Corporate Risk Management


Corporate risk management forms part of Keele University’s governance and internal control arrangements, and it is a requirement of the HEFCE Financial Memorandum that the University Council has ultimate responsibility for risk management.  The University’s Risk Management Policy was approved by Council on 7 November 2013, and can be accessed here:

Risk Management Policy 2013

Corporate Risk Register

A key element of risk management at Keele is the Corporate Risk Register.   This is intrinsically linked to the University Strategic Plan, and identifies risks that have a fundamental impact on the University’s ability to operate as a business and/or deliver its Strategic Plan.  Risk management is incorporated into the strategic planning process to ensure that the University is able to monitor risks to achieving the University’s objectives and determine which risks have the most significant impact. 

Local Risk Registers

The high level strategic risks identified in the Corporate Risk Register, are underpinned and informed by Risk Registers overseen at the local operational level – in Faculties and Directorates, by subsidiary companies or for significant institutional projects.  These local registers identify risks that impact upon and are managed by operational areas or subsidiary companies.

Risk Register Monitoring

University Executive Committee (UEC) reviews the Corporate and local risk registers on a routine basis to ensure that risk is being accurately identified and managed and that the University continues to operate within the agreed risk tolerances.  


Audit and Risk Committee acts on behalf of Council to maintain an overview of risk management, control and governance arrangements.  It receives the Corporate Risk Register on a quarterly basis and makes recommendations to Council on changes to the corporate risks and their ratings.

Council’s role is to determine the overall policy for risk management within the University. This includes:

  • Determining institutional risk appetite
  • Approval of major decisions affecting the University’s risk profile or exposure
  • Approval of changes to the Corporate Risk Register
  • Reviewing the University’s approach to risk management and approve changes or improvements to key elements of its processes and procedures 

Council receives the Corporate Risk Register on a quarterly basis.

Risk Appetite Framework

The Risk Appetite Framework also forms part of the Risk Management Policy 2013 . It supports institutional decision-making and monitoring of a portfolio of activities in different business areas, by establishing risk thresholds in terms of finance, resources and potential impact on reputation.  The University’s current Risk Appetite Thresholds in Key Risk Areas, as agreed by Council, are set in the table below:


Key Risk Area

Risk Appetite Threshold

Financial Health




Education and student experience


Research and Enterprise


Development and Commercial Activity


Partnership and external collaboration



The Key Risk Areas and Risk Appetite Thresholds are reviewed and approved by Council on a quarterly basis.  The full version of the Risk Appetite Framework can be accessed here:

Risk Appetite Framework 2012

Further Information

Please contact Jen Paddison for further information on 01782 734980.