Risk Prevention and Mitigation Plan
Framework of the Risk Prevention and Mitigation Plan
- General.
The European Christian Academy recognizes that the Risk Prevention and Mitigation Plan (hereinafter referred to as the Plan) is part of good governance practice and the Plan is implemented at all levels of the Academy’s management.
The Plan forms an organizational structure for risk identification, prevention implementation, monitoring and continuous improvement of the quality of work. The two main elements of the Plan framework are the risk management policy, which defines the risk management mandate and the possibility of controlling it, and the Plan describes detailed procedure for implementing this in Academy.
The framework has been created to solve three main tasks: - To ensure the coherence of the Plan practices at all levels and directions of the Academy’s work,
- To ensure that all risks in the work of the Academy are identified in a timely manner and appropriately managed, and that the Academy’s management is informed about them,
- ECA, as a legal entity, is required to act rationally, reasonably and practically, being aware of and preventing health risks and negative impacts on the environment.
- What is risk?
The international standard AS/NZS ISO 31000:2018 defines risk as “the impact of uncertainty of objectives”. This definition describes risk as a threat to an outcome. This threat can manifest itself as both harm and opportunity, and the Plan explains in details how the Academy will protect itself against the negative consequences of harm and how the use of the opportunities that arise is ensured. - Why the Plan is needed?
According to ISO 31000, the Plan is “coordinated action taken to control an organization’s attitude towards risk”. It is a systematic and continuous process and covers the levels of risk identification, assessment, and action. It is not just about reducing risk, but about assessing risk in order to balance risk and measures to prevent it.
Good Plan must: - To improve performance in order to achieve the Academy’s goals,
- To reduce possible and unwanted “surprises” and negative publicity,
- To help the Academy to make the most of the opportunities that have arisen,
- To offer information about the decision-making at the Academy,
- To provide foundation for effective resource management and attraction,
- To help the Academy he university which complies with good governance requirements,
- To increase trust of the International Support Council to the Academy.
- Goals
In order to implement the strategic and tactical tasks of the Academy, the aim of the Plan is to provide a common framework for all levels of management, support and empowerment: - Identification and understanding of real and significant risks to the operation of the Academy and their impact
- To demonstrate adequate and in-time decision-making,
- To demonstrate operative action,
- To implement innovations by taking calculated risks to seize opportunities and achieve high quality in work,
- To ensure that information about risks and their management is communicated appropriately.
- Policy of the risk prevention and mitigation.
ECA has adopted its Risk Prevention and Mitigation Plan. The Academy’s management is responsible for the implementation of the Plan, and the responsibilities described in the Plan are determined by the Senate, management and staff.
The Plan precisely defines the method, implementation components and resources used in risk prevention and mitigation. The procedure, practical work to be performed, responsibility, sequence and deadlines are described in detail, which help the Academy’s employees implement risk prevention and timely mitigation. This Plan discusses guidelines and procedural descriptions that provide additional information about specific risks and the special tools intended for them.
The Process of the Risk Prevention and Mitigation
- How can risk be managed?
The basis for any decision-making is that staff of the Academy is aware of the various risks in the their areas of activity. A systematic approach to identifying risks is essential for their management.
The Plan is an integral responsibility of management. All employees are required to understand the key concepts and practices of the Plan so that they can implement the its principles in their area of responsibility. Employees who are familiar with their area of work are best informed about its risks and can recommend appropriate solutions to control these risks. - Overview.
Integrating risk management into the Academy is a dynamic process that is regularly updated. It must be aligned with the Academy’s needs and its internal culture. The Plan is part of the Academy’s mission, strategy, governance, quality control, objectives and practices.
The EKrA RMP process is consistent with AS/NZS ISO 31000:21018. There are 6 main stages in the risk prevention and mitigation process: - Communication and consultations – with internal and external partners,
- Defining the context – scale, borders and criteria,
- Mitigation of risk – identification of risk, analysis and assess,
- Impact on risk – reaction and assess of the chosen tools,
- Monitoring and overview – analysis of risk and audit of the intervention,
- Fixation and report – effective management.
- Levels of the risk management.
The ECA has determined 3 risk levels in accordance with the risk prevention and mitigation strategy:
High | Immediate action is required because the risk has the potential to have a devastating impact on the Academy’s operations. |
|---|---|
Medium | Intervention is required according to routine procedures or according to a specific procedure. |
Low | Continue to monitor and reassess the level of risk, and if possible, intervene through routine procedures. |
Decisions should be made within the broader context and taking into account the real and foreseeable consequences for internal or external stakeholders. The product of this procedure is a prioritized risk assessment table for further action.
Risk Prevention and Mitigation Plan
- Responsibility for the risk management.
Senate and a group authorized by the Rector. The Senate is responsible for approving the risk prevention and mitigation policy plan, implementing it, and involving Academy’s employees in risk management.
The group authorized by the Rector of the Academy is responsible for the necessary resources and processes at the disposal of the Risk prevention and mitigation plan. This group includes the Rector, Study Program leaders, the head of the Study Department, and student representatives. - Report of the implementation of the Risk Prevention and Mitigation Plan.
Task of the Academy Quality Unit is to prepare report after each semester which is submitted to the Senate and to the International Support Committee.
The Report contains: - Risk management activities in the previous semester,
- Most important incidents in the previous semester,
- Map of the risk spread (heat map),
- Risks of high volume for the whole Academy and activities aimed at their mitigation,
- Intervention in the risk spread progress,
- Other questions important in this regard.
Risk category | Addressee | Registration | Description of the risk and requirements of control |
|---|---|---|---|
High | Senate and Rector | Mandatory registration in Risk Plan and Plan of the semester work | Challenge of the risk is regularly controlled during semester. |
Medium | Head of Study programs | Mandatory registration in the Risk Plan and Plan of the semester work. | Challenge of the risk is regularly controlled during whole study year. |
Low | Employees | Mandatory registration Plan of the semester work. | Control s not required. |
Frequency of Recurrence of the Risk Situation
Nr. | Index of frequency | Description | Frequency |
|---|---|---|---|
1 | Rare | May occur only in emergency case or has been in past. | May occur every 5 years or more frequent. |
2 | Unlikely | May occur in certain circumstances. Previously has not fixed. | May occur every 1-5 years. |
3 | Possible | May occur sometimes. Previously have been some hints or incidents. | May occur every year. |
4 | Reliable | Most probably will not occur. Previously may not happen. | May occur in every 3-12 months. |
5 | Almost certainly | May occur in normal circumstances. Previously has been often. | Most probably may occur in 3 months during the actual period. |
Assessment of Impact
Risk level | Field of risk and their impact | |||||||
|---|---|---|---|---|---|---|---|---|
Finances | Academic work | Reputation | Performance | People | Compatibility and Commitment | Health, security and environment | Strategy | |
Catastrophic | Loss of operative means by >10%. | Unableto accredit several study programs, unable to carry out local academic tasks (exams, research projects). | Long-lasting negative publicity which leads to loss of resources, students and staff. | Critical loss of infrastructure for more than 2 weeks period and interrupted IT communications for more than 2 days. | Delayed attraction of administrative staff and teachers already 2 years with devastating impacton academic performance. Systematic mistakes which work against cooperation with partners and students. | Termination of important contracts caused by violations of the Statutes. | Unavoidable and enduring damage to environment. | Major goals of the Academy may not be reached, whole revision of both academic and financial plans is required. |
Big | Loss of operative means by >5-10%. | Inability to accredit several study programs, inability to carry out academic tasks (exams, research projects). | Long-lasting negative publicity whichleads to loss of means, students and staff. | Critical loss of infrastructure 1-2 weeks, interruption of IT communications 1-2 days. | Attractionof administrative staff and teachers is delayed 1-2 years causing devastating impact on academic performance. Systematic mistakes do against cooperation with partners and students. Unwanted rotation of staff. Occasional moral violation. | Termination of important contracts, contradiction between Statues and legislation causing inability to realize goals of the Academy. | Devastating impact on environment causing intervent ion of the city authorities, application of punishment. | Several important goals of the Academy can not be realized. |
Medium | Loss of operative means by>1-5% | Loss of accreditation of one study program and interruption of academic functions in it. | Negative publicity and intervention of administration is required. | Critical infrastructure not available 3-5 days, IT services not available 1-2 days, inability to provide teaching 2-3 days. | Attraction of 1-2 teachers in vacancies is delayed for 1 semester; moral violations disturb work of the Academy. | Termination of important contract which cause inability to realize goals of the Academy and intervent on of administration is required. | Insignificant damage of environment which can be prevente d through negotiations. | Some functions of the Academy are disturbed. |
Small | One-off inessential financialloss. | Inessential delay or shortage which would be prevented in negotiation. | Inessential negative publicity – one-off case which requires minimal intervention of the Academy. | Critical infrastructure is not available1-2 days, IT services not available up to 1 day, inability to provide studies for 1 day that doesn’t have long-term impact. | Attractionof teacher delayed for 2 months; moral violations do not impact study process. | Inessential and irregular personnel conflicts which could be solved by minimal intervention of administration and no need forspecial consultation from outside. | Damage to health without intervention of medics. | Rearrangement of resources provides for reach of the Academy’s goals. |
Insignificant | Inessential financial delay can be prevented in a routine procedure. | Inessential delay in academic work can be prevented in a routine procedure. | Neutral publicity or interest from media without negative impact. | Critical infrastructure not available 1 day; IT services interrupted for 3 hours without essential impact on the work of Academy. | Management issues can be solved with minimal resources; rotation of employees in inessential positions. | Inessential violation of the professional standard. | Inessential damage of health prevented with own resources; not long-term risk. | Small or no impact on goals of the Academy. |
Control Effectiveness Indicators
Indicatior | Effectivity | Description |
|---|---|---|
1 | Nof effective | The control mechanism does not affect the risk or it is not identifiable, but if it is, then it has not been used. |
2 | Effect insufficient | There is a control mechanism, but it is not effective enough to create positive change, so it needs to be improved or communicated more effectively. |
3 | Effect sufficient | The control mechanism or mechanisms are largely effective and efficient, but they could be better communicated and monitoring could be improved. |
4 | Verry effective | The control mechanism or mechanisms are secure, adequate and effective. The process is fully documented and well communicated. |