Data Risk Management

The Data Assurance Group has approved a toolkit to help members of the University assess the risk of completing data returns and set out a coherent process for doing so.  The process is outlined in the Flowchart of Risk Assurance for Data Returns (112kb) and in detailed guidance on Data Risk Management and Assessment (136kb).

For each return (which may be annual or at another frequency, which may be several years), a Risk Register should be completed at the start of compilation (normally at the point at which formal guidance has been issued and before embarking on compiling the return) and submitted to the Data Assurance Group for review at it next (termly) meeting.

For those returns presenting as high net risk (defined in the toolkit), or where the commissioning body requires the Vice-Chancellor to sign off the submission, a review should also be completed prior to submission and a copy sent to DAG.  Good practice would be to conduct a review even when not falling under these criteria to ensure that learning from one submission is available for the next occasion, although there is no requirement to submit this to DAG for those not having a high net risk of sign-off by the VC.

Both forms should also be sent to the Data Assurance Group (see below) at each stage to be included in the Group’s meeting papers.

Please see the following templates for assessing data risk:

Risk Register for Individual Data Returns (23kb)
Template for Assessing Data Risk (31kb)
Data Return Review Sheet (50kb)

 Please send copies of completed risk registers and review sheets to DAG via the Group’s Secretary: Kris Tiffen