Page 0024

24 City of Glasgow College Annual Report & Accounts 2019-20

line with the Scottish Government Audit and Assurance

Handbook, and the Committee renamed the Audit and

Assurance Committee.

• Risk Management

The College's Risk Register and Risk Management Actions

Plans for key risks, and highest scoring risks, were reviewed

at each meeting of the Committee. In May 2020, the

Committee received a review of strategic risks, all of which

had been updated to take account of the coronavirus crisis,

with commensurate increases to Risk scores. In addition, a

new risk was added to the Risk Register: "Failure to manage

acute threats relating to coronavirus outbreak".

A full review of Risk Management through 2019-20 is

provided below.

• Annual Report 2018-19

The Committee reviewed the draft annual report for 2018-

19, noting that while whilst the statements record a deficit

of over £6.5m, the full financial statements showed an

underlying operating surplus of £1.2m following adjustments

made for depreciation, payment to Forth Valley College as

directed by SFC (following the sale of North Hanover Street

building) and pension and early retirement adjustments.

• Freedom of Information

The Committee received an update report on the nature

and volume of requests received in relation to the Freedom

of Information (Scotland) Act 2000 (FOISA) and the

Environmental information (Scotland) Regulations 2004

(EIRs). It was noted that the volume of requests rose

significantly during 2017-18 and had fallen in 2018-19,

with a significant reduction in requests associated with

procurement/finance and the New Campus which accounts

for most of the overall reductions. The improvement in

response times required within the 20-day timescale from

90% in 2016-17 to 97% in 2018-19 was noted.

• Data Protection and Health and Safety Audit Updates

Following the internal audit reports on these issues in 2018-

19, a number of recommendations were followed up via

action plans. Regular updates on progress with reference

to these action plans were provided to the Committee

throughout the session. Data Protection Officer support was

provided via HEFESTIS. Various improvements to Health and

Safety provision were implemented including IOSH training

for all mangers, improvements to risk assessment, and

purchase and installation of defibrillators on campus.

The Committee received a report that there had been 8

data breaches in 2018-19, none of which were sufficiently

serious to warrant a report to the Information Commissioner.

However, all of these instances provided indications of how

various controls and training might be improved.

Risk Management

The College Risk Management strategy is embodied in the

following Documents:

• Risk Management Policy

• Risk Management Procedure

• Risk Management Guidance

• Risk Register

• Risk Management Action Plans (currently numbering 23 at

June 2020)

The College Risk Management Policy outlines its approach

to risk management and internal control, and the roles of the

Board of Management and senior management, while the

Risk Management Procedure outlines how this is delivered.

In March 2020, the College's Internal Auditors, Henderson

Loggie undertook an internal audit of Risk Management,

presented to the Audit Committee in May 2020. The Internal

Auditor provided a level of assurance of "good" reporting

that: "There is a robust risk management framework in place,

including a Risk Management Policy…(etc)" and "From our

review of the risk management framework it exhibited most

aspects of good practice:" (CoGC Risk Management Internal

Audit; MHA Henderson Loggie, May 2020; p3: Summary of

Main Findings).

The concept of Risk Tolerance has been introduced to all

Risk Management documents, and explained in detail within

the Risk Management Guidance. This reflects the Board's

agreement to an adjusted position with regard to risk,

accepting a less risk-averse position in some categories of

risk, such as major change or Development activities, but

not with regard to matters of, for example, reputation or

compliance.

From the College Risk Management Policy:

"In broad terms, appetite relates to the willingness to seek

potential benefits, while tolerance sets limits on acceptable

loss in pursuit of these benefits, with reference to the

organisation's strength and resilience. The Institute of Risk

Management states that: "While risk appetite is about the

pursuit of risk, risk tolerance is about what an organisation

can actually cope with." In short, the terms relate to whether

an organisation is respectively "willing" and "able" to take the

risk, or sustain the potential consequences of the risk.

These are the definitions of the respective terms understood

in all College documents relating to Risk Management."

(CoGC Risk Management Policy p5).

The most recent new strategic risks were added to the

College Risk Register in 2019-20:

• Risk 26: "Failure to achieve taught degree awarding

powers"

• Risk 27: "Failure to manage acute threats relating to the

coronavirus outbreak".

These additions brought the total of Strategic (Level 1) Risks

on the College risk register to 23, which were highlighted

and discussed by the Committee, via the individual Risk

Management Action Plans. Risk scores were adjusted

throughout the session, and as a consequence of various

considerations, principally and most recently, the coronavirus

outbreak, several risks were scored high (RED) thus:

• Risk 6: Negative impact upon College reputation (Fraud

investigation)

Index

  1. Page 0001
  2. Page 0002
  3. Page 0003
  4. Page 0004
  5. Page 0005
  6. Page 0006
  7. Page 0007
  8. Page 0008
  9. Page 0009
  10. Page 0010
  11. Page 0011
  12. Page 0012
  13. Page 0013
  14. Page 0014
  15. Page 0015
  16. Page 0016
  17. Page 0017
  18. Page 0018
  19. Page 0019
  20. Page 0020
  21. Page 0021
  22. Page 0022
  23. Page 0023
  24. Page 0024
  25. Page 0025
  26. Page 0026
  27. Page 0027
  28. Page 0028
  29. Page 0029
  30. Page 0030
  31. Page 0031
  32. Page 0032
  33. Page 0033
  34. Page 0034
  35. Page 0035
  36. Page 0036
  37. Page 0037
  38. Page 0038
  39. Page 0039
  40. Page 0040
  41. Page 0041
  42. Page 0042
  43. Page 0043
  44. Page 0044
  45. Page 0045
  46. Page 0046
  47. Page 0047
  48. Page 0048
  49. Page 0049
  50. Page 0050
  51. Page 0051
  52. Page 0052
  53. Page 0053
  54. Page 0054
  55. Page 0055
  56. Page 0056
  57. Page 0057
  58. Page 0058
  59. Page 0059
  60. Page 0060
  61. Page 0061
  62. Page 0062
  63. Page 0063
  64. Page 0064
  65. Page 0065
  66. Page 0066
  67. Page 0067
  68. Page 0068
  69. Page 0069
  70. Page 0070
  71. Page 0071
  72. Page 0072
  73. Page 0073
  74. Page 0074
  75. Page 0075
  76. Page 0076
  77. Page 0077
  78. Page 0078
  79. Page 0079
  80. Page 0080
  81. Page 0081
  82. Page 0082
  83. Page 0083
  84. Page 0084
  85. Page 0085
  86. Page 0086
  87. Page 0087
  88. Page 0088
  89. Page 0089
  90. Page 0090