Risk management Report 2018

RISK MANAGEMENT REPORT Academic Year 2018 RISK MANAGEMENT COMMITTEE JULY , 2019 1

Summary of Risk Management Report Academic Year 2018 (1 August 2018 – 31 July 2019) Assumption University has monitored and assessed the results of risk management academic year 2018, by committee of risk management who is responsible in formulating policies and guidelines of risks that could have an effect on university’s success. This includes risk analysis which helps to control risks in an acceptable level. Furthermore, providing proper activities, then monitoring and assessing the results of risk management regarding with the university measure. Moreover, the university is emphasized on higher education audit guidelines to be related with the quality assurance system of the university. The results on monitoring and assessing risk management academic year 2018; there are 4 categories as follows: Risk Category Risk Analysis Residual Risk Before mitigation After mitigation Specific Risk 1. Strategy 2. Operations 3. Student Graduation 4. Finance 5. People 6. Reputation Likelihood (1-5) Impact (1-5) Risk Factor Matrix Result (Likelihood xImpact) Likelihood (1-5) Impact (1-5) Remaining Risk Factors 1. Rapid dissemination of misinformation that x - - - - - 4 4 16 3 4 12 misleads and adversely impacts on the University’s image 2. Shortage of financial resources x x - x - - 4 5 20 3 4 12 3. Inefficient and vulnerable ICT systems - x- - - - 4 5 20 4 4 16 4. Catastrophe i.e. Fire, flood, earthquake, - x- - x x 1 5 5 1 4 4 collapse of building, epidemic 1

Risk Evaluation Academic Year 2018 Risk Category Risk Analysis Mitigation Residual Risk Before mitigation After mitigation Specific Risk 1. Strategy 2. Operations 3. Student Graduation 4. Finance 5. People 6. Compliance Likelihood (1-5) Impact (1-5) Risk Factor Matrix Result (Likelihood xImpact) Project (OYPB) Likelihood (1-5) Impact (1-5) Remaining Risk Factors 1. Rapid dissemination of misinformation that x x4 4 16 1) Issue regulations and/or 3 4 12 misleads and adversely impacts on the guidelines regarding University’s image information and communication technology (ICT) security for network and information system users of Assumption University 2) Raise awareness of and educate AU students and personnel regarding computer-related offences Act (No. 2) B.E. 2560 3) Set up “Corporate Communications” unit 2. Shortage of financial resources xx x 45 20 1) Increase participation in 3 4 12 oversea educational exhibition 2

Risk Category Risk Analysis Mitigation Residual Risk Before mitigation After mitigation Specific Risk 1. Strategy 2. Operations 3. Student Graduation 4. Finance 5. People 6. Compliance Likelihood (1-5) Impact (1-5) Risk Factor Matrix Result (Likelihood xImpact) Project (OYPB) Likelihood (1-5) Impact (1-5) Remaining Risk Factors 2) Establish new MOU and make effective use of current MOU 3) Develop student retention plan and ensure effective implementation 4) Develop financial and long-term business plan and ensure effective implementation 5) Develop and promote alternative souces of income 6) Develop & offer new programs which are in demand and close programs which are outdated & not in demand 3

Risk Category Risk Analysis Mitigation Residual Risk Before mitigation After mitigation Specific Risk 1. Strategy 3. Inefficient and vulnerable ICT systems 2. Operations 3. Student Graduation 4. Finance 5. People 6. Compliance Likelihood (1-5) Impact (1-5) Risk Factor Matrix Result (Likelihood xImpact) Project (OYPB) Likelihood (1-5) Impact (1-5) Remaining Risk Factors x 45 20 1) Formulate plans and 4 4 16 implement the drills regarding ICT threat prevention 2) Formulate a Business Continuity Plan (BCP) to handle the attacks by ICT malicious mischief 3) Raise awareness of and educate AU students and personnel regarding ICT threat prevention according to the specified plan 4) Enhance and optimise backup bandwidth 5) Establish feasible backup link, both between campuses and external links 4

Risk Category Risk Analysis Mitigation Residual Risk Before mitigation After mitigation Specific Risk 1. Strategy 2. Operations 3. Student Graduation 4. Finance 5. People 6. Compliance Likelihood (1-5) Impact (1-5) Risk Factor Matrix Result (Likelihood xImpact) Project (OYPB) Likelihood (1-5) Impact (1-5) Remaining Risk Factors 6) Procure essential network infrastructure and / or equipment for efficient & feasible systems 7) Carry out proper and sufficient maintenance of network infrastructure and/or equipment 8) Survey and analyze demand of users 9) Replace obsolete equipment by proper equipment which is essential to work performance 5

Risk Category Risk Analysis Mitigation Residual Risk Before mitigation After mitigation Specific Risk 1. Strategy 2. Operations 4. Catastrophe i.e. Fire, flood, earthquake, 3. Student Graduation collapse of building, epidemic 4. Finance 5. People 6. Compliance Likelihood (1-5) Impact (1-5) Risk Factor Matrix Result (Likelihood xImpact) Project (OYPB) Likelihood (1-5) Impact (1-5) Remaining Risk Factors x xx1 5 5 1) Formulate response plans 1 4 4 and implement the drills regarding fire, flood, earthquake, collapse of building, epidemic 2) Formulate a Business Continuity Plan (BCP) for an uninterrupted operation 3) Exercise the drills of security guards regarding various emergency cases 6