This directive is issued on the basis of clause 11 of § 11 of the Statutes of Tallinn University of Technology.
1. Risk management at Tallinn University of Technology (hereinafter referred to as ‘the university’) is based on generally accepted management practices and recognised principles of risk management.
2. I hereby approve the university’s risk matrix, which includes strategic and sectoral risks. Each risk shall have a designated risk owner responsible for keeping the risk description up to date, planning risk management measures, and ensuring their implementation. Risk management measures are actions intended to reduce the likelihood or impact of a risk materialising, as well as actions taken when a risk materialises to manage its consequences. Each risk shall be assigned a responsible manager who establishes priorities within their area of responsibility, decides on the allocation of the necessary resources, accepts any residual risks, and oversees the activities and reporting of the risk owner (Annex 1).
3. The head of each structural unit (including a dean, director, or head of a support unit) shall map the risks within their unit and area of responsibility whenever a significant organisational change occurs, or at least once a year as part of regular monitoring; plan risk mitigation and risk response measures; and monitor their implementation. If a sectoral risk cannot be managed at the level of the structural unit, the head of the structural unit shall inform the quality manager.
4. The Rectorate Strategy Office:
4.1 prepares and updates the risk matrix containing the university’s strategic and sectoral risks at least once a year;
4.2 coordinates the calibration of university-wide risks and the planning of risk mitigation measures in accordance with the risk management process, and submits them to the Rector for approval;
4.3 monitors high-rated and university-wide risks annually as part of the annual monitoring process;
4.4 provides recommendations and guidance to risk owners on risk analysis to ensure the consistent description and management of risks.
5. The university’s risk matrix and information related to risk management shall be published on the university’s intranet.
6. I hereby repeal the Rector’s directive No 27 of 24 July 2024 “Risk Management”.
7. The directive shall enter into force upon signature.