Risk-management practices for effective management of risk in research universities

This study proposes risk-management practices (RMPs) that are suitable for effective risk management in research universities (RUs) in Malaysia. Based on process theory and risk-management implementation in various industries, five practices of risk management—risk governance and management systems (RGMS), risk identification (RI), risk analysis and evaluation (RAE), risk-mitigation strategy and control (RMSC), and risk monitoring and communication (RMC)—are proposed to manage risks effectively in the RU setting. The proposed RMPs are a result of two stages of instrument development, as well as factor analyses that were employed to determine suitable practices of risk management in the RU setting. Self-administered questionnaires were used to collect data, with 288 completed questionnaires collected from the senior administrators of RUs. Exploratory and confirmatory factor analysis (CFA) validated that the five RMPs should be systematically applied to ensure all risks are effectively mitigated and managed. This study provides specific RMPs that capture appropriate methods for effective risk-management implementation in the RU setting.