Historical Background
Initially risk management was a unit at the Office for Strategy and Institutional Change (OSIC). And reports on risk were presented at the Audit and Risk Committee meeting. However, on 26th of November 2020, there was a proposal on the separation of “audit” and “risk” oversight functions. Hence the development of a separate committee for risk oversight duties, and an office that oversees risk.

The University Risk Management Committee (URMC) was established on the 25th of May 2021, at the Board of Governors Meeting No. 60. In lieu of that, the Risk Management Office was also established and is required to report directly to the URMC. Whilst for administrative reporting is to the Rector.

Functions of URMC
The URMC overviews and decides the effective implementation of the University’s risk management framework and decides the risks’ mitigation progress. As stated in the IIUM Risk Management Policy (Revised 2021).

Whilst the Risk Management Office (RMO) is to manage the risk management process on a day-to-day basis. The Office will be assisted by the Risk Management Working Committee (RMWC) to formulate and maintain the University’s Risk Management Policy, Framework and Guidelines.

Rights of URMC
Among the rights of URMC is to have full and unrestricted access to information and resources which are required to perform their roles and functions. Further, they may also obtain any independent professional advice if deemed necessary.