Risk Review Group

(a) Strategic development, planning, performance monitoring and resourcing: items for consideration and/or decision

The RRG terms of reference are to oversee and take necessary decisions regarding the following:

1. The University’s risk management process, including the risk management policy, strategy and assurance framework;
2. Assurance that risk management practices are embedded within the University;
3. The corporate and departmental risk registers, reviewing as necessary to ensure consistency and sharing of best practice;
4. Escalation of departmental risks to corporate level;
5. Movement of risks between the corporate and department risk registers;
6. Progress monitoring against risk management action plans; 
7. Internal audit reports relevant to the University’s risk management approach;
8. Reporting to UEB, Audit and Risk Committee, Finance Committee and Council on the management of risk across the University.

(b) Policy and regulatory matters

1. To inform and consult on the development of risk related policy, procedures and guidance, including:
   1. Approving the risk management policy and procedures on behalf of UEB, having undertaken all necessary consultation, engagement and risk and impact assessment;
   2. Recommending for UEB approval the entry of new, and de-escalation of existing, corporate risks on a clear steer from RRG;
   3. Recommending for UEB endorsement the Corporate Risk Register ahead of each meeting of Audit and Risk Committee (and upward to Council twice per year). 
2. To provide assurance to UEB, Audit and Risk Committee (ARC) and Council that the University is satisfying its legal and regulatory duties through updates and a biannual report to Council. This will also inform UEB about sector-wide developments relating to risk management and propose appropriate responses to particular developments.
3. RRG will review and make recommendations about the adequacy of proposed control measures that are introduced in response to corporate or other key risks, to ensure that:
   1. The proposed control measure(s) is appropriate and effective;
   2. The Committee is aware of any changes in the status of the risk or effectiveness of the proposed control measure and can advise as appropriate.

Authority

On behalf of UEB, the Risk Review Group (RRG) is principally an advisory body and provides feedback and input on the development of University guidance, best practice, procedures and policies related to risk management.

However, RRG has delegated authority to take decisions on behalf of UEB where they do not constitute material changes which adjust the entire approach or methodology for corporate risk management. It may also make recommendations and/or refer items upwards to UEB and other University committees as appropriate.

On behalf of UEB, the Group may:

1. Approve changes to the scoring of risk (UEB can then test these decisions);
2. Approve the explanation, clarification and or type of controls to aid risk management by the individual UEB owners;
3. Approve changes to the formulation of risk descriptors.

RRG has no direct budgetary control, or financial decision-making authority.

Ex officio members

• Simon Donoghue, Director of Strategic Planning and Performance (Chair)
• University Secretary or alternative (to be confirmed)
• Dr Joss Ivory, Chief Operating Officer

Three members nominated from Professional Services staff

• Member of Finance Senior Management Team: Ruth Clark, Group Financial Controller (until July 2025)
• Member of the Directorate of Technology, Estates and Facilities Senior Management Team: Richard Walker, Assistant Director of Strategic Programmes (until July 2025)
• Member of a University Directorate (not Finance or DTEF): Rachel Dunmore, Project Officer, Human Resources (until July 2026)

Six members from academic departments, schools or faculties

• Dean of a Faculty: Professor Karen Rowlingson, Dean of the Faculty of Social Sciences (until July 2025)
• Head of a Department or School: Professor Paul Cairns, Head of the Department of Computer Science (until July 2025)
• Head of a Department or School from the Faculty of Arts and Humanities: Vacancy
• Member of Professional Services staff from the Faculty of Arts and Humanities: Vacancy
• Member of Professional Services staff from an academic department or school: Jane Barrand, Deputy Head of Faculty Operations, School for Business and Society (until July 2025)
• Member of Professional Services staff from an academic faculty, department or school: Natalie Armstrong, Head of Faculty Operations (Sciences) (until July 2025)

In attendance

• Russell Grant, Risk Manager (Secretary)
• Norma Wright, PA to the Director of Strategic Planning and Performance (Minutes)

Membership

The group is made up of ex officio members and those nominated as representatives of academic departments, schools and faculties, and Finance’s Senior Management Team.

Membership will be periodically reviewed by the group itself for UEB approval. Membership is otherwise coterminous with the individual’s appointment term.

Gender balance and wider EDI considerations should be factored into the group’s reflection on its own size and composition.

Other membership considerations

Academic members are drawn from across the three academic faculties with two representatives from each. 

Between them they have sufficient experience to be able to speak to risk management from a range of levels and experiences.

The appointed Dean and Heads of Department should each be from different academic faculties. Any faculty (not departmental / school) Professional Services member should be from a different faculty to the appointed Dean.

In consultation with the Chair, members may authorise an appropriate colleague to represent them if they are unable to attend a meeting.

Individual colleagues may be invited to attend to advise and inform on select items as and when the need arises.

Quoracy

Quorum is 50% of members, or 50% when rounded up if the number of members is not even.

Only appointed members may vote, and in the case of equality of votes, the Chair has the casting vote.

2023-24

Meeting frequency

Risk Review Group will meet a minimum of five times per year, in line with the cycle of Audit and Risk Committee meetings.

Meeting modes

Meetings will be held either in-person, online or via a hybrid format, subject to agreement by members.

Reporting to UEB

Risk Review Group is a management sub-group of UEB and reports directly to it:

• Frequently: through summaries of the minutes of each of its meetings to the next UEB meeting.
• Annually: via an annual assurance report that outlines progress in all areas of risk management that fall under the University’s statutory and regulatory obligations, along with an update on progress relating to the University’s Risk Management Strategy.
• Periodically: via other policies, reports, plans and progress updates which it reviews and/or recommends for UEB’s approval within the business cycle and its terms of reference.

Reporting to the Committee

The Risk Review Group will receive risk registers and reporting from Faculties, Professional Services, Subsidiaries, and regarding Strategic Risks.

Risk Review Group will establish sub-committees and task and finish groups, as appropriate, to progress specific activities related to areas of its remit.