Annual Report 2017–18

12 香港中文大學年報 CUHK Annual Report 2017–2018 風險管理憑着協調有序的活動,以有系統、 開誠布公、有紀律的方式,輔助大學消弭實 際和潛在的風險。 年內,大學校董會正式批核風險管理政策、 風險偏好、風險管理過程,以及根據由上而 下及由下而上的雙向過程所編製的院校風 險紀錄冊。 大學舉辦簡報會及/或進修課程,供部門及 單位參加,以推廣大學雙向風險管理,培養 正面的風險文化。 院校風險紀錄冊內有關學術、財政、運作等 主要風險事項,其相應之監察及改善計劃已 知照司事部門或單位;該等風險事項如下: • 有關競爭的商業及策略風險 • 研究步驟、道德、運作的學術風險 • 投資和流動性的財務風險 • 網上保安、數據安全及完整性等資訊技 術風險 • 環境可持續性的健康及安全風險 • 影響收生的社會和人口風險 • 挽留人才的人力資源風險 Risk management is a series of coordinated activities to direct and control the University to mitigate against actual and potential risks, and operates in a systematic, transparent and disciplined manner. During the year under review, the Council has formally approved the risk management policy, risk appetite, risk management process and the institutional risk register generated from a two-way (i.e., both top- down and bottom-up) process. Briefing and/or refresher sessions have been given to departments and units to promote the two-way risk management approach and to cultivate a positive risk culture. For the institutional risk register, the following key risk items in respect of academic, financial and operation risks, with monitoring and improvement plan assigned to specific risk owners, have been identified: • Business and strategic risks in relation to competition • Academic risks in research approach, ethics and operation • Financial risks in investment and liquidity • IT risks as regards cybersecurity, data security and integrity • Health and safety risks in relation to environmental sustainability • Social and demographic risks which affect the student enrolment • Human resources risks in retaining talent 風險與應變措施 Risks and Mitigation