Risk Management
In an increasingly complex and dynamic world, effective risk management is essential to organisational resilience and sustainable growth. Our comprehensive risk management services help the university identify, assess, and mitigate potential threats while capitalising on emerging opportunities.
understanding risk
Risk is the inherent uncertainty that accompanies every strategic decision. Defined by ISO 31000 as "the effect of uncertainty on objectives", risk encompasses both potential setbacks and unexpected opportunities.
Managing Uncertainty
Managing this uncertainty requires more than awareness; it requires structure. The Three Lines of Defence framework provides a clear and deliberate way to distribute responsibility, oversight, and assurance, ensuring risks are owned, supported, and independently reviewed in a coherent and effective manner.
First Line of Defence
The First Line of Defence sits within daily operations and is directly responsible for managing risks as they arise in processes and activities. This line ensures risks are identified early, controls are applied consistently, and mitigation actions are executed effectively as part of normal business operations.
Second Line of Defence
The Second Line of Defence oversees risk management by establishing frameworks, policies, and guidance. This line monitors the effectiveness of risk practices, reviews the quality of risk registers and mitigation actions, and ensures risks are escalated appropriately to support informed decision-making.
Third Line of Defence
The Third Line of Defence provides independent assurance to leadership on the effectiveness of risk management and internal controls. This line validates whether risks are managed as intended and whether governance processes are operating effectively and objectively.
ASSESSING RISK
Probability ✕ Impact Matrix
Risk assessment in UTM typically evaluates uncertainty through the combined lens of probability and impact. This approach helps distinguish between risks that are unlikely but severe and those that occur frequently with manageable consequences, enabling informed decision-making and proportionate risk responses.
Risk Probability (P)
Magnitude of Impact (I)
Risk Ranking
Low (Green)
Moderate (Yellow)
Significant (Orange)
High (Red)
Step 1: Understand the Context
Understand UTM’s strategic objectives and day-to-day operational activities at the relevant portfolio or PTJ level. Identify how strategic priorities translate into operational processes, services, projects, and routine activities.
Step 2: Identify & Analyse Risks
Identify risks that may affect the achievement of objectives. Assess each risk based on the likelihood of occurrence (Probability) and the severity of consequences (Impact).
Step 3: Prioritise & Respond
Determine the overall risk level using the risk matrix. Prioritise risks based on severity and define appropriate risk responses, controls, and mitigation actions.
Ready to dive into risk assessment? This template is designed to simplify risk assessment by bringing probability and impact together in a clear, structured format. By using a common approach, PTJs can develop a shared understanding of risk severity, support better prioritisation, and strengthen risk-informed decision-making.
managing adhoc risk
Project Risk
Every project carries uncertainty — in scope, timelines, resources, and outcomes.
Project Risk focuses on identifying and managing those uncertainties early, so projects can move forward with clearer decisions and fewer surprises.
Unlike operational risk, which looks at ongoing activities, project risk is specific to a defined initiative. It is owned by the project lead and assessed in the context of the project’s objectives, constraints, and delivery plan.
By understanding where things could go wrong — and how serious the consequences might be — teams can take practical steps to reduce disruption, protect resources, and keep projects on track.
What it is
Project Risk looks at uncertainty within a specific project — from planning through delivery.
It focuses on things that could affect:
- scope and timelines
- cost and resources
- deliverables and quality
- stakeholder expectations
The goal is simple: spot potential issues early, and take action before they disrupt the project.
Who owns it
Project Risk is owned by the Project Lead.
The Project Lead is responsible for:
- identifying project-specific risks
- assessing how likely they are to occur
- understanding how big the impact would be if they do
- putting mitigation actions in place
Risk Managers support the process by providing guidance, tools, and assurance — but accountability stays with the project owner.
Collaboration Risk Assessment
Collaboration brings opportunities — but also uncertainty. This assessment helps UTM understand potential risks early, so decisions are informed, proportionate, and well governed.
Collaboration Risk Assessment
Collaboration brings opportunities — but also uncertainty.
This assessment helps UTM understand potential risks early, so decisions are informed, proportionate, and well governed.
1. Understand the Collaboration
Describe what the collaboration is about, who is involved, and how it supports UTM’s objectives. This step ensures everyone shares the same understanding before risks are assessed.
2. Identify & Assess Risks
Identify risks related to policy, finance, operations, legal matters, reputation, and other relevant areas.
Each risk is assessed based on:
-
How likely it is to happen, and
-
How big the impact would be if it occurs.
Existing controls and mitigation actions are also considered.
3. Decide, Approve & Monitor
Based on the overall risk level, determine whether the collaboration can proceed, requires conditions, or needs further mitigation. The assessment is endorsed by the relevant authority and kept for future reference and review.
ASSESSING COLLABORATION RISK
Watch the Guide
This short walkthrough shows how to fill in the collaboration risk assessment form step by step — from basic information to risk rating and approval.
Need Further Assistance?
If you are unsure how to assess a risk or complete any section of the form, our team is here to help.
Generic Project Risk Assessment
This generic template can be used to assess risk for any activity or project. It is designed to fit most use-cases.
