HKUST Annual Report 2016-17

82 HKUST 2016-2017 Annual Report Reputational Risks The University strives to be a leader in education and research and it is essential it maintains an excellent reputation in these areas and is able to attract and retain the best global talents including students, faculty and staff. The University has broad and robust risk mitigation and assurance in academic areas including the quality of its faculty and UGC’s direct review and assessment. In particular, the University undergoes periodic exercises such as ADP, RAE and QAC audits, each containing a broad range of topics including SWOT analysis. Some of the academic endeavors, such as research and growing parts of knowledge transfer, services and education, are also open to international benchmarking and peer review. The University places high importance on full compliance with all relevant regulatory requirements, whether academic, operational, accounting, legal, tax, environmental, building code or the specific requirements of funders. It would not knowingly breach any requirements. The key mitigations are the employment of seasoned and qualified staff to ensure compliance, use of professional advisers whenever required, internal control procedures and independent audit. It is essential that the University upholds the standards expected of a publicly funded institution. The University has a comprehensive code of conduct policy that all its members must comply with. Student welfare, on and off campus, is paramount and the University has implemented various measures to identify and manage any concerns of students. These include confidential access to team of professionally trained counselors if required. Risks to Operations The University has set itself high academic and non-academic standards, consistent with those of a world-class institution. It strives to ensure its facilities and infrastructure are meeting the expected standard and available at all times. Inevitably there are occasions when the availability or quality of facilities and infrastructure is below the expected standard but this is mitigated by a comprehensive programme of preventative maintenance and in-built infrastructure resilience. Despite all planning and risk management, the University is vulnerable to a disaster whether naturally occurring or deliberately instigated. The University has the key components of a disaster recovery plan already developed, including tested emergency response procedures and restoration of back-up IT systems if necessary. The University is a complex campus where staff and students, live, work and study with continuous activity to maintain and expand campus facilities. The University has an on-campus medical facility, able to respond to any situations. All contractors on site must comply with Hong Kong Healthy and Safety standards. University sports facilities are suitably supervised with users receiving appropriate training if necessary. Some University operations require the use of hazardous materials, which can cause serious injury or death if not managed correctly. The University has a comprehensive Environmental Health & Safety (EHS) management program designed to manage this risk. As an open community, the University is vulnerable to unauthorized penetration of its IT networks, applications and data with potentially serious consequence. The University has a comprehensive cyber security policy and has implemented a variety of security measures including a dedicated team monitoring compliance with policy and any incidents. The University uses external service providers to perform intensive IT audits periodically. The University has identified the creation of a performance culture as a strategic priority. Ensuring the buy-in of all staff to performance expectations and the related change program and maintaining staff morale during this time is a key risk. This is mitigated by a performance incentive for academic staff and broad staff engagement to communicate the rationale of strategies.