pac32-r-2538(i) b meeting 14/11/2019...2019/12/31 · university strategic plan 2018-2022 in place...
TRANSCRIPT
PAC32-R-2538(i) B Meeting 14/11/2019
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Strategy, Quality and
Planning
University fails to properly plan
for and manage enrolment
growth
Risk that University’s capacity to absorb growth in student and staff numbers lags behind actual
growth.
Risk that academic staffing fails to match student enrolment growth.
Risk that support services and staffing fail to match student enrolment growth.
Risk that physical teaching and learning infrastructure fails to match student enrolment growth.
Risk that research infrastructure, facilities and systems fail to match academic staff growth.
Risk that digital and information systems fail to keep pace with the growth of the University.
Risk that social, sporting and recreational infrastructure and services fail to match student
enrolment growth.
Risk that numbers of students enrolled may fall short of enrolment plans, especially in
postgraduate enrolments.
Risk that quality of student intake may fall below acceptable levels.
Risk that there will not be sufficient student accommodation on campus or in the local area.
Risk that growth of the University will place an inappropriate burden on accommodation and
infrastructure in the Maynooth area.
8 4 32 President Clear responsibilities set for University Executive and its members.
University Strategic Plan 2018-2022 in place with underpinning enrolment
projections.
Enrolment projections are used to inform Campus Masterplan, financial plan,
and other planning processes.
Loan agreement entered into with EIB.
A five-year financial stability plan in place.
HEA Compact on enrolment and performance in place.
Internal model for resource allocation refocused on Strategic Plan exists.
Admissions Office leading recruitment campaign supported by focussed
advertising.
Post graduate recruitment plans developed by Faculties.
Additional part-time study options provided at post-graduate level.
Additional Apartments are available and on-going engagement property
owners in the Maynooth and surrounding areas.
University successful with HESIF capital funding bid in 2019 enabling €57m
capital programme.
Annual Staff Planning Review process in place.
50% 16 17 Existing
Strategy, Quality and
Planning
The University fails to
systematically develop, oversee,
implement and review a coherent
University Strategic Plan
Risk that the University fails to identify and set appropriate strategic goals and objectives in the
University Strategic Plan.
Risk that the University Strategic Plan is not appropriately aligned with system and national
objectives.
Risk that University strategic objectives are not communicated or understood throughout the
University.
Risk that University Strategic Plan is not supported by Faculty-level planning.
Risk that the University does not have the organisational capacity to implement the University
Strategic Plan.
Risk that resources are not allocated in a way which fully supports the achievement of strategic
objectives.
Risk that University’s strategic management resources are spread too thinly, lack specific
expertise, or are overly focussed on operational issues.
Risk of University failing to control the costs and timelines of implementing the
recommendations of the Strategic Plan.
7 4 28 President The University has followed an inclusive strategic planning process including
staff, students, alumni and other stakeholders.
Governing Authority takes responsibility for the development and oversight
of the Strategic Plan with comprehensive KPI Framework.
Successive Performance Compacts fully compatible and consistent with the
Strategic Plan agreed with the HEA.
Regular engagement with HEA and Dept. of Education and Skills.
Key responsibilities for implementation of strategic plan are allocated to the
University Executive.
UE have agreed and assigned responsibility for key enabling projects.
University Update for all staff at regular intervals.
University Internal Communications Plan.
50% 14 11 Existing
Research and
Innovation
Risk that national strategy for
research, development and
innovation does not support the
full range of research and
scholarship that is valued by MU
Risk that national research policy offers inadequate support to humanities and social sciences.
Risk that national research policy drives concentration of research into larger institutions.7 6 42 VPR MU actively engaged in influencing national research policy through IUA and
other organisations.
University research strategy aligned to national priorities.
Explicit strategy to build links with and participation in SFI research centres.
Plan to diversify funding sources implemented in particular for non-
exchequer & EU H2020 funding.
40% 25 27 Existing
Research and
Innovation
Risk associated with
Commercialisation and
Knowledge Transfer
Risks arising from Commercialisation and Knowledge Transfer activities.
Risk of inadequate risk management in Commercialisation and Knowledge Transfer.
Risk of poor decision-making or poor documentation of decision making in relation to
investment in spin-out activities.
Risk of inadequate senior management oversight of Commercialisation and Knowledge
Transfer.
6 6 36 VPR Frequent meetings held between Director of Commercialisation and VPR
Investment decisions template and documentation in place.
A working risk management approach is in place between the Director of
Commercialisation and VPR.
IP and Conflict of Interest policies updated 2019 in line with national review
30% 25 New
Research and
Innovation
Risk of failure to protect MU or
third-party intellectual property
Risk of failure to protect valuable MU IP either through ignorance or lack of training.
Risk of improper use of or failure to protect third party IP due to increasing number and
complexity of industry research agreements.
8 6 48 VPR National and institutional intellectual property policies.
Research integrity and ethics policies.
IP management a key element of research training.
Oversight role of RDO and Commercialisation Office.
50% 24 29 Existing
Research and
Innovation
Risk of failure to comply with
research funding and reporting
conditions
Risks related to reporting requirements becoming more onerous and more complex. 7 5 35 VPR Researchers aware of consequences of non-compliance and supported
through new information systems.
Strong Research and Development Office.
35% 23 25 Existing
Maynooth University Risk Register 2019 (Q3)
MU Risk Register 2019 Q3 1 of 12
PAC32-R-2538(ii) B Meeting 14/11/2019
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Research and
Innovation
Risk that the University fails to
attract sufficient funding to
support its research objectives
from national, EU or other
sources
Risk that the University fails to attract sufficient research funding from national government
sources (SFI, IRC etc.).
Risk that the University fails to attract sufficient research funding from EU sources.
Risk that the University fails to attract sufficient research funding from industry and other
sources.
7 5 35 VPR Strong Research Development office.
Strategy in place to win increased EU funding.
Research Incentivisation Fund promotes grant application.
Supporting diversification of funding sources in Research Development
Office.
Research Institutes supporting strong research culture.
40% 21 28 Existing
Research and
Innovation
Risk that research undertaken by
the University has ethical or other
implications that affect reputation
Risk that researchers are unaware of the ethical issues associated with their research.
Risk of non-compliance with University, agency, national and European guidelines relating to
ethics in research.
Risk of breach of research ethics norms.
Risk of reputational damage due to ethics breach.
Risk that approved and institutionally-supported research is controversial and attracts adverse
public interest or malicious activity.
7 6 42 VPR Research Committee exists with agreed Terms of Reference.
Research Development Office with experienced staff.
Ethics Committee established (as a subcommittee of the Research
Committee) to underpin need to adhere to highest ethical standards.
New streamlined ethics appraisal process in place.
Research integrity policy adopted in line with national policy.
New protocols developed alerting staff to ethics and integrity issues.
Ethics and integrity included in new staff induction and continuing
professional development.
High-risk research identified and an appropriate response mobilised.
Confidentiality issues highlighted at kick-off meetings for new research
awardees.
60% 17 25 Existing
Research and
Innovation
Risk of Research Misconduct Risk that staff are not adequately trained, and research misconduct and integrity issues not
adequately understood by staff.
Risk that research students are not adequately trained, and research misconduct and integrity
issues not adequately understood by research students.
Risk that a research misconduct or research integrity issue is not adequately investigated or
appropriately dealt with.
Risk of reputational damage related to research misconduct.
8 4 32 VPR Research integrity policy adopted in line with national policy.
Integrity education built into PhD skills programmes.
Research conflict of interest policy in place.
Participation for PIs in national training programme
Participation in National Research Integrity Forum.
Review of data storage and data management practices
50% 16 31 Existing
Research and
Innovation
Risk of breach of contract with
funding agency or external
partner
Risk that diversification of funding leads to increased numbers of contracts with different or
higher risks.
Risk that university researcher fails to deliver on agreed research contracts.
Risk of failing to adhere to general terms of contract.
Risk of financial irregularities in discretionary research expenditure.
5 4 20 VPR Stronger legal expertise in place in RDO.
Review and approval of sample contracts in range of areas undertaken by
insurers on regular basis.
External legal advice obtained when necessary.
Additional training in contract issues for research support staff.
Research ethics and integrity policies in place.
Risk assessment on awards from non-traditional/minor funders performed.
20% 16 27 Existing
Postgraduate Education Risk that the University
postgraduate programmes are
not sufficiently attractive to
students, and the University fails
to meet enrolment targets
Risk that the postgraduate programme portfolio is not attractive to students.
Risk that postgraduate programmes are not sufficiently flexible to meet the needs of lifelong
learners.
Risk that postgraduate programmes are not perceived as supporting the professional and
personal development needs of students.
Risk that scholarships for taught postgraduate programmes are not appropriate or optimal.
Risk that research postgraduate enrolments fall short of the norm for research-led universities.
Risk that scholarships for research postgraduate studentships are not appropriate or optimal.
8 7 56 DGS University Strategic Plan includes focus on PGT programmes.
Master's Task Force and its implementation.
Graduate programmes being designed with stronger emphasis on flexibility
and employability.
Investment in Graduate Studies Office.
Review of postgraduate taught scholarships.
Investment in doctoral scholarships, co-funding and graduate teaching
assistantship programmes.
40% 34 25 Existing
Teaching and Learning Risk that student progression
rates decline with negative impact
on student success
Risk that students progression and completion rates decline.
Risk that progression standards are inappropriately high, or inconsistent.
Risk that students drop out for non-academic reasons (e.g. financial pressure, stress, mental
health).
Risk that "at-risk" students are not identified and supported.
Risk that "at-risk" students are unaware of the supports offered by the University.
Risk that failure to correctly estimate progression rates leads to financial losses.
5 8 40 VPA Risks mitigated by quality of teaching and learning.
University strategy to maintain academic staff:student ratio and annual staff
planning process
Progression and completion rates monitored in KPI process.
Academic Advisory Office provides support to students experiencing
academic difficulties.
Programme Advisory Office developed to provide proactive advice on subject
selection for students.
Extensive information on full range of advisory and support services given to
all students during Orientation Week.
All student support services (Health Centre, Counselling, Budgeting, Student
Support) prioritise appointments for any student at risk of dropping out.
20% 32 New
MU Risk Register 2019 Q3 2 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Teaching and Learning Risk that the University
undergraduate programmes
become less attractive to
students, and the University fails
to meet enrolment targets
Risk that the undergraduate portfolio fails to meet changing demands and expectations.
Risk that MU courses are not perceived as matching labour market needs or preparing
graduates for employment.
Risk that the number of applications for MU courses declines.
7 5 35 VPA Undergraduate curriculum reform created very attractive programme
structure and capacity for sustained innovation
Regular undergraduate portfolio review.
Planned and phased introduction of new undergraduate specialisms.
Experiential learning initiatives.
Excellent marketing, recruitment and admissions functions.
70% 11 8 Existing
Teaching and Learning Risk that quality of teaching and
learning or academic standards
decline undermining graduate
employability and university
reputation
Risk that quality of teaching and learning declines due to insufficient resources.
Risk that quality of teaching declines due to inadequate staff development.
Risk that quality of teaching declines if teaching commitment and excellence not incentivised
appropriately.
Risk that teaching does not address the needs of our diverse student population.
Risk that inadequate resources hinder development of new teaching and assessment methods.
Risk that overcrowding or inadequate learning spaces impacts student learning.
Risk that poor teaching on a specific course goes undetected and is not appropriately addressed
by the University.
8 5 40 VPA University Strategy to maintain academic staff:student ratio.
Curriculum review and enhancement.
Academic Programme approval and review.
Student feedback mechanisms.
Leadership roles of VP Academic and Dean of Teaching and Learning.
Centre for Teaching & Learning promotes quality throughout the University
and offers training.
Emphasis on inclusive teaching and assessment.
Mathematics, Writing and Programming support.
Programme Advisory Office.
Agreement of MU Teaching Guidelines.
Teaching and Learning Committees.
Appointment and Promotion processes assess and incentivise teaching
committment and excellence.
Regular upgrading of VLE.
Quality Reviews and External Examiners.
Professional accreditation of relevant courses.
Capital development programme in train.
Regular Academic Staff Planning.
95% 2 8 Existing
Student experience,
support and welfare
Risk of failing to protect the
mental health of students
Risk of an increase in incidence of Student Depression or number of students at risk of suicide
and the failure to recognise this
Risk of alcohol and substance abuse by students.
Risk of students being subject to bullying and this not being controlled by the University
Risk associated with increased mental illness, including the risk of non-disclosure by students.
Risk of injury to staff or students by students with mental illness.
Lack of out of hours’ supports
MSU sometimes first point of call for students
7 8 56 VPA Comprehensive Student Support Services (including professional Counselling
Service, Student Health Centre, Student Support Officer, Hub, Pastoral Care
Service and Chaplaincy, Academic Advisory Office, and Budgeting Advice)
MSU role in creating active campus life, delivering welfare campaigns, and
engaging with students to direct them to support services
MSU role in co-design of student services and supports
Policy on Alcohol
Protocol on Student Death
Protocol on Missing Students
Consultative service available from Counselling Service for all university staff
and students in relation to supporting students experiencing mental health
issues or distress.
Information on relevant mental health issues and a listing of relevant
emergency and support services is available on the Counselling Service
website.
Student welfare issues reviewed regularly in consultation with MSU
Information sessions on Guidelines on Referral offered to all new tutors
Security presence on campus 24/7
40% 34 21 Existing
Student experience,
support and welfare
Risk arising for Maynooth
University Student Clubs &
Societies
Risk that student is injured while engaging in sport or activity
Risk of accident when using personal transport to attend official Clubs and Societies events e.g.
off-campus competitions, inter-varsity events.
Inadequate notice of events
Risk of inadequate oversight of MSU management of Clubs and Societies
5 8 40 VPA Training is provided for clubs and societies including disability support
training
Insurance in place
Capitation Sub- Committee recommends, where possible, the use of public
and private transport providers to provide official club/Society transport for
events.
Management of Clubs and Societies to transfer to the University
25% 30 30 Existing
MU Risk Register 2019 Q3 3 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Student experience,
support and welfare
Risk of inadequate care or injury
to children in the University
Crèche
Risk that children might not be adequately protected.
Risk of injury.
Risk of children being cross infected with serious illnesses e.g. meningitis, mumps.
Risk of inadequate care due to inadequate child:staff ratio, especially where staff are absent
due to illness.
7 4 28 VPA Child Protection Policy in place
Regular liaison with the Health Service Executive to ensure compliance with
current regulations and standards
Heating/Control of hot water
Employment of qualified staff
Garda Vetting procedures in place
Safety statement in place
Regular inspection by external regulatory agencies with actions followed up
by internal staff
Annual review by H&S Officer with Crèche Manager
Ongoing training programme in place
No. of children capped to ensure compliance with staff: child ratio
Panel of relief staff established
35% 18 18 Existing
Internationalisation Risks associated with Maynooth
International Engineering College,
Fuzhou University
Risk that the MIEC project fails to meet its academic objectives
Risk that the MU curriculum does not effectively transfer to FZU
Risk that the business plan has not captured the full cost of the joint venture so that it is not
sustainable
Risk that MU cannot meet its obligations to or the expectations of FZU
Risk that FZU support for the project is not sustained in the long term
Risk that MU fails to build an effective collaborative relationship with FZU
Risk that MU cannot source the staff required to deliver the programme
Risks to staff related to international travel, living and working overseas
7 7 49 VPA Strong leadership, governance and project management team
Clear agreements in place
Strong collaborative relationship with FZU
Clear business plan with regular review
Protocols and procedures in relation to staff working overseas
25% 37 New
Internationalisation Risk associated with students
studying abroad.
Risk of injury to students while abroad through accident or assault.
Risk of students abroad having medical difficulties.8 6 48 VPA Insurance cover in place.
Pre departure briefing of students.
Oversight from local universities in most cases.
50% 24 New
People and Organization Risk that organisational structure
fails to support effective and
efficient implementation of
decisions and/or policies
Risk that levels of responsibility associated with some positions becomes unsustainable and
inhibit implementation of decisions.
Risk that offices containing support functions (such as Procurement, Estates Teams, Human
Resource, H&S) do not have resources to monitor that University policy is implemented.
Risk of poor communication of policy and decisions
Risk that Policies and Procedures might be breached by University Staff who may be unaware of
those Policies and Procedures
8 7 56 DHR University Executive’s responsibilities have been clarified and organisation
chart published
Written policies and procedures and guidelines approved, published and
disseminated and monitored by the University
Single web page with all policies
Supports provided for newly appointed Heads of Departments including
Heads of Department Forum.
Information for staff at induction on University Policies
30% 39 39 Existing
People and Organization Risk of unanticipated liabilities
due to poor management of fixed-
term and occasional contracts of
employment
Risk of serial fixed-term contracts becoming an unplanned contract of indefinite duration.
Risk of postdoctoral researchers and other research staff employed for a specified purpose on
externally-funded projects becoming entitled to contracts of indefinite duration placing an
unsustainable burden on the core finance of the University.
Risk of being unable to exit contracts of indefinite duration where redundancy situation arises.
Risk that staff acquiring contracts of indefinite duration have been through a less rigorous
appointments process than other permanent staff.
Risk of co-employment between occasional and part-time employment and risk of moving
between full-time or part-time contract and occasional employment
Risk of terminating a substantive employment relationship, whilst occasional arrangements
continue.
8 8 64 DHR Researcher career framework, postdoctoral research charter and recruitment
protocol in place.
HR review of researcher contracts.
Formal policy and guidelines issued on occasional arrangements.
Ongoing engagement between Director of HR and Heads of Departments to
identify emerging contract issues and risks.
Ongoing CoreHR upgrade and improvement in information systems and
reporting.
Development of reporting tool to indentify multiple engagements of a single
person.
Continue engagement unions and representative associations through
partnership and individual cases.
Early engagement with IBEC or framework legal advisers where appropriate.
Experienced Staff in HR
Adherence to the legal entitlements of employees existing in legislation even
if university policy not up-to-date.
50% 32 39 Existing
People and Organization Risk of failure to optimally
support, develop and retain
employees, or to ensure fair and
equitable treatment, due to
inadequate HR policies and
procedures.
Risk that HR policy framework is incomplete or out of date.
Risk of inconsistency in implementing or interpreting HR policies and procedures.
Risk of successful external claims of breach of employment law with associated reputational
damage.
Risk of failing to comply with new legislative requirements with regard to university staff
(immigration, child protection)
7 6 42 DHR Senior Staff inducted in key HR policies and procedures.
Campus Mediation services re-launched in 2011.
Ongoing contact between Director of HR and Heads of Departments to
surface emerging contract issues and problem areas.
Engagement of legal advice early where disputes arise
Ongoing revision/updating of all HR Policies to a standard template to deliver
a robust Policy, Procedures and Process Framework for the University
including Garda Vetting
ED&I classroom training provided to all heads of Department,new employees
and members of decision-making boards
Bi-annual report on ED&I to Governing Authority
30% 29 30 Existing
MU Risk Register 2019 Q3 4 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
People and Organization Risk of that MU fails to attract and
retain highly talented academic
and professional staff
Risk that recruitment and selection processes fail to secure the highest quality candidates
Risk that talented researchers and teachers may be lost to institutions with better research
infrastructure and support, lower teaching workloads, better teaching facilities and supports, or
more favourable funding environments
7 7 49 DHR Robust recruitment and selection processes
University Research Institutes and Research Development Office promoting
strong research culture
Research priorities identified creating critical mass aligned to national and EU
priorities
Significant investment in research and teaching infrastructure
Strategic Retention Policy in place
Strong linkages being developed with industry and public bodies
Investment in staff development
Enhancement of promotion processes
Maynooth University generating strong profile as research-led university
Workload models in place and being developed in a new process to support
research output.
Increased investment in the learning and development function of the
University
Enhanced induction process for new employees, including enhanced
supports during probation
Exit interviews offered to employees leaving permanent positions or fixed
term contracts in advance of the original termination date.
40% 29 34 Existing
Information Systems
and Services
Risks related to Systems Security Risk of IT security breaches due to inadequate security on departmental servers
Risk of misuse of University’s IT services and/or loss of or compromise of sensitive or highly
sensitive data due to user account compromise through cyberattack or breach of physical
security
Risk of loss or leakage of sensitive or highly sensitive data on portable devices such as laptops,
disks, PDAs, USB memory sticks etc.
Risk to University of inappropriate use of computer systems by staff or students
Risk of misuse or abuse on social media
Risk related to patch management
Risk related to the age of servers and databases
Risk related to patch management on staff and student laboratory PC’s
Risks of inadequate security training
Risks related to web security
Risks of inadequate security monitoring
Risk of inadequate security incident management
Risk of inadequate security vulnerability management plan
Risk associated with local administrator access to PC’s
Risk associated with inadequate Network Segmentations
Risk associated of inadequate email security protocols
Risk of inadequate monitoring of user activity
9 9 81 CIO Recruitment of IT Security Manager
Comprehensive Date Protection Policies
Departmental servers being phased out
Specific security measures: email security, anti-phishing, password policy,
multi-factor authentication, physical security
Increased training and awareness of security issues
Computer Usage Policy and Disciplinary Policy
Code of Conduct for Staff and Students
Monitoring of social media
Patch Management process being developed
Review of all servers and legacy systems carried out in 2019
Security training provided by HEAnet
Firewalls updated in 2019
Network segmentation ongoing
Decision to implement a Security Incident Event Management (SIEM) solution
Email security project in place
30% 57 New
Information Systems
and Services
Risk of inadequate provision for
disaster recovery and business
continuity
Risk that systems will not be recoverable and there will be sustained interruption of business
following a major incident
Risk of an incomplete, inadequate or outdated disaster recovery and business continuity plan
Risk of Data Centre facility not functioning in the event of disruption.
Risk of damage to or partial loss of a University Data Centre due to fire or flood or electrical
issue likely to cause serious disruption to services for more 96 hours due,
Risk of damage to the fibre backbone in certain crucial locations will result in campus network di
for certain areas.
Risk of loss of internet access for a prolonged period
Risk of cyber attack, for example, a distributed denial-of-service (DDOS) attack.
Risk of inadequate testing of data or system recovery process in place
Risk of back-up generators and UPS not functioning in the event of disruption
8 8 64 CIO Disaster recovery plan in place or in development for key systems
Disaster recovery testing plan in place
University Data Centres on the North and South Campus have been designed
with resilience and failsafe systems, as follows: resilient, redundant power
supply, including generator, resilient, redundant cooling, monitored Intruder
alarm, FM200 fire suppression system, environment monitoring, rack
monitoring.
Data Centre standard operating and testing procedures under development
in conjunction with Campus Services.
Data backup strategies include the use of an onsite location that is not in the
Data Centre. This ensures that data from key systems is available for
recovery.
The use of a virtual environment and replicated storage for the majority of
services contributes to a speedy restoration of services
HEAnet standard service to mitigate effects of distributed denial-of-service
(DDOS) attacks.
Implement recommendations provided in HEAnet. Security and Risk
assessment
Implement recommendations from IBM DR Capability Assessment.
Ensure all new buildings have dual routes to fibre backbone. Process in place
from Campus Service for works on campus to reduce risk of cable damage.
30% 45 New
MU Risk Register 2019 Q3 5 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Information Systems
and Services
Risk that IT Projects fail to be
governed and managed
appropriately and do not deliver
best value to the University
Risk that project is poorly or inappropriately specified
Risk that project is poorly governed or managed
Risk that not enough resources are dedicated to the project
Risk that the wrong resources are assigned to the project
7 7 49 CIO Programme Office established
Regular meetings of ITMSC
IT projects require UE member to act as sponsor
Regular progress reporting
20% 39 New
Information Systems
and Services
Risk of loss of key or critical
services and consequent business
interruption during normal
working hours
Risk of loss of one or more of the following key services during normal working hours.
-Key infrastructural services on which most other services depend, such as dns, dhcp,
authentication.
-Wired and wireless network equipment
-Authentication service.
-Campus telephony.
-VLE.
-Institutional website.
-Student Administration System.
-Financial Control System.
-Payroll.
-Human Resources system.
-Library management systems.
Risk that a service is not scaled/designed for increased or peak usage
Risk of failure to maintain services due to dependencies on third parties and/or sole traders
Risk of failure in a managed service (e.g. security compromise, supplier ceasing trading) noting
single SME on bespoke systems and processes (e.g. exams uploads, HEA returns, parking
system, etc.)
8 8 64 CIO Governance/oversight of IT Services
IT Management Steering Committee
Professional IT Services management and staff.
JDE Finance Systems hosted in the cloud
CORE HR and CORE Payroll hosted in the cloud
ITS plan for recovery developed (subject to investment)
CORE recovery tested
JDE recovery plan proposed
Alerting and monitoring systems and processes in place.
Security practices in place for network and systems security.
Physical Security in place for key campus data centre locations.
Security software installed on university laptops and desktops.
Reduced use of generic accounts for users and administrators.
Lockable, fireproof safes for storage of backup media
Internal redundancy and resilience in critical servers and associated storage
Virtual environment allows rapid restore, where necessary.
Maintenance (4-hour response) contract in place for campus core & data
centre networks and telephony system.
Documentation on supported services being standardised
SLAs between IT Services and third-party suppliers in development
Financial reviews during supplier selection
Best practice contract management practices including performance and
security reviews
50% 32 32 Existing
Information Systems
and Services
Risk of loss of key or critical
services and consequent business
interruption outside normal
working hours
Risk of one or more of the key service being unavailable due to failure of on-call/call-out
procedures.
Risk that service level agreements do not adequately cover out-of-hours incidents.
Risk that reliance on single suppliers means inadequate cover for out-of-hours incidents.
8 8 64 CIO Maintenance contracts in place with key suppliers.
Review and where appropriate enhance SLAs with key suppliers.
Proactive service monitoring
Service Catalogue in development
Examine feasibility of formal on-call arrangements for IT Services staff.
50% 32 32 Existing
Information Systems
and Services
Risk of inadequate or ineffective
Information Systems Strategy,
Operational Plans, or Project
Management
Risk of inadequate, ineffective or inappropriate strategy for Information Systems and Services
Risk of underdeveloped policies in relation to Information Systems and Services
Risk that new IT initiatives are not fully aligned to the University strategy or benefits are not
realised due to resistance to change.
Risk of inadequate project management including: incomplete specification of requirements;
incomplete testing; poor execution of data/system change requests; lack of resources;
inadequate project management discipline and experience
8 6 48 CIO Governance/oversight of IT Services
IT Management Steering Committee
Professional IT Services management and staff.
Recruitment of additional staff in IT roles
Increased focus on management of IT systems
Developing Service Descriptions of supported services.
IT Services workplan
Projects use an appropriate project management methodology.
PMO established and process in place for projects
Testing resources in place
Dedicated and assigned business analyst for each key system
Project Management resources in place
Project risk registers developed
40% 29 New
Governance Risk of inadequate Risk
Management Framework
Risk that risk management policy is inadequately documented.
Risk that risk management not adequately governed by Governing Authority and Audit and Risk
Committee.
Risk that University Executive is not properly engaged in risk management process.
Risk that risk management process does not comprehensively capture the risk profile.
Risk that the University fails to assess, document and mitigate the risks associated with new
ventures, diversification of operations, or subsidiaries.
6 8 48 Secretary Risk considered by UE in all new ventures
Internal audit reports on risk monitored by ARAC including a review of the
implementation of previous findings
Report from ARAC to each meeting of GA
Periodic consideration of risk register by UE and ARAC
Risks associated with all decisions considered by UE
Dynamic, live reporting of risks to Secretary as they arise.
20% 38 New
MU Risk Register 2019 Q3 6 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Governance Risk that there is a failure of
oversight
Risk that Governing Authority fails to properly oversee the strategy and operations of the
University
Risk that Governing Authority Committee structure is does not properly support the Governing
Authority in its oversight role.
Risk that Governing Authority is not properly informed or briefed on issues relevant to its remit.
Risk that governance structures fail to provide proper oversight of subsidiary and associate
companies.
8 6 48 Secretary Ongoing training provided to Governing Authority.
Code of Corporate Governance adopted.
Sub-Committees of Governing Authority with clear Terms of Reference
revised early 2016.
Annual Governance Statement published.
Risk Register in place.
Codes of Conduct for GA members and Staff have been adopted.
University contributing to sectoral Governance initiatives.
Independent Chairperson of Governing Authority and Audit and Risk
Assessment Committee.
Review of the Effectiveness of Governing Authority carried out in 2019.
Financial Statements and detailed notes presented annually to Governing
Authority.
Delegation of authority to the President in relation to subsidiaries (to be
reviewed and updated in line with code of governance)
30% 34 25 Existing
Governance Risk of inadequate governance
documentation
Risk that Governing Authority role, procedures, delegations and regulations are not adequately
documented.
Risk that Governing Authority processes and procedures are not properly aligned with 2019
Code of Governance.
Risk that Governing Authority decisions and actions are not adequately documented or
tracked.
6 8 48 Secretary GA operates in accordance with the Universities Act 1997 and Code of
Governance.
GA has had an external review of its own effectiveness.
New GA comes into office in November 2019 and will implement the
recommendations of the effectiveness review.
40% 29 New
Governance Risk that there is a breach of data
protection regulations
Risk that personal data is compromised
Risk that data is used for a purpose other than that for which it is provided
Risk that policies in relation to data retention and data distribution not followed
Risk that academic researchers fail to secure personal data
8 7 56 Secretary Policies called for by GDPR are in place
Consent sought from students in relation to information use at registration
GDPR training provided
RDO Policy aware of GDPR and obligations on researchers (including the need
for Data Privacy Impact Assessments)
Data Retention Schedules exist and published
50% 28 New
Governance Risk that Maynooth University
incurs a liability arising from a lack
of clarity with regard to the legal
arrangements with SPCM.
Risk relating to liability in relation to works/artefacts held in Libraries.
Risk relating to conflict regarding the ownership of Public Liability relating to incidents /
accidents on campus.
Risk of Maynooth University liability in relation to SPCM student welfare and safety.
6 4 24 Secretary Detailed legal agreement covering property issues between SPCM and
Maynooth University until October 2020.
Formal arrangements in place for sharing of costs between the two
institutions.
Good relationship between the two institutions.
Regular meetings held between Senior Managers of both Institutions.
Maynooth University have insurance cover and asset register.
20% 19 19 Existing
Financial Risk that University has
insufficient financial resources to
support achievement of strategic
objectives
Risk that the HEA will propose a new funding model which fails to recognise the scale, quality
and diversity of University activity.
Risk that state funding fails to grow at the same rate as student enrolment.
Risk that the state fails to invest appropriately in higher education (capital and recurrent).
Risk that University income is insufficient to meet the goals set down in the University Strategic
Plan 2018-2022.
Risk that the University fails to compete successfully for competitively-awarded capital and
infrastructure funding.
Risk that the University fails to compete successfully for competitively-awarded teaching and
learning funding.
8 8 64 Bursar Further diversification of income sources being examined.
Case being made to HEA for appropriate performance matrix and effect on
recurrent funding.
Clear UE focus on specific responsibility areas ensuring best possible
submissions to funding agencies.
Documented policies and procedures on income and expenditure.
Use of external and internal auditors.
Adherence to HEA guidelines on Financial Statements and borrowings.
C&AG reviews and audit controls.
Experienced finance staff.
Relationship building with HEA, DES and other agencies.
Regular Finance /Business Unit review.
Shared UE decision-making about long-term financial commitments.
Long term planning in place.
EIB loan in place.
Aged debts followed up annually by Fees and Grants under supervision of the
Director of Finance.
Fees policy under development.
25% 48 45 Existing
MU Risk Register 2019 Q3 7 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Financial Risk of breaching Procurement
policies
Risk that budget holders directly procure products or services in breach of procurement policy
and guidelines.
Risk that budget holders expend funds without acknowledging the advertising requirements of
the funding agency.
Risk that budget holders put the University at risk by entering into contracts / agreements with
third parties that do not have adequate insurance or health and safety procedures in place.
Risk that budget holders “roll-over” or extend contracts / framework agreements outside of
legally allowable time-frames.
Risk that third parties may become involved in University contracts without adequate
assessment.
Risk that Procurement Office is not involved appropriately or in a timely manner in major
procurement decisions.
Risk that IReL procurements are not fully in compliance with Directives.
8 7 56 Bursar Ongoing communication of Maynooth University procurement policies with
budget holders.
Regular training programme available for buyers.
Advertising and financial compliance now highlighted to PI by RDO with
additional training at award kick-off meetings.
Use of specialist legal advice.
Growing participation in collaborative procurements with OGP and EPS.
Growing availability of centrally procured categories of service and supply.
Procurement Office maintains Contracts Register for all goods and services
contracts procured via National and EU procurement process with details of
contract duration and renewal options.
Internal audit examines an element of procurement on an annual basis.
Regular independent third-party audits implemented on behalf of funding
agencies and University.
Internal contracts manager with specified responsibilities appointed on all
new procurement contracts.
Procurement Policies updated in 2017/2018.
PIN notice published for all IReL purchases.
40% 34 39 Existing
Financial Risk of poor financial and budget
planning and poor budget control
Risk that financial and budget planning are not well aligned to strategic plan.
Risk that financial plan is based on incorrect assumptions.
Risk that new initiatives are not properly costed and inadequate budgets provided.
Risk that investments are made in subsidiary companies, associated companies, joint ventures
or new ventures without proper and complete business plans.
Risk that new initiatives are established but associated income streams are unsustainable.
Risk that specific income streams for specific activities will be unexpectedly reduced or
terminated leaving the University with an unanticipated liability.
Risk of inability to withdraw resources from areas of reduced performance or strategic
importance.
Risk that the resource allocation mechanism used in the University will prove inappropriate or
inflexible.
Risk of overspend due to lack of “accruals/commitment” based procurement system.
Risk that individual budget holders may not take responsibility for budget (or feel that they
have no effective control).
Lack of up-to-date spending information because purchase order processing is not universally
available.
7 7 49 Bursar University medium-term enrolment plan in place, with associated financial
projections.
Resource Allocation Model which recognises how income is earned and the
strategic intent of the University being implemented.
Regular reporting of budgetary position to University Executive and
Governing Authority.
Finance introduced a business partner model to assist with budgeting and
control.
Availability of full economic cost system outputs.
New budget control reports agreed in 2016/17 and available from 2019.
Regular analysis of actual vs projected budget.
Reviews of spending with key department heads (including forward
projections).
Daily circulation of spending data to budget holders including PIs.
Improved financial feedback to PI from new financial information system.
Payment sign-off procedures in place.
Purchase Order Processing partially implemented
40% 29 29 Existing
Financial Risks stemming from poor
financial controls
Risk of failure to collect fee revenue and bad debt.
Risk of error.
Risk of fraud.
Risk of non-compliance with tax regulations/rules.
Risk that related entities such as MSU or subsidiary companies, associated companies, joint
ventures, campus companies have poor financial controls, create vicarious liabilities unknown
to the University, or make inappropriate investment decisions which cost the University.
Risk related to the management and control of credit cards.
Risk related to the incomplete implementation of the purchase order processing system.
8 7 56 Bursar System of Internal Financial Control within clear organisation structure.
Systematic expenditure reviews.
Fraud policy under development.
Internal Audit Programme.
Cyber security and phishing training and awareness provided by IT Services.
Recommendations following Audit Report being implemented and monitored
by internal audit.
Tax consultants engaged.
Expenditure control policies adopted, training provided and available to all
on web.
New investments require business plan, with external peer review for
detailed monitoring of investments by Finance team.
Regular review of related entities.
The administration of Clubs and Societies transferred to the University.
Credit card management policy agreed in 2019.
Purchase order processing system at roll-out stage.
50% 28 18 Existing
MU Risk Register 2019 Q3 8 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Financial Risk of underinsurance Risk that the University has inadequate insurances.
Risk that research projects expose the University to significant uninsured risks.
Risk that Buildings are inadequately insured.
Risk that staff or students undertake activity with insurance requirements without University
oversight.
Risk that not all research activities are properly insured, especially clinical trials.
7 6 42 Bursar Member of Intervarsity Insurance Group.
Appointment of professional insurance brokers to advise the University on
Insurance matters.
RDO monitor research applications for insurance issues.
Annual review of building insured values by Campus Planning and
Development Office.
New buildings added to Insurance Register on completion.
New insurance products and risks reviewed on annual basis.
Campus Services ongoing review of new activities proposed or undertaken.
40% 25 25 Existing
Estates and Campus
Services
Risks in the delivery of capital
projects
Risk that capital projects are not appropriately overseen and governed.
Risk that projects are not adequately or appropriately specified and thus do not deliver on
strategic objectives or user needs.
Risk that projects exceed budget.
Risk that projects are delayed.
Risk that projects proceed without appropriate approvals.
Risk that projects do not comply with public procurement or funding agency rules and
guidelines.
Risk that contractors go out of business during/before completion of Maynooth University
projects.
Risk that the contractor or the University are not appropriately insured.
8 7 56 VPECD VPECD appointed
Capital Development Sub-Committee established and chaired by President
Capital projects management processes agreed
Campus master plan in place following extensive consultation
Capital development plan in place
Brief development and consultation phase prior to initiation of any capital
projects
Stage reports prepared and presented to Capital Development Sub-
Committee for approval
Governing Authority and FHRDC role defined, capital programme update to
every meeting
Regular workshops and communication with project stakeholders
CPD Office is focussed on Capital Projects
Close monitoring of financial strength of contractors at both Tender and
Construction stages
Process in place to ensure that the contractor can secure the appropriate
insurance cover and project specific performance bond, before contracts are
awarded.
25% 42 45 Existing
Estates and Campus
Services
Risk that space and facilities will
be inadequate for growing
numbers of students and staff
Risk of inadequate teaching and learning spaces.
Risk of inadequate student learning, social and recreational space and facilities.
Risk of inadequate research space.
Risk of insufficient student accommodation.
Risk that buildings and spaces are not inclusive and do not comply with accessibility standards.
8 8 64 VPECD Campus master plan in place following extensive consultation
Capital development plan in place
Formal enrolment planning
EIB loan funding in place, HESIF funding secured and further finance sought
Detailed space review carried out in 2018 to support physical infrastructure
planning
Plans for additional student accommodation
Access audit under way
35% 42 42 Existing
Estates and Campus
Services
Risks relating to students, other
persons residing in campus
accommodation
Risk of serious injury in the event of fire, gas explosion, lift failure.
Risk of unauthorised access and break-ins including risk of assault of students or staff.
Risk of reputational damage to University due to anti-social behaviour.
Risk to students with disability where the fire alarm fails to alert them.
Risk to students with physical disabilities who need emergency evacuation.
Risk associated with use of former boiler rooms/store rooms as additional unofficial rooms in
residences.
Risk of failing to provide adequate pastoral supports for students in on-campus
accommodation.
9 6 54 VPECD Fire Management Programme in place, including regular fire drills, clearly
displayed Fire Evacuation procedures, regular inspection of fire alarm,
emergency lighting, gas systems, boilers, lifts and other plant elements.
Individual apartment domestic gas boilers have been replaced with
commercial boiler rooms serving blocks which allow greater controls and
safety features
Security personnel based on campus 24hrs, CCTV camera infrastructure
upgrade ongoing, arrangements for controlled access to plant rooms in place
Induction programme for all new students staying in campus residences
includes a briefing on fire safety, security and on disciplinary code, licence to
reside states the responsibilities of residents
Liaison with Conference Office during conference period
Personal Emergency Evacuation Plans (PEEPs) are prepared by the Access
Office in conjunction with Campus Services for students with special needs,
including safe egress, deaf alerts, etc.
Regular contact with neighbouring Residents’ Associations
35% 35 35 Existing
MU Risk Register 2019 Q3 9 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Estates and Campus
Services
Risks relating to work carried out
on University property by external
contractors
Risk that personnel may be injured by high risk activities e.g. work at heights, entry into
confined spaces, work on electrical services, work on diverting essential services.
Risk that unauthorised work is undertaken by unapproved personnel.
7 7 49 VPECD University has list of approved and insured contractors, procurement of
contractors carefully considers appropriate management and personnel
competencies, insurance, turnover, tax clearance, and health and safety
experience
Contractor site rules developed in October 2018, oversight of contractors
added to Health & Safety Sub-Committee Terms of Reference
Method Statements required for all high-risk activities, including Permit to
Work systems developed for Electrical, Work at Heights, confined Spaces,
Excavations and Hot Work activities
Regular inspections of building works, and liaison with Safety Office and
Security staff
Up-to-date building safety file maintained by Campus Planning &
Development Office
Annual review of insurance programme
40% 29 29 Existing
Health and Safety Risk relating to older buildings
which do not conform to modern
safety standards
Risk due to poor access for disabled staff/students.
Risk due to limited means of escape from older multi-storey buildings.
Risk due to lack of safe access for maintenance staff/contractors.
Risk due to poor fire separation.
Risk of structural weaknesses.
Risk of overcrowding.
Risk due to absence of accessibility audit of University campus.
Risk associated with timing of South Campus lease renewal.
8 7 56 VPECD Programme for upgrade of older buildings is ongoing to enhance compliance
with access and safety requirements
PEEP Plans are prepared by the Access Office in conjunction with Campus
Services for students with special needs
Fire risk assessment of existing buildings are reviewed on an ongoing basis,
including assessment of structural risks, accessibility, and building systems
Actions taken to mitigate risks identified through collaboration between
Safety Office, Campus Services and Capital Planning & Development Office
30% 39 39 Existing
Health and Safety Risk relating to Fire, Explosion,
and Extreme Weather Conditions
Risk of injury to staff and students, damage to property & contents, and risk of disruption to
business of University, due to fire or explosion.
Risk of fire spreading in a building due to inadequate or poor fire separation.
Risk of injury due to some older buildings (particularly some pre-fabricated units) being in poor
condition.
Risk of injury to staff and students, damage to buildings and contents and risk of disruption to
business of University due to extreme weather conditions (including flooding).
Risk that personal emergency evacuation plans are not in place for staff and students with
disabilities.
Risk to all persons on campus from falling trees, particularly on the south campus where the
tree age profile is much older.
9 6 54 VPECD University Health and Safety Sub-Committee incorporates representation
from all levels of the organisation, and now reports to the University
Executive
University Safety Policy Statement reviewed in 2018, and Departmental
Safety Statements are audited on regular basis
Major Emergency and Critical Event Response Plan (including adverse
weather conditions) approved in 2019, pre fire planning reviewed on an
ongoing basis, emergency file developed for campus buildings
Health and Safety Office information available on website, and Department
Guidelines for staff and students on avoidance of risk are in place
Regular Health and Safety Training in key areas, fire safety, fire wardens, safe
pass, chemical risk assessment, and first aid
Regular inspection and maintenance of fire alarm, emergency lighting, gas
pipeline, regulator, proving and detection systems, boilers, pressure vessels,
lifts and other plant elements.
Building design guidelines issued to design teams emphasising building
regulation compliance with respect to fire, access and egress
Active tree management plan in place
Procedures for contractors working on site
40% 32 43 Existing
Health and Safety Risks relating to fieldwork and off
campus assignments
Personal injury and/or loss of or damage to equipment when students and or staff are engaged
on off-campus research.
Personal injury, illness, or death of students or staff studying or teaching abroad.
9 6 54 VPECD Guidelines on fieldtrips included in model safety statement
Guidance provided to departments on health and safety in fieldwork by the
University Health and Safety Office
University Travel Policy and relevant insurances in place for staff,
postgraduate students and undergraduate students participating in fieldwork
abroad as part of their course requirements.
Travel Insurance in place for Study Abroad
40% 32 32 Existing
MU Risk Register 2019 Q3 10 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Health and Safety Risks relating to dangers linked to
hazardous substances
Risk of physical injury in a teaching/research laboratory due to an accident associated with
handling dangerous chemicals, biological or radiological agents, including carcinogens,
mutagens, teratogens, etc.
Risk of contamination by hazardous substances (including chemicals, radioactivity, biological
hazards and GMOs), either during use or in storage.
Potential health risks to staff, students and contractors due to accidental exposure to asbestos.
8 5 40 VPECD Risk assessments for all laboratory activity and defines clear management
practices for the use, storage, collection and disposal of all laboratory
materials. Department Safety Committees in place, internal safety audits,
inspections and regular spot checks are carried out.
Access control to high risk laboratories
Updated Safety Guide for Laser Use
There is a secure ventilated and bunded storage yard at a central location to
collect laboratory waste prior to its disposal. Biohazard waste is autoclaved
and disposed of through an appropriate registered waste contractor.
The University has a license from the Environmental Protection Agency for
the use of controlled ionising radiation material. A security review was
carried out by Gardai in conjunction with the EPA in May 2018. Radiation
Protection Officer (RPO) appointed to advise and monitor on the use of
ionising radiation. Radiological Protection Advisor appointed whose role is to
carry out an independent audit and training on a structured basis of the
radiological activities and to produce a resulting report to the RPO. A security
review was carried out by Gardai in conjunction with the EPA in May 2018.
An Intervention Plan for radioactive sources was updated in October 2018 is
reviewed regularly.
Instruction and training of staff and students for hazardous materials is
mandatory
Asbestos Register in place and ongoing programme of asbestos removal from
older buildings;
Regular liaison with Fire Brigade and Garda Síochána
45% 22 22 Existing
Health and Safety Risk that incident reporting and
management is inadequate
Risk that incidents are not properly reported.
Risk that incidents are not optimally managed.
Risk that the University fails to learn from of incidents referred to insurers or handled locally.
Risk that recurring themes in incidents are not recognised and addressed.
5 6 30 VPECD Clear and documented reporting procedures in place. All incidents reported
to H&S Committee
Log kept of all incidents, including all matters referred to insurers
High risk issues and recurring themes identified, quantified and addressed
30% 21 New
Health and Safety Risk of injury to a member of
staff, student or the public on
campus
Risk of injury due to poor buildings or grounds maintenance.
Risk of injury from authorised or unauthorised use of equipment, including laboratory
equipment.
Risk to visitors not complying with H&S regulations in laboratory areas.
Risk of serious cyclist or pedestrian injury in traffic accident on campus.
Risk that access for emergency vehicles onto campus may be impeded.
7 4 28 VPECD Regular inspection and preventive maintenance programme
Regular liaison with Safety Office
Notices in place at all entrances on Campus Regulations – Updated October
2018
Supervision of undergraduate students and visitors in laboratories
Traffic Management Policy in place, close liaison with Traffic Management
team and wider stakeholders
Regular reporting of accidents to the Health & Safety Committee, identifying
corrective action where appropriate to prevent re-occurrence.
60% 11 11 Existing
Security Risk of serious incident or attack
on campus
Risk that injury or death may occur as a result of an attack on campus. 9 4 36 VPECD Security risk reduction mechanisms in place
Close liaison with local and national Garda authorities
Training Plan in place for Security Team
Additional resources deployed for higher risk events
30% 25 25 Existing
Security Risk that security for special
events and VIP visits is inadequate
Risk of damage, injury or other adverse incident during visits to campus.
Reputational risk to University of adverse incidents involving visitors to campus.7 5 35 VPECD Close liaison with relevant University functions regarding visits/events
Close liaison with local/national Garda authorities
Contingency plans prepared
Procedures relating to student/other protests agreed in advance with
relevant stakeholders
Additional security resources deployed as required
35% 23 23 Existing
Security Risks relating to cash handling Risk that staff may be placed in danger due to presence of cash on campus. 6 5 30 VPECD In house cash transactions dramatically reduced
Fees no longer accepted in cash50% 15 21 Existing
MU Risk Register 2019 Q3 11 of 12
Risk area Main risk Sub-risksSeverity
(1-9)
Probability
(1-9)
Raw
RiskUE owner Risk Mitigation and Management
Risk
reduction
Residual risk
2019
Residual risk
2017
Existing
New
Removed
Security University property is damaged,
stolen or accessed by
unauthorised persons
Risk of loss of computers or other devices with sensitive data.
Risk of loss of research information, samples or data.
Risk of theft or criminal damage of university property.
Risk of theft or criminal damage of personal property.
Risk of assault.
Risk of theft of property.
5 5 25 VPECD General Services Manager appointed with responsible for security, and an
appropriately structured and resourced security team
Security staff on campus 24 hours a day with 24/7 operations room, active
Campus Watch programme, ongoing review of security to meet evolving
campus needs
Excellent liaison between Security, Campus Services, Campus Planning &
Development Team and wider University stakeholders, regular security
information campaigns
Student Residence supervisory team on campus at all times, including
overnight residences security
Ongoing upgrade programme for CCTC, access control, external lighting
including car registration capture installed at the campus
Specialist advice regarding the safeguarding of priceless artefacts
All student cards are now on the access control system.
Student Orientation incorporates information on security and personal safety
Campus insurances reviewed regularly with key stakeholders and service
provider
52% 12 13 Existing
MU Risk Register 2019 Q3 12 of 12