skip to content

Governance and Compliance Division



The University uses the following definitions relating to risk and risk management:

  • Risk is the threat or opportunity that an action or event will adversely or beneficially affect the University's ability to meet its objectives.
  • Risk management is the process by which risks are identified, assessed, prioritised and managed in order to support well-informed decision-making and maximise the realisation of opportunities across the University.
  • Risk appetite is the level of risk that the University is willing to pursue or retain.

At Cambridge, risks can be seen to exist at different levels:

  • Corporate or strategic level, i.e. those monitored by the senior leadership team on behalf of the Council;
  • School and Non-School institution level;
  • Faculty and/or Department level; and
  • Project level.

The University's Risk Management Framework and associated Policy set out how risks should be managed and recorded at the University, School, NSI and institution level. 

Additional guidance for Schools and Non-School Institutions has been produced, a copy of which can be found below:


A new online training module, Introduction to the principles of risk management at the University of Cambridge, is available for all members of staff at the University. The course is aimed at staff across the University who have any involvement in producing risk registers or who would like a general introduction to the principles of risk management. 

A risk management training seminar is run twice a year by the Governance and Compliance Division via PPD. Further details can be found here.