LSE RISK STRATEGY
1. INTRODUCTION
1.1 The following document seeks to formulate a risk strategy for the School by defining:
 the process by which levels of risk tolerance and risk appetite (as defined below)
have been incorporated into the identification and operation of the strategic controls
for the management of risk,
 the overall risk framework in which the strategy operates,
 how the School delegates authority for the management of its key strategic and
operational risks.
1.2 The risk strategy will guide Council, as the School's Governing Body, in the approach taken
to maintain the School's sustainability within the rapidly-changing and competitive
environment in which it operates.
1.3 The risk strategy implements the provisions of the Risk Policy noted by Council at its meeting
on 12 January 2016.
2. DEFINITIONS
2.1 The term 'risk tolerance' describes the highest degree of risk that the School is prepared to
sustain in relation to each risk in the Strategic Risk Register. Risk tolerance is graded on the
risk register as High, Medium or Low. These levels are respectively recorded using a “traffic
light” system, with a
'High' Risk Tolerance being recorded as 'Green', 'Medium' as 'Amber' and 'Low' as Red.
2.2 The term 'risk appetite' refers to the overall level of risk that the School is willing to accept, or
to avoid, in order to achieve its objectives. For the purposes of the risk strategy, 'risk
appetite' is the defined level of risk the School is willing to embrace to pursue strategic
plans, as contained in the LSE Strategy 2020.
3. RISK STRATEGY
3.1 The Strategic Risk Register acts as the main tool for the evaluation of risk and the
implementation of the Risk Strategy. The Strategic Risk Register records the risks which
constitute a fundamental part to the current environment in which the School operates.
They may be characterised as 'status quo' risks, or threats to the School’s sustainability
from the competitive, political and/ or regulatory environment.
3.2 Each risk in the Strategic Risk Register is graded with a level of risk tolerance. Once
tolerance has been defined, DMT will evaluate what action needs to be taken to address the
risk. The risk tolerance for each risk can be addressed through acceptance without action,
mitigation through stronger controls, or be dealt with through an alternative strategic
approach (or 'change strategy').
3.3 DMT will be asked to define the appetite for risk it is prepared to accept, in order to
implement its change strategy. Risk appetite will typically set out the nature, and extent, of
the financial, regulatory and reputational risks the School should be prepared to take, to
cement its longer term goals.
3.4 The levels of risk appetite will define the change risks which will arise in pursuit of the
change strategy. Change risks will be evaluated for risk tolerance, and these will
either be accepted, or mitigated through controls.
3.5 Once the change strategy has been implemented, change risks will either
disappear or be incorporated into the Strategic Risk Register
4. SUPPORTING INFORMATION.
4.1 The following documentation seeks to illustrate the Risk Strategy:
 Annex A: a diagram outlining the process for implementing the Risk Strategy
 Annex B: a diagram representing the wider School Risk Framework
 Annex C: a list of delegated authorities for the management of School strategic and
operational risk
 Annex D: a set of definitions for the Risk Strategy
For latest version and information about, see lse.ac.uk/policies and search by title.
Page 1 of 7
Pressures of competitive, political
and regulatory environment
March 2017
Annex A : LSE Risk Strategy
Risks recorded on School Strategic and
Operational Risk Register. Risk
Tolerance evaluated.
Risk
Tolerance of Change Risks
evaluated and accepted, or
mitigated through control
strengths
Risk accepted
Risk Tolerance
Change Risks are either
removed through the
implementation of the
strategy or become
part of the baseline
status quo risk profile.
Risk accepted
Risk Tolerance
Controls
Strengthened
Controls
Strengthened
Role of
SMC
Change Strategy
Risk Appetite
Change risks
assessed in the
context of risk
appetite
Change Risk
For latest version and information about, see lse.ac.uk/policies and search by title.
Tolerance level is
accepted, mitigated
through varying
control strengths or
addressed through
implementation of
change strategy
Risk appetite
informs the level of
risk to be taken in
the change strategy
Page 2 of 7
Annex B: LSE Risk Management Framework
The Risk Strategy sets the direction of the School's approach to risk
management, by defining the mechanism through which levels of risk
tolerance and risk appetite are considered alongside strategic controls.
Risk
Strategy
Risk Policy
The Risk Policy defines the
decision making process for
risk management
Anticipated impact
of horizon risks
influences strategic
direction
Horizon Risk
Register
Strategic risks have
an impact on
operational
activities, and
therefore, influence
the level of risk the
School is willing to
take on shorter
term actions.
Strategic Risk Register
[School wide]
Serious
operational risks
may escalate
into Strategic
Risk Register
Operational Risk Register
[School wide]
Role of
Risk
Manager
Departmental/ Divisional Risks
Serious departmental/
divisional operational risks
may escalate into the school
wide operational risk register
Cluster Risks
Project Risks
Together the Risk Strategy and Risk Policy set the terms of the
School's Risk Management Framework, by defining risk appetite
and risk assessment criteria, setting the terms of the decision
making process, and organising the interplay of risk analysis.
For latest version and information about, see lse.ac.uk/policies and search by title.
Page 3 of 7
Annex C: Risk Management and delegated authority
Monitoring of Risk Management and Control is delegated from Council to Audit Committee,
with the authority written in the Terms of Reference of the Committee, as approved by Council.
Further authority is delegated in the following table.
RISK MANAGEMENT AND CONTROL DELEGATIONS
Risk Management Processes
Delegated Responsibility
Authority
Implement the Risk Strategy and Risk Policy
School Management Committee
Ensure there are arrangements in place to
identify and manage risk in accordance with the
Risk Management Policy and Strategy.
School Secretary
Ensure risk management strategies are
implemented, and risks are identified and action
taken to mitigate or reduce them, and
appropriate reporting mechanisms are in place.
Heads of Service /
Heads of
Department
Management of Strategic Risk
Delegated Responsibility
Risk Reference
Authority
Mitigate the risks relating to the School's high
quality student recruitment, both educational
and competitive factors.
Ensure consistency in innovating and
monitoring the academic portfolio.
SR1/SR2
Pro-Director for Teaching
and Learning
SR3
Pro-Director for Planning
and Resources and ProDirector for Teaching and
Learning
That the School fails to generate enough
revenue from other activities to support
academic excellence or innovation.
SR4
Pro-Director for Teaching
and Learning and ProDirector for Planning and
Resources
That the School is unable to offset increases in
costs with sufficient revenue growth.
SR5
Pro-Director for Planning
and Resources
Ensure the quality of the School's research
quality, reputation and impact.
SR6
Pro-Director for Research
Maintain the academic quality of LSE faculty.
SR7
Pro-Director for Faculty
Development
Management of Operational Risk
Implement a coherent plan for Business Continuity
OR1
School Secretary
Provide oversight of the costs related to capital
development projects
OR2
Chief Operating Officer
For latest version and information about, see lse.ac.uk/policies and search by title.
Page 4 of 7
Implement a coherent and fully-costed academic
plan
OR3
Chief Financial Officer
Safeguard School buildings against fire, legionella,
and asbestos.
OR4
Chief Operating Officer
Enforce compliance with Health and Safety,
including fieldwork
OR5/OR6
School Secretary
Ensure School compliance with statutory guidance
on the Prevent duty
OR7
School Secretary
Data integration
OR8
Chief Operating Officer
Ensure processes for the protection of research
data under Data Protection Act.
OR9
Chief Operating Officer
Ensure School compliance with guidance from the
Competitions and Markets Authority
OR10
Pro-Director for Teaching
and Learning
Ensure School compliance with UKVI.
OR11
Chief Operating Officer
Ensure the reliance of control systems over various OR12
relationships with external sponsors and partners.
School Secretary
Ensure coherent management and governance
structures.
OR13
School Secretary
Ensure a coherent communications systems
including the communication of governance
decisions.
OR14
School Secretary/ Director
of Communications and
Public Affairs
Ensure the resilience of School systems and data
against cyber-attack.
OR15
Chief Operating Officer
Develop leadership capability in School's academic OR16
and professional support staff
Pro-Director for Faculty
Development (academic)
Chief Operating Officer
(PSD)
Maintain the relationship with Singapore Institute of OR17
Management (SIM).
Pro-Director for Teaching
and Learning
Manage ethical screening of donations
OR18
Chief Operating Officer
Ensure that costs for School research is properly
integrated in the Financial Plan.
OR19/20
Pro-Director for Research
Ensure that the pension scheme competitive and
that costs are properly integrated in the Financial
Plan.
OR21/22
Chief Financial Officer
Monitor fundraising/ budgets for institutes
OR23
Chief Finance Officer
For latest version and information about, see lse.ac.uk/policies and search by title.
Page 5 of 7
Annex D: Risk Strategy Definitions
Risk Levels
Strategic
Strategic risks are those which would have an impact
on the ongoing sustainability of the School.
Operational
Operational risks have an impact across day to day
School business, and have the potential to be
escalated to the Strategic level.
Divisional
Divisional risks combine broader operational issues,
which feed upwards into School level Operational
risks, along with accumulated cluster risks (see below).
There is also a likelihood that Divisional risks will have
the potential to be felt at Strategic level.
Cluster/ Team Risks
Cluster risks feed into Divisional risk, with the potential
to have an impact on the School's operational risk
profile. Monitoring of cluster risks is particularly
important for Business Continuity purposes.
Strategic
Operational
Divisional
Cluster
Risk Tolerance and Risk Appetite
Fig 1: desired performance over
time
Fig 2: range of possible performance outcomes
depending on risks/ opportunities. This defines
the exposure to risk.
Fig 3: definition of the level of risk that an
organisation can accommodate. If the range is
wide, then the tolerance is defined as 'High'. If
the range is narrow, then the tolerance is
defined as 'Low'.
Fig 4: definition of the level of risk that an
organisation is willing to engage with. If the
range is wide, then the appetite is defined as
'High'. If the range is narrow, then the appetite
is defined as 'Low'.
Note:
Risk tolerance will usually be larger than risk appetite. It is always possible that a strategy would adopt a
higher level of risk appetite, beyond even that of risk tolerance or risk exposure. These would be highly
unusual undertakings, however, risky implementations undertaken due to the offer of larger rewards. For
the most part, the level of appetite is appraised in the light of risk tolerance.
For latest version and information about, see lse.ac.uk/policies and search by title.
Page 6 of 7
Review schedule
Review interval
3 years
Next review due by
March 2020
Next review start
January 2020
Version history
Version Date
Approved by
1.1
Council
9/3/2017
Notes
Links
Reference
Link
Risk Policy
http://www.lse.ac.uk/intranet/LSEServices/policies/pdfs/schoo
l/risPol.pdf
Risk Procedure
http://www.lse.ac.uk/intranet/LSEServices/policies/pdfs/schoo
l/risPro.pdf
Contacts
Position
Name
Email
Notes
Risk Manager
Dan Bennett
[email protected]
Author
For latest version and information about, see lse.ac.uk/policies and search by title.
Page 7 of 7