merger proposal

CITY OF GLASGOW COLLEGE / MERGER PROPOSAL DOCUMENT

SECTION 9: Governance and Management

9.6 Risk Assessment and Contingency Planning

9.6 Risk Assessment and

Contingency Planning

It is recognised that risk management

is the central core of the College's

internal control and corporate

governance arrangements, and as

such is the responsibility of the Board

of Management with the support of

senior management. The approach to

identifying, prioritising, and managing

risk should be open and receptive. It

is also recognised that ef ective risk

management at strategic and operational

levels involves the participation of staf

throughout the organisation.

The stages of risk management may

be summarised as i rstly collecting and

quantifying risks, analysing and managing

risks, then the establishment of an

ongoing review process. A Risk Register,

which will function as a repository of

risks at all levels, is being collated and a

summary Risk Matrix of high level risks is

also included.

Sources of information for the

development of a risk matrix may be

reactive or proactive in nature, internal

or externally sourced; see i gure below.

The format of the Risk Register establishes

the risk area and description, and

prioritises risks according to a risk

score calculated as a function of likelihood

and impact, each scaled 1-3, low to high.

Strategic risks will be considered

as level one risks, and will be the

direct responsibility of the Board of

Management and Executive. Other

risks will be related to other levels of

responsibility within the organisation

according to operational level and

impact. Where a risk has been identii ed

at a particular level in the organisation,

yet cannot be dealt with at that level,

the decisions relating to that risk will be

passed up the organisation to the point

of decision. The Risk Register currently

contains level one and selected level two

risks, and will include risks at other levels

as it develops.

The Risk Register has been developed

with the involvement of the Merger

Working Groups, and has been overseen

by the Merger Steering Group. The

the Mitigation Strategy for each risk,

the responsible person, together with

identii ed actions and review dates. As

this document is further developed

and populated towards vesting date

and beyond, it will serve as an ongoing

comprehensive risk management tool,

supporting the risk management process

through merger, and for the new college.

There are four principal approaches

associated with risk management, which

will be considered in the development of

the risk management plan:

Treat (mitigate);

Tolerate (accept);

Terminate (decline to take the risk);

Transfer (insure against or

contract out the risk).

The management of risk will be

monitored by the Shadow Audit

Committee with the support of Internal

Auditors, and reporting to the Shadow

Board of Management.

Risk Register

The following Risk Register provides an

outline of the headline risks associated

with merger implementation, together

with a risk score calculated as a function

of likelihood and impact, each scaled 1

- 3, low to high. These have been derived,

assessed, and scored via the activities

of the Merger Working Groups and the

Merger Steering Group.

Timescales are indicated as Merger

Implementation (2010), New College

Business Risk 1 (2010 - 2011) and New

College Business Risk 2 (2012 - 2016).

"Level" refers to the strategic/operational

impact and management responsibility

of risks; i.e. Level 1 relates to Board/

Executive, Level 2 to Vice Principals, and

so on, down to Levels 5 and 6 relating

to operational managers/staf teams.

These will be outlined in the completed

full version of the Risk Register. The areas

shaded in Red, Amber, and Green indicate

risk priority.

As merger progresses, and risk

management develops, it is proposed

that this document will expand to include

strategies, actions, review/completion

dates, and allocations of responsibility.

Also included is a Risk Summary Matrix,

providing an accessible "at-a-glance"

reference, and a summary of risk by area.

•

Risk Register Information Sources

REACTIVE PROACTIVE

INTERNAL

Internal Audit Reports

Complaints, Incidents, Claims

Risk Assessments

College Objectives

Consultation - Staf , Students

External Audit Reports

National Initiatives

Legislation Compliance

Benchmarking

Mandatory/Statutory targets

Consultation - external stakeholders

EXTERNAL

Index

Page 0001
Page 0002
Page 0003
Page 0004
Page 0005
Page 0006
Page 0007
Page 0008
Page 0009
Page 0010
Page 0011
Page 0012
Page 0013
Page 0014
Page 0015
Page 0016
Page 0017
Page 0018
Page 0019
Page 0020
Page 0021
Page 0022
Page 0023
Page 0024
Page 0025
Page 0026
Page 0027
Page 0028
Page 0029
Page 0030
Page 0031
Page 0032
Page 0033
Page 0034
Page 0035
Page 0036
Page 0037
Page 0038
Page 0039
Page 0040
Page 0041
Page 0042
Page 0043
Page 0044
Page 0045
Page 0046
Page 0047
Page 0048
Page 0049
Page 0050
Page 0051
Page 0052
Page 0053
Page 0054
Page 0055
Page 0056
Page 0057
Page 0058