Risk Management within DCU
Welcome to the risk management section of the University's website which is administered by the Office of the Chief Operations Officer (COO). Day-to-day responsibility for its maintenance and contents is the responsibility of the University Risk and Compliance Officer (RCO). This section of the website is primarily about risk management within the University and its campus companies.
There is a seperate webpage which deals with compliance issues within the University and its campus companies which may be accessed at this link.
This section of the website is designed to assist staff, students, members of the public and other interested parties in understanding the University's approach to risk management, both within the University and its wholly owned campus companies. The COO is responsible for the management of the University's risk management process at the university Executive Board level, with the day-to-day administration of the process being the responsibility of the RCO who reports directly to the COO. In relation to their risk management roles both the COO & RCO are referred to as the 'Risk Management Function'. If you wish to contact the RCO, for example to report a new significant risk or to request risk management training, please see the RCO contact details section at the bottom of this page.
The primary roles of the Risk Management Function are as follows:
- To assist all units across the University and it campus companies in meeting their obligations with regard to risk management.
- To maintain both unit level risk registers and the overall Institutional Risk Register for each risk review cycle.
- To report to the two University risk committees and the Executive Board on progress in relation to the management of risks overall, and in detail on key priority risks.
- To provide risk awareness training, guidance and support to both the staff of the University and the staff of its wholly owned campus companies.
In recent years there has been an increased focus in both the public and private sectors, within Ireland and abroad, on corporate governance arrangements. One element of a strong governance framework is an effective system of risk management. To address this a formal, dedicated University risk management function was set up in 2011. Since its inception within the University the process of risk management has gone through a number of changes which have sought to enhance the process. Details of the current process and framework for risk management, both within the University and its wholly owned campus companies, are provided in the other sections of this webpage.
The aims of the University's process for risk management are as follows:
- to document those risks which may prevent the University from achieving its operational and strategic goals at both a unit level and at a wider university level;
- to address identified risks through the implementation of tailored controls and solutions;
- to track the trends in identified risks over time (e.g. are they improving, stable or getting worse); and
- to identify and address significant and common risks across University units.
Risk Management Guide
The purpose of the guide is to briefly explain the theory behind risk management and to demonstrate how it is applied within the University and its wholly owned campus companies. The guide is intended to be an introduction to risk management and should be read by anyone who is required to engage with the University's risk management process or who has an interest in this area. The guide may be accessed at the link below.
Unit Impact Assessment Guide
The purpose of the guide is to assist Heads of Units in assessing and scoring a risk's impact at a unit level and should be referred to by Heads of Units when completing or updating their unit level risk register in each review cycle. Separate criteria are used when assessing a risk's impact at a University level. The guide may be accessed at the link below.
Risk Management Policy
Risk Management Policy - As approved by the DCU Governing Authority in December 2014.
Purpose of the Policy
The purpose of the policy is to ensure that risks to the University’s strategic plan are identified, analyzed and managed so that they are maintained at acceptable levels. The overall goal of any system of risk management is to identify risks and then to determine how they may be properly treated, tolerated, transferred or terminated.
Within the University's curent risk management framework there are two separate risk committees. Each committee has responsibilities for risk management as defined both by the University's Risk Management Policy and their individual Terms of Reference. Further details on each committee are listed below.
Risk Advisory Committee (RAC)
The RAC is a sub-committee of the Executive. Details of its current membership and terms of reference are set out below. Please note that all RAC members listed below are employees of the University.
|Dr Declan Raftery||Chair & DCU Chief Operations Officer|
|Ms Barbara McConalogue||Director of ISS|
|Mr Ger McEvoy||Acting Director of Estates|
|Dr Caroline McMullan||DCU Buisness School - Associate Dean Teaching & Learning|
|Ms Marion Burns||Director of Human Resources|
|Mr Ciaran McGivern||Director of Finance|
|Ms Eileen Tully||Health & Safety Officer|
|Mr Noel Prior||Risk & Compliance Officer|
Terms of Reference
The RAC Terms of Reference as approved by the Executive in April 2014.
Governing Authority Risk Committee (GARC)
The GARC is a sub-committee of the University's Governing Authority. Details of its current membership and terms of reference are set out below. Please note that the GARC's membership is composed of both external individuals and internal DCU staff members as indicated below.
|Ms Bernie Gray||Chair & Member of the Public Accountability Board (External)|
|Ms Marie Sinnott||Compliance Risk & Environment Manager - ESB Group (External)|
|Mr James Corcoran||Member of the DCU Governing Authority (External)|
|Mr Michael Burke||DCU Faculty of Science & Health - Facilities Manager (Internal)|
|Dr Caroline McMullan|
DCU Business School - Associate Dean of Teaching & Learning (Internal)
Terms of Reference
The GARC's Terms of Reference were approved by the DCU Governing Authority on June 22nd 2017.
A risk register is a formal way of documenting the specific details of risks. While there is no set format for a standard risk register there are elements common to most format types. It is therefore up to each entity to design a risk register which is suitable to its own needs. The essential elements of a risk register are:
a) A description of the risk and its potential impact;
b) An assessment of the likelihood of the risk, as stated, materialising;
c) An indication of the level of seriousness of the risk's impact;
d) The controls / solutions which have been, or can be, put in place to reduce the likelihood of a risk materialising or, if it does materialise, to reduce its potential harmful impacts; and
e) An indication of the risk's owner. This will be the individual or group responsible for the management of the risk.
Risk Register Template
Within the DCU risk management process a standard risk register template in Excel format is used. A copy of the template, including advisory notes on how it may be used within a unit context is available at the link below. Excel versions of the template are available from the Risk & Compliance Officer.
Process for Updating / Compiling a unit Risk Register
The University has a formal system in place for the regular review of, and reporting on, risk registers at a unit level. When Heads of units are requested to update their their own existing unit registers, or compile a new one, they should ideally follow the process below:
a) Identify the operational and strategic goals of the unit;
b) Identify the risks which may prevent the achievement of those goals. This can be accomplished by discussing potential risks with relevant members of staff or alternatively arranging a 'Brain Storming' session with all staff of the unit concerned. Such an approach will encourage buy in by staff to the process and will also encourage adoption of identified risks by those members of staff or University groups who may ultimately become the risk's owners for risk management purposes.
c) Assess the likelihood and possible impact of the risk using the criteria supplied in each review cycle by the Risk & Compliance Officer; and
d) Identify and document both the current and future controls which are, or can be, put in place to address the risk as stated.
Actions to be taken once a unit register is completed
Once a unit's risk register is completed in each review cycle the following sequence of events should occur:
a) The final version of the register is to be forwared to the Risk & Compliance Officer;
b) For those current controls / actions listed against each risk the Heads of Unit should ensure that they are applied in practice; and
c) For those future controls / actions listed against each risk the Heads of Unit should ensure, where possible, that they are developed.
As part of its regular risk review cycle the university prepares an Institutional Risk Register (IRR) for each year. Copies of the most recent IRRs are available for viewing by serving members of staff at the links below.
2014 Institutional Risk Register (Staff Only) - Final
2015 / 2016 Institutional Risk Register (Staff Only) - Final
2016 / 2017 Institutional Risk Register (Staff Only) - Final
This section contains links to training materials to assist staff in understanding the theory and practice of risk management. Heads of University units and managers of the University's campus companies should contact the Risk and Compliance Officer as per the contact section below if they wish to arrange a risk management training session for their own unit's staff.
Internal University Links
For further information on related risk management topics please refer to the links below.
In relation to the topic of risk management within the Irish university sector the following legislation and guidance is relevant.
As stated in the introduction section above the overall management of the Risk and Compliance function within the University is the responsibility of the Chief Operations Officer. The administrative arrangements that underpin the risk management process across the University, and its wholly owned campus companies, is the responsibility of the University Risk & Compliance Officer (RCO). If you have any queries regarding the application of the University's risk management process please contact the RCO at the contact details below:
Risk & Compliance Officer,
Office of the Chief Operations Officer,
Dublin City University,
Or alternatively click here to send an email to the Risk & Compliance Officer.