Risk Management Information

Information on the University Risk Management framework, policies, guidance and practical risk management tools.

The University’s Risk Management Framework consists of the standards, policies, culture, responsibilities, and governance and reporting structures within which the risk management process is applied. 

Strategic direction for Risk Management is set by University Court, and is detailed in the University of Edinburgh Risk Management Policy & Appetite Statement (document will be added here when available).

The international risk management standard, BS/ISO 31000:2018, defines the risk management process adopted by the University. Its application can be viewed on a continuum from the informal factoring of basic risk information into routine business decisions, to the formal conduct of detailed risk assessments as part of University-wide strategic planning. 

Regardless of scope, the process remains the same. Along the continuum of risk management, three basic perspectives emerge. These are:

  • Enterprise Risk Management (ERM); 
  • College, Group, and operational risk management; and 
  • The delivery of central risk management programs and services.

The following documents form the foundation of the University’s risk management framework:

4Risk Management System for use by most organisations across the University 4Risk Version 2 (Requires registration). Contact Risk Manager for setup.

4Risk Summary Guide (2.25 MB / DOCX)

For more information and for practical advice on implementing the risk management process, conducting risk assessments, and various tools and templates, see Section 2 of the University of Edinburgh Risk Management Guidance Manual.