Q: Are there different kinds of risks?

A: There are five categories, namely strategic (involving the strategic goals in our Annual Performance Plan), operational (involving our day-to-day activities), compliance (in terms of legislation, regulations and internal policies and procedures), reputational and financial.

 

Q: Can a risk sometimes be reclassified?

A: Yes, it can. For instance, at the institutional management meeting on 20 September 2016, management decided to move two risks, namely student unrest and student fees, from the campus’s risk registers to the institutional risk register, as these risks have strategic implications for the university.

 

Q: Are some risks bigger than others?

A: Yes, we rate each risk on a scale of one to three, according to these criteria:

• The impact that the risk might have
• The likelihood that it might happen
• The presence and effectiveness of the controls in that specific environment to prevent the risks from happening.

 

Q: How does a risk end up in the official NWU risk register?

A: Faculties and departments often have different administrative processes, but it usually involves a filtering process, starting at ground level where the specific risk has been identified.

 

After it has been identified, it is important to determine where the risk should be managed and who the accountable and responsible persons are. In other words, does it only affect a specific school or support division, does it concern the whole faculty or support department, or does it affect similar departments across the entire university? If a risk is significant or not only limited to a specific small group, managers must report it to the next management level.

 

Q: What is a “risk owner”?

A: This is the person who is responsible for managing a particular risk in alignment with the university’s Annual Performance Plan.

If it is a more localised risk, the risk owners are usually staff members in a school, department or faculty. However, when the risk affects the whole university, the risk owners tend to be senior or executive managers, for instance chief directors, deans, vice-rectors or members of the institutional management.

 

Q: Are only managers involved in the risk management process, or can I also do my part?

A: Everybody has a role to play. You can identify a risk and report it to your line manager, and also help to manage and mitigate the risks that have already been identified and included in a risk register – especially those risks that affect your daily work.

Remember, risk management is also part of our private lives. For instance, we all identify the weak spots where burglars can enter our homes and then mitigate this risk by installing safety doors or alarm systems. At the university, the risk management process is just more formal and structured.

 

Q: How can I help in mitigating risks at the NWU?

A: Firstly, you can help to decide on appropriate responses to each risk. Possible responses or strategies can be discussed at meetings and then be selected and implemented. The successful implementation of these responses depends on all of us.