Understanding and Managing Risk at an Institute of Higher Education

Risk, per se, is all around us in our everyday lives and we all take precautions to ensure our health and wellbeing. The processes we put in place are part of our risk mitigation. The same principle applies to higher education providers. The key issues then are – to determine what the risks actually are; what are the best mitigation strategies needed; and how we best manage the risk process over a period of time including making sure stakeholders are kept up to date.

Identifying the Key Risks

My own organisation has, for a number of years, been able to highlight the key risks associated with delivering (predominantly) to international higher education students. This has been managed through a detailed, regularly reviewed, and benchmarked Risk Register.

The latest version of the Risk Register can be viewed at - https://www.ubss.edu.au/media/4949/gca-risk-register-october-2023.pdf

Maintaining the register is an essential part of compliance and a feature of good corporate governance.

For more on corporate governance at GCA see - https://www.ubss.edu.au/media/2401/gca-corporate-governance.pdf

Mitigating the Risks

A key area of responsibility is the development of effective (and appropriate) mitigation strategies that are articulated clearly and followed carefully. The process of identifying risk is crucial – so too is the development of sensible and well-articulated strategies to mitigate these risks. Ideally, risk is circumvented (because of the mitigation strategies in place) before the actual issue becomes unmanageable or harmful.

Managing the Risk Process

Fundamental to the success of risk identification and mitigation is managing an appropriate process for the regular examination of the risks identified and ensuring that the mitigation strategies are updated and monitored. My own institution has in place an Audit and Risk Committee (ARC) which is a standing committee of the GCA Board of Directors. It formally meets quarterly, is chaired by a Director of the Board, and provides a standing report to every Board meeting. This is best practice. This group takes responsibility for reviewing the key risks to the organisation and ensuring the mitigation is appropriate. Minutes, Business Arising and the refreshed Risk Register are then presented to the GCA Board of Directors as a standing item.

A log of the dates of the regular reviews is embedded in the Register as a means of ensuring regular review and adjustment has taken place. This particular Register has been reviewed thirty-four times over a ten-year period. We would like to think that it has been improved each time.

Keeping Stakeholders Informed

It is important to ensure that the Governing Body – in my case the GCA Board of Directors – is kept up to date with the risk assessment and mitigation. Further, good corporate governance suggests that ALL stakeholders are kept informed. To this end the Risk Register is available on the public website; ALL staff and stakeholders are informed of ARC meetings; and any changes to the Risk Register are highlighted by way of internal bulletins and external newsletters.

Transparency is the key.

Emeritus Professor Greg Whateley is the Deputy Vice-Chancellor at UBSS and the Chief Executive Officer at GCA.