The University of Edinburgh Risk Management Committee · 2010-04-28 · AC/01/05/17 The University...
Transcript of The University of Edinburgh Risk Management Committee · 2010-04-28 · AC/01/05/17 The University...
AC/01/05/17
The University of Edinburgh
Risk Management Committee
Monday 12 April 2010
2pm in the Elder Room, Old College
Agenda
1. Minutes of the meeting held on 11 January 2010 RMC 09/10 3 A
2. Matters arising not elsewhere on the agenda
2.1 Risk 5: Development aspirations (action point from 11/1/10) 2.2 Risk 14:Tenants’ contingency planning (action point from
11/1/10)
Verbal report Verbal report
3. Convener’s Business
4. Risk Reviews: 4: Performance or rate of growth in University’s activities 7: Inability to retain or attract sufficient leading academic staff 8.1: EUCLID 8.2: Full Economic Costing 8.3: Web Project 8.4: Major Estates Projects 9: Major failure of IT infrastructure etc 10: Major Health & Safety incidents 13: Academic collaborations fail
RMC 09/10 3 B RMC 09/10 3 C RMC 09/10 3 D (Closed) RMC 09/10 3 E (Closed) RMC 09/10 3 F RMC 09/10 3 G RMC 09/10 3 H RMC 09/10 3 I RMC 09/10 3 K
5. Risks identified in planning submissions RMC 09/10 3 L (Closed)
6. Update of university risk register RMC 09/10 3 M
7. Pattern and business of meetings for 2010/11 RMC 09/10 3 N
STANDING ITEMS
8. InYear Record of Events: Any new events, projects or activities which may give rise to risks during the year
9. Any Other Business
10. Date of next meeting: 27 May 2010 at 10am in the Elder Room, OC
Helen Stocks April 2010
1
Freedom of Information: Open Business
Minutes of a Meeting of the Risk Management Committee held on Monday 11 th January 2010 in the
Elder Room, Old College
Present: Mr. Nigel Paul (Convener) Dr. Bruce Nelson, College of Science and Engineering Professor Jonathan Ansell, Academic Member Mr. Jon Gorringe, Director Finance Dr John Markland, University Court Member Mr. Hamish McKay, Chief Internal Auditor (attendee) Ms. Helen Stocks (Secretary) Mr. Melvyn Cornish, University Secretary Mr. Louis Golightley, College of Medicine and Veterinary Medicine Mr. Brian Gilmore, Information Services Group Dr Tina Harrison, Director of Academic Standards and Quality Assurance Mr Hugh Edmiston, Director of Operations, Roslin Institute (observing)
Apologies: Mr Frank Gribben, College of Humanities and Social Science
1. Minutes of the Meeting held on 18 September 2009
The minutes were approved as a correct record.
2. Matters arising not elsewhere on the agenda
2.1 Year end assurances This report has been approved by Court and nothing of significance with respect to risk has arisen since the September meeting.
2.2 Managed Migration (Students) This was dealt with under item 5 (risk 8.6).
3. Convener’s Business
The Convenor welcomed to the Group Dr Bruce Nelson as the new Registrar for the College of Science and Engineering (replacing Dr Dorothy Welch), and also Dr Tina Harrison Director of Academic Standards and Quality Assurance (replacing Professor Simon van Heyningen). He also welcomed Hugh Edmiston as an observer who would be deputising for Louis Golightley on occasion on the committee in future.
4. Risk Register updates 4.1 UoE Subsidiary companies
On the EU Press risk register under the heading ‘Finance’ the feasibility of reducing the university loan and building cash reserves was queried, and assurance was given that EU Press’ financial position was favourable, and indeed it was showing a profit and was cash positive.
RMC 09/10 3 A AC/01/05/17
2
5. Risk Reviews 09/10 The committee discussed the following risk reviews and were satisfied that, subject to the following comments, mechanisms were in place to appropriately manage each risk.
Risk 2: Pressure for changes in staff terms and conditions An issue was raised that was not directly affecting this risk, but that is related to it: the review of ordinances, specifically as relating to the position of the trades unions. This was picked up in the inyear record of events see item 8 below.
The emphasis of this risk on pensions was noted and this to be considered when updating the University Risk Register in the spring.
A further threat was recognised to be the government response if UoE or more generally the HE sector did not take action on pensions. Other than the continuing uncertainty surrounding pensions the Group agreed that our process for managing this risk was adequate.
Risk 5: Rate of maintenance, enhancement & investment in the estate There was a discussion on the amount of funding for both refurbishment and maintenance in the past 2 years, and the interrelatedness of the two aspects. It was noted that all members of the Estates Committee bar one were satisfied that the risk of the gap between the actual and recommended funding for backlog maintenance was acceptable and manageable, and that the Director of Estates is satisfied that the risk is being properly managed.
It was recognised that due to financial constraints some of the University’s development aspirations are likely to be deferred. The Group believed that whilst senior staff were very conscious of the future financial uncertainty, the potential impact was probably not fully recognised across the university. It was recommended that Estates colleagues meet with College Registrars to discuss alternative approaches and contingencies in the event that key development projects are deferred, then feed the outcome of such discussions into Estates Committee.
[Angus Currie]
Risk 8.6: Managed migration system (staff) It was highlighted that the frequency of any checking of the processes by internal audit, as suggested in paragraph 2.3, will not necessarily happen annually. The frequency will be dependent upon the outcome of the risk based annual audit planning process, as acknowledged later in the paper (3.1).
Risk 8.6: Managed migration system (students) The good performance of the process to date was reported along with the risks associated with the next phases (which also had some marketing advantages). In section 4 of the paper, the first risk in the table, it was clarified that the inappropriateness of the policy stance was in regard to its being administratively burdensome. It was recognised that there may be further changes in the government’s policy on managed migration as a consequence of the attempted bombing of a US plane on 25 th December, or following the UK general election.
Risk 11: Inadequate engagement with changes in public policy
Under the policy area of QAA processes it was queried whether the responsibility should lie with VP Academic Enhancement or the Director of Academic Standards and Quality Assurance. To discuss and agree with these two colleagues. [Simon Jennings]
3
Risk 14: Widespread damage to property and buildings
An issue was raised by DBN around contingency planning related to tenancies, and the possibility of reputational damage if a tenant of the university does not have adequate contingencies in the case of fire, explosion etc. It was queried what involvement the university had with regards input to a tenants contingency planning and providing for contingencies e.g. alternative accommodation. The Group requested a briefing on this.
[Angus Currie]
6. Internal Audit reports
The Committee welcomed the summary of internal audit reports and the assurances these provided in relation to management of risk in the areas audited
The agreed service level relating to IS services (see table 8 on page 7 of the paper) was unclear. To clarify.
[HMcK and BG]
7. Financial Risks
This paper considered the financial and fiscal issues affecting HE and the pressures these exert given the current situation of public finances.
It was noted that all the risks are very likely, but the way in which it will impact on the University is as yet uncertain. For example, universities’ charitable status could be reviewed, or local authority taxes could change. With any changes we would need to look at possible tax mitigation schemes.
STANDING ITEMS
8. InYear Record of Events:
8.1 Review of University ordinances
A review of the University’s ordinances is currently underway. If the ordinances are not updated then there are risks with having ordinances that are not compatible with latest legislation. The committee recognised that the University Secretary and Director of HR were leading the process to seek a resolution of this issue, and that Court had been briefed on the issue
8.2 Funding
Whilst future funding was already recognised as an issue in the Risk Register, the Committee noted that recent announcements from BIS and the letter to HEFCE including indications of funding reductions, reinforced the high probability and impact of this risk. It was noted that processes are in place to assess this risk and take appropriate actions
8.3 Forthcoming ELIR
The next 5yearly review made by the QAA will probably take place towards the end of 2011. Dr Harrison provided a summary of the processes being put in place to prepare for the ELIR and highlighted that there are two areas which are considered particularly important: collaborations and
4
PGR processes. Dr Harrison to provide a further update at the May RMC meeting
[TH]
9. Any Other Business
No other business was raised.
10. Date of next meeting: Monday 12th April 2010 at 2.00 p.m. in the Elder Room, Old College
Helen Stocks 11 January 2010
AC/01/05/17 The University of Edinburgh
Risk Management Committee
12 April 2010
Review of Risk 4: Growth of the University falls behind UK and international competitors, e.g. in areas such as:
a) size (turnover/assets); b) research funding c) international students; d) PGR/PGT student numbers;
Brief description of the paper
This updated risk review makes reference to relevant targets in the Strategic Plan 200812, other corporate performance measures, and the now wellestablished monthly student intakes monitoring.
Action requested
For information
Resource implications
Does the paper have resource implications? Yes, monitoring this risk, which takes into account turnover, research funding, and student numbers, is directly connected to carefully management of the University’s resources.
Risk assessment
Does the paper include a risk analysis? Yes – inherent in the report.
Equality and diversity
Does the paper have equality and diversity implications? No
Freedom of information
Can this paper be included in open business? Yes
Originator of the paper
Originator: Rona Smith and Alexis Cornish, Governance and Strategic Planning
RMC 09/10 3 B
1
RISK REVIEW
The aims of the Risk Review are twofold
• to enable the Lead Manager of the particular risk to review and assess whether the risk is being adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk: Risk 4: Growth of the University falls behind UK and international competitors, eg in areas such as:
a) size (turnover/assets); b) research funding; c) international students; d) PGR/PGT student numbers;
Inherent risk: (in the absence of any mitigation) Critical
Senior Manager: (taking lead responsibility for management of Risk)
Principal
Residual risk: (with current mitigating actions in place)
Critical Risk Review prepared by:
Senior Strategic Planner
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Likely Date: 19 March 2010
Threats: (if risk event occurs or risk is not managed)
Loss of competitive position Inability to maintain research/ teaching resources and capability Decline in relative financial strength Damage to reputation Opportunities: (other benefits that might accrue on successful management of risk)
Maintained or enhanced competitive position Maintained or enhanced research/teaching resources and capability Maintained or enhanced relative financial strength Enhanced reputation
Current management processes or mitigating actions: (Identify the major elements in managing the risk and how you ensure those elements are operating properly. For some risks, if it is possible to identify actions that would be taken in the event of the risk event occurring that would mitigate its impact, please also identify these.)
• Monitoring achievement of strategic plan objectives and targets • Monitoring, lobbying and analysis in relation to SFC & RCUK research funding • Managing the University’s compliance with UK Border Agency (UKBA) immigration
legislation (though note this is also covered by Risk 8 (Section 8.6)) • Implementation of the University’s Internationalisation Strategy – Edinburgh Global – and
related actions • International Office and Marketing activities • Development of international collaborations and MoUs • Focus on maintaining and growing research funding • Taking opportunities to merge/embed ‘Institutes’ from research funders into the University • Student number monitoring • Maintenance, enhancement and investment in the University’s estate
2
Monitoring of Risk / Performance Indicators: (Identify how you would know that the risk is not being adequately managed; and identify relevant key performance indicators that provide an indication of the adequacy of risk management/mitigation. Attach tables or graphs of those indicators.)
Detailed analysis of comparative performance, for example in national and international league tables, by means of published analyses on GaSP website and engaging with league table compilers. In addition, in relation to detailed areas:
a) size (turnover/assets) – Annual accounts and comparative sector data available from HESA, Director of Finance’s membership of British University Finance Directors Group.
b) research funding – Annual accounts, comparative sector data, comparison of UoE share of SFC Research Excellence Grant, Strategic plan target 2.1, ERI monthly reporting, HESA PIs & corporate performance measures 6 & 13
c) international students intakes target setting, analysis and monthly reporting, Strategic plan target 8.1, corporate performance measure 19, Managed Migration Group monitoring of compliance with UKBA legislation (see Risk 8 (8.6))
d) PGR/PGT student numbers Strategic plan targets 1.4 and 2.2, intakes target setting, analysis and monthly reporting, corporate performance measures 2 & 3
Annex A provides a selection of links to further information on monitoring of performance in these areas.
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes) 1. 2.
etc
Responsibility To be completed by
Note – where actions above are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale. Any actions not yet agreed with the individual, or potential areas for action that require to be discussed, to be included in the table below.
3
Proposed additional actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes) 1.
2.
etc
Proposed Responsibility
4
Annex A: Selected performance monitoring information
• Reports and financial statements: http://www.ed.ac.uk/schools departments/finance/about/financialstatements
• Strategic Plan targets reports: http://www.planning.ed.ac.uk/Strategic_Planning/SP200812/AnnualReports.htm
• Corporate performance measures: http://www.planning.ed.ac.uk/Strategic_Planning/BalancedScorecard.htm
• Research funding: http://www.planning.ed.ac.uk/edin/Research/MI/ResearchFunding.htm
• Student number intakes target setting process: http://www.planning.ed.ac.uk/edin/PlanBud/Intakes/
• Monthly student intakes reports (CMG members only website): http://www.planning.ed.ac.uk/Governance/CMG/Res/StudentInformation/StudentInfo. htm
• Edinburgh Research and Innovation’s monthly KPI reports: http://www.eri.ed.ac.uk/kpi/
• Governance and Strategic Planning commentary on HESA’s Performance Indicators: http://www.planning.ed.ac.uk/edin/MI/PISG/
RMC: AC/01/05/17
The University of Edinburgh
Risk Management Committee
12 April 2010
Risk 7: The inability to retain or attract sufficient key academic staff to meet University /College goals for research and teaching
Brief description of the paper
This is a risk review submitted to the previous meetings, with changes made as requested.
Action requested
For information
Resource implications
Resource implications will be considered in relation to individual cases and managed within the scope of College and School budgets.
Risk Assessment
Does the paper include a risk analysis? Yes, and it defines necessary actions to address these risks. These are set out under the Current management processes or mitigating actions, Monitoring of Risk / Performance Indicators and Further actions headings.
Equality and Diversity
Does the paper have equality and diversity implications? No
Originator of the paper
Sheila Gupta, Director of HR
Freedom of information
Can this paper be included in open business? Yes
RMC 09/10 3 C
1
RISK REVIEW
The aims of the Risk Review are twofold • to enable the Lead Manager of the particular risk to review and assess whether the risk is
being adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk 7: Inability to retain or attract sufficient key academic staff to meet University/College goals for research and teaching.
Inherent risk: (in the absence of any mitigation) Disastrous
Senior Manager: (taking lead responsibility for management of Risk)
Director of HR
Residual risk: (with current mitigating actions in place)
Critical Risk Review prepared by:
Sheila Gupta, Director of HR
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Possible Date: 29 March 2010
Threats: (if risk event occurs or risk is not managed)
Loss of academic leadership
Loss of funding
Inability to compete effectively for international staff
Failure to meet teaching goals
Failure to develop our activities in research and teaching
Reputation loss, with consequent impact on research contract awards and student recruitment.
Opportunities: (other benefits that might accrue on successful management of risk)
Improved performance in relation to academic goals due to improved attraction and retention of leading academic staff.
Further enhancing our financial sustainability.
Current management processes or mitigating actions: (Identify the major elements in managing the risk and how you ensure those elements are operating properly. For some risks, if it is possible to identify actions that would be taken in the event of the risk event occurring that would mitigate its impact, please also identify these.)
Attractive working environment The most important element in managing this risk is ensuring that the University continues to be an attractive working environment in the widest sense. This encompasses a very broad range of issues ranging from culture, values and management style to physical buildings and facilities and is fundamentally the responsibility of all managers in the University. It is managed indirectly through a broad range of activities and services, including HR initiatives and support (e.g. in the areas of Leadership Development,
2
Induction, Reward, Dignity and Respect, Staff Counselling), ongoing Estates and Buildings programmes and, most importantly, good management practice by local managers. Regular Performance and Development Review is also an important part of ensuring that key academic staff are supported in their personal and career development, and in meeting University research and teaching goals
Annual review of academic staff at all levels (incl salary) Heads of Schools (HoS) are required to assess the grade and salary of each member of staff including professors on an annual basis as part of the annual promotions, contribution reward and grade 10 salary review cycles. This should identify staff that either clearly meet the criteria for promotion, or are ontrack for promotion (where appropriate) in the medium term. In the case of professors, this should identify those whose contribution (personal or institutional) is deserving of recognition and financial reward (lump sum or salary uplift). Clear processes are in place for dealing with out of cycle cases, including those which fall under the remit of the Court Remuneration Committee, to facilitate expeditious decision making.
Senior level HR Policy group, convened by the Director of HR, examines and develops strategies for the effective recruitment and retention of key academic staff The College HHRs meet with the HR Director on a regular basis to consider all policy matters including recruitment and retention taking into account feedback from Colleges, and identify appropriate initiatives or actions.
Flexible strategies adopted to ensure the University can respond to recruitment and retention needs of different business areas – the HR Advisor (Recruitment, Retention and HR Planning) in Corporate HR has specific responsibility for supporting recruitment and retention activities, including continuous improvement and taking forward new initiatives.
The new UKBA rules – There is a genuine concern that the new UKBA rules could have a negative impact on international staff recruitment College HR teams meet the HR Advisor (Recruitment, Retention and HR Planning) to discuss strategy and policy issues fortnightly to keep the ever changing position under close review.
Recruitment of international staff – Colleges would welcome much greater flexibility within our policies to ensure we can operate effectively in different international markets and be responsive to rapidly changing external environments. For example, it is essential to be able to appoint staff where their research provides a fit with our goals to give us a strategic advantage in a highly competitive international market.
The Market Pay Policy currently inhibits expeditious decisionmaking and needs to be updated to ensure that the University can be appropriately responsive in recruitment and retention cases of key strategic significance.
Academic Promotion and Reward A University level group is currently looking at updating the Grade Profiles to ensure a clear strategic fit between them and our Reward policies, so that we are attracting, promoting, rewarding and retaining staff for clear strategic reasons.
Monitoring of Risk / Performance Indicators: (Identify how you would know that the risk is not being adequately managed; and identify relevant key performance indicators that provide an indication of the adequacy of risk management/mitigation. Attach tables or graphs of those indicators.)
The broad issue of ensuring that the University continues to offer an attractive working environment is monitored on an ongoing basis by the Director and HHRs, as well as by senior managers across the University as a natural part of their role. HoCs and HHRs are immediately aware of any high performing academic’s resignation, and if any attempts to retain them have been unsuccessful. One case on its own will not be an indication of our management of a risk being ineffective, but a number of cases within a year would provide sufficient evidence to indicate we have a problem. This is only readily apparent once the recruitment exercise to seek a replacement has been concluded. On occasions we have managed to recruit a “replacement” of higherstanding.
3
The broad picture on professorial salaries is monitored through an annual equal pay review, including monitoring the effectiveness of the normal progression and contribution award arrangements introduced in 2006/07, particularly in relation to differentials between men and women as well as internal and external appointments. The picture for other academic staff is monitored in equality terms through examination of recruitment and promotions by the Equality and Diversity Monitoring, Advisory and Research Committee (EDMARC, formerly EOTAG) and triennial equal pay audits covering all staff
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
1. Enhancement of leadership development provision to cover all levels
2. Current appraisal/performance and development review target of 85% to embed academic and professional development into our people management practices.
3. Significant investment to upgrade erecruitment processes
4. Recruitment and retention strategies kept under ongoing review
5. Continued application of management action and monitoring of position
6. The three HoCs and the three Heads of HR meet the Director of HR periodically to consider all relevant policy issues including academic recruitment and retention.
Responsibility
Director, Leadership Development Programme
Assistant Director of HR (Talent & Culture)
HR Adviser (Recruitment, Retention and HR Planning)
Director of HR/HHRs
HoCs, HHRs and HR Director
HoCs, Director of HR and HHRs
To be completed by
Ongoing
2012
September 2011
Ongoing
Ongoing
Ongoing
4
7. Development of a staff development database
8. UKBA rules and guidance regularly updated. Direct contact with UUK to influence policy makers
9. Review Recruitment Policy
10. Market Pay Policy Review
11. Review of Grade Profiles and Academic Pomotions guidance
Director of Researcher Development Programme
HR Adviser (Recruitment, Retention and HR Planning) and College HR teams
Recruitment Policy Lead
Project and OD Lead
HR Director and Short Life Task Force
July 2010
Ongoing
July 2010
December 2010
July 2010
Note – where actions above are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale. Any actions not yet agreed with the individual, or potential areas for action that require to be discussed, to be included in the table below.
Proposed additional actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
Proposed Responsibility
RMC: AC/01/05/17
The University of Edinburgh
Risk Management Committee
12 April 2010
Review of Risk 8: Inadequate management work priorities and major change projects both individually and as a combined programme of activity:
8.3 Web Project
Brief description of the paper
This is an update for the 2009 RMC of Risk 8.3. Note that the reviewer assessed the residual risk to be moderate (rather than critical as in the University Risk Register). Appendix A reports on the sustainability strategy for the web project.
Action requested
For information
Resource implications
Does the paper have resource implications? Yes, paper addresses funding for FY201011 and onwards
Risk Assessment
Does the paper include a risk analysis? Yes – the paper is the Risk Assessment for the University Website Project
Equality and Diversity
Does the paper have equality and diversity implications? No
Originator of the paper
Dawn Ellis, Director, University Website Project, 17 March 2010
Freedom of information
Can this paper be included in open business? Yes
RMC 09/10 3 F
1
RISK REVIEW
The aims of the Risk Review are twofold • to enable the Lead Manager of the particular risk to review and assess whether the risk is
being adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk 8: Inadequate management work priorities and major change projects both individually and as a combined programme of activity:
8.3 Web Project
Inherent risk: (in the absence of any mitigation) Critical
Senior Manager: (taking lead responsibility for management of Risk)
Jeff Haywood
Residual risk: (with current mitigating actions in place)
Possible Risk Review prepared by:
Dawn Ellis
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Possible Date: 17th March 2010
Threats: (if risk event occurs or risk is not managed) The University website continues to be the major marketing vehicle for the University and, as such, failure to manage its content and framework will damage the reputation of the University.
The central corporate site has expand in size with most Schools and Support Units included by end July 2010 when the Project formally ends (see Appendix A). Failure to maintain these sites during FY201011 and onwards would result in degradation of the overall visitor experience.
Without ongoing focus on the effectiveness of the servers and their resilience and ability to cope with increasing user load, the site will fall over and crash.
Without the ongoing maintenance of a clear, wellmanaged publishing framework with well managed workflows in a scalable and resilient CMS, the site will degrade and the external user experience will be less than satisfactory, the reputation of the University will be consequently diminished. Without the above, legal compliance in terms of website accessibility cannot be assured.
Without easy access to training, clear guidelines, support and an informed helpdesk, colleagues risk breaking the Information Architecture principles and deviating from writing for the web protocols, thus impacting on the site’s integrity and user experience.
The style guide ensures consistency of navigation and userfocused content not previously available throughout the sites, noncompliance threatens the site’s integrity.
Without strong management of the above areas, it will be difficult for the University to deliver
2
key aspects of its strategic plan (e.g. advancing internationalization, successful knowledge transfer, excellence in research, effective recruitment and retention of both staff and students), and key immediate targets such as supporting ELIR and making visible its work in sustainability and environmental enhancement .
Opportunities: (other benefits that might accrue on successful management of risk) The University’s overall strategic objectives will be supported with the delivery of the Polopoly managed website.
To note in particular: The successful management of the delivery of the website project will have harmonised the university’s corporate online presence. It has given more staff more opportunity to create engaging, dynamic content, improving efficiencies in web publishing, saving time and removing duplication of effort.
The international reputation of the university will have been enhanced and promoted by the development of the Edinburgh Global Showcase (due May 2010).
Internal and external communications will be improved with a greater awareness of the University’s excellence in its broad range of activities.
Recruitment and retention of high quality staff and students will be supported.
The competitive position of the University will be strengthened.
Working more closely with the EUCLID management team has helped the Website Project team to understand its priorities and deliverables and helped ensure smooth rollout of the new CMS to Schools and Colleges, reducing overload of demands on colleagues.
The opportunity to conduct a review early in FY201011 will result in recommendations for coordination of the University’s wider online presence, and a sustainable plan for FY201112 and onwards (Appendix A).
Current management processes or mitigating actions: (Identify the major elements in managing the risk and how you ensure those elements are operating properly. For some risks, if it is possible to identify actions that would be taken in the event of the risk event occurring that would mitigate its impact, please also identify these.)
Project Board, Advisory groups, content development partnerships, technical peer group, and embedded training all in place and contributing to effective delivery by ensuring effective and open communication channels. Project Board members are reporting to University committees. As part of the Review, the governance mechanism for oversight of the University online presence will be addressed.
A Service Level Agreement has been put in place with IS Applications Management to cover infrastructure and CMS support.
Project website in place ensures effective, widespread availability of information on the project deliverables to the University community.
Communication activities, presentations, workshops have helped introduce the Project aims and vision to as wide an internal audience as possible.
The style guide ensures consistency of navigation and userfocused content not previously available throughout the sites, adherence is critical to the site’s integrity.
Work continues with colleagues in Communications and Marketing to ensure protection of brand as we roll out to Schools.
3
Collaboration with the EUCLID project and the need for an understanding of mutual dependencies has become more apparent and the Website Project Board has welcomed the deputy director of EUCLID to its membership to ensure sharing of information at senior level on key dates and deliverables.
A Website SelfChecker tool will be made available to Heads of Unit (site publishers) to enable them to check the compliance of their sites to the University’s guidelines and principles. To be available July 2010.
Transition management of Project to Service has begun with the integration of activities such as training and support now in planning.
Project sign–off documents (Goals/Questions/Measures) to be made available in July 2010.
Monitoring of Risk / Performance Indicators: (Identify how you would know that the risk is not being adequately managed; and identify relevant key performance indicators that provide an indication of the adequacy of risk management/mitigation. Attach tables or graphs of those indicators.)
Regular monitoring of Project risk register by the team with red, amber, green indicators to help assess risk.
Escalation procedures in place if necessary.
Key site performance indicators will continue to be tested by site owners as each site goes live.
Production management teams in place to deliver service management of new site. Monitoring and reporting meetings in place to ensure successful management.
Feedback mechanisms in place at Project Board meetings to ensure effective coordination with the EUCLID Project.
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
Responsibility To be completed by
4
Confirmed focus for minimal development activities 201011
A Website SelfChecker tool will be made available to Heads of Unit (site publishers) to enable them to check the compliance of their sites to the University’s guidelines and principles.
Project signoff documents (Goals, Questions, Measures)
Dawn Ellis
Dawn Ellis
Dawn Ellis
June 2010
July 2010
July 2010
Note – where actions above are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale. Any actions not yet agreed with the individual, or potential areas for action that require to be discussed, to be included in the table below.
Proposed additional actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes) 1. Plan to year end with forecast of rollout activities to be put in place for next Project Board meeting (April 2010)
2. A confirmed service management 201011plan to be put in place by June 2010.
Proposed Responsibility
Dawn Ellis
RMC 09/10 3 F
Review of Risk 8.3 Web Project
APPENDIX A: Web Project Sustainability Strategy
Overview: The University Website Development Project comes to an end in July 2010 when most Schools and Service Units will be using the Polopoly system. There is now a more seamless navigation experience for the majority of the corporate web pages, with the added benefit of the reflection of a clear, consistent brand which protects and enhances the reputation of the University.
Sustainability As part of the 201011 Planning Round, the University chose an option to keep the core project team, integrate daytoday site management activities in to IS, and costs for any further development of functionality to be borne by the business unit requiring thay development. Developmental priority and resources will be given to key strategic business areas for the University, namely Internationalisation, PGT/R recruitment, ELIR and Sustainability/Environmental Impact. This will be partfunded by the business owners. Planning with business owners based on this model has begun.
Review The online world has changed since the inception of the University Website Project almost 5 years ago. We have witnessed a proliferation in the development and takeup of 2.0 technologies; blogs, Twitter, Facebook and aggregation of content feeds to name but a few. In light of these changes in the online space, and the uptake of them by various parts of the University, it has been agreed that effective management of the corporate website, as currently delivered in the Polopoly Content Management System, might not be enough to protect the University’s reputation, and to ensure most effective use of these new technologies.
With this in mind, CMG has approved the proposal for a critical review to take place during the summer and autumn of 2010 which will examine the University’s current and future requirements to help manage its online presence effectively and to support its overall strategic direction. The outcome of this process will be recommendations as to how best to coordinate our activity in the online space, plus a costed plan for FY201112 and onwards, in good time for the FY201112 planning round.
The University of Edinburgh
Risk Management Committee 12 April 2010
Risk 8: Inadequate management of work priorities and major change projects both individually and as a combined programme of activity.
8.4: major estates projects e.g. Vet School, SCRM, Main Library Redevelopment, Adam Ferguson Building, West Wing Refurbishment
Brief description of the paper
This is a risk review for the above risk, incorporating changes requested previously by RMC.
Action requested
For information
Resource implications
Does the paper have resource implications? Yes – the capital project programme is substantial
Risk Assessment
Does the paper include a risk analysis? Yes
Equality and Diversity
Does the paper have equality and diversity implications? No
Originator of the paper
Angus Currie, Director of Estates Graham Bell, Depute Director of Estates
Freedom of information
Can this paper be included in open business? Yes
RMC 09/10 3 G AC/01/05/17
1
RISK REVIEW
The aims of the Risk Review are twofold • to enable the Lead Manager of the particular risk to review and assess whether the risk is
being adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk 8: Inadequate management of work priorities and major change projects both individually and as a combined programme of activity.
8.4: major estates projects e.g. Vet School, SCRM, Main Library Redevelopment, Adam Ferguson Building, West Wing Refurbishment
Inherent risk: (in the absence of any mitigation)
Critical Senior Manager: (taking lead responsibility for management of Risk)
Director of Estates and Buildings
Residual risk: (with current mitigating actions in place)
Critical Risk Review prepared by:
Depute Director Estate Development
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Possible Date: 12 March 2010
Threats: (if risk event occurs or risk is not managed) Loss of financial control, business continuity and also a threat of legislative noncompliance on certain projects. Possible prosecution. Loss of credibility with staff and students and funding / business partners. Loss of income. Adverse PR and significant reputational damage.
Opportunities: (other benefits that might accrue on successful management of risk) Improved financial control and business continuity/contingency planning Estate strategy implemented effectively with improved facilities available for staff and students as quickly as possible. Enhanced reputation with funding and other business partners and associated reputational benefits. Positive PR and business/income growth opportunities.
Current management processes or mitigating actions: (Identify the major elements in managing the risk and how you ensure those elements are operating properly. For some risks, if it is possible to identify actions that would be taken in the event of the risk event occurring that would mitigate its impact, please also identify these.)
The funding context of the capital development programme has changed significantly over 2008/09 and as a consequence, some of the projects in the capital programme require to be delayed so as to maintain the rate of expenditure at an appropriate level. Given the uncertainty of the funding environment, and to mitigate changing SFC arrangements, delayed and reduced income from property disposals and more constrained fundraising over the next few years, it has been necessary to adopt an incremental approach to the approval of the
2
remaining approved projects and projects are now being progressed through the precontract RIBA plan of work on a stage by stage basis.
We have mapped the estates strategy as a Microsoft Project document which illustrates inter dependencies of projects and shows linkages to property disposals. This is being used as a planning tool and provides linkages to financial outputs and cashflow forecasts. It can be sorted by College or estates zone and notes approved projects/projects awaiting approval. This is updated quarterly and provides the basis for monitoring expenditure and the Capital Projections Plan reports to Estates Committee.
Measures being taken to mitigate the impact of slippage on the programme include writing to senior management of the construction companies engaged on the works to advise of the impact of slippage on the programme, the University’s inability to comply with funder’s conditions of grant and the consequential damage to reputations. In order to provide continuity of business for teaching within the central area, premises at Forresthill have been retained. This position will be kept under review as the development programme proceeds.
Given the current economic climate, there is a greater risk of insolvencies and hence the due diligence processes carried out prior to contractor appointments have been reviewed. As part of our tender processes, we have reviewed PreQualification Questionnaires and it is now regular practice to obtain Dunn and Bradstreet reports providing financial strength and risk indicators of tendering contractors who have been shortlisted for Strategic projects. We also take advice from Finance Office colleagues when reviewing company accounts and our procedures also provide that guarantee bonds are obtained on Strategic Projects.
The Health and Safety at Work Act 1974 and the revised Construction, Design and Management Regulations (CDM) 2007 place a duty on us to ensure contractors and consultants we employ are competent. We have therefore examined the options for establishing Stage 1 competence for contractors and consultants and have now decided to use the CHAS scheme and all consultants and contractors who we have contracted with have attended CHAS briefing sessions and are required to demonstrate compliance with basic health and safety law and sound management of it by registration as a compliant company with CHAS or equivalent.
Estates Committee and F & GPC receive regular reviews of estates and financial planning on estate development and maintenance programmes.
Strategic Project Boards have been established for all major estates development projects and risk registers are maintained and reviewed at the Board meetings. In addition the Estates and Buildings Department has reviewed project management procedures for estates development projects and are consistent the Scottish Funding Council’s Decision Point Process guidance.
There are currently two Strategic projects at Easter Bush campus where operations on site are underway and there are consequential health and safety risks to manage to ensure that business can continue without interruption/hazard. We have engaged a full time site co ordinator to manage the liaison between the sites and have also installed appropriate directional signage. We have further produced a site campus guide with information about safe access routes and site demarcations for staff, students and visitors.
Looking ahead, we are developing our EBIS software to enhance our project management and capital reporting which will allow project managers and others to build up the cost of projects including funding, and profile spend and funding overtime, at each RIBA / and Decision point stage, allowing full cashflow analysis. It will also allow capture other key project data to allow enhanced management of the capital programme linking with University estate and financial strategy.
3
Monitoring of Risk / Performance Indicators: (Identify how you would know that the risk is not being adequately managed; and identify relevant key performance indicators that provide an indication of the adequacy of risk management/mitigation. Attach tables or graphs of those indicators.)
Strategic Project Boards have been established for all major estates development projects with the aim of monitoring programme and costs and reporting to Estates Committee. Projects are monitored in terms of time, quality, cost, health and safety and sustainability and we review risk and maintain risk registers on all of our Strategic Projects.
In May 2009, EPAG endorsed a risk model recommendation for assessing the status of a project to establishing at the outset whether a project would benefit from an independent review. The risk model includes a range of financial, operational and reputational criteria for assessing risk and provides a guide as to how to assess whether a project has sufficient impact for it to be classed as Strategic, Major or Minor and therefore the approach to independent project reviews.
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
As noted above, Estates and Buildings Dept. has put in place a number of measures to manage risks (business continuity, financial, health and safety). The process of reviewing our project management procedures for major projects is an ongoing one and we will report to Estates Committee in June advising on further progress
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
1. Provide Estates Committee with further update report on Project Procedures in June
2. Maintain monthly regime and liaise with Finance department in monitoring the capital programme expenditure forecasting and cash flow profiling.
Responsibility
Depute Director Estate Development Depute Director Estate Development
To be completed by
June 2010
July 2010
Note – where actions above are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale. Any actions not yet agreed with the individual, or potential areas for action that require to be discussed, to be included in the table below.
4
Proposed additional actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
1.Implement project gateway procedures – being rolled out on a number of Strategic Projects from Gateway 0 (Strategic Assessment)
2. Complete project business case procedure note and associated financial model template – financial model endorsed by Estates Committee (December 09) and now being implemented.
Proposed Responsibility
Depute Director Estate Development
Depute Director Estate Development
RMC: AC/01/05/17
The University of Edinburgh
Risk Management Committee
12 April 2010
Risk 9: Major failure of IT infrastructure, systems operation, or serious breach of IT security leading to extended loss of service (over 3 days) or loss of data
Brief description of the paper
This is a review of risk 9 from the University Risk Register.
Action requested
For comment
Resource implications
Does the paper have resource implications? Yes, taken into account in annual planning and budgeting processes.
Risk Assessment
Does the paper include a risk analysis? Yes
Equality and Diversity
Does the paper have equality and diversity implications? No
Originator of the paper
Simon Marsden, Director of Applications
Freedom of information
Can this paper be included in open business? Yes
RMC 09/10 3 H
1
RISK REVIEW
The aims of the Risk Review are twofold • to enable the Lead Manager of the particular risk to review and assess whether the risk is being
adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk 9: Major failure of IT infrastructure, systems operation, or serious breach of IT security leading to extended loss of service (over 3 days) or loss of data.
Inherent risk: (in the absence of any mitigation)
Disastrous Senior Manager: (taking lead responsibility for management of Risk)
Prof Jeff Haywood
Risk Review prepared by: Simon Marsden
Residual risk: (with current mitigating actions in place)
Critical
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Possible Date: 29 Mar 2010
Threats: (if risk event occurs or risk is not managed) Loss of operational control and information for key University systems. Financial impact, directly through actual loss of business or indirectly with efforts refocused on recovery of services rather than provision of normal operations. Loss of reputation, both internal and external, through inability to provide services or exposure of confidential information. Inability of researchers to conduct time critical business, e.g., submission of grant requests.
The dependence of the University on IT services continues to grow rapidly. The capacity in the service to respond to these demands is not growing in step with the service growth. This past year has had a number of significant issues running in parallel, Euclid, Exseed, firewalls, etc. It is important that the changes required to deliver, high quality, 24*7 IT services, across a wide range of disciplines are not compromised by traditional funding models, especially in the current financial climate. There are strongly competing pressures for IS resources from the rest of the University. Whilst at present we are successfully managing, if these prioritisation questions are not addressed soon the risk to the business may become unacceptable.
Opportunities: (other benefits that might accrue on successful management of risk) Improved delivery of standard services through development of resilience infrastructure. Improved confidence in IT service delivery with the proven management of the risk.
2
Current management processes or mitigating actions: (Identify the major elements in managing the risk and how you ensure those elements are operating properly. For some risks, if it is possible to identify actions that would be taken in the event of the risk event occurring that would mitigate its impact, please also identify these.) A number of different strands are in place to help with management of the risk. IS have undertaken a major exercise in building a high level of resilience into the underlying infrastructure to ensure continuity of service for the University systems. The architectural design of this infrastructure is based on two main centres of operation, located at Kings Buildings and Appleton Tower. This allows for loss of major components within the overall architecture of even an entire site, with the ability to recover services to the remaining location. In addition systems are now being configured to utilise the replication of facilities at two sites, allowing IS to deploy more resilient services that allow point failures in the infrastructure with little or no impact on the users.
To ensure that IS are prepared to deal with a major failure in the IT infrastructure, a Disaster Recovery plan has been in place since 2001. This documents the actions required to return the major University systems to an operational state in the event of a major disaster affecting the underlying infrastructure, outlining the roles and responsibilities, agreeing the priority specific systems should have in such an event and the communication and management strategy that will be followed. Testing of the processes that would be enacted in such an event are performed on a regular basis, within involvement from the user base to ensure visibility and confidence in the plan. An exercise to review which systems were most important to the University was undertaken by the IT Committee. This resulted in a reduction of the number of highest priority services and reduced the target time for recovery to 1 day.
Further current management processes are listed below:
3. Ongoing monitoring of availability, capacity and performance with appropriate action taken to address issues that are identified. See http://www.ed.ac.uk/schoolsdepartments/informationservices/services/service alerts for availability statistics.
Last year additional capacity was added to the firewall infrastructure, MyEd WebCT and staff email services. We have just finished an extensive load testing programme to size the hardware needed for new student administration services being introduced in summer 2010 and placed orders for new equipment. Further increases to WebCT capacity are needed to cope with increasing demand and the load balancer infrastructure is also due to be replaced to meet capacity requirements. The monitoring also helped identify that some services which were based on older versions of our preferred tools called Cold Fusion were less reliable than required. As a result we have instituted a programme to upgrade Cold Fusion.
2) Machine room capacity has been addressed though a major refurbishment of the Appleton Tower space. The JCMB machine room is in need of a major refurbishment in particular with respect to Air Conditioning and backup power supplies. A project has been put in place this year with a probable cost of over £700k and will take a couple of years to complete
3) Internal audit programme, which has examined mobile data issues and penetration testing covering external web application (EASE and MyEd), University web site, internal infrastructure, .and client side attack on supported windows desktop.
4) Annual IT assurance programme from CIO.
3
Monitoring of Risk / Performance Indicators: (Identify how you would know that the risk is not being adequately managed; and identify relevant key performance indicators that provide an indication of the adequacy of risk management/mitigation. Attach tables or graphs of those indicators.)
IS has the overall position under relatively constant review. When events occur, then the consequences of this are examined and where there have been failures in resilience or other operational problems then lessons have been learned and appropriate steps taken (with cost limits) to avoid such problems.
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
Further activity to increase resilience within current budget limits
• Major refurbishment of the JCMB machine room and resilient network link to Easter Bush
• Purchase of new equipment for student administration
Responsibility
Information Services
Information Services
To be completed by
Ongoing
2012
Note – where actions above are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale. Any actions not yet agreed with the individual, or potential areas for action that require to be discussed, to be included in the table below.
Proposed additional actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
1. Major proposals to increase resilience and decrease dependence upon the JCMB machine room and single routes to critical areas such as the Bush establishments see Bush above
Proposed Responsibility
CIO
RMC: AC/01/05/17
The University of Edinburgh
Risk Management Committee
12 April 2010
Risk 10: Major/exceptional health and safety incident occurs including: high profile incident on campus; pandemic event
Brief description of the paper
A review of the major healthy and safety and business continuity risks relating to the University. This paper is a risk assessment outlining the possible risks, including reputational, with current plans for managing and monitoring of these risks and any improvements possible. Improvements/further actions have been allocated to named individuals and timescales implemented. Learning resulting from management of pandemic flu has been highlighted.
Note that the reviewer assessed the likelihood of the risk to be rare (rather than possible as in the University Risk Register).
Action requested
For information.
Resource implications
Does the paper have resource implications? Yes, described in Further Actions section.
Risk Assessment
The paper provides information as part of the risk management process.
Equality and Diversity
Does the paper have equality and diversity implications? No
Originator of the paper
Alastair Reid, Director of Health and Safety Department
Freedom of information
Can this paper be included in open business? Yes
RMC 09/10 3 I
1
RISK REVIEW
The aims of the Risk Review are twofold • to enable the Lead Manager of the particular risk to review and assess whether the risk is
being adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk: 10. Major/exceptional health and safety incident occurs including: high profile incident on campus; pandemic event
Inherent risk: (in the absence of any mitigation)
Critical Senior Manager: (taking lead responsibility for management of Risk)
Director of Corporate Services
Residual risk: (with current mitigating actions in place)
Critical Risk Review prepared by:
Director of Health & Safety
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Possible Date: 31 st March 2010
Threats: (if risk event occurs or risk is not managed)
Major disruption to research and/or teaching, student administration and operational activities. Reputational damage
Opportunities: (other benefits that might accrue on successful management of risk) Potential for competitive advantage; positive effects on reputation – management of pandemic flu is a case in point; positive effects on insurance premiums if processes for managing health and safety and contingency planning seen to be very good
Current management processes or mitigating actions: (Identify the major elements in managing the risk and how you ensure those elements are operating properly. For some risks, if it is possible to identify actions that would be taken in the event of the risk event occurring that would mitigate its impact, please also identify these.)
Health and Safety Policies and Guidance at corporate and School etc. levels. Structure and network of H&S Advisers, full and part time, at College and School levels, and below, is growing, in terms of number, quality of qualifications and experience.
Strategic/tactical contingency plans (cp) and business continuity management (bcm) plans in place in health and safetyrelated areas of activity, including fire, asbestos, Legionella, meningitis, hazardous waste disposal, pandemic flu. Contingency plans in place for activities in areas such as E&B, IS, Finance, HR, Accommodation Services, SAS. IS undertake business recovery exercise each year. Contingency plans in place in the event of needing to close certain buildings e.g. Appleton Tower, Main George Square Library, Darwin Building.
2
Aon partnership has audited individual areas’ cp and bcm plans during H&S Management and Compliance Audit Programmes, of Schools and Support Units. A partnership project with Aon has improved general aspects of cp and bcm, and helped move embeddedness of planning outwards from H&Srelated activities, to cement this within the culture of UoE as an institution. The compliance audit programme, to verify findings at management audit, is currently under way
Dissemination of awareness and planning (general cp & bcm) through M&VM at strategic, tactical and operational levels, being undertaken and also being used as a template for rest of UoE. Additional resource within CSG has been identified to take BCM project forward at greater pace – now led by CSG Project, Programme and Planning Manager
Development of cp & bcm for pandemic influenza has been well implemented. PF Contingency Plan, Antiviral strategy and awareness campaign for staff and students have been published and disseminated. PF channel on MyEd has been established with window of access to comprehensive information system and access to antivirals. Programme of desktop exercises in Schools (and equivalent) plus individual exercises for Senior Management, Academic Impact, on pandemic flu have been completed.
The advent of the influenza pandemic in April 2009 has afforded many learning opportunities with regard to managing a serious public health situation which impinges upon the University. The University’s handling of pandemic flu has been seen as exemplary in the Scottish tertiary education sector, and has provided us with learning outcomes which extend beyond public health issues into the management of a range of serious/high profile events and situations.
General major incident situations have led to much experience being accrued within the institution, which has an excellent track record of dealing with such incidents – the BCM Project seeks to formalise that experience and embed it in UoE culture for the future. The University’s insurers are also included in dialogue to move this forward.
With regard to an incident on site, security processes, including their linkages with emergency services, will immediately operate, an incident management group will immediately be formed and, as necessary, existing Web/Email/MyEd/School/Unit communication processes will be used for communication with students and staff.
Implementation of EUCLID and development of formal BCM processes will create a platform to hold, and for students to update, contact information (e.g. mobile phone numbers). This will enable the University to invest in text messaging and other electronic communications with students.
The University is now an active member of the Lothian Reciprocal Agreement for BCM activities, and of the Resilient City project in Edinburgh. This links in to collaborative work in the counterterrorism area, e.g. Project Revise (Home Office).
Monitoring of Risk / Performance Indicators: (Identify how you would know that the risk is not being adequately managed; and identify relevant key performance indicators that provide an indication of the adequacy of risk management/mitigation. Attach tables or graphs of those indicators.)
Practical experience of incident management indicates that UoE can deal with all types of incident professionally, and demonstrate resilience. If not adequately managed, incidents would become uncontrolled. Perception of Brokers and Insurers would be negative, if they felt UoE was not adequately managing this type of risk. Current assessment is that UoE responds well to these challenges, when they occur. Formalisation of BCM systems and structures required, and is underway.
Management of pandemic flu in 20092010 has reinforced this view, and UoE’s learning has been shared with other Scottish Universities and Colleges through the CHASTE Project.
3
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
However, their performance has previously been suboptimal, due to the absence of an effective focus for cp and bcm activity across the UoE. That focus is now in place and is developing more rapidly.
However, the activities relating to cp and bcm have been somewhat fragmented, and lack of embeddedness within the culture of the institution tends to suggest that the loss of key individuals might well adversely affect performance. The BCM Project is addressing those issues.
But there are clear opportunities for performance to be enhanced, as noted above. Experience during the flu pandemic has provided much useful learning, including the need to involve colleagues at College and School levels as early in the process as practicable.
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
1. Inclusion of UoE in Lothian Reciprocal Agreement (HE/FE) on cp & bcm, and in Resilient City initiative
2. Publication of Pandemic flu plans and policies
3. Relaunch of partnership project with AON to upgrade cp and bcm
4. Undertake desktop exercises
5. Consider text communications to students/staff mobile phones in the event of an emergency
Responsibility
DoCS
DoH&S
DoCS
DoCS
DoCS/CIO
To be completed by
Completed 2008
Completed 2008
Underway. Funding to 2010 in place
Completed 2009
Post implementation of EUCLID
Note – where actions above are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale. Any actions not yet agreed with the individual, or potential areas for action that require to be discussed, to be included in the table below.
Proposed additional actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
1. Continue dissemination and embedding of BCM in the fabric of the institutions processes and procedures
Proposed Responsibility
CSG P,P&P Manager; DoH&S
AC/01/05/17
RMC 09/10 3 K The University of Edinburgh
Risk Management Committee
12 April 2010
Risk 13: Significant academic collaborations fail to be effectively managed and do not deliver benefit to the University
Brief description of the paper
This paper is the review of Risk 13 in the University’s Risk Register – namely that significant academic collaborations fail to be effectively managed and do not deliver benefit to the University. Also, the Risk Register records the inherent risk as critical, the residual risk as moderate and the likelihood as possible. However, this has been assessed by all colleges as inherent risk moderate, the residual risk slight and the likelihood possible.
Action requested
For information
Resource implications
Does the paper have resource implications? No
Risk Assessment
Does the paper include a risk analysis? Yes – this paper is a review of a risk
Equality and Diversity
Does the aper have equality and diversity implications? No
Originator of the paper
Frank Gribben, College Registrar, College of Humanities & Social Science Louis Golightley, College Registrar, College of Medicine and Veterinary Medicine Bruce Nelson, College Registrar, College of Science and Engineering
Freedom of information
Can this paper be included in open business? Yes
RMC: AC/01/05/17
COLLEGE OF SCIENCE AND ENGINEERING
RISK REVIEW
The aims of the Risk Review are twofold • to enable the Lead Manager of the particular risk to review and assess whether the risk is
being adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk 13: Significant academic collaborations fail to be effectively managed and do not deliver benefit to the University
Inherent risk: (in the absence of any mitigation)
Critical Senior Manager: (taking lead responsibility for management of Risk)
Head of College
Residual risk: (with current mitigating actions in place)
Moderate Risk Review prepared by:
College Registrar
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Possible Date: 2 April 2010
Threats: (if risk event occurs or risk is not managed) • Loss of reputation • Failure to attract or retain academic staff • Financial loss • Opportunity cost in managing problems arising from collaborations • Inappropriately high aversion to risk in future collaborations, leading to loss of
benefits Opportunities: (other benefits that might accrue on successful management of risk)
• Additional income • Volume and/or quality of research increased including the possibility of new areas of
research • Reputation enhanced
Current management processes or mitigating actions:
In establishing collaborative activities, these are maintained within existing structures within the College – no new structures are developed which would compromise the existing clean structure or cause managerial confusion. Accordingly, an identified Head of School is responsible for each collaborative activity as they are for the College’s noncollaborative activities. For each collaborative activity (research and/or teaching) a lead School is identified and an individual identified (usually given the title Director) to be responsible for the activity. The Director reports to the Head of School.
To ensure this is working properly, Heads of Schools are expected to report on collaborations as they would other activities including in the planning round. In addition, however, memoranda of understanding/agreement are drawn up for all collaborative activities and these are reviewed regularly, at least on a 5 year cycle.
RMC 09/10 3 K
1
In addition to the local (School) management arrangements a management committee, comprising all relevant parties and convened by the Director, is established to ensure that the objectives of the collaboration are met.
Monitoring of Risk / Performance Indicators:
The Director of the relevant collaboration is responsible for ensuring its success, accountable to the HoS. Examples of lack of success include failure to attract students to collaborative courses, failure to attract sufficient grant funding to collaborative research projects, and failure to produce outputs from research collaborations: regular reporting of these metrics is carried out as appropriate to the collaboration but regular monitoring of all of these and more is also carried out across all of the College’s activities. In addition, the spending of management time resolving problems associated with collaborative activities (examples include the supervision of research students in Associated Institutions, research pooling arrangements, nonpayment of income due etc.) would be noted and dealt with as would complaints, negative media presence etc.
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
1.
Responsibility To be completed by
Note – where actions above are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale. Any actions not yet agreed with the individual, or potential areas for action that require to be discussed, to be included in the table below.
Proposed additional actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing
Proposed Responsibility
2
management /mitigation processes)
1. 2.
etc
AC/01/05/17
RMC 09/10 3 K COLLEGE OF HUMANITIES & SOCIAL SCIENCE
RISK REVIEW
The aims of the Risk Review are twofold • to enable the Lead Manager of the particular risk to review and assess whether the risk is
being adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk 13: Significant academic collaborations fail to be effectively managed and do not deliver benefit to the University
Inherent risk: (in the absence of any mitigation)
Critical Senior Manager: (taking lead responsibility for management of Risk)
Head of College
Residual risk: (with current mitigating actions in place)
Moderate Risk Review prepared by:
College Registrar
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Possible Date: 1 April 2010
Threats: (if risk event occurs or risk is not managed) • Loss of reputation • Failure to attract or retain academic staff • Financial loss • Opportunity cost • Wariness of future collaborations which could deliver significant benefits
Opportunities: (other benefits that might accrue on successful management of risk) • Additional income • Volume of research increased including the possibility of new areas of research • Reputation enhanced
Current management processes or mitigating actions: (Identify the major elements in managing the risk and how you ensure those elements are operating properly. For some risks, if it is possible to identify actions that would be taken in the event of the risk event occurring that would mitigate its impact, please also identify these.)
For all of our significant academic collaborations – such as the Confucius Institute, the Centre for Advanced Studies in the Arab World, the accreditation agreement with Edinburgh College of Art – we adopt a similar governance arrangement to oversee the work of the collaborating unit/centre and to mitigate the risk to the University of engaging in major academic collaborations. In all of these cases, we establish an advisory body which includes senior managers from each of the collaborating partners. This body will oversee the work of the Directors(s) of the unit/centre, will approve plans (including financial plans), and will receive regular reports on progress towards meeting objectives.
Smaller scale collaborative activities (e.g. regular research collaboration) will be managed within the routine management arrangements of Schools. Boards of Studies and the College Quality Assurance & Enhancement Committee will oversee collaborative teaching programmes. As colleagues will know, detailed evaluation is being undertaken of the potential risks and benefits of an institutional merger with Edinburgh College of Art. That “risk” is, therefore, being evaluated and managed within a separate framework, and falls outside the scope of this review.
Monitoring of Risk / Performance Indicators: (Identify how you would know that the risk is not being adequately managed; and identify relevant key performance indicators that provide an indication of the adequacy of risk management/mitigation. Attach tables or graphs of those indicators.)
As indicated above, major collaborative centres will have individual plans approved and monitored by advisory boards – these will include relevant performance measures such as income from research grants, student numbers etc. All centres are embedded within one of our Schools, and our regular planning and monitoring arrangements for Schools will pick up details from subunits of Schools, such as collaborative centres, in the reports which are considered by the College Planning & Resources Committee.
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
Responsibility To be completed by
Note – where actions are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale.
Frank Gribben College Registrar 1 April 2010
3
AC/01/05/17 RMC 09/10 3 K
COLLEGE of MEDICINE and VETERINARY MEDICINE
RISK REVIEW
The aims of the Risk Review are twofold • to enable the Lead Manager of the particular risk to review and assess whether the risk is
being adequately managed, and what further actions should be undertaken to ensure required or desirable improvements in the management of the risk are undertaken
• to provide the Risk Management Committee, and through them, the University Court, assurance that the Risk is being adequately managed
Risk: 13 Significant academic collaborations fail to be managed effectively and do not deliver benefit to the University
Inherent risk: (in the absence of any mitigation) Critical
Senior Manager: (taking lead responsibility for management of Risk)
Head of College supported by College Registrar, Heads of Schools, Director of Undergraduate Learning and Teaching and Directors of Postgraduate Studies [T&R]and International Relations and Director of Research
Residual risk: (with current mitigating actions in place)
Moderate Risk Review prepared by:
College Registrar
Likelihood of risk event occurring (as assessed with current mitigating actions in place)
Possible Date: 19th March 2010
Threats: (if risk event occurs or risk is not managed)
Reduction of College Educational programmes, Reduction in anticipated income, loss of reputation and Reduction in Research Activity and outputs
Opportunities: (other benefits that might accrue on successful management of risk)
Enhancement of Reputation, generation of income, enhancement of Research opportunities and performance
Current management processes or mitigating actions: (Identify the major elements in managing the risk and how you ensure those elements are operating properly. For some risks, if it is possible to identify actions that would be taken in the event of the risk event occurring that would mitigate its impact, please also identify these.)
4
1. When Collaborations established formal agreements – negotiated, where appropriate, through ERI legal advisor developed setting out rights and obligations of College functions and those of collaborating party and objectives to be achieved from the collaboration – or within University template for academic collaborations. Examples [Not an Exhaustive List] include:
• Agreement with NHS authorities and Wellcome Trust in respect of Wellcome Millennial Clinical Research Facility in regard to objectives and core funding of Clinical Research activity
• Agreement with NHS Lothian in regard to joint Clinical Research Imaging Facility, QMRI
• Agreement with NHS Education Scotland [originally with Scottish Council for Postgraduate Medical and Dental Education] NHS authorities and Royal College of Surgeons of Edinburgh, including constitution and terms of reference, in respect of establishment, funding, operation and collaborative management of Edinburgh Postgraduate Dental Institute
• Service Level Agreements with NHS authorities in regard to provision of facilities for undergraduate teaching and volume of placements, linked with allocation of Additional Costs of Teaching funds
• Agreement with MRC and with Cancer ResearchUK [CRUK] and with NHS Lothian in regard to establishment of Institute of Genetics and Molecular Medicine, directed by Director of MRC Human Genetics Unit
• Agreement with St Columba’s Hospice in regard to funding made available for Chairs in Palliative Medicine and Palliative Primary Care
• Agreement with International Medical University in regard to provision of clinical years undergraduate places for IMU preclinical graduates
• Multiparty agreements with Department of Trade and Industry, other HE institutions and Research Institutions in regard to Veterinary Training and Research Initiative and with SFC and other HE institutions in Scotland in regard to Clinical trials Collaboration
• Agreement with Scottish Enterprise, Pfizer [formerly Wyeth International] and other HEI’s in regard to Translational Medicine Research Initiative
• Agreements with BBSRC in regard to Merger of the Roslin Institute with the University, in 2008
• Agreements with BBSRC and with Scottish Agricultural College in regard to development of a Research Institute at Easter Bush
• Memorandum of Understanding with St George’s University in regard to placement of St George’s final year Veterinary Students in RDSVS, for clinical placement
• Agreements with Scottish Enterprise and with Alexandria Real Estate Inc in regard to development of Edinburgh BioQuarter
• Agreements with Scottish Enterprise and with Roslin Cells and with Scottish National Blood Transfusion service in regard to development of Scottish [and MRC] Centre for Regenerative Medicine, particularly Good Manufacturing Practice facility
• Agreement with Scottish Enterprise in regard to CMVM Research Commercialisation strategy
• Contract with DoH in regard to funding and operation of National CreutzfeldJakob Disease Surveillance Unit
2. Inclusion of managed withdrawal provisions and exit strategies to avoid shortterm embarrassment of either party and to allow for orderly management of exit.
3. Development of less formal, but well understood, agreement conditions and commitment to maintain regular dialogue with collaborating partners – particularly prevalent in terms of myriad collaborative arrangements with NHS authorities. Without formal documentation, but recognising that real negotiating strength is present on both sides and that mutual benefits are being sought, with potential mutual disbenefits to be avoided.
4. Allocation of managerial responsibility to appropriate College academic Directors or Heads of School or College professional managers, with reporting line to Head of College and corporate responsibility to identify performance under collaborations and report any failing to College Strategy Group for consideration and agreement of appropriate action.
5
Monitoring of Risk / Performance Indicators: (Identify how you would know that the risk is not being adequately managed; and identify relevant key performance indicators that provide an indication of the adequacy of risk management/mitigation. Attach tables or graphs of those indicators.)
1. Designated academic or professional managers charged with monitoring performance and reporting development of any risks as described above.
2. In some instances, formal management machinery is established to manage collaborations and to initiate action where performance may be deteriorating. Examples [Not an Exhaustive List] include:
• Formal Management Board for Postgraduate Dental Institute including representation of all collaborating parties
• ACT management group for performance of collaboration involving allocation of ACT funds with NHS authorities
• Management Board for National CJD Surveillance Unit • Scientific Executive and administrative management machinery for IGMM
3. Representation of Edinburgh and other partner HEIs in internal academic management of IMU
4. Regular formal and informal dialogue with managerial staff and Directors of Collaborating bodies, e.g. Medical Research Council Units in Edinburgh, NHS authorities including NHS Education (Scotland), Cancer Research UK, Commercial Organisations, National Governmental and Quasi – Autonomous National Governmental Organisations.
5. Monitoring of Collaboration performance through machinery established for that purpose, e.g. National CJD Surveillance function is subject to annual scientific and management review by machinery under DoH auspices, including representatives of collaborating institutions [e.g. London School of Hygiene and Tropical Medicine, Government offices] and recognised experts, e.g. of European Surveillance collaborations.
Senior Manager’s assessment of current management of risk:
Are the current management processes and mitigating actions operating satisfactorily?
Do the current management processes and mitigating actions, coupled with the evidence from the Performance Indicators provide you with assurance that the risk is being adequately managed?
Is the Residual Risk “rating” above acceptable given the nature of the risk? (If no, please state what “rating” the University should be regarding as acceptable, and identify below the actions that are to be put in place to achieve an acceptable level of management/mitigation)
Yes/No
Yes
Yes
Yes
If no, please explain
6
Further actions (either required to achieve an acceptable level of adequacy of management/mitigation, or planned to enhance the existing management /mitigation processes)
1. N/A
2. N/A
etc
To be completed by
Note – where actions are to be shown as the responsibility of an individual, then those individuals must agree to the action and the timescale.
1
AC/01/05/17
The University of Edinburgh
Risk Management Committee
12 April 2010
Update of University Risk Register
Brief description of the paper
The annual review of the University Risk Register is now due and RMC is asked for its input on what issues should be taken into account.
Action requested
For discussion.
Resource implications
Does the paper have resource implications? No.
Risk Assessment
Does the paper include a risk analysis? The Risk Register is one of the key elements of the risk management process within the University.
Equality and Diversity
Does the paper have equality and diversity implications? No.
Freedom of Information
Can the paper be included in open business? Yes
Originator of the paper
Nigel A.L. Paul, Convener of the Risk Management Committee Helen Stocks, Secretary to the Risk Management Committee April 2010
RMC 09/10 3 M
2
Update of University Risk Register
The University Risk Register was last updated in May 2009. The latest version, version 7 (final) of the University Risk Register, was agreed by Court in June 2009 and is at Appendix 1.
RMC is asked for its views on what changes should be considered in this review, in view of the issues emerging in the past year (e.g. the forthcoming ELIR and developments in the pension situation) and the changing environment in which the university works.
1
University Risk Register version 7 (final)
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
Critical Probable Risks
1. Insufficient funding to maintain and develop the University due to:
Government funding policies in Scotland and the rest of the UK
Economic recession and its impact on government, corporate and charity funded activities, and philanthropic giving
Loss of competitive position relative to international / UK peer institutions
Financial loss
Reduced ability to attract research grants and recruit students
Inherent Risk: Critical
Residual Risk: Impact: Critical (3)
Likelihood: Probable (4)
Impact x likelihood = 12
Lobbying, directly and via US/UUK
Input to SFC on their strategic plans and funding issues/reviews
University planning process including monitoring of student demand and intakes
Internal pressure within Colleges and ERI to maintain focus on grant applications
Review of student intake and applications for first years of divergent fee regimes
Lead: Principal
Supported by: Director of Planning, Heads of College and Director of ERI
[URL of risk review 08/09]
2. Pressure for changes in staff terms and conditions (including pension funds) arising from government, sector, or unions
Damage to staff / union relations
Increased financial cost
Inherent Risk: Critical
Residual Risk: Impact: Critical (3)
Likelihood: Probable (4)
Impact x likelihood = 12
Maintenance of relationships with local union representatives
Input to national pay negotiations and discussions on Pension Funds University financial forecasting / budgeting processes
Lead: Directors of HR and Finance
Exploration of options and scenarios for continuing as an attractive employer whilst also maintaining financial sustainability
2
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
3 . Challenge of managing activities to ensure some income streams exceed costs
Ongoing deficit position
No resources for new income generating activities
Inherent Risk: Critical
Residual Risk: Impact: Critical (3)
Likelihood: Probable (4)
Impact x likelihood = 12
Financial strategy & financial planning and budgetary/forecasting processes, including F&GPC/Court oversight
Fees Strategy Group
Financial scenario planning
Post Review Group
ER/VS activity
SUMS review of support services
Benchmarking against other comparable institutions
Internationalisation strategy implementation
Various college based academic developments
Development of FEC to teaching
High level reporting of research applications and award trends
Drives to improve the utilisation of the University’s estate
Lead: Principal
Supported by: HoCs, VP Resources, DoCS, Director of Finance, Director Estates and Buildings, Director of Planning, Director of HR
Financial strategy being agreed with F&GPC and Court
Focused pressure from HoC’s and Director of ERI to maintain research grant application rates, quality of grants applications and seeking nontraditional sources of research funding
Identify further business process refinements to optimise benefits from pay and reward modernisation project
New Strategic Plan with focus on new income generation to support financial sustainability
Further development of full economic costing of teaching and other activities
Coordination of financial and estate strategies to deliver sustainable funding stream for maintenance and development of the estate
Implement outcome of SUMS review of support services
Influencing national negotiation on pay and pension
Engaging with banks and other funders on external loan finance
[URL of risk review 08/09]
3
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
Critical Likely Risks
4. Growth of the University falls behind UK and international competitors
e.g. in areas such as: a) size (turnover/assets); b) research funding c) international students; d) PGR/PGT student
numbers;
Loss of competitive position
Inability to maintain research/ teaching resources and capability
Decline in relative financial strength
Damage to reputation
Inherent Risk: Critical
Residual Risk: Impact: Critical (3)
Likelihood: Likely (3)
Impact x likelihood = 9
Strategic plan priorities and targets, and its implementation
International Strategy, steering group and development plans
International Office and Marketing activities
Development of international linkages and MoUs
Focus on maintaining and growing research funding
Opportunities to merging / embedding “Institutes” from research funders into the University (e.g. Roslin)
Student number monitoring
Lead: Principal
Supported by: HoCs, VP International (c), Director of Planning (d)
Implementation of International Strategy
Enhancement of international student recruitment processes
Faster growth in PGT and PGR numbers and programmes including consideration of further development of the “Graduate School” approach
Research PG taskforce
Further refine planning tools for student number forecasting
Better growth metrics comparisons
Development of pooling, partnership and merger opportunities
Development of further interdisciplinary research opportunities
Development of further international / PG accom’n
[URL of risk review 08/09]
4
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
5. Rate of maintenance, enhancement and investment in the estate limits the University’s ability to support University growth aspirations (research, education and accommodation), provide a satisfactory student experience and provide staff with a satisfactory working environment e.g. due to: o funding constraints o complexity of projects which
are funded by multiple partners o city planning constraints o operational complexity o lack of capacity in construction
industry o space improvement targets fail
to be achieved o tight market for professional
staff hence recruitment and retention difficulties
o city and regional infrastructure constraints
Blockage to achievement of student growth targets
Inability to attract/keep staff
Uncompetitive cost of estate
Legal non compliance
Business disruption and financial loss
University fails to win prestigious activities/centres
Inability to progress major estate development timeously
Inherent Risk: Disastrous
Residual Risk: Impact: Critical (3)
Likelihood: Likely (3)
Impact x likelihood = 9
Fundraising for new developments
College/estates planning and project processes
Capital programme development and project management processes
Estates Advisory Group (EPAG) / Space Management Group (SMG)
Annual backlog and compliance review
Ongoing estate activities e.g. building inspections, physical condition and compliance surveys, fire risk assessments
Liaison with local authorities and other agencies
Lead: Vice Principal Resources
Supported by: Director of Estates & Buildings; Vice Principal Development
Implementation of new SFC estate strategy, business case and project gateway guidelines
Increase project management resource, and active management of City Planning Department and community interactions
Coordination of financial and estate strategies to deliver sustainable funding stream for maintenance and development of the estate
Continue to address issues including: o timely delivery of major project plans o timeous city planning consents o usage of teaching space o provision of student study space o disability access and emergency exits o buildings containing asbestos
Full condition and legislative compliance survey update
Assess impact of Audit Scotland report on HE Estates management
[URL of risk review 08/09]
Critical Possible Risks
6. Failure to provide a high quality student experience e.g. in teaching and learning, student services, living and social environment
Reputational damage and its impact on student recruitment
Inherent Risk: Critical
Residual Risk: Impact: Critical (3)
Likelihood: Possible (2)
Impact x likelihood = 6
College and Support Group Annual and Strategic Plans
“Student Experience” a specific goal in the 2008/12 University Strategic Plan
Lead: VP Academic Enhancement
Supported by: Heads of Colleges (HoC) and Heads of Support Groups
Implementation of the goals laid out in the new University Strategic Plan under “Student Experience”
College and Support Group actions to respond to NSS survey, the International Student Barometer and other surveys
5
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
7. Inability to retain or attract sufficient key academic staff to meet University / College goals for research and teaching
Failure to meet targets under new processes for research quality assessment
Failure to meet teaching goals
Loss of academic leadership
Loss of funding
Reputation loss
Inherent Risk: Disastrous
Residual Risk: Impact: Critical (3)
Likelihood: Possible (2)
Impact x likelihood = 6
Ensuring the university remains an attractive working environment
Annual review of academic staff (incl salary)
Active leadership by Principal and of HoCs
Recruitment processes group convened by Human Resources (HR) Director monitoring & dealing with issues
Flexible HR strategies to meet needs of different business areas
Lead: Principal
College Leadership: Heads of Colleges (HoC)
Supported by: Heads of Schools (HoS) and Director of HR
Collegeled review of professorial salaries
Performanace and development reviews
[URL of risk review 08/09]
8. Inadequate management of work priorities and major change projects both individually and as a combined programme of activity. Major projects in progress are: 8.1 new student administration
processes project (EUCLID); 8.2 full economic costing and
administration; 8.3 web project; 8.4 major estates projects e.g. Vet
School, SCRM, library central area refurbishment;
8.5 adaption of data collection processes/systems to reflect the new metrics related basis for future research assessment
Impact on staff morale
Reputational and financial damage
8.1 Impact on student recruitment and reputation
8.2 Inability to sustainably fund maintenance of estate, equipment and other infrastructure
Inherent Risk: Critical
Residual Risk: Impact: Critical (3)
Likelihood: Possible (2)
Impact x likelihood = 6
Project management steering groups, boards, advisory groups and implementation groups
Project management processes (including “Gateway” reviews for EUCLID)
“Projects” website
Reporting to University committees
Communication activities
Lead: 8.1 VP Knowledge Management and CIO
8.2 Director of Finance
8.3 VP Knowledge Management and CIO
8.4 Director of Estates & Buildings
8.5 Director of Planning
Progress work through steering and implementation groups
Improvements to business case and wider use of gateway processes
Review of process of research grants administration
Improve capital programme forecasting and cash flow profiling
Implementation of data collection project to collect metrics and other information to meet expected future research assessment requirements to commence following completion of current RAE Implementation of new SFC estate strategy, business case and project gateway guidance
6
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
8.6 Establishing process to operate the new managed immigration system (affecting staff and students)
8.3 Reputational damage
8.4 Loss of financial control, business continuity and associated reputational damage
8.5 Financial and reputational damage
8.6 Delays in staff and student recruitment process and reduced attractiveness of University to international staff and students
Planning and provision of resource to enable projects
For fEC and new metrics on research assessment, UoE involvement at UK level
8.6 Academic Registrar (students) and Director of HR (staff)
[URL of risk review 08/09]
9. Failure of IT infrastructure, systems operation, or serious breach of IT security leading to inadequate performance unacceptable loss of service or loss of data
Loss of or .inadequate operational processes
Major disruption to research, teaching and learning, student administration etc
Inherent Risk: Disastrous
Residual Risk: Impact: Critical (3)
Likelihood: Possible (2)
Impact x likelihood = 6
Ongoing resilience improvement programmes and infrastructure upgrades
Internal and external audit processes, including external penetration testing
Business recovery plans and exercises
Lead: VP Knowledge Management and CIO
Identification and review of key corporate machine rooms with coordinated improvement plan for physical infrastructure
[URL of risk review 08/09]
7
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
(contd) 9. Failure of IT infrastructure, systems operation, or serious breach of IT security leading to inadequate performance unacceptable loss of service or loss of data
Inability to manage University e.g finances, pay staff etc
Reputational damage
Oversight by Knowledge Strategy Committee
Systems implementation trialling and load testing
Annual IT assurance process from VP Knowledge Management and CIO
10. Major/exceptional health and safety incident occurs including:
high profile incident on campus; pandemic event
Reputational damage
Major disruption to research and teaching, student administration, and operational activities
Inherent Risk: Critical
Residual Risk: Impact: Critical (3)
Likelihood: Possible (2)
Impact x likelihood = 6
Business continuity and contingency plans, (including pandemic flu plan)
H&S policies and guidance
Web / MyEd / email / School/Departmental communication processes with students
Lead: Director of Corporate Services
Supported by: Director of Health and Safety
AON assessment of Business Continuity plans (as part of School/Dept H&S Audits)
Project to upgrade business continuity plans (supported by AON)
[URL of risk review 08/09]
Moderate Possible Risks
11. Inadequate engagement with changes in public policy, legislation, and practice affecting Higher Education, e.g. o UK Government; o Scottish Executive/Scottish
Enterprise/SFC; o City of Edinburgh; o European Union; o Research Councils
Financial loss
Reputational loss
Increased regulatory burden / unwanted constraints
Inherent Risk: Critical
Residual Risk: Impact: Moderate (2)
Likelihood: Possible (2)
Impact x likelihood = 4
Membership of sectorwide representational bodies
Informal liaison, networking and lobbying
Monitoring public policy developments
Responses to consultations
Lead: Principal
Supported by: Director of Planning, University Secretary, DoCS
[URL of risk review 08/09]
8
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
12. Failure to appropriately position and support the University’s image and reputation in the UK and worldwide
Loss of reputation
Inability to attract/retain staff and students
Loss of funding
Inherent Risk: Critical
Residual Risk: Impact: Moderate (2)
Likelihood: Possible (2)
Impact x likelihood = 4
International strategy development
Activities of Communications & Marketing in partnership with all units
Media monitoring and management, and relationships building
Brand management and market research processes
Visitor Centre and Corporate publications
Relationship development with Alumni
Linkages with international groupings e.g. British Council, SDI, UKFO, Confucius Network, U21 etc
Lead: HoC, Principal
Supported by: VP International, VP Development Director Communications and External Affairs
Appointment of international strategy board and implementation of international strategy
Implementation of community relations strategy
Website redevelopment project
[URL of risk review 08/09]
13. Significant academic collaborations fail to be effectively managed and do not deliver benefit to the University
Loss of reputation
Failure to attract or retain academic staff
Financial loss
Inherent Risk: Critical
Residual Risk: Impact: Moderate (2)
Likelihood: Possible (2)
Impact x likelihood = 4
Strategic decisions made through PSG/Central Management Group/Finance & General Purposes Committee
Memoranda of Agreement
College Leadership: Heads of College
Supported by: VicePrincipal (International)
Review of all partnerships and collaborations on a 5 yearly cycle
Review of International Strategy
Implementation of Internal Audit recommendations to improve governance of collaboration arrangements
9
Risk Consequences Impact of Risk Event/Likelihood of Consequences (given mitigating actions)
Current Management Processes and Mitigating Activities
Senior Managerial Responsibility
Future Developments & Risk Reviews 2008/09
(contd) 13. Significant academic collaborations fail to be effectively managed and do not deliver benefit to the University
Guidelines for staff
Separate financial monitoring
Quality Assurance Agency Codes of Practice
Governance arrangements put in place and clear designation of responsibilities
[URL of risk review 08/09]
Critical Rare Risks
14. Widespread damage to property and buildings (fire, explosion, malicious damage etc), including properties adjacent to the University estate
Financial loss, injury, death
Inability to conduct research, teaching or operational processes.
Loss of research and teaching capability, students/staff
Financial loss
Reputational damage
Prosecution
Inherent Risk: Disastrous
Residual Risk: Impact: Critical (3)
Likelihood: Rare (1)
Impact x likelihood = 3
Fire/security policies
Fire detection systems
Security staff & procedures
Training & awareness
Audit of H&S mgt in all units in partnership with insurance brokers
Insurance cover
Programme of fire risk assessments
Business continuity plans
Planned preventative maintenance
Lead: Director of Estates
Supported by: HoC/HoSG HoS Director of Estates and Buildings, Director of Finance
Review implementation of policy for evacuation of mobility impaired persons
Review contingency plans
Complete fire risk assessment work programme
Complete H&S management audit programme annually
H&S compliance audit programme of all units
Comprehensive review of business continuity planning
[URL of risk review 08/09]
10
11
Annex C RISK – Measures of impact
Description and numeric ranking
Example Detail Description Potential for:
Disastrous (4) Death Medium term loss of service capability
Adverse national publicity / Ongoing damage to University brand image More than 50 people involved
Litigation almost certain and difficult to defend
Financial loss in excess of £20m or more than £5m p.a. Breaches of law punishable by imprisonment
Absolute blockage to achieving strategic objectives Drop in RAE ratings of 2 or more levels
Major difficulty to recruit / retain students or staff
Critical (3) Extensive, permanent injuries; long term sick Short term loss of service capability
Adverse local publicity / Limited damage to University brand image Up to 50 people involved Litigation to be expected
Financial loss between £10m and £20m or more than £3m p.a. Breaches of law punishable by fines only
Manageable blockage to achieving strategic objectives Drop in RAE ratings at 1 level
Significant problems in recruiting / retaining students or staff
Moderate (2) Medical treatment required – long term injury Short term disruption to service capability
Needs careful public relations No more than 10 people involved
High potential for complaint, litigation possible
Financial loss between £2m and £10m or more than £1m p.a. Breaches of regulations/standards Hindrance in achieving annual plans
No drop in RAE ratings Limited impact on recruitment / retention of students and staff
Slight (1) No injuries beyond “first aid” level No significant disruption to service capability
Unlikely to cause any adverse publicity No more than 3 people involved
Unlikely to cause complaint/litigation
Financial loss between £500k and £2m Breaches of local procedures/standards No impact on annual or long term plans
No drop in RAE rating No impact on recruitment / retention of students or staff
RISK – Measures of Likelihood
• Probable guide: 51%100% probability numeric ranking: 4 • Likely 26% 50% probability 3 • Possible 10% 25% probability 2 • Rare < 10% probability 1
1
RMC: AC/01/05/17
RMC 09/10 3 N
The University of Edinburgh
Risk Management Committee
12 April 2010
Pattern of Meetings for 2010/11
For information; open business.
These are our initial thoughts on the pattern of Risk Management Committee meetings for 2010/11. It is proposed to remain with a similar pattern to 2009/10.
First meeting: Late September • This meeting would report to the 13 October CMG, 25 November Audit Committee,
29 November F&GPC, and the 20 December Court. • This meeting would consider and finalise an endofyear report on RMC activities in
2009/10
Second meeting: December / early January • This meeting could report to the 7 February F&GPC and 21 February Court if
necessary. • This meeting could deal with feedback from the Auditors, anything arising from the
annual assurance process and the first set of risk reviews.
Third meeting: End of March / early April • This meeting could report to the 20 April CMG, 2 May F&GPC and 16 May Court if
necessary. • This meeting could consider issues which have emerged in the planning round;
further risk reviews; the initial revision to the University risk register; and the map of assurances.
Fourth meeting: Early/Mid May • This meeting could report to the 15 June CMG, 2 June Audit Committee, 6 June
F&GPC and to the 20 June Court. • This meeting could consider any remaining risk reviews; updates to College and
Support Group risk registers; the final version of the University risk register. Evidence to be considered for the yearend report, including risk registers, reports on activities, map of assurances etc., could be discussed at this meeting.
Helen Stocks, Secretary to RMC Nigel Paul, Convenor of RMC April 2010
1
University of Edinburgh / Edinburgh College of Art Proposed Integration
Project Definition Document
1 Introduction
Collaboration between the University and Edinburgh College of Art dates back to the 19th Century. Since 1946, a jointly taught MA in fine art has been offered to students and both institutions are partners in an academic federation which has fostered collaboration across a broad range of research areas. In 2003, the University also became the awarding body for the degree programmes offered by the College. A Scottish Funding Council funded project has also led to the development of a joint initiative the Edinburgh School of Architecture and Landscape Architecture (ESALA) with the first students having started in the current academic year. Over the years support has also been given by the University to eca in areas such as accommodation, access to sport and leisure facilities, and professional advice.
The University Court and the Board of the Edinburgh College of Art have agreed that the two institutions should explore possibilities of strengthening collaborative working arrangements.
Options to strengthen collaboration include the possibility of a merger. This would need to be recommended by Principals of both organisations, agreed by both governing bodies, the Scottish Funding Council and the relevant Scottish Government minister in order to proceed. No decisions have been made and staff and students will have the opportunity to comment on any proposals through a consultation process and any changes would be unlikely to be implemented prior to 2011/12.
Potential benefits from working together more closely include developing innovative new programmes of study, taking forward groundbreaking interdisciplinary research, adding to public impact, creating additional income streams and enhancing facilities, services and accommodation. A combined institution would also be likely to provide greater opportunities, efficiency gains and security in the current and future economic context, with each currently enhancing what the other has to offer.
2. Vision
The vision is to build a vibrant growing and sustainable Art College that combines the knowledge, skills, and expertise of the two institutions, and builds on the high international reputation, and that both institutions enjoy.
It is envisaged that opportunities will arise in areas such as art, design, architecture, drama, film and technology.
The exploration of integration is being done on the basis that Edinburgh College of Art retains is brand identity, and operates as a College within the University of Edinburgh, whilst being supported through the University’s underlying systems and processes. Attention will also be given to developing existing synergies with Heriot Watt University, especially in area of the built environment.
2
3. Outcomes from the Project
The aim of the project is to define the vision and opportunities that would arise from integrating the two institutions, undertake consultation with staff and students in both institutions and with external stakeholders, prepare the business case for integration, obtain necessary approvals and implement the integration of the two institutions
4. High level work plan
The above schematic provides a high level road map through the various activities that will need to be undertaken to move from the initial agreement to explore integration of the two institutions, through to implementation of the institutions if that becomes the agreed way forward.
The key steps are as follows.
1) Undertake Due Diligence where both institutions undertake a structured process to understand more about how each other operates so that a better view can be taken of opportunities, risks, financial implications, practical integration matters etc.
2) Articulate the academic vision, examine the options, and undertake a financial appraisal of those options and develop a formal Options Appraisal document. In arriving at the vision and options, there will be consultation with the governing bodies, staff, and students in each institution.
Agreement to explore integration
Consultation and Communication
Due Diligence
Clarify legal processes
Vision, Options & Financial appraisal
Transition Planning
Issues agreement
Recommend’n – to Governing Bodies
Formal Proposal to SFC & Gov’t
SFC assessment and advice to ministers
Approval from Gov’t & enactment of necessary legislation
Implementation
Prepare legal agreements, property transfer agreements
& draft legislation
Governance & Steering
3
3) This work will culminate in a recommendation to the Governing Bodies of each institution, and then to a formal proposal to the Scottish Funding Council. The proposal will be a major document that displays vision, opportunities, options, financial implications, risks etc.
4) On receipt of the formal proposal the Scottish Funding Council will undertake their own assessment, which may involve visits to institutions with a view to making recommendations to the Scottish Government.
5) The Scottish Government may also undertake an assessment of the proposal and public consultation on the proposal prior to giving formal approval for the integration. This will be determined in the light of advice from the Scottish Funding Council.
6) In anticipation of formal approval being given, various legal documents will need to be drafted, as well as enabling legislation, and any documents requiring Privy Council approval. The process of signing the relevant legal documents, enacting legislation and obtaining Privy Council approval can commence when Scottish Government approval is given. The legal aspects will cover the transfer of assets, people and operations from the current eca legal entity(s) to the University entity(s), followed by the winding up of the current eca legal entity.
7) Again, in anticipation of formal approval, plans will need to be prepared in considerable detail for the transition of Edinburgh College of Art into the University. The plans will cover areas of academic activity and governance, student activities, administrative systems and processes, financial integration, transfer of financial balance sheets from eca to UoE, HR/staff processes, property, and intellectual property etc, as well and assigning, novating or renegotiating all legal agreements, procurement contracts etc.
8) When approvals are given, then implementation of integration can commence.
9) Throughout all of the phases, consultation and communication with governing bodies, staff and students, will be vitally important.
10) There will also be an overall steering and project governance structure to take forward this endeavour. This will consist of both a combined steering activity, as well as activities in each institution that provide the focal point for taking the project forward and reporting to the respective governing bodies.
11) Issues will undoubtedly rise during the process some of which will need to be dealt with between UoE and eca, others of which may involve discussions with the Scottish Funding Council. The overall Steering Group will take the lead in managing issues or where appropriate establish an appropriate process for other colleagues to resolve issues
5. Timetable
The outline timetable indicated in Appendix 1 indicates that the earliest expected date for a merger of the two institutions would be August 2011
4
6. Governance Structure
The above schematic provides and overview of the proposed governance structure for the project. The key elements of this are
1. Joint Programme Board
Key responsibilities: a) Lead and manage the project through to integration and ongoing effective
operation of the new integrated structure that emerges from the endeavour. b) Resolve key issues that arise both between institutions, and with the
SFC/Government. c) Oversee preparation and presentation of the options and business case to the SFC d) Lead the consultation and communication strategy. e) Approve and monitor processes for due diligence, transition planning etc.
It is envisaged that this body would replace the existing joint working group and act also as a high level liaison forum between the University and eca.
Membership:
The two Principals, coconveners, but VP Fergusson might normally stand in for TMMO’S, although the latter would have the right of attendance of course.
VP Fergusson VP Pirie University Secretary Director of Corporate Services
Joint Programme Board UoE Steering Group eca Steering Group
Due Diligence / Transition Planning
Functional Subgroups
Legal Communications & Consultation
Academic Development
5
Head of CHSS College Secretary Prof Catherine WardThompson Project Officer
2. Institutional Steering Groups
Key responsibilities: f) Lead and manage the project within each institution. g) Establish the resources and structure for the project. h) Manage the institutional governance processes within each institution. i) Provide the institutional perspective on the key issues that arise (both between
institutions, and with the SFC/Government). j) Receive the output from the various working groups and provide and institutional
perspective. k) Lead the consultation and communication processes within each institution.
Membership (UoE)
University of Edinburgh Edinburgh College of Art
VP Fergusson (convener) University Secretary (M D Cornish) Director of Corporate Services (N A L Paul) VP April McMahon Director of Finance (J Gorringe) Director of Planning (A Cornish) CHSS Head (D Meill) CHSS Registrar (F Gribben) VP Haywood Project officer
Conveners of the working groups/functional heads as appropriate, if not otherwise members
Principal University Secretary (M Wood) VP Pirie Prof Catherine WardTompson Acting Director of Finance (K Sinclair) Head of HR (D Anderson) Planning Officer
Conveners of the working groups/functional heads as appropriate, if not otherwise members
3. Due Diligence / Transition Working Group
Key responsibilities: l) Agreeing the joint plan for due diligence of each institution by the other m) Undertake due diligence activity n) Identify key issues both financial (liabilities, costs of implementation etc) and
operational that will need resolution o) Report on Due Diligence and key issues to Institutional Steering Groups and the
Joint Programme Board p) Undertake transition planning q) Lead and manage operational integration
6
A full list of the areas of where due diligence is required is shown in Appendix 2, however the main areas where particular attention will need to be given are:
• Finance • Estates • HR/Staffing • IT • Governance, Administration, Student and Academic Services
It is envisaged that work in these areas will be taken forward jointly by the lead professional officers in each institution, consulting more widely as necessary. In practice this will normally mean that the relevant University office will play the leading role. Where relevant, these officers will have access to funds provided by the SFC to support the exploration of merger. The group is expected to initially collect and consider the key information arising from the due diligence work undertaken by the lead professional officers as appropriate, then in due course coordinate the transition planning and implementation.
Membership (UoE):
University of Edinburgh Edinburgh College of Art
Director of Corporate Services (Convener) University Secretary CHSS Registrar VP Haywood Directors/Senior representatives of the major areas Director of Planning Project Officer
VP Fergusson would have the right of attendance.
University Secretary (M Wood) Acting Director of Finance (K Sinclair) Head of HR (D Anderson) Planning Officer Directors/Senior Managers of the major areas
VP Pirie would have the right of attendance
4. Legal Working Group
Key responsibilities: r) establish the legal processes that need to be undertaken, including
• main sale/purchase contracts, property agreements to effect transfers of assets staff IP etc from the eca legal entity(s) to the UoE legal entity(s)contract
• legislation and, if necessary, privy council approvals for the merger, and winding up of the eca legal entity
• OSCR approval s) establish process and structures for agreeing the main sale/purchase contracts,
property agreements t) establish the process for drafting the necessary legislation and privy council
approval
7
Membership:
University Secretary (Convener) College Secretary Project Officer External legal advisers
VP Fergusson, VP Pirie, and Director of Corporate Services would have the right of attendance
5. Academic Development Working Group
Key responsibilities: u) develop academic vision v) develop processes for academic governance w) propose arrangements for integrating eca into the University’s academic structure
as a fourth College (in liaison with the Governance etc. function mentioned above)
This Group will need to liaise closely with the group dealing with Governance, Administration, Student and Academic Services
Membership:
University of Edinburgh Edinburgh College of Art
VP Ferguson CHSS Head Head of ACE Fiona McLachlan Project Officer
VP Pirie (Convenor) Prof Catherine WardThompson Head of School
6. Communication and Consultation Working Group
Key responsibilities u) recommend the consultation and communication strategies, and lead/manage the
communication processes with key groups • institution staff • trades unions • students • students unions • alumni and key supporters • Elected representatives • City Council • National Galleries • Creative Scotland • Media • Local community groups
8
Membership (UoE): University of Edinburgh Edinburgh College of Art
VP Ferguson (Convenor) C&M Representative (Ian Conn) HR Representative EUSA President Project Officer
VP Pirie External Relations Mgr (M Gibson) Head of HR SRC President
7. References
The following documents can be referred to:
Merger checklist N A L Paul (2006) Captures some of the learning from Moray (see attached) House and other mergers
Roslin Due Diligence ERI Indicates the type of standard questionnaire Questionnaire used for Due Diligence purposes
Guidance to institutions SFC SFC Circular Considering merger SFC/47/2008
9
Appendix 1
Outline Timetable
For discussion. Dates shown are ambitious. Those in [ ] may be more realistic.
February 2010 (UoE): Articulate the vision: aims and objectives, fundamental principles:
March 2010 (eca) “why are we doing this? what do we want to achieve? how will we measure success?”
March 2010 Governing bodies give goahead for exploratory discussions
Set up project governance and management arrangements
Early consultation with SFC Executive on process
Early consultation with Scottish Government on any legislative implications
Early consultation with OSCR on any implications for charitable status, possible problems with dissolution of an existing charitable body
Initiate internal and external communications as prelude to more formal consultation
Agree timetable for the process, milestones and major implementation issues.
April 2010 Initiate preliminary work on implementation issues
Agree criteria for comprehensive options appraisal and initiate options appraisal, followed by financial appraisal of the most favoured option(s): do we want SFC funding for this?
Initiate due diligence by both parties of all relevant aspects of each others’ activities ands plans (not only finance and estates – note prominence given by SFC to ITC issues); do we want SFC funding for this?
May 2010 Progress reports to governing bodies, obtain signup to the ‘vision’.
June 2010 to [October 2010 or special meeting(s)
Agree outcome of options appraisal and due diligence and put governing bodies with recommendation
10
September 2010] If governing bodies content,
1 initiate wider internal and external consultation on the preferred option
2 initiate detailed work on implementation 3 initiate work on the evidencebased formal proposal
for submission to SFC/government
November 2010 [December 2010]
Put draft formal proposal to governing bodies and necessary draft internal legislation
Pursue internal legislation as necessary – may include Privy Council
December 2010 [January 2011]
Put draft formal proposal to SFC and receive feedback
February 2011 [March 2011]
Submit formal proposal to SFC and government
Thereafter Government initiates public consultation
SFC visits institutions and formulates advice to ministers
April 2011 Privy council approval of internal legislation if necessary
Commence integration transition planning
June 2011 Government decision and enactment of necessary Statutory Instruments etc
1 August 2011 Formal Merger
Thereafter (for at least 1 year)
Commence implementation of agreed changes in systems, processes, structures etc emerging from transition planning
Eca to complete final accounts and audit of existing legal entity, and carry out other activities to ensure the existing legal entity becomes “dormant”
Formal dissolution of existing eca legal entity
11
Appendix 2
Due Diligence
There are standard Due Diligence Questionnaires that can be obtained form legal advisers that are commonly used to collect information as part of M&A activity. Many of the areas covered in the standard questionnaires will be similar to those that require to be covered in undertaking the Due diligence activity for the UoE/eca integration, albeit there will be other areas related to academic activity that will not be covered in the standard questionnaires.
The main areas to be covered in Due Diligence are:
1. Finance 1.1. Review financial position of [INSTITUTION], future financial forecasts, and key financial issues 1.2. Review contracts, forward financial commitments and liabilities 1.3. Review pension fund arrangements, and any liabilities or commitments to top up pension funds 1.4. Review VAT and Tax position, and consider whether any issues related to bringing
[INSTITUTION] into UoE’s VAT and other taxation arrangements 1.5. Review investments and financial standing of subsidiary companies, and companies limited by
share of guarantee, spinouts etc that the [INSTITUTION] has investments in, and establish the nature and extent of any liabilities arsing from such investments.
1.6. Identify organisations where [INSTITUTION] has right to appoint directors
2. Pension Schemes 2.1. Review pension schemes, valuations and liabilities, and identify issues related to transfer to UoE
3. Insurance 3.1. Review [INSTITUTION] insurance cover and arrangements 3.2. Review claims record and pending claims
4. Procurement 4.1. Review major contracts and tenders, identify any ongoing commitments or issues that will need
to be resolved, and confirm compliance with public procurement legislation 4.2. Identify major stock holding points
5. HR 5.1. Review [INSTITUTION] terms and conditions, and consider issues relating to move to UoE 5.2. Review agreements with Unions and how they will transfer to UoE 5.3. Assessment of [INSTITUTION] culture, and its ability to integrate with UoE culture
6. Legal 6.1. Review major contracts, agreements and commitments, including any joint venture, partnership,
collaboration agreements 6.2. Review any pending legal action or issues that may result in legal action
7. IP, Trademarks and Patents and Licenses 7.1. Identify trademarks, patents, and licenses 7.2. Identify other Intellectual Property assets 7.3. Identify and value historical, artistic, and cultural assets 7.4. Identify commercialisation and research agreements to understand commitments (e.g. pipeline
deals) or other liabilities
8. Estates 8.1. Review condition of buildings, plans for acquisition, build, disposal and assess costs for bringing
estate up to UoE acceptable standards
12
8.2. Review ownership of buildings (owned/leased) and consider liabilities that will be inherited 8.3. Review strategic plan for estate development 8.4. Identify major projects underway 8.5. Review environmental compliance and any potential liabilities e.g. related to sites to be disposed
of, and assess cost of bring [INSTITUTION] up to UoE acceptable level of compliance
9. Health and Safety 9.1. Carry out Fire Risk Assessment, and consider any issues arising where investment may be
required 9.1.1. Review Health and Safety performance and key H&S management issues, and assess whether
any issues need to be addressed to bring performance up to UoE standards 9.1.2. Identify any particular hazards – e.g. radioactivity, biohazard, etc and assess adequacy of
management of hazards 9.1.3. Identify any specific Occupational Health compliance requirements
10. Accommodation, Functions and catering 10.1.Review provision of accommodation, particularly commitments to third party providers of
student accommodation, and identify issues for UoE 10.2.Review [INSTITUTION] accommodation guarantees and any issues that might arise from
moving to UoE guarantees 10.3.Audit catering facilities and review whether comply with health and hygiene standards 10.4. Establish whether there are any nursery or other facilities that are subject to special regulation or
compliance regimes
11. Systems 11.1.Review all [INSTITUTION] systems and identify issues related to migration on to UoE systems
and infrastructure 11.2.Review contractual arrangements and financial commitments related to systems, and exit costs 11.3.Review support arrangements and capabilities, and consider issues related to moving to UoE
support arrangements
Note
Areas related to academic governance, students administration, student services to be added