Risk & Resilience Management
Albert College DCU Glasnevin Campus
Welcome to the Risk and Resilience Management section of the university website.
Managed by the University Risk and Compliance Officer (RCO) and owned by the Office of the Chief Operations Officer (COO), this section provides comprehensive information on the management of risk and resilience across the university and its wholly owned subsidiary companies.
The content is intended to assist all stakeholders, including staff, students, and the general public, in understanding our institutional approach to risk management.
The COO is responsible for the management of the University's risk process at the University's Executive Board level, with the day-to-day administration of the process being the responsibility of the RCO.
In relation to their risk roles the COO, Deputy COOs & the RCO are collectively referred to as the 'Risk Function'.
Role of the Risk Function
- Assist all units across the University (including its wholly owned Campus Companies) in meeting their obligations with regard to the management of risk;
- Maintain unit level Risk Registers and the University level Strategic Risk Register;
- Report to the Risk Committee and the Executive on progress in relation to the management of risks; &
- Provide appropriate training, guidance and support to facilitate the University's Risk Framework.
In recent years there has been an increasing focus on corporate governance arrangements within Ireland and abroad in both the public and private sectors. One element of a strong governance framework is an effective system of risk management.
To address this obligation a formal Risk Management Function was set up within the University in 2011 and since then the function has gone through a number of changes which have sought to enhance the effectiveness of risk management across the University.
Purpose of the Risk Management Framework
- Document risks which may prevent the achievement of operational and strategic goals at both a unit and university level;
- Address identified risks through the implementation of tailored controls and solutions;
- Track the trends in risks over time (e.g. are they improving, stable or deteriorating); &
- Identify and address significant and common risks.
The University's Risk Management Policy is designed to support the University in achieving its strategic objectives, safeguarding staff, students and assets, ensuring financial sustainability, along with adhering to governance requirements. It is applicable across all University units, including academic and central services, as well as its wholly-owned subsidiaries.
The risk management process, which supports the Risk Policy, is overseen by the University's Governing Authority and its Risk Committee (GARC). The Executive is tasked with developing and maintaining this process, which includes continuous monitoring of risks within the University.
The Chief Operations Officer (COO) is responsible for the ongoing development and maintenance of the Risk Management Function to support the process, while Heads of Unit are responsible for day-to-day risk management within their areas.
The University Risk and Compliance Officer facilitates the risk process as well as overseeing the maintenance of the University's Risk webpage to provide transparency and accessibility to relevant risk management information.
At the core of the risk process is the maintenance of a Strategic Risk Register (SRR) , which is reviewed annually. The University's risk process adopts a 'Bottom-Up' approach, wherein various units across the University identify and document current and emerging risks. These risks are then aggregated into 'Functional Area Risk Registers' which form the basis for the SRR. The 'Bottom-Up' approach is complemented by a 'Top-Down' approach with the Executive of the University proposing risks which could impact the achievement of DCU’s strategic objectives. Risks from both sources are then reviewed, and if appropriate, considered for inclusion in the annual SRR.
The risk process also requires that consideration be given to 'emerging risks'. Both the Executive, and the individual reporting units across the University, document the emerging risks that could impact them directly or the University at large. These risks are then reviewed by senior management and if appropriate, considered for inclusion in the annual SRR.
The primary output of the University's annual risk process/cycle is a Strategic Risk Register (SRR).
The purpose of the SRR is to document the most significant risks and issues that have the potential to affect the University and the steps taken, or to be taken, to address them.
The guide referenced below to the SRR process is intended as an introduction to the theory of risk management and it outlines the University's approach to creating an annual SRR.
The guide should be read by anyone who is required to engage with the risk management process or who has an interest in this area of corporate governance within the University.
Each risk cycle culminates with the approval and adoption by the Governing Authority of an annual Strategic Risk Register (SRR) for the University.
The SRR is the primary output of the Risk Management Process and it documents the strategic risks and issues affecting the University at a point in time.
The current year's SRR, along with an archive of prior year registers, is available on the University's website and may be accessed at the link below by Staff of the University.
Current & Prior Year SRRs (Staff Access Only)
The purpose of the University's Risk Management Policy is to ensure that risks to the University’s strategic plan are identified, analysed and managed so that they are maintained at acceptable levels and are treated, tolerated, transferred or terminated as deemed necessary.
The policy was last approved by the Governing Authority on June 30th 2022.
A 'Risk Appetite' refers to the amount of risk that an organisation is prepared to accept, tolerate or be exposed to at any given point in time and is primarily used to aid in decision making.
In the context of the University, its Risk Appetite Statement (RAS) seeks to summarise its tolerance for risks across a broad range of activities that third level institutions commonly engage in.
The RAS was approved by the Governing Authority on December 6th 2019.
The Governing Authority Risk Committee (GARC) is part of the University's overall risk management framework and its role and responsibilities are detailed in its Terms of Reference available at the link below.
The GARC is a sub-committee of the University's Governing Authority and details of the committee's current membership are set out below. The GARC's membership is composed of both external individuals and internal staff.
| Name | Position |
|---|---|
| Ms Marie Sinnott | Risk Committee Chair & ESB Group Company Secretary |
| Mr Justin Doyle | Director of Digital Technology Solutions (DTS), DCU |
| Prof. Caroline McMullan | Professor of Business & Society, DCU Business School |
| Mr Padraig McKeon | PR & Communications, McKeon Ireland |
A risk register is a formal tool used by an organisation to document risks. While there is no definitive format for a risk register they do share certain common elements such as:
a) Description of the risk and its potential impact;
b) Assessment of the likelihood of the risk materialising;
c) Indication of the level of seriousness of the risk's impact;
d) Controls or solutions which are, or can be, put in place to reduce the likelihood of a risk materialising or, if it does materialise, to reduce its potential harmful impact; &
e) Assignment of a risk owner (i.e. the individual or group within the organisation responsible for the management of a specified risk).
Once documented, the various risks are then placed in a hierarchy with the highest weighted risks at the top of the register followed by lower weighted risks below.
The University's risk process is based upon the regular updating and review of risk registers across three different levels. The bottom tier registers are referred to as 'Operational or Unit Registers' and the process to update one is:
a) Identify the operational and strategic goals of the Unit.
b) Identify the risks or issues which may prevent the achievement of those goals e.g. by discussing potential risks with relevant members of Unit staff or, alternatively, by arranging a 'Brain Storming' session.
c) Assess the likelihood and possible impact of the risk.
d) Identify and document both the current and future controls which are, or can be, put in place to manage the risk.
A detailed guide to preparing a unit level risk register can be found at the link below.
The University's standard risk register template for use at a unit or operational level may be accessed at the link below.
Once a unit risk register is completed the next steps are:
a) The final version of the register is to be forwarded to the Risk & Compliance Officer;
b) For current controls/actions listed against each risk the Head of Unit must seek to apply them in practice; &
c) For future controls/actions listed against each risk the Head of Unit must seek, where possible, that they are developed and applied in practice.
Heads of University Units (or General Managers in the case of the University's Campus Companies) should contact the Risk and Compliance Officer if they wish to arrange a risk management training session.
An online risk management training course for staff involved in the risk process will be made available in the final quarter of 2024. The training will be accessed via the link below to HR's staff training webpage.
As stated in the introduction section above the overall management of the Risk Function within the University is the responsibility of the Chief Operations Officer.
The administrative arrangements that underpin the risk management process across the University, and its wholly owned campus companies, is the responsibility of the Risk & Compliance Officer (RCO).
If you have any queries regarding the University's risk process, please contact the RCO at the contact details below:
Noel Prior
Office of the Chief Operations Officer
Room A201 Albert College Extension
DCU Glasnevin Campus
Collins Avenue Extension
Dublin 9
D09 V209
Ph: +353 1 7008706
Or alternatively send an email to the Risk & Compliance Officer.
For further University information on certain risk management issues and topics please refer to the internal links below.
Guidance on running an event on a DCU campus
Guidance for Sub-Contractors
In relation to the broader topic of risk management generally within the Irish university sector the website of the Higher Education Authority (HEA) summarises the relevant legislation, codes and guides at the link below.