Exploring Enterprise-Wide Risk Management System in Higher Education



sustainability; risk management; process improvement; higher education institution; regulatory compliance; educational governance


The purpose of this case study research paper is to provide unique and in-depth data and understanding of Enterprise-Wide Risk Management within the real-world context of a private HEI. The research presented adoption of risk management practices within a UK higher education (HE) setting that demonstrates the evolution of processes towards enterprise-wide educational governance in support of a sustainable HE sector. Effectively managing enterprise wide risk ensures sustainability is on the governance agenda.  Within this research paper a wide spectrum of risk management practices and theories is assessed and a case study review shows a mature adoption, over time, of a holistic approach to managing risk. This research paper therefore, provides valuable lessons learned and gives practical guidance for policy makers, governors and senior management in Higher Education Institutions (HEIs).  The case study organisation provides a best practice view of enterprise-wide risk management system taking guidance from global standards, national regulatory bodies, universities, colleges and experts in risk management from all levels.  The main gap in current published knowledge presented is that the drivers for successfully implementing sustainable risk management in the HE sector are not known. The research questions have led the inquiry to provide three contributions to a better understanding of adopting Enterprise-Wide Risk Management in HE with a new roadmap for implementation; thematic direction for governance; and six drivers for successfully implementing sustainable risk strategies.


AGB and UE. (2009). The state of enterprise risk management at colleges and universities today. Association of Governing Boards of Universities and Colleges, United Educators.https://www.vsu.edu/files/docs/internal-audit/the-state-of-enterprise-risk-manangement-at-colleges-and-universities-today.pdf

AGB and UE. (2014). A wake-up call: Enterprise risk management at colleges and universities today a survey by the association of governing boards of universities and colleges and united educators. United Educators. https://agb.org/reports-2/a-wake-up-call-enterprise-risk-management-at-colleges-and-universities-today/

Alvarez-Santos, J., Miguel-Dávila, J-A., Herrera, L., & Nieto, M. (2017). Safety management system in TQM environments. Safety Science, 101, 135-143. https://doi.org/10.1016/j.ssci.2017.08.019

Bamber, C. (2005, April 5). Beyond the quality management paradigm – A UK case study perspective on corporate social responsibility [Paper presentation]. 49th Annual Congress of the European Organisation for Quality „EOQ”, Antalya, Turkey.

Bamber, C., Castka, P., & Sharp, J. M. (2004). Implementing effective corporate social responsibility and corporate governance: A framework. BSi Publications.

BIS. (2012a). Government response: Consultations on students at the heart of the system-a new fit for purpose regulatory framework for the higher education sector. Department for Business, Innovation and Skills. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/32405/12-890-governmentresponse-students-and-regulatory-framework-higher-education.pdf

BIS. (2012b). Applying student number controls to alternative providers with designated courses. Department for Business, Innovation and Skills. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/32725/12-1292-applyingstudent-number-controls-consultation.pdf

BIS. (2013). Privately funded providers of higher education in the UK. Department for Business, Innovation and Skills. https://www.gov.uk/government/publications/privately-funded-providers-of-higher-education-in-the-uk

Bratianu, C. (2023). Designing knowledge dynamics: Exploring its meaning and interpretations. Management Dynamics in the Knowledge Economy, 11(2), 100-111. https://doi.org.10.2478/mdke-2023-0007

Bratianu, C. (2020). Designing knowledge strategies for universities in crazy times. Management Dynamics in the Knowledge Economy, 8(3), 209-223, https://doi.org.10.2478/mdke-2020-0014

Bratianu, C. (2018). A holistic approach to knowledge risk. Management Dynamics in the Knowledge Economy, 6(4), 593-607. https://doi.org.10.25019/mdke-6.4.06

Bratianu, C., & Pinzaru, F. (2015). University governance as a strategic driving force. In J.C. Dias Rouco (Ed.), Proceedings of the 11th European Conference on Management, Leadership and Governance (pp.28-35). ACPI.

Bolisani, E., & Bratianu, C. (2018). Emergent knowledge strategies: strategic thinking in knowledge management. Springer International Publishing.

Castka, P., Bamber, C. J., Bamber, D. J., & Sharp, J. M. (2004). Integrating corporate social responsibility (CSR) into ISO management systems–in search of a feasible CSR management system framework. TQM Magazine, 16(3), 216-224. https://doi.org/10.1108/09544780410532954

Coman, A., & Rone, B. (2009). Focused SWOT: diagnosing critical strengths and weaknesses. International Journal of Production Research, 47(20), 5677-5689. https://doi.org/10.1080/00207540802146130

Cremonini, L., Westerheijden, D., Benneworth, P., & Dauncey, H. D. (2014). In the shadow of celebrity? World-class university policies and public value in higher education. High Educ Policy 27(3), 341–361. https://doi.org/10.1057/hep.2013.33

Crockford, G. N. (1982). The bibliography and history of risk management: Some preliminary observations. The Geneva Papers on Risk and Insurance, 7, 169-179. https://doi.org/10.1057/gpp.1982.10

Committee of University Chairs. (2009). Guide for members of higher education governing bodies in the UK: Incorporates the governance code of practice and general principles, committee of university. HEFCE. https://bcuassets.blob.core.windows.net/docs/CUC-Governance-Code-of-Practice.pdf

Dali, A., & Lajtha, C. (2012). The gold standard. EDPACS, 45(5), 1-8. https://doi.org/10.1080/07366981.2012.682494

Di Gerio, C., Fiorani, G., & Paciullo, G. (2020). Fostering sustainable development and social responsibility in higher education: The case of the tor Vergata university of Rome. Management Dynamics in the Knowledge Economy, 33(8), 31-44. https://doi.org/10.2478/mdke-2020-0003

Harrington, S., & Niehaus, G. R. (2003). Risk management and insurance. McGraw-Hill.

HEFCE. (2001). Risk management: a guide to good practice for higher education institutes, Higher Education Funding Council for England, London. HEFCE.

HEFCE. (2003). Good practice checklist for assessing risk management in HEIs, Higher Education Funding Council for England, London. HEFCE.

HEFCE. (2005). Risk management in Higher Education, Higher Education Funding Council for England, London. HEFCE. https://dera.ioe.ac.uk/id/eprint/5600/1/05_11.pdf

HEFCE. (2013). Letter to all Heads of HEFCE-funded higher education institutions and Heads of universities in Northern Ireland HEFCE’s: Accounts Direction to higher education institutions for 2013-14 financial statements. HEFCE. http://www.hefce.ac.uk/media/hefce/content/pubs/2013/CL,252013/CL2013_25.pdf

Hillson, D. (2005, August). Why risks turn into surprises. Risk Doctor Briefings. http://www.risk-doctor.com/pdf-briefings/risk-doctor16e.pdf

Hommel, U., & King, R. (2013). The emergence of risk-based regulation in higher education Relevance for entrepreneurial risk taking by business schools. Journal of Management Development, 32(5), 537-547. https://doi.org/10.1108/02621711311328309

Hommel, U., Li, W., & Pastwa, A. (2016). The state of risk management in business. Schools. Journal of Management Development, 35(5), 606 – 622. https://doi.org/10.1108/JMD-08-2014-0088

Huber, M., & Rothstein, H. (2013). The risk organisation: Or how organisations reconcile themselves to failure. Journal of Risk Research, 16(6), 651-675. doi:10.1080/13669877.2012.761276

ISO. (2018, February). Quality management systems. Requirements, Guidelines BS EN ISO 900:2015. ISO Publication. https://www.iso.org/standard/65694.html

ISO. (2018 February). International standard ISO 31000: 2018 Risk management – guidelines. ISO Publication. https://www.iso.org/standard/65694.html

Jacobson, M., & Azzam, T. (2018). The effects of stakeholder involvement on perceptions of an evaluation’s credibility. Evaluation and Program Planning, 68, 64–73. https://doi.org/10.1016/j.evalprogplan.2018.02.006

Johnson, W. (2012, November 28). Bogus student warnings ignored. The Telegraph.

Kim, S. D. (2012, October 23). Characterizing unknown unknowns. Project Management Institute. https://www.pmi.org/learning/library/characterizing-unknown-unknowns-6077

Koch, D-J., & Schulpen, L. (2018). An exploration of individual-level wage effects of foreign aid in developing countries. Evaluation and Program Planning, 68(C), 233-242.

Lascelles, D., & Dale, B. G. (1993). The road to quality. IFS Publishers.

Liao, H., & Hitchcock, J. (2018). Reported credibility techniques in higher education evaluation studies that use qualitative methods: A research synthesis. Evaluation and Program Planning, 68, 157-165. https://doi.org.10.1016/j.evalprogplan.2018.03.005

Lincke, S. J., & Khan, F. (2019). Ethical management of risk: active shooters in higher education. Journal of Risk Research, 23(12), 1562-1576. https://doi.org/10.1080/13669877.2019.1687575

Lu, Y., Teng, F., Zhou, J., Wen, A., & Bi, A. (2013). Blood management: Failure mode and effect analysis in blood transfusion: a proactive tool to reduce risks. Transfusion. Wiley online library, 53(12), 3025-3283

Mcshane, M. (2018). Enterprise risk management: history and a design-science proposal. The Journal of Risk Finance, 19(2), 137-153. https://doi.org/10.1108/JRF-03-2017-0048

Mirfenderesk, H., & Corkill, D. (2009). The need for adaptive strategic planning: Sustainable management of risks associated with climate change. International Journal of Climate Change Strategies and Management, 1(2), 146-159. https://doi.org/10.1108/17568690910955612

The Office for Students. (2018, January 8). New universities regulator comes into force. News Story. https://www.gov.uk/government/news/new-universities-regulator-comes-into-force

OLC. (2018). Internal quality audit report June. Not available for public view. OLC Europe.

PCW. (2005). Risk management in higher education: A guide to good practice. PricewaterhouseCoopers. https://dera.ioe.ac.uk/id/eprint/5600/1/05_11.pdf

Popov, D. (2023, June 14). UK higher education and Covid-19. Frontier Economics. https://www.frontier-economics.com/uk/en/news-and-articles/articles/article-i7536-uk-higher-education-and-covid-19/#

QAA Report. (2018). Higher education review of alternative providers for OLC Europe t/a Organisational Learning Centre. QAA Educational Oversight. https://www.qaa.ac.uk/reviewing-higher-education/quality-assurance-reports

Raban, C. (2011). Talking about quality risk and regulation. The Quality Assurance Agency for Higher Education.

Rasche, A., & Gilbert, D. U. (2015). Decoupling responsible management education: Why business schools may not walk their talk. Journal of Management Inquiry, 24(3) 239-252.

Lozoya-Santos, J. d. J., Jorge de J. G. l., Brenda, E., Vargas-Martínez, A., Molina-Gaytán, I. E., Román-Flores, A.R.M., & Morales-Menendez, R. (2019, April 8-11). Knowledge generation in higher education institutions [Paper presentation]. Global Engineering Education Conference „EDUCON”, Dubai, United Arab Emirates. https://doi.org/10.1109/EDUCON.2019.8725273

Sharma, S., & Pratap, R. (2013). A case study of risks prioritization using FMEA method. International Journal of Scientific and Research Publications, 3(10) 1-4.

Stake, R. (1995). The art of case study research. Thousand Oaks.

Tayeb, O., Adnan, Z., & Jozef, R. (2016). Becoming a world-class university: The case of King Abdulaziz university. Springer International Publishing. https://doi.org/10.1007/978-3-319-26380-9

TEQSA. (2018). The Tertiary Education Quality and Standards Agency: Regulatory risk framework. Tertiary Education Quality and Standards Agency.

Thomas, H., Lorange, P., & Sheth, J. (2013). The Business School in the twenty-first century: Emergent challenges and new business models. Cambridge University Press.

Travers, M. (2001). Qualitative research through case studies. Sage Publishing.

Venkatraman, S. (2007). A framework for implementing TQM in higher education programs. Quality Assurance in Education, 15(1), 92-112. https://doi.org/10.1108/09684880710723052

Vengrin, C., Westfall-Rudd, D., Archibald, C., Rudd, R., & Singh, K. (2018). Factors affecting evaluation culture within a non-formal educational organization. Evaluation and Program Planning 69, 75–81. https://doi.org/10.1016/j.evalprogplan.2018.04.012

Williams, A., & Heins, M. H. (1995). Risk management and insurance. McGraw-Hill.

Williams, T. M. (1994). Using a risk register to integrate risk management in project definition. International Journal of Project Management, 12(1), 17-22.

Woodhouse, K. (2015, September 27). Closures to triple, the inability of small colleges to increase their revenue will result in triple the number of closures in the coming years, a new Moody's report projects. Inside Higher Ed. https://www.insidehighered.com/news/2015/09/28/moodys-predicts-college-closures-triple-2017

Yin, R. K. (2008). Case study research: Design and methods. Applied Social Research Methods Series.




How to Cite

BAMBER, C. (2023). Exploring Enterprise-Wide Risk Management System in Higher Education. Management Dynamics in the Knowledge Economy, 11(3), 267–285. Retrieved from https://www.managementdynamics.ro/index.php/journal/article/view/542