Table of Content

No Title Pages

Risk Management Committee

Risk Management Process

Risk Identification

Risk Measurement

Selection of Risk Management Technique Risk Reporting and Monitoring

10

12

Page 1

Risk Management Committee

a) Position Director See Choong Leong Vice director Lim Bing Huang Secretary Ng See Kai Treasurer Si Mingshan

b) Objective Establish a Risk Management Committee to oversee the Risk Management process as a whole.

c) Role The Risk Management Committee advises the Universiti Utara Malaysia on risk management, and submits its annual report to HEA (The University Executive Committee). To oversee the Risk Management process of the University as a whole. To recommend an appropriate risk appetite or level of exposure for the University. To ensure compliance with government or relevant guidelines. To identify and quantify fundamental risks affecting the University, and ensure that arrangements are in place to manage those risks. To ensure that extreme risks are adequately dealt with in disaster recovery or business continuity plans and these plans are up to date and regularly tested. To help embed a risk management culture into a major decisions, through risk education, high level controls and procedures. To identify and consider major decision affecting the universitys risk profile or exposure. To recommend to HEA (The University Executive Committee) a suitable risk management policy for the University.

Page 2

Risk Management Process

Significant risks are identified, ranked, monitored, and have appropriate controls. Where the risk appetite, probability or impact changes, or where the controls are found to be inadequate, they will be enhanced accordingly. Risk Management has and will continue to be embedded into the strategy, culture and operations at the University, within a framework that links strategic plans, priorities, risks, internal controls, audit strategy and performance management.

Risk Identification
Risk identification is generally considered to be the most difficult step in the risk management process. In the process of identifying risks, a business entity is able to learn about the areas where it is exposed to risks in order for it to develop information on the sources of risks, hazards, perils and loss exposures. A strategic approach to risk management depends on identifying risks against key universitys objectives. Operating within this framework helps to ensure a consistent approach across the university and enables a clear structure to be established.

a) Finance Inadequate government funding University failure to adequately government fund, Evaluation of over 50 projects in university showed that around 25% of the projects scored low on community participation and were compromised by inadequate government funding and weak local health systems. Inadequate Health Economic Unit funding It is commonly believed that economic evaluation is hostile to health promotion and that the requirement for health programs to be cost effective will result in a distortion in the allocation of funds towards programs that can demonstrate short-run benefits as defined by inadequate outcome measures. Poor financial planning

Page 3

Having sufficient capital is essential for the survival and prosperity of the universitys operation, and is a primary indicator of your financial' health. It is important to create a high-quality financial plan to attract and secure the right type and amount of funding that needed to make financial planning successful. Lacking of contingency plan may result in poor financial planning also. Crime loss exposures Despite the impact of the actual property loss, there are potential liability losses resulting from criminal acts by employees or others directed or allowed to commit crimes on the university assets. The starting point for analyzing and controlling the loss is determining the function of the key employee and the resulting loss severity. Fidelity losses result from employee dishonesty, robbery and burglary committed on insured premises and cheque forgery. Failure to manage pension costs Failure to manage pension costs identified as their number one concern the economic risk of facing higher than expected pension costs. Among sponsors, 93% identified accounting risk and the balance sheet volatility created by the difference between the reported cost of pensions on the company's books and the real cost of pensions provision. It is because of this separation of powers that many sponsors fail to manage pension risks at all.

b) Academic Failure to articulate academic priorities Articulating problems of living, personal, social and global that unable the university to attract funding, new students, staff in order to articulate academic priorities. Failure to recruit or retain academics and other senior staff They indicated that they have difficulty recruiting staff at the same time as some of them are losing those they have. Most of whom were of the rank of senior lecturer have, for example, resigned in the last three years, mostly to take up positions with local and international organizations outside of academia. In those departments where there is no significant attrition, the problem of recruitment is nevertheless a reality. They cannot compete with other institutions because, as one senior lecturer intimated, This is a

Page 4

departure from the past where at the lecturer level salaries are very high, and markedly better than those available in both the public and private sectors.

c) Governance and Compliance Inadequate governance structure Inadequate governance of organizational networks and the impact of governance on network effectiveness. Three basic models, or forms, of network governance are developed focusing on their distinct structural properties. Propositions are formulated examining conditions for the effectiveness of each form. Failure in research conduct They might faces the risk of misconduct in research such as fabrication, falsification, plagiarism, or other practices that seriously deviate from those that are commonly accepted community for proposing, conducting, or reporting research. They might fail to oversee and facilitate the conduct of ethical research.

d) Administration Failure to manage or develop estate They might faces the risk of unable to manage and analyze complex data, fail to communicate effectively, bad team leadership; poor time management; the use of information technology and unable to apply theory to its daily practice. They might exposed to the risk of unable to clearly define and properly document the contractual relationship, rights and obligations of the respective parties involved in the real estate. Failure to provide adequate ICT systems or infrastructure They may unable to provide adequate ICT infrastructures and the construction of new buildings to accommodate the ever-increasing student number. They might also faces lacking computer, outdated equipment and fail to satisfy the student needs. This might give detrimental impact on research, teaching and administration. Failure to provide adequate student administration The risk of bad service might exist and this might damage universitys reputation. University might face the risk of being complain by the customer of its caf regard the unreasonable food price and the service attitude of the hawker. Bad condition of the

Page 5

hostel in university, the breakdown of university official website will also become a questionable topic by students.

e) Health and Safety Failure to manage Health and Safety issue University exposed to hazards in relation to works at construction sites such as power access equipment, ladder, roof work, manual handling, plant and machinery, excavation, fire and emergency, hazardous substances, noise, protective clothing and protection to public. They might also face the risk of fail to manage the accident which has happened such as the injury due to the slippery road. Health and Safety failure on building project University might suffering from the financial loss arise from accident due to unhealthy behavior of a student or hazardous condition in the campus. Disease and disability resulting from unhealthy habits like these impose enormous costs. There is also a possibility for University to damage its reputation.

f) Fundamental Flood A flood is an overflow of an expanse of water that submerges land. Flood is a temporary covering by water of land not normally covered by water. In the sense of "flowing water", the word may also be applied to the inflow of the tide. Floods can also occur in rivers, when flow exceeds the capacity of the river channel, particularly at bends or meanders. Floods often cause damage to homes and businesses if they are placed in natural flood plains of rivers. While flood damage can be virtually eliminated by moving away from rivers and other bodies of water, since time out of mind, people have lived and worked by the water to seek sustenance and capitalize on the gains of cheap and easy travel and commerce by being near water. That humans continue to inhabit areas threatened by flood damage is evidence that the perceived value of living near the water exceeds the cost of repeated periodic flooding.

Page 6

Risk Measurement
Measuring risks is the second step in the risk management process. In measuring risks, a business entity evaluates loss frequency and loss severity and then ranks the risks according to their importance. Size of Risk Impact Guide The Impact guides are only use for guidance, the table below showed the risk rating usually used. Severity descriptors 1 - Insignificant 2 - Minor Negative outcomes from risks or lost opportunities that are unlikely to have a permanent or significant effect on the Universitys reputation or performance 3 Moderate Negative outcomes from risks or lost opportunities that will have a significant impact on the University but can be managed without major impact in the medium term 4 - Serious Negative outcomes from risks or lost opportunities with a significant effect that will require major effort to manage and resolve in the medium Financial loss up to 2% of total turnover in any year Limited regulatory consequence Local adverse publicity of Subject area adverse publicity Major reversible injury Financial loss over 2% of total turnover in a single year Major savings programme required to break-even in the medium term Significant regulatory
Page 7

Possible consequences No impact Less than <0.5%of total turnover financial impact No regulatory consequence Minor adverse publicity Minor reversible injury

Examples*

University sued successfully for wrongful dismissal

Lecturer has a work related injury e.g. slips

Major IT project is late or overspent Contractual staff injured due to University negligence

Loss of a major contract

Research team found to have falsified results with a major impact e.g. on health issues

Major overseas recruitment problems due to war or

term but do not threaten the existence of the institution in the medium term

consequence Negative headlines in the national press Irreversible injury or death

terrorism may have the potential to escalate to very serious University financial systems fail completely and cannot be recovered

5 Very serious Negative outcomes from risks or lost opportunities which if not resolved in the medium

Financial loss (or loss of potential financial surplus) over 2% of turnover for consecutive years Substantial regulatory consequence

Major accident due to University negligence Major fire that prevents a substantial part of the University delivering courses

term will threaten the existence of the institution

Sustained negative headlines in the national press Closure of major part of business Irreversible multiple injury or death

Collapse in student application numbers Sustained failure to recruit staff

Frequency of Risk Likelihood Descriptor 1 Very low 2 Low 3 Medium 4 High 5 Very high Likelihood 2% likely to happen 5% likely to happen 10% likely to happen 20% likely to happen 50% likely to happen

Page 8

Severity of risk 1 Insignificant 2 Minor 3 Moderate 4 Serious 5 Very serious

Total risk score guide (frequency x severity) Descriptor 0 6 Low Guide Low level of risk, should not require much attention but should be reviewed at least annually 7 12 Medium Medium level of risk, should be monitored and reviewed annually as a minimum, 6 monthly if necessary 13 18 High High level of risk, should be constantly monitored and reviewed quarterly or 6 monthly. 19 20 Very high Top level of risk, should be constantly monitored and reviewed monthly.

Page 9

Selection of Risk Management Techniques

Selection of risk management techniques is the third step in the risk management process. After measuring the risks, it is able to rank the risks according to their importance and select appropriate techniques to manage these risks. Three major types of risk management technique are risk avoidance, risk control (loss prevention and loss reduction) and risk financing (risk retention and risk transfer).
Code Risk Frequency Severity Risk score Measures

Risk area

Finance

F1

Inadequate government funding

High

Serious

15

Lobbying, cost control (recruitment protocol, budget savings, capital moratorium)

F2

Inadequate Health Moderate Economic Unit funding

Serious

12

Costing policy, monitoring of trends, research health economic unit

F3

Poor financial planning

Low

Moderate

Financial planning system, longer-term planning

F4

Crime loss exposures

Low

Moderate

10

Criminal activities report, managerial controls, procedural controls

F5

Failure to manage pension costs

High

Serious

16

Review financial statement, planning related to proposals

Academic

A1

Failure to articulate academic priorities

Moderate

Serious

11

Planning process, work of academic department, planning of new arrangement

A2

Failure to recruit or retain academics and other senior staff

Moderate

Moderate

10

Research on teaching and lecturing

Page 10

Governance and compliance

G1

Inadequate governance structure

Moderate

Moderate

Review by the executive committee

G2

Failure in research conduct

Moderate

Moderate

Policies, leadership and training

Administr ation

E1

Failure to manage and develop estate

Moderate

Moderate

Maintenance and refurbishment programmes

E2

Failure to provide adequate ICT systems or infrastructure

Moderate

Serious

13

ICT governance and strategy

E3

Failure to provide adequate student administration

Moderate

Serious

14

Planned projects

Health and H1 Safety

Failure to manage Health and Safety issues

Low

Serious

12

Policies and oversight, departmental selfassessments and inspections

H2

Health and Safety failure on building project

Moderate

Serious

14

Policies and oversight by related department, oversight by individual, report on accidents

Fundamen tal

B1

Flood

High

Very serious

19

Report on damage of property, inspections

Page 11

Risk Reporting and Monitoring

Final step in the risk management process, which is the reporting and monitoring of risks. Accurate and timely information is needed in order to make good decisions. A good risk management information system to gather information into a database for further analysis, and to produce reports that meet health economic.
Code Risk Risk technique Consequences Action

F1

Inadequate government funding

Loss reduction

Inability to carry out planned activities; possible need for major change in operations

Continue lobbying and scenario planning Continue lobbying , scenario planning, and preparing for new agreement and fee and bursary arrangements

F2

Inadequate Health Economic Unit funding

Loss reduction

Reduction in quality of education offered unless funds diverted from other purposes, in which case impact on those purposes

F3

Poor financial planning

Loss reduction

Inability to carry out planned activities; damage to reputation

Planned the financial activities carefully, improve the financial planning system, well planning on long-term financial investments and allocations

F4

Crime loss exposures

Risk transfer

Damaging the financial assets, loss exposures increase result in insufficient financial to cover the loss exposures

Physical controls include alarms, security patrols and cameras. Securely perform particular tasks making it difficult for persons to commit crimes or make crime detection more prompt for an

Page 12

example individual enter through a security sign-in area with provided passwords. F5 Failure to manage pension costs Loss prevention Increased costs or requirement to fund scheme deficits, with consequent impact on operations A1 Failure to articulate academic priorities A2 Failure to recruit or retain academics and other senior staff G1 Inadequate governance structure Loss prevention Negative impact on work, management, and governance throughout the University; qualification of audit opinion; damage to reputation G2 Failure in research conduct Loss reduction Damage to reputation; impact on operations; loss of funding Improve the governance structure with a clear governance structure chart or bar Improve the research conduct, well planned before conduct a research E1 Failure to manage and develop estate E2 Failure to provide Loss adequate ICT systems or prevention Detrimental impact on research, teaching, and administration; failure to keep up with other Improve ICT governance structure Loss reduction Impact on research, teaching, and administration Update estates strategy Loss prevention Impact on research, teaching, student experience, and on wider operations Planning for new arrangements Loss prevention Inability to attract funding, staff, and students Prepare new Strategic Plan Continue investigation of options

Page 13

infrastructure E3 Failure to provide Loss adequate student administration H1 Failure to manage Health and Safety issues Loss prevention prevention

universities Inefficiency and perception of poor service; damage to reputation Consequences for health and safety of staff and students; financial loss, disruption to work, damage to reputation Work towards replacement for administration services Implanted safety aids in workplace, study room, more inspection to oversight the often place accident happen and improve it with safety equipments

H2

Health and Safety Loss reduction failure on building project

Financial loss; reputational damage; delay to project

Oversight the building project, cover the places under construction to reduce frequency of accident happen

B1

Flood

Loss reduction

Damaging the property, affect the study life in campus, damaging the plants, may even result a drowning cases for curious teens

Improve the draining system, alarm the flood place and evacuate before it happens

Page 14

Analysis by using diagram

20 18 16 14 12 10 8 6 4 2 0 1 2 3 4 5

Page 15