Upload
robert-stewart
View
2.944
Download
2
Embed Size (px)
DESCRIPTION
Citation preview
Ian GrossHead of Internal Audit & Projects
The role of governors in strategic planning and
risk management
Higher Education Funding Council for England
Essential background - 1
The University’s objects:1 To advance education . . . . for the benefit of
the community in NI and elsewhere
2 To preserve, enhance and disseminate knowledge through teaching, research etc
3 To promote wisdom and understanding by the example and influence of corporate life
Essential background - 2
Council’s powers and functions are laid down in the Charter and Statutes
• “to do all things . . necessary . . for the efficient management and administration of the . . University . . “
• “in particular, to govern, manage and regulate the finances, . . business and all affairs whatsoever of the University . . “
Essential background - 3
G o v e r n o r s R e s p o n s i b i l i t i e s
D u t i e s
M a n a g e m e n t
Retained duties GP&FC AC NC RC Other
Essential background - 4
“All animals are equal, but some animals are more
equal than others.”
(George Orwell, Animal Farm, 1945)
Essential background - 5
A key task is to challenge management, i.e. to be a critical friend
How you do this depends on your view
of the strategic priorities and risk
These determine your information needs
Essential background - 6
High-level More detailed
Lower risk
The risk-oversight continuum
Higher risk
Strategic planning role - 1
• The Charter and Statutes don’t specify Council’s role in strategic planning, therefore you have discretion
• Recognised good practice is to take ownership of the mission and plan, to ensure they meet your obligations (mainly to fulfil the objects and maintain solvency)
Strategic planning role - 2
When determining Council’s role, consider:• Management strengths, weaknesses, culture• Level of assurance derived from quality of
information provided by management• Assurances derived from independent sources on
planning process and outputs (e.g. audit processes [IA, EA, QAA], 7-year review, benchmarking activity)
• Extent of resource prioritisation necessary
Strategic planning role - 3
Further considerations:
• Time availability of governors
• Balance of involvement compared with management input
• Balance of time spent on planning compared with monitoring
Strategic planning role - 4
Further considerations; do you:
• concentrate only on key areas or not (issues can sometimes become temporarily ‘key’)
• limit participation to a sub-group of governors
• use the results of own effectiveness review
Strategic planning role - 5
The links between the plan and the use of resources should be made clear to governors. The extent of your interest depends on:
• identified risks + risk portfolio and appetite
• financial strategy
• other subsidiary strategies
Strategic planning role - 6 - monitoring
Monitoring is a key activity for governors:
• There is a need for ongoing assurance
• Some work is delegated to committees
• Balance with monitoring undertaken by management
• Decide on own information needs (KPI’s etc)
Strategic planning role - 7 - monitoring
Use of detailed reports from management:• Most common method in the HE sector• Major strengths - advice in depth, allows for
challenge, highlights risks• Potential weaknesses - may not be geared
towards governors needs (e.g. may be unnecessary, inappropriate, provides low quality assurance over progress or fails to consider progress against agreed criteria)
Strategic planning role - 8 - monitoring
Overview assurance:• Completeness requirement• Openness requirement - acknowledge areas
of slow or no progress• No surprises requirement (reliance on
management to advise governors)• Periodic report on progress against all actions
in the operating statement (at least annually)
Strategic planning role - 9
Subsidiary strategies can be key to success:• Identify the important sub-strategies (e.g. L&T,
R, WP, IT/IS, HR, Estates)• Consider how they are integrated with strategic
plan and how they are resourced• Consider governor involvement in them
(consultation; help develop; receive for information; approve; monitor implementation formally or not; define information needs)
Risk management role - 1
Background:• Recent development in corporate governance• Now established as good business practice• HEFCE has made it a requirement for HEIs
and issued supporting guidance• Good risk management cannot eliminate risk
but can significantly enhance the chance of success in meeting objectives
Risk management role - 2
Risk management is defined as:
“the systematic application of management policies, practices and procedures to the task of analysing, assessing, treating, monitoring and reporting on risks”
i.e. it is primarily a ‘management’ activity
Risk management role - 3
Relationship between strategic objectives and their risks:
• A risk is the threat or possibility that an action or event will adversely or beneficially affect an organisation’s ability to achieve its objectives
• There will always be a residual risk that a strategic objective will not be achieved
Risk management role - 4
Risk v control
• The nature and effectiveness of the controls in place to manage a risk will determine the extent of residual risk
• The strategic risks will be subject to many management controls; some of these will be ‘key’ controls
Risk management role - 5
Set tone & culture:• Determine the risk policy• Risk-taking/risk-averse (at University or
project level)• Balance of high-level risk portfolio• Expectations of management and staff e.g.
accept that taking risks might result in failure, but not managing key risks is unacceptable
Risk management role - 6
Determine risk appetite: • At University or project level, consider how
much residual risk you will accept or tolerate
Alternatives if risks are unacceptable:– More or less control– Sharing risk e.g. partnerships, joint ventures– Transferring risk e.g. PFI, insurance– Not accepting some risks at all– Monitoring more closely e.g. establish EWI’s
Risk management role - 7
Ensure key risks are drawn to your attention: • Review and agree the key strategic risks• In agenda papers on projects and progress
against strategic objectives• Receive periodic report on all key risks • Actively consider Audit Committee reports
Risk management role - 8
Understand the role of the Audit Committee: • It needs to be well-informed about and
influence the approach to risk management• It needs to test the effectiveness of the risk
management arrangements in place• It needs to consider the various assurances it
receives on risk management and key risks• It needs to formally report to Council annually
Risk management role - 9
All governors should therefore:• Understand the policy and how risk
management works at the University• Ensure they focus on key risks at Council and
Committee level• Challenge management about risks• Seek and receive assurances about risks and
risk management
And finally, in summary . . . .
Determine your own involvement in strategic planning and risk management;
Seek assurance about risks & objectives;
Focus on what is important; and
Allow management to manage, but challenge them and hold them to account for their
actions.