skip to content


The University uses the following definitions relating to risk and risk management:

  • Risk is the threat or opportunity that an action or event will adversely or beneficially affect the University's ability to meet its objectives.
  • Risk management is the process by which risks are identified, assessed, prioritised and managed in order to support well-informed decision-making and maximise the realisation of opportunities across the University.
  • Risk appetite is the level of risk that the University is willing to pursue or retain.
  • Risk tolerance is the degree of variation - the latitude - in outcome that the University is willing to accept with regard to managing the respective risk. 

At Cambridge, risks can be seen to exist at different levels:

  • Corporate or strategic level, i.e. those monitored by the senior leadership team on behalf of the Council;
  • School and Non-School institution level;
  • Faculty and/or Department level; and
  • Project level.

The University's risk management framework and associated risk management policy set out how risks should be managed and recorded at the University, School, NSI and institution level. Specific guidance for Schools and Non-School Institutions can be found in section 5 of the risk management framework. 


An online training module providing an introduction to the principles of risk management is available for all members of staff at the University. The course is aimed at staff across the University who have any involvement in producing risk registers or who would like a general introduction to the principles of risk management. Visit the PPD webpages to book yourself onto the online training course.