As part of activities to commemorate Internal Audit Week, the University of Environment and Sustainable Development (UESD) organized an intensive Risk Management (RM) training session for its Management Members. Held under the theme “Elevating Professionalism, Promoting UESD,” the session aimed to enhance institutional awareness and capacity in managing risks aligned with the University’s strategic objectives.
The training was facilitated by Director of Internal Audit, Ms. Joyce Anastasia Sam, and Assistant Internal Auditor, Mr. Raymond Seth Kojo Akusaki Akusaki provided an overview of the legal and institutional frameworks governing risk management, referencing the Public Financial Management (PFM) Act, 2016 (Act 921). He emphasised the obligations of the University Council and Vice-Chancellor to establish and maintain robust risk management systems to ensure the efficient use of public resources.
Participants were introduced to various internationally recognised definitions of risk, including those by ISO 31000:2018, the Institute of Internal Auditors (IIA), and the Institute of Management Accountants. Risk was broadly described as the effect of uncertainty on objectives, encompassing both threats and opportunities. Key concepts such as risk capacity—the maximum level of risk the university can bear without suffering irreversible harm—and risk tolerance—acceptable deviations from desired outcomes—were clearly explained using practical examples relevant to UESD’s context.
Ms. Sam led participants through essential RM terminology including inherent risk, residual risk, risk consequence, and likelihood. She detailed the advantages of a well-structured risk management framework, such as improved decision-making, enhanced stakeholder confidence, and reduced chances of adverse outcomes.
The Director of Internal Audit introduced the Risk Maturity Model, which includes five stages: Risk Naïve, Risk Aware, Risk Defined, Risk Managed, and Risk Enabled. These levels reflect the maturity of an institution’s risk culture and the effectiveness of its monitoring and control mechanisms. The ISO 31000:2018 standard guided discussion on the risk management process: establishing the context, identifying, analyzing, evaluating, treating, and communicating risk.
The PESTELO framework (Political, Economic, Socio-cultural, Technological, Environmental, Legal, Operational) was presented as a holistic tool for risk identification. Each identified risk, it was noted, must have a designated Risk Owner to ensure accountability.
Participants also explored risk evaluation tools such as the Risk Impact Rating Guide and the Inherent Risk Rating, derived by multiplying the likelihood and impact of a risk. Ms. Sam facilitated a detailed discussion on various risk treatment strategies, including: Treat, Tolerate, Transfer, Terminate, and Take Opportunity. She also stated the importance of Existing Controls—policies, laws, and procedures—and the concept of Residual Risk, which is the remaining exposure after controls are applied.
During the interactive segment, the Management members applied the UESD Risk Register Template in group exercises, assessing hypothetical risks and sharing their evaluations and strategies with peers.