About risk management

Expand All

Risk is defined as ‘the effect of uncertainty on objectives’. This may also be expressed as a deviation from expected outcomes, either positive (opportunity) or negative (threat).

Risk management is defined as ‘co-ordinated activities to direct and control an organisation with regard to risk’.

Risk appetite is defined as ‘the amount of risk that an organisation is willing to pursue or retain’.

A risk management framework is defined as ‘a set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation’. A risk management framework would be expected to include policy, objectives, mandate and commitment to manage risk; together with plans, accountabilities, resources, processes and activities for risk management.

These definitions are specified in international standards ISO Guide 73:2009 and reflected in ISO 31000:2009

The University’s objectives for risk management are:

  • to align risk management with the University’s objectives (as set out in the Strategic Plan and elsewhere);
  • to appraise and manage risks and opportunities in a systematic, structured and timely manner, in accordance with best practice;
  • to strengthen decision-making, prioritisation and planning;
  • to achieve the appropriate balance between stability and innovation; and
  • to assign accountability and responsibility for risk within the University. 

In developing and implementing its approach to risk management, the University follows best practice in the management of risk.  The University is mindful of international standards on risk management (specifically ISO Guide 73:2009 and ISO 31000:2009); guidance from the Committee of University Chairs; and other relevant sector bodies.

Under the conditions of registration with the Office for Students (OfS) a number of public interest governance principles are set out which must be upheld by the University in its governance and management arrangements. These include a requirement to operate comprehensive corporate risk management and control arrangements to ensure the sustainability of our operations and our ability to continue to comply with the conditions of registration.

The OfS’s Accounts Direction requires that all registered providers must include a ‘statement of corporate governance’ in financial statements setting out how we ensure the adequacy and effectiveness of arrangements for corporate governance, risk management and oversight of any statutory and other regulatory responsibilities.

The University’s risk management framework   is designed to ensure that the University is able to comply with applicable risk management standards and regulatory requirements. 

Contact us


For further information contact the Risk and Resilience Team.

Email: risk@admin.ox.ac.uk