Annual Report 2020–21

66 香港中文大學年報 CUHK Annual Report 2020–2021 Risk management plays a key role in university strategy and planning discussions. It provides an independent oversight and integrated approach in managing a university’s existing and emerging risks. Since 2018, the CUHK risk management framework together with the annual review exercise of risk management has been developed in the University. A risk management culture gradually grows within the University community. The ultimate purpose is to embed the risk management practice throughout all the university operations. The undertaking of risk responsibilities originates from the well- known ‘Three Lines Model’. The University’s risk management policy emphasises that the primary responsibility for adequate and effective monitoring of risks rests with the risk owners and their staff. They should stay alert of and respond to the early warning signs that highlight any potential problems. The senior management would bear the ultimate responsibility for all the risk registers from different spheres of administration. Adopting the bottom-up and top-down approaches, the risk management review for 2020–21 commenced with updating the respective local risk registers from some 40 units. A total of more than 200 local risk items were identified in the risk review exercise in 2020–21. All the collected risk items were reviewed and analysed. Some high level risks were identified and discussed by the University’s senior management. An institutional risk register was then formulated, communicated to the units, endorsed by the Risk Management Committee, and eventually approved by the Council. The University’s institutional risk register for 2021–22 contains the following risk groups and key mitigations: 1. Academic 2. College systems and students life 3. Business and strategy 4. Compliance 5. Financial 6. Human resources 7. Occupational health and safety 8. Information technology 風險管理對大學制訂策略及進行規劃的過程 至關重要，透過綜合模式就大學現存及潛在之 風險進行獨立監察及管理。自2018年起，大學 設立風險管理框架及進行周年風險管理檢討， 逐步構建風險管理文化，務求達致讓風險管理 程序深植於大學各個運作範疇之最終目標。 承擔風險的責任源自於著名的「三道模型」。 大學的風險管理政策強調，風險責任人及其 員工應承擔充分及有效地監管風險之主要責 任，對任何潛在問題的早期預警信號保持警 惕，並作出回應。大學管理層應為各個行政範 疇所涉及之所有風險管控表承擔最終責任。 大學於2020至21年度進行之風險管理檢討 採取從下而上、自上而下的雙向管理方法，首 先更新了約四十多個單位各自適用的風險管 控表，就2020至21年度的風險管理評估訂立 二百多項單位專屬的風險項目，然後再就每 個項目作出檢討及分析，識別部分風險較高 的項目供大學管理層討論，制訂了大學機構 的風險管控表，在知會各單位後，風險管控 表取得大學風險管理委員會的認可，並獲得 大學校董會的批核。 2021至22年度之大學機構風險管控表包括 以下風險組別及主要應變措施： 1. 學術 2. 書院制度及學生生活 3. 商業及策略 4. 合規 5. 財務 6. 人力資源 7. 職業健康及安全 8. 資訊科技 風險管理 Risk Management