Risk Management, Compliance, and Business Continuity Department

Risk Management Policy

Risk Management Policy

Introduction

The main purpose of the Risk Management and Business Continuity Policy is to ensure the existence of a generally agreed-upon framework by all stakeholders to effectively deal with all potential risks, mitigate or control them. Hence, the university saw the need to adopt a clear policy for risk management, whether in the administrative, financial, or other aspects.

Risk management policy is considered part of the internal control tasks of the university and its governance arrangements. Risk is defined as any event that may hinder the university's ability to achieve its goals, forming a link between the likelihood of an event occurring and the resulting effects.

Objectives of the Risk Management Policy

 

 

Ensure the achievement of the university's strategic objectives by identifying expected risks and how to manage them.

Standardize the approach to anticipate, study, identify, measure, and assess potential risks, determining their possible impacts on the university's goals, projects, investments, assets, and planning how to respond and control them.

Purpose of Developing the Risk Management Policy

 

 

 

Define risk and risk management, explaining the university's specific approach to risk management and documenting the roles and responsibilities of relevant parties.

Integrate risk management policy into the university's internal control tasks and governance arrangements.

Describe the role of risk management in the entire control system, outlining key reporting procedures and explaining the actions to be taken to assess the effectiveness of control measures.

Change, Review, and Update

 

 

 

This policy should be reviewed annually unless the management deems a prior review necessary to ensure the continuity of the current policy.

Changes to this policy should be made exclusively by management.

Approval by management should keep the change record updated and be updated whenever a change occurs.

The Risk Management Policy Focuses on Committing to

Identifying, assessing, managing, monitoring, reviewing, and reporting risks effectively.

Applying the risk management system and its processes to the university's applied work systems, business continuity, effective governance, and integrated management systems.

Predicting potential risks, estimating their likelihood, severity, and implementing treatment plans with the necessary resources.

Regularly reviewing risk management, its acceptance levels, and making informed decisions to minimize, eliminate, share, or accept risks.

Reviewing the risk management policy and context of the risk management system annually to ensure its consistency with top management's goals and expectations and stakeholders.

Risk Management Mechanism at the University

Monitoring the risks facing the university.

Classifying the risks facing the university.

Continuously dealing with these risks, attempting to mitigate them.

Holding regular meetings between the risk and business continuity manager and assistants to discuss cases and try to resolve and mitigate them.

Submitting regular reports to the university's agency to participate in reducing these risks.

Risk Management Methodology

The risk assessment methodology includes factors that prevent or hinder the applying party from achieving its short, medium, and long-term goals. The process may include:

Identifying risks, listing current or emerging risks for risk analysis.

Risk analysis, measuring potential risks based on the probability and impact of the risk before the current controls are in place.

Risk estimation, measuring the remaining risks after considering the applying party's current controls.

Risk treatment, mitigating the severity of remaining risks to be addressed.

Archiving and Preservation

The Programs and Projects Unit archives, preserves, monitors, updates, and continuously monitors documents related to risks associated with the strategic plan. Once the strategic plan is completed, it is archived and preserved and recorded in the lessons learned. Each unit in the university preserves documents and records related to the risks associated with its plans and projects in a format that is easy to refer to and benefit from in the future.