatively click here to send an email to the Risk & Compliance Officer.