To ensure Business Continuity is appropriately regulated, it is necessary that it falls under the University's governance structure. This structure is shown below.
Risk, Compliance and Ethics Committee. This Committee is a formal sub-committee of the UMB and is responsible to the UMB for the delivery of Business Continuity across the University. Business Continuity makes regular reports to the Committee. It reviews key Business Continuity documents prior to approval at UMB. The Committee will monitor the performance of Business Continuity across the University and support its delivery, communicating the importance of effective Business Continuity. The Committee meets quarterly.
Audit and Risk Committee. This Committee reports to the Council. Its primary role is to review the effectiveness of internal control systems, risk management and corporate governance arrangements. It escalates concerns to the Council who will direct UMB. It will work with Internal Audit to undertake audits of Business Continuity as required. The Committee meets four times a year.
University Management Board (UMB). The UMB is responsible for approving the Business Continuity Policy. Individual members of the UMB are responsible for ensuring that their own areas have effective Business Continuity Plans. UMB meets monthly and is the guiding coalition advising the President on all major strategic, policy and operational issues.
The Risk, Compliance and Ethics Committee is supported by a Business Continuity Operational Review Group (Terms of Reference) that reviews minor incidents, which frequently occur throughout the College. This purpose of this group is to identify gaps and systemic failures in processes, gather and identify lessons learnt and advise the Committee on where changes to procedures might be appropriate.
In the event of a major incident, a Major Incident Review senior group will be established to review how the incident occurred and how the response and recovery was managed. This group will identify lessons learnt in order to protect us from future incidents and improve our procedures (Terms of Reference).