Risk management

We encourage enterprise and innovation. Whilst it is robust in its approach to risk management, we are not an inherently ‘risk averse’ organisation. We have achieved considerable success since receiving our Royal Charter in 1966 and we are prepared to invest and innovate in order to enhance our current standing as one of the UK’s leading universities.

Our objective is to be ‘risk aware’, by ensuring that risk management is an integral part of our governance, planning, management and review processes, including the evaluation of new development and investment opportunities. Effective risk management will enhance:

  • the likelihood of us delivering our objectives
  • our reputation
  • our financial sustainability
  • our planning and decision-making activities
  • our leadership, management, and governance
  • our core business
  • our ability to innovate

The approach adopted to risk management is proportionate, proactive, and transparent. In order to ensure a proportionate response, we have embedded risk management processes in our planning and decision-making framework. In order to ensure a proactive response, deans and directors/heads of professional services are required to consider risk management plans alongside the development of their strategic plans. In order to ensure transparency, risk management is conducted in an open, blame-free culture that encourages all risks to be highlighted and addressed. There is also a systematic approach to internal control, involving senior managers and members of our governing body.

Risk appetite

Our risk appetite can be considered as the level of risk that we are prepared to accept in order to deliver our strategic objectives. Our risk appetite varies with the nature of the activity being undertaken. In general, our appetite for risk in relation to any aspect of compliance is low, whilst in relation to our performance our appetite may range from low to moderate in order to prioritise the allocation of limited resources. We have a higher appetite for risk in relation to investments to secure our future sustainability, nevertheless, decisions to invest are taken in the context of understanding the potential benefits and risks, and acting to mitigate the risks as far as possible.


Our Strategy articulates our Vision, Mission, and strategic objectives. Our approach to strategic risk management is objective-driven and our Risk Management Strategy outlines the framework of systematic processes that we have put in place to identify, evaluate, manage and review the risks associated with the delivery of our Strategy. Our Strategy is approved by Council, our governing body. During 2020/21, we developed our Strategy for 2021-26 and aligned with this a new Strategic Risk Register.

Our new Strategic Risk Register contains 9 risk domains associated with the delivery of our objectives, with a new domain of ‘enterprise’ being added to the eight domains in the previous Strategic Risk Register:

  • research
  • teaching
  • enterprise
  • student recruitment and access
  • student experience
  • physical infrastructure (estate)
  • physical infrastructure (IT)
  • people
  • financial capacity

Each of these risk domains is considered from the perspective of performance, sustainability, and compliance. In addition, there is a super-ordinate reputational risk domain. Our Strategic Risk Register publishes the gross risk and the ‘net’ risk for the nine domains of risk. The net risk, or residual risk, refers to the numerical assessment once the likelihood and impact values are adjusted to take account of any mitigation actions already in place. Risk descriptors are in place to support the calibration of these risk assessments.

Having identified risks, we deploy four methods for addressing risk:

  • tolerate the risk – where the resource required to address a risk is disproportionate to the beneficial impact or there is no action that we could take to lessen the likelihood or impact of the risk then it may accept the risk, whilst monitoring the situation regularly
  • transfer the risk – where we seek through insurance or a third-party agreement to transfer some share of the risk to an external organisation
  • treat the risk – where we put in place mitigation actions to contain the risk to an acceptable level
  • terminate the risk – where we decide not to pursue an activity or an opportunity because the ‘net risk’ to our core business, quality of output, attainment of our strategic goals, or reputation is too high

The Strategic Risk Register informs our programme of internal audits.

Risks are identified through various self-assessment exercises. Strategic and operational risks are identified through our planning process and management activities, whilst most project risks are identified by individual project management teams. The planning process provides a bottom-up operations-wide assessment of operational and project risk. Our Strategic Risk Register provides a top-down strategic assessment of risk and incorporates the strategic risks identified during the planning process. Executive Board is responsible for undertaking the strategic assessment of risk and deans and heads of academic departments and directors and heads of professional services are responsible for undertaking the assessment of risk in the department for which they are responsible.

Our planning process provides a systematic approach to integrating strategic planning, financial planning, environment scanning, performance review, risk management, and resource allocation. Faculties and key departments are asked to update risk management plans as part of their planning submissions. The Department of Policy, Planning and Compliance is then responsible for ensuring that the operational and strategic risks identified at departmental level are incorporated into the Strategic Risk Register or Operational Risk Register as appropriate.

The Executive Board reviews the Operational Risk Register at each of its meetings. The Operational Risk Register is a dynamic document. During the 2020/21 academic session, the Operational Risk Register was de facto the COVID-19 Operational Risk Register.

Our risks

The impacts of COVID-19 during 2020/21 were wide-ranging. We responded by creating a 2020/21 Academic Year Delivery Programme Board (AYDPB), reporting to the Executive Board, with oversight of the numerous workstreams undertaking detailed planning for a very different mode of delivery. We also created a Financial Sustainability Group (FSG) to respond with agility to authorise COVID-19 secure investments and to evaluate and address the emerging financial risks. Both of these new boards were chaired by the Vice-Chancellor.

We also stepped up our communication with staff and students to maintain engagement and a sense of community, mitigating the risks associated with remote working. Our Online ‘town hall’ meetings were used to brief the community on the plans for 2020/21, reinforced by weekly e-mail updates from the Vice-Chancellor. Students, new and continuing, were given clear information about the balance of in-person and online delivery before the start of the academic session and the Pro-Vice-Chancellor (Learning and Teaching) and the Vice-President (Student Experience) issued regular updates on developments during the year.

COVID-19 secure measures created delays in the delivery of two major capital projects, the new School of Management Building on campus and the new Institute of Advanced Automotive Propulsion Systems (IAAPS) on the Bristol and Bath Science Park. Our Project Control Groups monitored the developments closely.

Health, safety, and wellbeing of our community (staff and students)

The health, safety, and wellbeing of the community was our primary concern in and delivering the 2020/21 academic year, as it is for the 2021/22 academic year. We undertook to follow Government guidance, implementing COVID-19 secure measures and liaising with local Public Health England (PHE). Risk assessments were undertaken for all activities. Campus was made COVID-19 secure with the implementation of one-way systems, social distancing, face coverings, cashless purchasing, hand sanitising stations etc. A new budget was established so that colleagues could purchase equipment to create an appropriate workstation at home for remote working. Student mental health support was provided online and new measures were introduced to contact students regularly to address potential feelings of isolation. Additional discretionary leave days were implemented for staff, including a rest day on 2 September and additional leave days over the Christmas break. A Campus Safe and Ready workstream, reporting to the 2021/22 AYDPDB, has been preparing campus for the 2021/22 session. Room capacities have been reviewed to reflect their ventilation characteristics. A new Outbreak Management Plan has been submitted to PHE.

Loss of/reduction in income and new demands on expenditure (financial sustainability)

We entered the 2020/21 session with strong cash reserves. Nevertheless, creating a COVID-19 secure campus required an investment of over £5 million, with additional COVID-19 related running costs, at a time when many of the University’s income streams were reduced, including tuition and accommodation fees, conference and events, sports and retail etc. The FSG was established to ensure an agile response to emerging challenges. Furlough was used in accordance with Government guidance. Financial modelling and scenario planning were extensively used to forecast changes in income and expenditure and the Finance Committee was regularly updated on the position. Moving forward, our financial planning assumptions will, inter alia, factor in new Government funding priorities, inflationary increases (supply chains, Brexit etc), climate emergency impacts on cost, and economic impacts on funding capacity of industry.

Student experience (impacts of reduced capacity on campus)

In preparing for 2020/21, a Student Experience Project Team was established to focus on the student experience, working in close partnership with the Students’ Union. Applicants achieving entry qualifications following changes in ‘A’ level assessments in summer 2020 were offered deferred entry to ensure Campus capacity was not exceeded. Student support services moved to online delivery. Student concerns about assessment were addressed by a ‘no detriment’ approach and accommodation fees were refunded where use was impacted by Government guidance. Special activities were offered to students who remained on campus over the Christmas break. The overall student satisfaction score in the NSS 2021 provided assurance that students were generally happy with their overall experience despite COVID-19. Our offer strategy for the 2021 undergraduate intake took account of the potential for ‘A’ level inflation to ensure that there was sufficient capacity for the size of the incoming cohort. Moving forward, a new Student Experience Board has been established and the University is working with the Students’ Union to progress the top ten priorities for 2021/22.

Driving excellence in education - maintaining academic quality and standards in teaching

We developed a new blended learning pattern of delivery to meet COVID-19 guidance in 2020/21. It was recognised that there were additional workload pressures associated with delivering in-person activities, lectures online, and interactive online engagement. Workload allocations were adjusted to reflect the additional demands of blended learning delivery in 2020/21. Deadlines associated with our major Curriculum Transformation programme were also reviewed to allow focus on delivery in the year. For 2021/22, our goal is to deliver a minimum of 75% of directed learning in person. Moving forward, we will use the lessons learned during the pandemic to harness the strengths of blended learning in the implementation of Curriculum Transformation. This will form part of the ‘Driving Excellence in Education’ strategic pillar of the new Strategy.

Driving high impact research (re-launch of experimental research)

We are conscious that much of its experimental research could not be progressed during the national lockdown in 2019/2020. The first activity brought back onto campus over summer 2020 was experimental research. Activity-based risk assessments were supplemented with COVID-19 secure working practices and rotas. We implemented a three-month extension for all doctoral students to reflect the disruption to their research. Doctoral students have been a key stakeholder group in the preparations for 2021/22 and steps have been taken to address reduced capacities in some rooms by creating additional workspaces. Moving forward, we are conscious of some emerging supply chain issues and are reviewing how it can make research that is heavily dependent on consumables more resilient.


(Particularly international student recruitment and achievement of Access and Participation Plan (APP) targets.)

During 2019/2020, much of our recruitment activity, including Open Days, moved online and new methods for assessing the English language proficiency of international applicants were approved. In advance of the start of the new academic year, we worked collaboratively with other universities to negotiate charter flights for international students. The lessons learned were carried forward into 2020/21. Funding that would normally have been used for international travel was diverted to create more social media content to support online recruitment activities. We also invested in in-country resources in India and China. As soon as it was able, we welcomed prospective applicants back to campus, albeit only for ‘open air’ tours of campus. Following the ‘A’ level grade inflation in summer 2020, we implemented a new offer strategy to mitigate the risk of serious over-recruitment of Home undergraduates for the 2021 intake. The admissions process was managed by a core admissions team and Confirmation decisions were informed by our APP targets. The uncertainties surrounding the ongoing COVID-19 situation prompted us to make a prudent provision against under-recruitment in its financial forecasts. Moving forward, we are keen to resume in-person recruitment activities.

Cyber-security threats

(Particularly ransomware attacks, creating business continuity, reputational and compliance risks.)

During 2020/21, we recognised that remote working increased the cybersecurity risk to business continuity and data protection. We undertook an awareness-raising campaign for staff to mitigate the risk of individuals responding to phishing attacks. As the risk of Ransomware attacks increased, we triggered a forced password change for all staff and students and brought forward the implementation of multi-factorial authentication. We have been working closely with Joint Information Systems Committee (JISC) to strengthen its cyber-security response and have increased its in-house cyber-security capacity. We are aware of ongoing cyber-security incidents affecting the Higher Education sector and we will continue to take steps to enhance our resilience.

Compliance with consumer regulations

Given the difference between the intended offer in 2020/21 and its pre-COVID-19 promotional material, we were conscious of the need to provide our new and continuing students with clear information about what they could expect in terms of the blend of in-person and online delivery in 2020/21. The Academic Registry produced templates for academic departments to use in communicating with students to ensure that all material aspects of delivery were covered. Our deliverer of content against these formal communications was subject to an internal audit. Lessons learned from 2020/21 were used to inform the communication to new and continuing students before the start of the 2021/22 session and a further internal audit is planned. Our Consumer Regulations Standing Group has also been monitoring our response to COVID-19.