Risk Register Template

Risk Management Framework

Supporting this policy, Colleges and University Services will adhere to a consistent format when articulating and managing risk.  Strategic, operational and project risk is managed using the University strategy, project and Governance/Risk/Compliance (GRC) tool, Portfolio and Project Management Anywhere (PPMA) which can be accessed using a single sign on at https://uofg.ppmanywhere.com/.  A training guide on how to use this tool can be found at https://www.gla.ac.uk/myglasgow/ppm/ppma/ppmatraining/ and further outlined in the appropriate Standard Operating Procedures.  The framework within this document outlines:

  • The template in Appendix A is the data used within PPMA for all risk registers
  • Guidance in Appendix B on the methodology for scoring risks
  • Guidance in Appendix C on how risk is rated and escalations
  • Guidance in Appendix D on our appetite for risk
  • Guidance in Appendix E on how risk is managed at CMG and PSG levels
  • Guidance in Appendix F on how risk is managed at School, Research Institute and University Services functional levels

The number of risks in a register is not fixed, however, at board level and above, this should be limited to the key risks that will directly impact on the delivery of the University strategy or services.

As part of the risk review cycle outlined in section 4, the review should include the deletion of risks that are no longer applicable, the introduction of new risks and the amendment of current risks.

The Risk Management Policy and Framework will be subject to annual review at the Audit and Risk Committee.  The Audit and Risk Committee will review the strategic risk register as well as evidence that the risk policy is being adhered to across the University.

The Audit and Risk Committee will review the effectiveness of the risk policy and risk management framework and may recommend an external review of the process.

It is the responsibility of the Head of Risk to ensure that the risk management framework is being adhered to and will escalate to the Director of Strategy Implementation and Risk omissions or evidence of a lapse in risk management from operational risk registers.

Appendix A: risk register PPMA field description

* denotes a mandatory field and the system will not save until this is completed

ID

A unique identifier automatically generated by PPM

Risk Register

Automatically assigned within the PPMA structure

Title*

A very short title that makes it easy to understand what the risk is about.  A precursor is automatically added to identify the risk register

Risk owner*

Who will be ultimately accountable for the management of this risk?  This is not the person who will be responsible for completing the mitigating actions

Root cause*

What are the reasons this risk could occur?  This is commonly written as “due to…”

Risk description*

How would you describe the risk?  This is commonly written as “there is a risk that…”

Risk impact*

What would happen if the risk happened?  This is commonly written as “this will result in…”

Category*

This is the strategic theme which the strategic category aligns with. Refer to appendices C for a drop-down list of these categories

Strategy

How does this risk relate to our thematic and enabling strategies?  Refer to appendices C for a drop-down list of these strategies

Business Objective

Which of the 9 objectives from the 2025 Strategy.  Refer to appendices C for a drop-down list of these objectives

KPI

If applicable, the risk should be attributed to one of the strategic Key Performance Indicators

Movement*

Since the last review, is this risk:

WORSENING – the risk is becoming more likely, or the impact is bigger than you originally thought

STABLE – there is no change to the likelihood of the risk occurring or the impact it will have

IMPROVING – the risk is becoming less likely, or the impact is less than you originally thought

Escalation groups/ committees*

Using the escalation table in appendix D, at what level in the University is this being managed? 

Level 1 – Audit and Risk Committee/Court

Level 2 – Senior Management Group

Level 3 – College Management Group, Professional Services Group or Committee

The governance site contains all Terms of Reference for committees including escalation of risk

Identified Date

Date risk was agreed to go onto the risk register

Last review date

The date the risk was last reviewed

Next review date

A separate date for each mitigation action or when the control will be reviewed again

Mitigation*

How will we manage this risk? 

RESOLVE – can we completely remove all likelihood that this risk will not happen or that there will be no impact to the University?

REDUCE – can we make it less likely that the risk will happen or, if it does, we can soften the impact to the University?

ACCEPT – is there nothing we can do to reduce or resolve the likelihood and probability?

TRANSFER – can we pass this to an external partner to resolved or reduce such as a sub-contractor to manage on our behalf?

Proximity*

If the risk becomes a reality, how far in the future is that likely to happen?  It is common to use this alongside the initial probability, e.g., there is a 75% chance of this happening in 6 months to 1 year

Anytime

1 to 3 months

3 to 6 months

6 months to 1 year

More than 1 year

Initial impact*

What was the impact when the risk was first identified?  A score of 1 to 5.  Refer to appendices B for further details.  This score does not change and fixed after entry.

Initial probability*

What was the impact when the risk was first identified?  A score of 1 to 5.  This score does not change and fixed after entry..  A score of 1 to 5:

1 (very Low) - 1% to 19% chance.  “there is not much chance of this happening”

2 (low) - 20% to 39% chance.  “we don’t think this will happen”

3 (medium) - 40% to 59% (or 50/50) chance.  “we don’t know if this will happen”

4 (high) – 60% to 79% chance.  “we are reasonably sure this will happen”

5 (almost certain) – 80% to 99% chance.  “we are almost certain this will happen”

Initial assessment*

Initial impact * Initial probability.  This is automatically calculated by PPMA.  This score does not change and fixed after entry

Current impact*

What is the impact at the time of review?  A score of 1 to 5.  Refer to appendices B for further details

Current probability*

At the time of review, what is the likelihood that this risk will happen?  A score of 1 to 5 as detailed above in the initial probability

Current assessment*

Current impact * Current probability.  This is automatically calculated by PPMA

Residual impact*

If all actions were completed and controls are working, what would the impact score be?  Refer to appendices B for further details

Residual probability*

If all actions were completed and controls are working, what would the probability score be?  A score of 1 to 5 as detailed above in the initial probability

Residual assessment*

Residual impact * Residual probability.  This is automatically calculated by PPMA

Mitigation ID

A unique identifier automatically generated by PPM

Mitigation control or action*

Mitigations can take one of two forms:

Action – this will be a task with a clear output or outcome with a clearly defined due date.  Common words for an action include deliver, produce, run or set up

Control – this will be an operational or business as usual mitigation such as monthly review at a committee or board.  Controls do not have a due date but need to have a date when it will be reviewed to ensure the mitigation is effective

Mitigation description*

A list of mitigations that will be undertaken to manage the risk.  A separate line should be created for each mitigation so that the owner can be assigned

Mitigation assigned to*

A separate name who is responsible for each mitigation action or control

Action or review date*

A separate date for each mitigation action or when the control will be reviewed again

Mitigation notes

An update on the current effectiveness of the control or delivery of the action

RAG

What is the RAG (Red Amber Green) of the mitigation action or control

GREEN – the action or control is on track

AMBER – for management information only; the action or control may go off track

RED – for management intervention; the action or control is off track

Action Status*

Is this action or control started, in progress or complete? PPMA provides a list of open and closed actions together with completions dates

Last updated

An automated date and time as soon as the user presses save to update an action

Updated by

An automated field showing the username as soon as save is pressed to update an action

Comments and attachments

Freeform text to provide additional information or context. Where possible, comments should include the minutes from the last review of the risk.  Attachments can be added to support actions.

Appendix B: scoring methodology

 

Probability

1 - Very Low Probability

2 - Low Probability

3 - Medium Probability

4 - High Probability

5 - Almost Certain

 

1% to 19% chance of happening; there is not much likelihood this will happen

20% to 39% chance of happening; we don't think this will happen

40% to 59% chance of happening; we don't know if this will happen (50/50)

60% to 79% chance of happening; we are reasonably sure this will happen

80% to 99% chance of happening; we are almost certain this will happen

 

Impact

1 - Very Low Impact

2 - Low Impact

3 - Medium Impact

4 - High Impact

5 – Highest Impact

Civic

Minor impact on Civic Engagement – very limited impact on civic and community partners.

Short-term impact on Civic Engagement – limited impact on civic and community partners; contained to specific area of the University’s civic engagement

Significant impact on Civic Engagement; significant impact on civic and community partners resulting in negative impact on institutional ability to meet civic engagement commitments.

Major impact on Civic Engagement; major impact on civic and community partners resulting in inability to meet significant institutional commitments and the delivery of the University’s Civic Mission and its Civic Strategy

Unsustainable impact on Civic Engagement involving a significant number of civic and community partners

Data

High trust - can be used for strategic purposes; GDPR unlikely to be impacted

High to moderate trust - can be used for management purposes; GDPR could be impacted and requires further review

Moderate trust - can be used for more than one operational purpose; GDPR highly likely to be impacted and requires action

Moderate - Low trust - can be used for single operational purpose; GDPR will be an issue and an action plan is required

Low trust - data is not fit for purpose; GDPR requirements will be not be met

Estates

Disruption of up to 1 day to business-critical services/estate; disruption of up to 5 days to non-critical services/estate;
Infrastructure (heating/power/water) loss affecting a section of a building.

Disruption up to 5 days to business critical services/estate; disruption of up to 10 days to non-critical services/estate;
Infrastructure (heating/power/water) loss affecting entire building.

Total loss of up to 1 day to business critical services/estate; total loss of up to 5 days to non-critical services/estate;
Infrastructure (heating/power/water) loss affecting up to half of campus area.

Total loss of up to 5 days to business critical services/estate; total loss of up to 10 days to non-critical services/estate;
Infrastructure (heating/power/water) loss affecting up to three-quarters of campus area.

Total loss over 5 days to business critical services/estate; total loss over 10 days to non-critical services/estate;
Infrastructure (heating/power/water) loss affecting more than three-quarters of campus area.

External relations and reputation

Highly unlikely to cause adverse publicity

Unlikely to cause adverse publicity

Needs careful PR/Diverse local publicity

Diverse local and national publicity/limited damage to University brand

Adverse national and international publicity/sustained damage to University brand

 

 

Finance

Financial loss of £500k-£1m or £100k-£500k per annum

Financial loss of £1-2m or £500k-£750k per annum

 

Opportunities would result in <£750k per annum cost saving or income generation

Financial loss of £3m-£5m or £750k-£1m per annum;

minor changes to current procurement or current supplier contracts required

Opportunities would result in £750k-£1m per annum cost saving or income generation

Financial loss of £5-10m or £1m-£2m per annum;

major changes to current procurement or current supplier contracts required

Opportunities would result in £1m-£2m per annum  cost saving or income generation

Financial loss of >£10m or >£2m per annum;

new procurement or new supplier contracts will be required

Opportunities would result in >£2m p.a cost saving or income generation

Health and Safety

Minimal impact to health/welfare

Workplace safety compromised; significant impact to health/welfare

Litigation due to unsafe workplace; major impact to health/welfare; lost time <7 days

Serious injury or harm; dangerous near miss; significant publicity and litigation as a result; lost time >7 days

Death or permanent disability; long term impact to service; major publicity and litigation

Innovation

Minor impact on our Innovation Strategy

Would have a small impact on our ability to take advantage of commercialisation opportunities

Would have a major impact on the Innovation Strategy objectives

 

Opportunities may result in some commercialisation opportunities

Would have a significant impact on our ability to take advantage of commercialisation opportunities

Would result in us unable to achieve our Innovation Strategy

 

Opportunities would result in significant commercialisation opportunities

International

Minor impact on international activity which does not have widespread consequences for international strategy

Short-term impact on international activity; minor impact on recruitment, research, reputation and partnership activity – contained to small region

Significant impact on international activity; loss of significant income and detrimental to partnership activities, research and reputation in one region.

Major impact on international activity; major impact on a partnership activity, research, reputation and recruitment in key geographical region or several regions.

Unsustainable impact on international activity impacting several key regions.

Would result in inability to achieve our International Strategy or meet institutional targets.

Learning and teaching

Minor impact on teaching activity

Short-term impact on teaching activity

Significant impact on teaching activity; loss of a key academic course;

Major impact on teaching activity; significant impact on a school

Unsustainable impact on teaching activity; significant impact on a College

People and OD

Minimal impact to staff wellbeing.  No visible impact to capacity and capability

An increase in wellbeing cases. Key roles are being impacted. Visible impact on service delivery and operations

Major impact to staff wellbeing.  Short term loss of key roles.  Significant impact to staff morale

Threat of staff industrial action.  Long term loss of key roles.  Significant impact to capacity and capability.  Highest impact on service delivery and operations

Widespread and sustained industrial action.  Long term impact to capacity and capability.  Complete loss of service delivery and operations

Research

Minor impact on research activity

Short-term impact on research activity

Significant impact on research activity

Major impact on research activity; significant impact on a school; short term damage to research funding

Unsustainable impact on research activity; significant impact on a College; irreparable damage to research funding

Services

Disruption (< 1 day) disruption to business critical services; no noticeable disruption to non-critical services

Disruption between 1 and 5 days disruption to business critical services; disruption < 10 days to non-critical services

Loss < 1 day disruption to business critical services; no loss to non-critical services

Loss (between 1 and 5 days) disruption to business critical services; loss (< 10 days) to non-critical services

Loss > 5 days of service to business critical services; loss > 10 days to non-business critical services

Student Experience

no noticeable impact on student experience

no impact to teaching; would lead to individual students raising concerns; no impact on NSS scores

minor disruption to teaching; would lead to a group of students raising concerns; low impact (1-2) years on NSS scores

significant disruption to teaching; would lead to individual students raising a formal complaint or leaving the University; medium impact (2-3 years) on NSS scores

teaching stopped in one or more School; would lead to a group of students raising formal complaints or leaving the University; long term impact (more than 3 years) on NSS scores

Student Recruitment

no noticeable impact on student recruitment

would lead to 1% and 3% of student recruitment markets not being met

would lead to 4% to 7% of student recruitment targets not being met

would lead to between 7% and 10% of student recruitment targets not being met

would lead to more than 10% of student recruitment targets not being met

Sustainability

Overall success in meeting targets and fulfilling actions; a small number of actions not achieved within expected timescale

Overall success in meeting targets and fulfilling actions; some targets missed and some actions not achieved within expected timescale

Mixed success in meeting targets and fulfilling actions; significant revision required to strategy and action plan

Some successes in implementing sustainability strategy but overall failure to achieve goals, resulting in negative publicity

General failure to achieve strategy resulting in widespread condemnation and reputational damage to University

Technology/ IT

Negligible impact on technology systems, infrastructure or architecture

MInor impact on technology systems, infrastructure or architecture with a known solution or a medium term workaround fix.  There may be an impact on the delivery of the Technology Strategy

Opportunities would result in minor improvements to technology systems, infrastructure or architecture

Impact to technology systems, infrastructure or architecture that could be fixed with a short term workaround solution.  Minimal impact on the delivery of the Technology Strategy

Opportunities would result in significant improvements to technology systems, infrastructure or architecture

Major impact on technology systems, infrastructure or architecture that would require immediate remediation.  Key elements of the Technology Strategy would not be delivered.

Opportunities would result in significant improvements to technology systems, infrastructure or architecture

Untenable impact on technology systems, infrastructure or architecture.  Unable to achieve the delivery of the Technology Strategy

Opportunities would result in a transformational change to technology systems, infrastructure or architecture

 

 

Transformation

Minor impact on the Transformation Strategy

Would result in a delay or increase to cost within business case tolerances to a Transformation project.

Would result in a delay or increase to cost outside of business case tolerances but highly likely to be approved.  May result in minor inefficiencies to our processes or systems

Opportunities would have some impact to the Transformation Strategy. Would result in minor efficiency improvements to our processes or systems

Would result in a significant delay or increase to cost to a Transformation project.  May result in major inefficiencies to our processes or systems.

Opportunities would have a direct impact to the Transformation Strategy. 

Would result in the complete halt to a Transformation project.  The Transformation Strategy would not be able to meet stated goals.  Would result in unacceptable inefficiencies to our processes or systems

Opportunities would exceed the current expected benefits from the Transformation Strategy.  Would result in significant efficiency improvements to our processes or systems

Project specific

Project – Finance and cost

Overspend of less than 1% of agreed budget

Overspend between 1% and 3% of agreed budget

Overspend between 3% and 5% of agreed budget; minor changes to current procurement or current supplier contracts required

Overspend between 5% and 10% of agreed budget; major changes to current procurement or current supplier contracts required.  Additional Capital Application required

Overspend of greater than 10% of agreed budget; new procurement or new supplier contracts will be required.  Additional Capital Application required

Project - Resources

We have the capability but there may be an acceptable delay in freeing the resources to complete the work

We have the capability but there may be an unacceptable delay in freeing the resources to complete the work

We do not have the capability and would need to train current resources to complete the work within acceptable cost or time

We do not have the capability and would need to source externally or recruit to complete the work within acceptable cost or time

We not have the capability and sourcing expertise is likely to be increase cost or time to unacceptable levels

Project – Scope and business case

Scope change or functionality/quality/ business case impact barely noticeable. 

Scope change or functionality/quality/business case impact noticeable but accepted by customer/end user

Scope change or functionality/quality/ business case noticeable and would require a minor change

Scope change or functionality/quality/business case noticeable and would require a major change

Scope change or functionality/quality/business case would not be accepted by the customer/end user

Project – Time and planning

Slippage of less than 2% of project lifecycle or less than 4 weeks.  Has no impact of the implementation of business activities.

Slippage between 3% and 10% of project lifecycle or between 1- and 2-months slippage.  Delay of up to two weeks for non-business critical activities and up to 2 days on business-critical activities.

Slippage between 10% and 15% of project lifecycle or between 2- and 3-months slippage.  Delay of up to 4 weeks for non-business critical and up to 1-week delay to business-critical activities.

Slippage between 15% and 20% of project lifecycle or between 3- and 6-months slippage.  Delay of up to 2 weeks for business-critical activities.

Slippage of greater than 20% of project lifecycle or more than 6 months slippage

Delay of greater than 2 weeks for business-critical activities.

 

 

Appendix C: Escalation levels, ratings and strategic themes

 

 

Escalation level

Examples

Level 0

Court and Audit and Risk Committee

Level 1

Senior Management Group

 

Level 2

College Management Groups, Professional Services Group, Governance Groups (as described in the corporate governance structure (www.gla.ac.uk/governance)

Level 3

School, University Services Leadership Teams (e.g. People and OD, Commercial Services or Finance)

 

 

1 - Very Low Impact

2 - Low Impact

3 - Medium Impact

4 – High impact

5 – Major impact

5 - Almost Certain

Medium

Medium

High

Major

Major

4 - Very High Probability

Low

Medium

High

High

Major

3 - Medium Probability

Low

Medium

Medium

High

High

2 - Low Probability

Low

Low

Medium

Medium

High

1 - Very Low Probability

Low

Low

Low

Low

Medium

 

Low risk:

Requires minimal attention.  Updated at next review date

Medium risk:

Should be reviewed and updated monthly to ensure that mitigation is effective

High risk:

Effective mitigation plan signed off at appropriate level and updated monthly to ensure that mitigation is effective

Major risk:

Requires immediate attention.  Effective mitigation plan signed off a level above or SMG/Audit and Risk Committee.  Updated regularly to ensure that mitigation is effective

 

Thematic strategies

Enabling strategies

Other

Civic engagement

Innovation

Internationalisation

Learning and teaching

Research

Student experience

Sustainability

 

Data and cybersecurity

Estates

Finance

People and Organisational Development

Services

Student recruitment

Technology/IT

Transformation

Health & Safety

External Relations

Student recruitment

Project finance and cost

Project resources

Project scope and business case

Project time and planning

 

Appendix D: risk appetite statements

Strategic theme AVERSE MINIMAL CAUTIOUS SEEKING
We will accept risk with a score of 1 -4 We will accept risk with a score of 5 - 9 We will accept risk with a score of 10 – 16 We will accept risk with a score of 20-25
 Definition Avoidance of risk and uncertainty is a key organisational objective Preference for safe options that have a low degree of risk and may only have limited potential for reward Willing to consider all potential options and choose the one most likely to result in successful delivery, while also providing an acceptable level of reward and value for money Eager to be innovative and to choose options offering potentially higher rewards despite greater inherent risks
Data The University will not compromise on its statutory obligations to store, interrogate or dispose of data.  There is no tolerance for information security risk causing loss or damage to University data      
Estates EXISITING ESTATE     CAMPUS DEVELOPMENT
The University will take all care of duties in the protection of the campus heritage and the fabric of our buildings The University will actively seek new and innovative usage of space
External Relations and reputation The University will not compromise its reputation and values in the short or long term      
Finance     Financial risks and rewards are to be weighed against short and long term strategic and operational priorities  
Health and Safety The University will not compromise any aspect of Health and Safety that puts any staff, student or member of the public at risk      
Innovation       The University's appetite for Academic and Technical innovation is that it should be competitive at the earliest opportunity to maintain its standing in local and global markets
Learning and Teaching     The University recognises that, although quality and integrity of output is paramount, it seeks to maintain and to benefit from ongoing developments in the definition and delivery of academic outputs The University's appetite for Academic and Technical innovation is that it should be competitive at the earliest opportunity to maintain its standing in local and global markets
People and OD The University will not compromise the wellbeing of its staff The University recognises trade union collaboration and will avoid industrial action as much as possible    
Research   The University recognises that, although quality and integrity of output is paramount, it seeks to maintain and to benefit from ongoing developments in the definition and delivery of academic outputs    The University's appetite for Academic and Technical innovation is that it should be competitive at the earliest opportunity to maintain its standing in local and global markets
Student experience   A positive and rewarding experience is of paramount importance to the University.  A small level of risk is acceptable if it demonstrates providing a more enriched and innovative experience to the student    
Services   The University seeks innovation and improvement but will not accept higher risk in the operation of key services    
Sustainability Threats     Opportunities
The University has zero tolerance for any adverse impact on the environment The University has a high tolerance for innovative and unique opportunities that actively contribute to our Sustainability Strategy and reduces our carbon footprint
Technology     The University seeks innovation and improvement but will not accept higher risk in the operation of key systems  
Transformation       The University's will actively seek opportunities for innovation and accept higher risk that would demonstrate excellence

Appendix E: Level 2 Risk Standard Operating Procedure

Related policy

Risk Management Policy and Framework v7.0

Managed by

Finance Office

Accountable person

Jane Hoey, Head of Risk

Approved by

Audit and Risk Committee and sent to KPMG, internal auditors

Date approved

30th October 2024

Version

1.0

Version notes

First draft

Scope

This SOP covers

Strategic and operational risk at each of the College Management Groups (CMG) and the Professional Services Group (PSG)

This SOP does not cover

  1. Strategic and operational risk at Schools, Research Institutes or any Professional Services department
  2. Project and programme risk management
  3. Health and Resilience risk management
  4. Cybersecurity risk management

Related SOPs

Level 3 Operational Risk Standing Operating Procedure

Resources

Systems impacted

Portfolio and Project Management Anywhere (PPMA)

Forms/templates used

PPMA has a specific form built into the application to record risks, controls and actions.

Reporting

There are 5 key reports available in PPMA

  1. Risk On A Page (no updates)
  2. Risk On A Page (portrait)
  3. Risk On A Page (landscape)
  4. Risk Summary Report (single register)
  5. Risk Summary Report (multiple registers)

Additional guidance

  • QuickRef Guide to project risk

 

 

 

Procedure

Ref

Procedure

1

Risk identification

  1. New risks will be raised at the CMG via the Head of Finance and Head of Risk.
  2. Proposed escalated risk from Level 3 registers will be presented by the Head of Finance and Head of Risk to College Management Group.
  3. A Risk Owner will be identified. The Risk Owner must be a member of the CMG or PSG

2

Risk Articulation

  1. All risks will be entered into the strategic risk module of PPMA as defined in the Risk Management Policy and Framework v7.0
  2. Agreement to wording and scoring will be noted in the “notes” section of the risk form on PPMA.

3

Risk mitigation

  1. The Risk Owner will identify all controls and actions required to mitigate the risk or exploit the opportunity.
  2. Actions can be assigned to non-members of CMG or PSG.
  3. All actions must have a completion date and not a review date
  4. Controls will identify the next review date instead of a completion date
  5. The Risk Owner will update the “notes” section of each control and action with the latest progress or effectiveness of controls

4

Risk Reporting

  1. PPMA provides reports detailed in section 2.
  2. For each risk, controls and mitigating actions are identified. If actions are open PPMA provides tracking in respect of completion dates, and this should be monitored. The report to use is Risk on a page -portrait, this provides a summary of the risk, controls and open/closed actions.
  3. It is recommended that each L2 risk report is reviewed monthly by the Head of Finance to ensure that the risk, controls and actions remain accurate.
  4. A review of open actions should be undertaken to ensure completion dates remain on target. If the date is revised the rationale for moving the date should be provided to the Head of Finance.

5

Risk Review

  1. A forward schedule of risk reviews will be agreed by the CMG or PSG based on the cycle from the Strategic Risk Register (SRR) managed by the Senior Management Group (SMG)
  2. CMG or PSG members will provide guidance and comments to the Risk Owner.
  3. All progress against actions identified during risk mitigation will be noted in PPMA and reviewed with the aging analysis on PPMA reporting.

6

Risk escalation

  1. If a risk is increasing/decreasing, or a new risk is identified, this should be escalated to the Head of Finance and discussed at CMG. Once discussed and agreed then PPM should be updated.
  2. Risk escalation is a live process and does not have to wait until there is a CMG/PSG meeting. Guidance is do not wait, if you identify a new or increasing risk contact your Head of Finance as soon as possible.
  3. Risks escalated to SMG will be made by the University Secretary/Chief Operating Officer or Head of College. SMG will meet weekly and will include any critical escalations as well as the monthly Risk review with the Director of Strategy and Risk.

Training

PPMA

Risk training for project and strategic/operational risk is included in the PPMA Overview Course.  Details of this can be found on the internal website www.gla.ac.uk/myglasgow/ppm

Risk training

Tailored risk training is available via Jane.Hoey@glasgow.ac.uk

Risk register template in Microsoft Excel

Please note that there are some ongoing refinements to our risk appetite and impact statements that will be updated here in Q3 2022

Download a blank Excel risk register template

Last updated June 2022

Updated May 2022