8.4 Risk Management

Tilburg University uses the three-line model. Since 2021, Tilburg University’s risk management system has been based on the ISO 31000 Risk Management Framework, supplemented by the Kaplan-Mikes model.

Risks are an inherent part of organizational action. Adequate risk management is rooted in “hard controls” (e.g., governance, processes, procedures, and guidelines), as well as well in the “soft controls” (i.e., culture and behavior).


The governance structure of the foundation is established in the structure regulations, which are further elaborated in the Management and Control Regulations, and it is based on integrated management at the decentralized level. As the internal supervisor, the Board of Governors is charged with approving the strategy and budget, as well as with adopting the annual report, and it is closely involved in major policy decisions. The Audit Committee oversees the presence and operation of the systems and processes for internal control and finance. The Education, Research, and Impact (OO&I) Committee supervises the primary processes.

The EB has mandated the duties and powers for teaching and research—to the extent that this does not already follow from the law—to the Deans. The duties and powers for human resources and financial operations are mandated to Division Directors and Deans, with a sub-mandate to School Directors. Decisions on common issues are based largely on support from the Deans and management. In spring and fall, the EB consults with the School management teams separately.

Tilburg University acts in accordance with the principles of good governance, as established in the as laid down in the Good Governance Code applicable to Dutch universities.

Three-line model

The three lines operate independently of each other, with each making its own contribution to internal control. 

Figure 8.1 Three-line model

  • Executive Board/Deans: The EB and Deans ensure that the organization has adequate resources to meet goals, realize opportunities, and mitigate risks, as well as to foster a culture of ethical and responsible behavior. The EB sets the University frameworks for risk appetite and is accountable: To stakeholders.

  • First line: The first line consists of management (Vice Deans, directors, and managers), which bears overall responsibility for operational activities. The first line provides leadership and guidance and is in a constant dialogue with the Tilburg University EB and the Deans on achieving the objectives, opportunities, and risk management.

  • Second line: Management is assisted in its work by control posts (including risk management) in the second line, which report on progress and monitor risks with the aid of internal control systems. The coordination and monitoring of risk management is the responsibility of the independent Internal Audit and Compliance Department.

  • Third line: Internal Audit, the independent third line, assesses the reliability of information and systems and advises on how to improve risk management and internal control.

Culture and behavior

In a healthy organizational culture, clarity, transparency, openness to discussion, and accountability are essential. Employees can call each other to account for attitudes and behaviors, and mistakes are discussed. The EB and the Deans play a leading role in the dialogue within the University and the Schools about how students and employees give concrete expression to this and how to act in the event of compliance and integrity issues. The strategy entitled Weaving Minds & Characters: Strategy Towards 2027 defines the values that direct our behavior and actions: Connected, Curious, Caring, and Courageous. Everyone active in Tilburg University’s academic community is expected to work according to these values. This involves both individual and collective responsibilities.

Risk management

The risk control framework at the strategic and tactical levels were elaborated further in 2021, taking into account the ISO 31000 and the Kaplan-Mikes model. Scenarios were used to identify strategic risks throughout the University and tactical risks within the Schools and divisions, and a risk assessment was conducted, including control measures. In addition to hard controls, this involved measures aimed at culture and behavior.

A risk dashboard (with Key Risk Indicators) will be developed and incorporated into the regular planning and control cycle through the Management Reports of the organizational units. Considerable attention is also devoted to identifying operational risks and threats in the areas of IT and integrity.

The EB discusses the greatest risks identified by Schools and divisions at the Fall Meeting. Risk management is regularly on the agenda of the Audit Committee and the Education, Research, and Impact Committee of the Board of Governors.

Important risks and uncertainties

Tilburg University distinguishes the following external and strategic risks.

External Risks

Tilburg University identifies the following external risks. 

Figure 8.2 Risks

Within the context of these external risks, we would like to highlight two:

  1. Geopolitical situation. Europe is currently in a volatile situation due to the war in Ukraine. This is also having an influence on Tilburg University. For example, consider research collaborations, the well-being of students and staff, the effects on any foreign partners, and a variety of risks (e.g., knowledge security).

  2. COVID-19 pandemic. For the past two years, the University has been faced with the effects of the COVID-19 pandemic. Tilburg University acted swiftly. Teaching and research continued as fully as possible despite the restrictive measures. Various initiatives, including hybrid education and hybrid working, have been regarded as opportunities, and this has been translated into new policies. It will require constant updating as practices and learning methods have change. The pandemic has also taken a major toll on the organization. This, accompanied by the continued presence of the virus, will require attention in the near future as well.

Strategic risks

In 2021, the 12 key strategic risks were identified; these are detailed below.

Figure 8.3 Strategic risks

  1. Student intake. The risks are threefold: (1) the risk of declining enrollment will affect funding over time; (2) excessive growth could potentially have a negative impact on the quality of education; and (3) funding for our programs falls short. The strategy of Tilburg University focuses on controlled growth, with excellence and quality as prerequisites.
    Our student-to-staff ratio is the highest of any Dutch university, and it is an area of concern in relation to workload and quality of education. This is partly due to the low funding of our program and the historically low fixed rate of funding. Moreover, most of our degree programs are not in the sectors that are being intensified nationally (science and engineering). Funding is also poor for pre-Master’s programs, to which Tilburg University is explicitly committed. Meanwhile, as a result of growth in recent years, we have come to play an essential role within the university landscape. Finally, the issue of funding for the education of international students is still in play.

  2. Continuity in and quality of education and research. The quality of education and research and integrity (including academic integrity) is of vital importance to Tilburg University, and it is crucial to gain and maintain society’s trust. Tilburg University is well aware of this. The University uses a variety of monitoring systems to safeguard and improve quality. In 2020, a recovery plan was drawn up as part of the higher education Quality Agreements. Furthermore, several initiatives have been launched to ensure the quality of research, data management, and code of conduct for academic integrity (awareness). Tilburg University subscribes to the Dutch Code of Conduct for Research Integrity (2018) and operates according to the Academic Integrity Complaints Regulations. These complaints regulations are intended to lower the threshold for reporting suspected violations of academic integrity.

  3. Research (and other) partnerships. In line with our strategy, Tilburg University has several partnerships in the fields of teaching and research. These collaborations are intended and expected to yield benefits for all parties. Maintaining the high quality of our teaching and research calls for more collaboration, preferably interdisciplinary as well. The administrative organization, finances, human resources, and other activities related to these collaborations are complex, due to the various organizations, governance structures, procedures, and systems involved. This could potentially create financial and reputational risks for Tilburg University. These risks are mitigated by clear agreements, good monitoring, and accountability.

  4. Personnel (and workload). Risks relating to Personnel are twofold: (1) inability to fill job vacancies and (2) high workload. To provide high-quality teaching and research, Tilburg University must have sufficient high-quality staff. Educational intensification, high quality aspirations, and growing student numbers are increasing this need. With a view to the national and international job market, efforts are being directed toward strengthening the scientific reputation, gender policy, leadership skills, network involvement, and the attractiveness of the campus that is part of the Brabant knowledge region. Given the tightness of the job market due to demographic developments (external threat), there is a focus on attracting and retaining talent. Various studies have indicated that the workload for academic (and other) staff is high, and it has been increased further by COVID-19. Tilburg University now has several initiatives focused on workload and staff well-being, including “Recognition and Appreciation” and “Connected Leading,” which have been merged into “Use (Y)our Talents.”

  5. Innovation. Innovation is an important source for the development of quality in teaching and research. With programs in the fields of digitalization and Learning Analytics, concrete efforts are being devoted to educational innovation. Nationally, in the field of research innovation, Tilburg University is very actively involved in the development of Open Access and Open Science. Tilburg University has established the Knowledge Transfer Office (KTO). Making an impact and collaborating with others covers a range of issues, including intellectual property, legal agreements, financing, and a validated business model. This can be complex, and the KTO provides professional support in this regard.

  6. Information/knowledge security. Dutch universities are vulnerable to cybercrime (external threat). This applies to knowledge security as well. International partnerships are crucial to research and academic education, but they are accompanied by both opportunities and risks. Universities are traditional and, by definition, open and accessible. This implies greater risk for the security of information and knowledge. Tilburg University is well aware of this. Accessibility remains a basic principle, but not at any price. Tilburg University has defined a risk-based improvement plan (ISIP) to enhance information security. In addition to the implementation of preventive technical measures, this plan entails the implementation of a Security Operations Center (SOC) and a Security Incident and Event Management (SIEM) platform and the arrangement of an Information Security Management System (ISMS) framework for monitoring and managing these risks. Periodic external audits are also part of this program.

  7. Accommodations. The quantitative and qualitative space requirements are changing in response to growth, as well as to educational intensification, digitalization, work organization (hybrid working), and external developments (e.g., pandemics, sustainability requirements). It takes a long time to develop new construction, due to permitting and environmental requirements. In addition, construction costs are increasing, due to continued tightness in the construction market. These developments require efficient and effective housing concepts for which a strategic vision on accommodations has been developed and will be periodically adjusted. The availability and affordability of housing for students (and particularly international students) is becoming increasingly difficult. This puts the development of student numbers under pressure. We are committed to addressing this issue through a covenant with the municipality and other parties, as well as through active involvement in new developments.

  8. Social safety and integrity. Tilburg University strives to provide a safe environment based on openness, integrity, trust, and transparency. Tilburg has a Code of Conduct that specifies the ground rules for behavior and manners, and in which diversity, inclusion, and social safety are anchored. Several studies have indicated that social safety is a point of concern for both employees and students at universities. Tilburg University is aware of this and has set out various actions on this topic. This theme is also a priority area in the new Strategy 2027. Our international environment could also create greater risks within the context of social safety and integrity. Raising awareness of bias and increasing our cross-cultural knowledge and skills contribute to mitigating such risks. Issues relating to integrity are discussed within the EB, as well as in the advisory committees of the Board of Governors (Audit Committee and/or Education, Research, and Impact Committee). In addition, various programs are in place to maintain awareness of integrity (including academic integrity), and “roadmaps” have been established to lower the thresholds for reporting and discussing dilemmas and suspected violations.

  9. Compliance. Tilburg University complies with extensive, highly diverse legislation and regulations, including the Higher Education and Research Act, the General Data Protection Regulation (GDPR), and the Standards for Remuneration Act (WNT). The increasing complexity of laws and regulations is placing increasing pressure on the organization and its employees. Tilburg University continuously monitors developments in the field of legislation and regulations to ensure that we continue to comply with them. Training and awareness constitute an important part of these efforts. In 2021, Tilburg University defined a fiscal strategy and a tax control framework, as part of the horizontal supervision covenant with the tax authorities. This framework ensures that we have identified the tax risks, in addition to providing insight into how we mitigate these risks through control measures.

  10. Quality and continuity of operations. Quality and continuity in the provision of support services is crucial to the delivery of god teaching and research. The COVID-19 pandemic has illustrated the importance of this. Being attractive to the right support staff of a sufficient quality level is becoming increasingly important in the face of a tight labor market. Internal and external programs play an important role in this regard. Good teaching and research practices are the starting point for shaping our internal support (and other) processes and procedures. Basic principles in this regard include structuring the organization as effectively and efficiently as possible, based on principles of comprehensibility, accessibility, and simplicity. The objective is to do things right, as well as to realize the right things in the right way. This is part of the program of untangling and unburdening that is part of our new strategic vision.

  11. Well-being. Due to the pandemic, educational intensification, high quality ambitions, and growing student numbers, the workload is increasing, and this is also affecting the well-being of staff. Several of Tilburg University’s initiatives focus on staff well-being (e.g., Recognition and Appreciation). In addition to COVID-19, other factors also affect student well-being, including performance and financial pressures (e.g., loan system). This applies to PhD students as well, primarily due to performance pressure and the pandemic. During the pandemic, several good initiatives were started to support the well-being of students and PhD student. These initiatives will be continued and expanded as part of the new strategy.

  12. Sustainability. Due to climate change and the societal discussions surrounding it, Tilburg University would run a risk by not fully committing to sustainability. In our Strategy 2027, several sustainability goals have been firmly embedded within our operations. At the same time, we would also like take major strides in the sustainability of our buildings and land. In our research and teaching, we are increasingly focusing on the SDGs.

Specific financial risks

Tilburg University develops its activities primarily within Europe, and most financial transactions are settled in euros. The currency risk is therefore limited. For transactions conducted in US dollars, a USD bank account with a limited balance is maintained.

Some of the University’s financial assets are invested in fixed-income government bonds. Price risk is limited, as the entire portfolio complies with the 2016 Ministry of Education, Culture and Science regulations for Investment, Borrowing, and Derivatives. Moreover, Tilburg University does not make use of derivatives.

The credit risk of our customers is limited, due to the nature of the activities of Tilburg University. The University’s liquid assets are deposited in Dutch banks that meet the rating requirements of the Ministry of Education, Culture and Science. The liquid assets are spread over several bank accounts. In July 2021, the University converted to Treasury Banking.

Tilburg University has a current account position with TiU Holding B.V., of which it is the sole owner. Tilburg University has not issued any letters of support.

In 2021, Tilburg University paid off two long-term loans early.

Financial Planning and Control

Starting in 2022, the strategic plan period has been extended from four to six calendar years. The budgeted operating results for each management unit are strict. The management units make interim progress reports throughout the year in the interim and make concluding analyses for the annual statement of accounts. Deans and Directors in the first line are supported by controllers, who are hierarchically positioned under the Director of Finance and Control. The deviations from the budgeted operating results and the size of the financial reserves in the management units are standardized. Short-term fluctuations in operating income are accommodated by the temporary use of reserves. Lower limits for liquidity (current ratio) and solvency have been set for the University as a whole.