Risk Management Policy

Risk Management Policy


York University intends to identify and manage its institutional risks in support of its objects and mission; not to eliminate risk, but rather to ensure that existing and emerging risks are identified and managed in a balanced manner.

Institutional risks include circumstances, both realized and anticipated, which have or reasonably could be expected to have a material effect on the University’s ability to set and pursue its goals as they are established from time to time.

The University will develop and maintain institutional risk management procedures to identify, control and manage its risks and report annually to the Board of Governors on risk assessment and management.


The Board of Governors is responsible for overseeing the management of risk. The Board Finance and Audit Committee acts on behalf of the Board to confirm the identification and effective management of the University's risks.

The President and Vice-Chancellor is responsible for identifying and managing the risks to the University by developing and implementing the overall risk management approach, policies, processes, systems, controls and reporting; and for implementing a risk management culture and capability necessary to execute risk management strategies.

The University's employees and students are responsible for working within University policies, alerting management to emerging risks or control weaknesses, and assuming responsibility for risks and controls within their own areas of responsibility.


See York University Enterprise-wide Risk Management Framework (under development)