The daily management of operational risks in Higher Education Institutions (HEIs) is a challenging task. Our perceptions of risk, particularly within contract management, is vital to managing organisational processes effectively over time.

Here, SUMS Associate, Graeme Sloan, explores the elements enabling university-wide collaboration to reduce risk, and the potential ensuing loss, based on recently published research*.

What kinds of risks does your university take on? Have you recently increased the enrolment of international students? Or have you perhaps invested in some new technology? These events, and many others, carry with them a degree of risk.

How do leaders manage risk in Higher Education? And how might such risks be mitigated effectively? The answers to questions like these are far from simple.

Often, the mechanisms for logging risk may function differently across departments. Each department has a unique structure, as well as its own inherent bias, which impacts the data. In many cases, middle-level managers can discourage innovation in managing contracts. This resistance to change can introduce unacceptable risk in the form of persistent organisational inefficiency, which will impact things like student numbers and satisfaction.

Effective risk mitigation requires a central locus of governance. This would allow the quality control needed to mitigate risk across all departments consistently.

What is Risk?

Risk is defined as the effect of uncertainty on objectives. This is further categorised into external, strategic, and preventable risks.

External risks come from outer circumstances or the environment. Extreme weather events, such as storms or flooding impacting buildings and technology, are an example of external risk.

Another external risk we have all absorbed is the Covid-19 pandemic, which caused significant disruption to HE organisations, impacting and even curtailing their ability to deliver instruction to students. These risks are outside the control of any organisation; yet still must be taken into account.

Strategic risks are the result of choices the institution has made. For example, selecting a new technology can have a significant ripple effect, introducing unknown risks into the institution.

Another sort of strategic risk is increased enrolment of international students. While this choice may bring in more income for the institution, it can result in more student failure if additional support for international students is not implemented.

Finally, preventable risks are internal risks, such as poor employee performance or process efficiencies which can be avoided.

Our focus for this blog is on avoidable risks and the processes the institution can develop to ameliorate them.

Risk Perception

To establish effective risk mitigation, it’s essential to recognise that risk can be perceived differently by various entities.


Improvisation refers to a range of techniques to prepare for and adapt to the unforeseen. Not just an individual action, this is something that organisations increasingly need to have the capacity for. There are four types of improvisations for managing risk: resistive, subversive, episodic and semi-structured. Which one a leader chooses to pursue will often be based on their perception of the risk at hand.

One example of resistive improvisation is when a department realises that the university is not meeting the needs of a particular group of students and works to rectify the problem by providing better support to that group. Resistive improvisation may also be damaging when instructors are unaware of the necessity of online teaching during a pandemic.

Subversive improvisation functions similarly – with individuals getting on with a particular task without detailed risk assessment. For example, instructors might choose to use Zoom for their teaching sessions rather than some other university-approved platform.

Episodic risk is event-related, while semi-structured risk exists due to the organisation’s overall structure.

Ideally, these different types of risk create tension among individuals and groups, stimulating and promoting innovation. For these improvisations to be successful, they must be consistent in action and intent across multiple departments.

Individual Risk Perception

As mentioned before, every individual has their own bias when evaluating risk. For one thing, we tend to reach for tools that are familiar and accessible to us rather than objectively choosing the tools most appropriate for the process.

In addition to individual bias, group bias also exists. Each team or group will tend to emphasise certain process elements more, in line with their usual responsibilities and objectives.

Typically, a primary goal is the compliance of delivery with management requests. [1]. All these individual and group biases can result in a managerial, process-driven approach which isn’t always the most efficient [2].

An excellent example of this problem is the use of spreadsheets to collect and aggregate data. A spreadsheet is dangerously vulnerable to individual risk perception because of the quantity and complexity of the data and the many possible ways to construct it in a spreadsheet. Where this data is the guiding force in many HEI decisions, it must be accurate and easy to understand.

Stakeholders and Managing Risk

Universities are large and complex – it’s almost impossible to record and communicate risk to all stakeholders accurately and meaningfully.

Often, organisations look at risk through a narrow lens, typically student numbers. However, numerous other unpredictable factors impact risk, for example, recruitment, enrolment, and onboarding practices. The recruitment of greater numbers of students can affect the risk of a certain percentage of students who may not complete their studies or may need additional support to do so. In addition, when rewards such as promotions depend on these metrics, this muddies the waters even more. Still, the ability to record and observe all of these risks is critical for senior management to make good decisions.

Risk Registers: RAID vs RADIO

Research strongly suggests that a real-time database solution makes more sense than the traditional practice of maintaining a mixture of Excel spreadsheets. Such a solution resolves issues of inconsistency in risk perception and communication to stakeholders.

The best solution is to replace the traditional Risk Assumptions Issues and Dependency (RAID) Logs with Risks Assumptions Dependency Issues and Opportunity (RADIO) Logs. This provides the senior leadership team with a big-picture view of risks balanced by opportunities, which can be accessed in real-time without awaiting the creation and amalgamation of spreadsheets.

Contract Management Practices

Commercial and procurement managers directly manage risks and minimise costs to their organisations through contracting practices.

There has been an ever-greater call from academics, software companies, and professional organisations to improve these practices. This call has been reiterated in the proposed Procurement Bill.

While compliance has been a primary focus for many, the new procurement regulations will challenge previous risk avoidance with the aim of delivering greater commerciality to our sector.

Historical approaches to contracting have resulted in poor loss control and increased risk with many projects. HEIs can actively achieve the best value by using the Southern Universities Purchasing Consortium (SUPC) to gain the best value in purchasing goods and services.  SUPC’s sister organisation SUMS Consulting can help introduce several improvements to your organisation.

These include:

  • Introducing the concept of crowdsourcing in the governance of contracts. The individual best able to certify compliance, either in the supplier or purchasing organisation, confirm compliance and the system informs all if there are issues in the Obligation Register.
  • Goodwill Registers
  • Claims and Disputes Registers
  • A calendar of events
  • Change Registers
  • Questions and Answers Register
  • RADIO log
  • Tools to Audit Contracts.
  • Procurement Maturity Assessments

The savings that universities and other public sector bodies can achieve are likely to be 9.2% [3] of their spending, which is the average loss organisations suffer through poor processes. SUMS Consulting seeks to work with you to use your existing software to provide the benefits of automation and transformation and deliver the cost benefits. For example, if you spend £100 million, you will save approximately £9.2 million, if you are an average-performing organisation.

SUMS Consulting recommends using a central, real-time database as they empower good governance of risks through RADIO logs, demonstrating the risks’ exposure in value and time together with a balancing sum in the form of opportunities. Such real-time data enables the Chief Financial Officer (CFO) to highlight if the institution needs to take action immediately to reduce risk.

When such central databases are applied to contracts, it allows the organisation to benefit from real-time information on the performance and compliance of those contracts, change controls the forward workforce planning of negotiations etc. It enables the CFO to see the cost implications of change controls, claims, and disputes, etc., in real-time, allowing them to make decisions as problems develop.

In Conclusion

Managing risk effectively requires collaborative behaviours and useful tools. Any risks inherent in decisions such as increasing enrolment or new construction projects must be easy to record and communicate to the senior leadership team in real-time. In this way, senior leadership become aware of changing risks as soon as they occur, empowering them to mitigate against the catastrophic failures resulting from unawareness of such dangers. No longer is the tanker at sea with no navigation; it now has radar and sonar.


*This content is based on a recent publication for the Innovation in Higher Education Teaching and Learning Journal by SUMS Associate Consultant Graeme Sloan and UEL Director of Education & Experience Rebecca Page-Tickell. Their paper Processes for Managing Risk in Higher Education is available here as a chapter in the journal’s Governance and Management in Higher Education Volume.

The SUMS Group works with universities across the UK to deliver effective and efficient services. Learn more about our procurement and consultancy services here.

[1] Thomas, L. (2002) Student Retention in Higher Education: The role of institutional habitus. Journal of Education Policy, 17 (4), 423-442

[2] Skelton, A. (2005) Understanding teaching excellence in higher education (Key Issues in Higher Education Series). Abingdon: Routledge.

[3] World Contract and Commercial Association research.

Other News