Skip to main content
University of Ontario Institute of Technology logo

Risk Management Policy

Classification number LCG 1116
Framework category Legal, Compliance and Governance
Approving authority Board of Governors
Policy owner University Secretary
Approval date June 18, 2014
Review date January 2022
Last updated Editorial Amendment, January 17, 2019


The purpose of this Policy is to establish the foundation for a University Risk Management (“URM”) program which ensures that Risk management is an integral part of the University’s core strategy and integrated into all key activities and/or functions. The URM program establishes a Risk management framework which will provide a proactive and consistent approach to ensuring that Risk is considered when decisions are made at all levels of the organization and, in turn, assists the University to operate within its capacity and willingness to take Risk. The URM program further establishes a commitment to raise awareness surrounding Risk management and provide guidance to all levels of the University.

Objectives: The overall objectives of the Risk Management Policy are to:

  1. Formalize a consistent approach to identifying, assessing, measuring, managing communicating and mitigating Risks to the University’s strategic plan and priorities and to the University’s operations in an effort to reduce uncertainty; and
  2. Assist the University to make better informed decisions and promote accountability for Risk management with stakeholders and University Members at all levels.


For the purposes of this Policy the following definitions apply:

“University Risk Management (“URM”)” means a consistent, coordinated, integrated approach to identify, assess, measure, manage, communicate and mitigate significant and material Risks to the University achieving its strategic objectives

“Risk” means the uncertainty of outcomes against planned objectives. This concept can be applied to strategic objectives as well as all operational activities within the University. While the application of the definition may change with different University Members, the concept should not change.

“Risk Assessment” means a formalized, systematic ranking and prioritizing of identified Risks, using a likelihood/consequence framework.

“Risk Appetite” means the University’s willingness to accept Risk. Risk Appetite may also be viewed as the acceptable deviation from expected outcomes.

“University Member” means any individual who is:

  • Employed by the University;
  • Registered as a student, in accordance with the academic regulations of the University;
  • Holding an appointment with the University, including paid, unpaid and/or honorific appointments; and/or
  • Otherwise subject to University policies by virtue of the requirements of a specific policy (e.g. Booking and Use of University Space) and/or the terms of an agreement or contract.

Scope and authority

This Policy applies to all University Members and extends to all functions and activities.

The University Secretary, or successor thereof, is the Policy Owner and is responsible for overseeing the implementation, administration and interpretation of this Policy.


This Policy and the associated documents will describe the specific responsibilities for those groups and individuals expected to support the implementation and maintenance of the URM program. In addition, all University Members are expected to support the management of Risk and the success of the URM program at the University.

Risk Framework

  1. Effective Risk management across the institution will result in increased stability, safety and security and prosperity for University Members. This Policy and the associated documents create the Risk management framework developed specifically to fit the governance structure and culture of the University. The framework is aligned with the strategic priorities of the University and incorporates leading practices, tailored to the University’s needs and culture.
  2. The framework is intended to support the University in identifying, assessing, measuring, managing, reporting and mitigating significant and material Risks. The ultimate goal of the framework is to assist the University in achieving its strategic priorities and operational objectives through better management and understanding of Risk.
  3. The framework provides:
    • Formalized process and approach to executing URM;
    • Clearly defined accountabilities for execution of URM;
    • Improved Risk management communication; and
    • Consistency in Risk management.

Risk Governance Structure

  1. Oversight: The responsibility to oversee the University’s URM program resides with the University’s Board of Governors (“Board”). The Audit and Finance Committee is delegated to carry out this oversight responsibility on the part of the Board and to report annually to the Board on the status of the URM.
  2. Direction: The University’s President and Vice-Chancellor is responsible to provide direction to ensure the University’s strategic priorities remain the ultimate focus of all University Members.
  3. Risk Parameters: The Risk Appetite will be determined by the University’s President and Vice-Chancellor along with the Senior Leadership Team (“SLT”) and ultimately approved by the Board. The Risk Appetite will be reviewed no less than once annually.
  4. Risk Owners:
    1. Chief Risk Officer: The University’s President will designate a member of SLT to serve as Chief Risk Officer. The Chief Risk Officer will, among the members of the SLT, have responsibility for the coordination of SLT’s Risk management activities. The Chief Risk Officer will act as primary advisor on Risk to the Board and to the President and Vice-Chancellor. The Chief Risk Officer will serve as Chair of the University’s Risk Management Committee (“RMC”) and will have accountability for that Committee’s work.
    2. Senior Leadership Team (“SLT”): SLT as a group is responsible for the management of all institutional and operational Risks, the overall success of URM, and the integration of the URM program into the core operational and strategic decision framework of the University. Individual members of the SLT will act as the primary owners of Risks and Risk management at the University. Each SLT member will delegate responsibility for Risk management to functional leaders within that SLT member’s area of responsibility.
    3. Administrative Leadership Team (ALT): ALT will act in an advisory role in respect of various aspects of the URM program. ALT will work to ensure that the URM program is integrated into the planning work of the University.

Risk Management Committee (“RMC”)

  1. The Risk Management Committee will hold responsibility for the successful integration and execution of the URM framework. Operational implementation and maintenance of the URM program will be conducted with oversight and guidance from SLT. The Committee will also be responsible for facilitating the Risk identification and Risk Assessment process at the Senior Leadership Team and functional leadership levels, consolidating that information and finalizing the institutional Risk profile for the Board. This committee will be a skills-based committee comprised of individuals who are best able to help the University fulfil its URM objectives.

Statements of Principle

The University adopts the following statements of principle for application in the implementation of this Policy:

  1. Risk Culture: The University is committed to fostering a culture of Risk ownership throughout the University. This does not mean that we avoid engaging in activities that have Risk or that we avoid Risk in our teaching and research and other activities we undertake for the University. It is recognized that both strategic and operational decisions and the work undertaken by University Members, all inherently involve Risk.

    To the University, having a culture of Risk ownership means that:

    1. Strategic and operational decisions are made with full awareness of the Risks relevant to those decisions;
    2. All University Members are aware of the organization’s emphasis on URM incorporate a proactive approach and awareness to managing Risk in their individual roles.

  2. Communication: A key principle of a successful URM program is regular communication. The Board and Senior Leadership Team are committed to developing a communication plan to ensure that those who require information to support the URM program receive it. The University’s Risk Management Policy, goals and objectives will be made available to all University Members and it will be expected that each member reads and understands the Risk management philosophy and outlined framework.
  3. No Reprisal: The University will not discharge, discipline, demote, suspend, threaten or in any manner discriminate against any officer or employee based on any good faith and lawful actions of such employee to responsibly and carefully report Risk issues using the channels provided by the University.
  4. The University is committed to academic freedom.

Monitoring and Review

This Policy will be reviewed as necessary and at least every three years. The Risk Management Committee, or successor thereof, is responsible to monitor and review this Policy.

Relevant legislation

This section intentionally left blank.

Related policies, procedures & documents

University-Hosted Event Risk Management and Approval Directive

Aircraft Approval Directive

Field Trip Risk Management and Approval Directive (In development)

Risk Management Committee Terms of Reference