Code of Practice for Council Members

13 Code of Practice for Council Members 10 2. The Regulation of Resource Management 2.1. One-line Budget The funding source of one-line budget is from UGC and thus grant must be used within the ambit of UGC-fundable activities. As such, there should be no cross-subsidization of UGC resources to non-UGC-funded activities. Under this funding model, the budget-holders have considerable autonomy in the use of resources within their one-line budgets. The University administration has less control on the outcome of the spending but is responsible to the Council for the proper use of funds. The University expenditure is also subject to the scrutiny of UGC and the Director of Audit. To strike a balance between flexibility and control, some budgetary requirements have to be imposed on the one-line budgets. The Bursar is delegated with the authority to vet spending application from units operating with one-line budgets subject to the prevailing UGC guidelines, University regulations, auditing requirements and standards. 2.2. Risk Management, Control and Governance The University considers that an essential element of any framework for corporate governance is an effective approach to risk management. Risk management is a process which provides assurance that objectives are more likely to be achieved; damaging effects will not happen; and benefits will be achieved. The University has been managing risks for a long time to ensure that reputation is not tarnished or financial viability/ implication not overlooked while seizing new opportunities. In 2016, the University has adopted a more formal approach to risk management, in terms of both policy and process, so that risk assessment becomes an integral part of the decision-making process. A Risk Management Committee has been established to ensure the risks are properly managed (i.e. involving risk identification, risk assessment, risk mitigation and reporting to the Council) to achieve the University’s objectives. Although the Council is ultimately responsible for the risk management process, the Audit Committee also has a role in monitoring the University’s risk management process, especially in ensuring the effectiveness of the risk management policy, advising any changes or enhancement to key elements of its process, and assuring the Council that best practices in corporate governance are followed in relation to the effective risk management.