The Risk Management Framework is an integral part of the Internal Control Framework and is designed to support delivery of Imperial’s strategy and its academic mission and comply with all its regulatory obligations. We consider risks in the short, medium and longer term, to help prioritise and direct management time and investment to the right risks. The core principles of the Risk Management Framework are based on the ‘three lines of defence’ model for the management of risk:

Line of defence and responsibilities

First line of defence

The first line of defence lies with the faculties, schools, institutes, departments and process owners whose activities create and manage the risks that can facilitate or prevent Imperial’s objectives from being achieved. This includes taking the right risks. The first line owns the risk, and the design and execution of the University’s controls to respond to those risks.

Second line of defence

The second line of defence is responsible for the design and maintenance of frameworks, polices, procedures and instructions that support risk and compliance to be managed in the first line. It is also responsible for monitoring and judging how effectively the first line is achieving its aims and is more commonly referred to as functional oversight. The second line is directed by management.

Third line of defence

The third line of defence is independent assurance that management operate an effective framework of controls to manage risk and that governance is appropriate around management of risk. The third line is directed by the Audit and Risk Committee and has organisational independence from management.

Principal Risk Dashboard

Our principal risks and approach to responding to them are set out in a Principal Risk Dashboard in the table below. At the June 2024 Audit and Risk Committee meeting, the updated principal risks were reviewed and approved and were shared with Council in September 2024. As part of a broader governance review the University Management Board set up a Risk, Compliance and Ethics Committee to support the Audit and Risk Committee in providing oversight of our organisational risk.

Principal Risk Dashboard