Development of an Academic Risk Model to support Higher Education Quality Assurance

This paper presents a model of risk management in higher education, to support the quality assurance framework and the activities, more generally, of a Higher Education Institute. Its purpose is to define the Institute’s approach to academic risk and its management and to inform decisionmaking. Academic risk is defined and contextualized in terms of published literature. Decision-making and judgement is at the centre of all academic activities and accordingly inherent risk will always exist, through the exercise of judgement, the operation of academic policies and procedures and through compliance. A normative model of academic risk assessment is proposed, based on three levels: isolated academic risk, repeated academic risk and systemic academic risk. This is followed by a proposed model for action according to the level of risk. Finally the operation of the model in our higher education institute is presented.


Introduction
This paper presents a model of risk management, to support the quality assurance framework and the activities, more generally, of a Higher Education Institute (HEI). Its purpose is to define the Institute's approach to academic risk, its management and to inform decision-making.

Academic Risk
Risk management is key to the effective strategic management of any organization (Carmichael, 2016). Most often risk management relates to managing risk exposure and encompasses all facets of the organisation's strategy and operation. HEIs are exposed to a wide variety of risks including financial austerity, increased accountability, changing government policy, cybersecurity, reputation and quality assurance ((PWC) Coopers, 2018), so risk management is essential to their success (Kageyama, 2014), (Mukherjee, 2019). This has led to country-wide adoption of risk management for HEIs (Lucchese, Sannino, & Tartagli, 2020), (Edwards, 2012), (HEFCE, 2001).
Risk classification in a HEI has been collated excellently by (Teferra, 2019) and can depend on responsibility or functionality (Huber, 2009), ten responsibility areas defined by (Lundquist, 2015) or eight principle areas plus multiple minor areas of risk identified in ((PWC) Coopers, 2018).
In the context of this paper, risk means the academic risks associated with the core activities of the HEI across teaching and learning, research, engagement and the broader activities of the HEI that relate to knowledge creation, dissemination and usage. In identifying these risks, it is recognised that risk is an integral part of the activities of any HEI and that by providing a policy framework in this paper for understanding, identifying and responding to risk, the HEI actively seeks to understand and manage its activities in a coherent and consistent manner. Risk management in this paper focusses on how it may be of benefit in supporting the HEI's quality assurance framework and related activities. This work brings the focus to the benefits that could accrue in supporting the academic quality assurance framework.

Academic Decision-making
Decision-making and judgement is at the centre of all academic activities and accordingly inherent risk will always exist. This paper's aim is not to eliminate these risks, but rather to provide a framework for understanding the nature of the risks and for guiding activities to ensure the risks are addressed at both individual and organisational levels.
Broadly, academic decision-making will fall into the following categories: 1. Through the exercise of judgement in academic matters. Such judgement, by its nature, will require the specialist knowledge of the decision-maker (or makers) to be applied, often in a variable or unstructured set of circumstances. This judgement is particularly acute in circumstances such as the assessment of learners and the determination of award classifications bands. Ordinarily, the risks associated with the exercise of judgement is mitigated through extending the number of decision-makers (i.e. external examiners, examination boards) and by formulation of and transparency in the decision-making criteria (i.e. marking schemes). 2. Through the operation of academic policies and procedures. Any HEI has a well-developed and published set of regulations covering the academic activities of the institute. Notwithstanding this policy framework, decision-makers may encounter circumstances where the policy framework: a. encounters exceptions or unaccounted for situations; b. is considered ineffectual for the circumstance encountered; c. is not understood or applied properly.
It would be expected that issues arising from an effective policy framework should be minimal in nature. The HEI's Academic Council and its committee structures provide oversight to the operation of academic policy and procedures and are normally in a position to determine changes to or amendments necessary to adjust the policy framework as required, where legislative or operational changes occur, or where gaps in the policies are identified. It would be expected that in circumstances where the academic regulations are contested then the matter would ordinarily be referred to the normative policy making body before decisionmaking occurs.
3. Through compliance with academic standards. The HEI would normally have defined in many cases distinct standards that must be applied universally (for instance in entry requirements, degree awarding titles or structure of award classifications). Given the universality of the standard, the expectation is that such standards are applied consistently and without exception.

Normative Model of Risk Assessment
While significant complexity exists in any HEI's operating environment, there is nonetheless a set of expectations or norms around the outcomes expected with the activities of the Institute. These norms may vary from activity to activity and from discipline to discipline. Clear direction is required on the identification and reporting of deviations from these norms. This paper is not designed to establish these norms, but to recommend academic management structures to consider their own operations in the context of the norms expected of their activities and to appropriately act upon and report upon exceptions.

Development of an Academic Risk Model to support Higher Education Quality Assurance
Exceptions might be noted in terms of: 1. Academics making an error of judgement or going too far in the exercise of their judgement; 2. Situations not accounted for in the HEI's policies, where a response occurs which is out of kilter with the ethos, spirit or Quality Assurance culture of the HEI; 3. Misunderstanding of the HEI's policies leading to mistaken measures being taken.
Academic risks can be considered at three levels, which are defined as follows: 1. Isolated academic risk: This represents a single or isolated incidence (whether deliberate or accidental) that occurs in a manner whereby the expectation of this being repeated by the same or other individuals would normally be considered to be limited. In this respect, isolated academic risks are somewhat akin to quasirandom events or variations that will effectively rectify themselves and are unlikely to require further actions. 2. Repeated academic risk: This represents a repeated incidence, either by the same individual or other individuals (whether deliberate or accidental), which signifies that the expectation of continued occurrence cannot be considered as limited, but neither can it be considered as systemic. In this respect, an actionable academic risk represents an event(s) or variation(s) that requires some action to ensure that it does not become a systemic risk. 3. Systemic academic risk: This represents a repeated incidence, either by the same individual or other individuals (whether deliberate or accidental), which indicates a continuing or recurring cycle of occurrences that are at a systemic level within the organisation or parts of the organisation. In this respect, a systemic academic risk represents an event(s) or variation(s) that requires immediate action at a suitably senior level or levels to rectify.

Action required for relevant level of risk
The type and extent of intervention for any risk level should be proportionate to the impacts the incident might have on the operations of the HEI and particularly for good governance and reporting. Actions should therefore represent an escalating onerousness of action and reporting, as the risks move from low to high, in an appropriate manner. Table 2 sets out the proposed requirements and responsibilities of academic decision-making areas for the HEI as a whole. Record the incident and the steps taken to avoid its recurrence.
Notify the decision-making area and request that they put in place measures to avoid re-occurrence.

Medium Orange
Risk incident should be reported to Academic Council (via the Registrar) with details of any actions taken.
Academic Council should approve intervention (with relevant area, if appropriate) to avoid re-occurrence and provide for its implementation.

High Red
Risk incident should be reported to Academic Council (via the Registrar) with details of any actions taken.
Academic Council should approve intervention (with relevant area, if appropriate) to avoid re-occurrence and provide for its implementation. Council shall report the incident to Governing Body.

Academic Risk Structures
The Academic Council's Quality Committee should be the owner of the policy and provide for its implementation. To achieve this, the Quality Committee could establish a subcommittee, an Academic Risk and Compliance Committee, to manage the operation and implementation of the policy.
The Academic Risk and Compliance Committee should monitor and report on the risks that emerge under this policy and should: 1. Consider incidents and classify them in accordance with this policy; 2. Refer incidents to appropriate bodies within the institute for action as the committee deems appropriate; 3. Monitor and report on incidents.
The committee should meet at least once a semester, but may be required to meet more often to deal with specific items referred to it from time to time.

Referring items to the Academic Risk and Compliance Committee
Items may be referred to the committee for consideration for a number of reasons and through a number of channels, commensurate with the complexity of managing risk in an academic environment and with the normative model of risk assessment. Possible referral routes are as follows: 1. Where areas making academic decisions become aware of reporting obligations under the policy they should communicate those concerns to the risk and compliance committee through the Office of the Registrar; 2. Academic Council committees or sub-committees may refer matters directly to the Academic Risk and Compliance Committee; 3. Individuals may make the Academic Risk and Compliance Committee aware of particular circumstances or incidences by communication in writing to the Committee through the Office of the Registrar; 4. If there is any doubt whether a matter should be referred to the Academic Risk and Compliance Committee, then guidance should be sought, in the first instance, from the Office of the Registrar.

Reporting
The Academic Risk and Compliance Committee should report annually to the Academic Quality Committee and Academic Council on the activities of the Committee over the past year in summary form.
School or Faculty Boards and Academic supports, including the Offices of the Registrar, the International Office, and the Research Office should report annually that they have complied with the Academic Risk Policy.

Conclusion
A model of academic risk management in higher education has been presented in this work. The model requires a HEI to consider its approach to academic risk and its management and how this can inform decision-making. The importance of academic independence and the inherent associated risks in decision-making and judgement is recognised and preserved, by acknowledging that there will always therefore be an inherent risk, through the exercise of judgement, in the operation of academic policies and procedures and in compliance. The paper also presented a normative model of academic risk assessment, based on three levels: isolated academic risk, repeated academic risk and systemic academic risk, with a proposed model for action according to the level of risk.