4.3 Results of the Study

4.3.5 Current Status of ERM Policies and Practices in UAE HEIs

4.3.5.3 The UAE CAA 2019 Standards

Introduced in 2019 by the UAE MoE’s CAA, the CAA Standards is a policy document available for public use, retrieval and reference on the CAA’s official website (referred to hereinafter as the

“Standards”). The document was retrieved by the researcher in the early stages of the thesis writing because of its significance and importance to the research’s theoretical and conceptual elements. This document was also important for the research data collection and analysis phase, and particularly for answering RQ2: What are the current ERM policies and practices in the UAE HEIs? It provides for the basic standards and stipulations required from all UAE HEIs to assure the quality of their educational programmes. Additionally, it is a detailed policy manual that provides for the major stipulations and criteria required by the MoE should UAE HEIs seek to be both licensed and accredited. Therefore, the Standards consists of two essential components:

 The Standards for Institutional Licensure (SIL)

 The Standards for Program Accreditation (SPA)

Both the SIL and SPA as complementary processes have one ultimate goal in common, that is, the establishment, sustainment and enhancement of best academic institutional performance as well as the quality of academic programmes.

It is important to understand the overall structure and layout of the document and where “risk management” fits into that structure. The Standards consists of eleven Standards for Institutional Licensure and Program Accreditation, “supported by a set of 11 Stipulations along with 23 Annexes, to

provide further detail and aid institutions in complying fully with the criteria of the Standards” (CAA 2019a, p. 13). The word “risk” is mentioned 44 times and is stated to hold an essential part of three of the major Standards, as well as four of the Stipulations. Risk management is integrated into the SIL and SPA, as well as governance and management, and QA. Furthermore, a whole section has been dedicated to “risk management” (Section 1.6 of Stipulation 1: Governance and Management), providing a rationale for the significance of risk implementation in HEIs.

In a sense, this document gave the researcher the assurance from the beginning of the research that all HEIs in the UAE entertain the same objectives and expectations with regards to their institutional performance and QA. It therefore gave the scope, context and purpose of the study some defensible rationale and significance. However, what really makes the Standards an important and strategic document to analyse in the context of this ERM study “is the introduction of a ‘risk-based approach’ to institutional licensure and program accreditation by the CAA” (CAA 2019a, p. 9).

ii) Themes of the CAA Standards Document Analysis

Upon detailed thematic review and scrutiny of the Standards, and using the interactive model of qualitative data analysis, the researcher concluded three major themes related to the study purpose, problem statement and more specifically RQ2. As stated earlier, by using some search techniques in the document, it was found that the word “risk” was mentioned 44 times in different contexts and sections.

Highlighting the sections where the word “risk” was used helped the researcher make use of the data reduction technique as the first of the three major components of the interactive model of data analysis introduced and further researched by Miles and Huberman (1984, 1992, 1994, 2014). Three themes emerged from the data reduction process and helped in the data display phase. The display of these three themes not only helped the researcher answer RQ2 (as well as RQ3), but also came to support the answers and findings of the quantitative part of the study and answer RQ1. Table 4.33 shows the major themes obtained from the interactive model document analysis of the Standards, which helped answer RQ2.

Table 4.35 – CAA Document Analysis Themes

Data Reduction & Data Display Drawing Conclusions & Theme Details Theme 1 Institutional licensure and programme

accreditation (SIL & SPA); risk-based institutional reviews; programme reviews;

external review team; determining risk level

Risk management adoption as a mandatory and essential component to HEIs’ corporate governance bodies, rather than an option.

Theme 2 Risk evaluation; risk evaluation determinants;

applications for SIL and SPA; 3/5/7-year review cycles

Risk management as a quantifiable QA measurement tool for academic institutional licensure and accreditation.

Theme 3 Stipulations; required for both SIL and SPA;

good academic practice; met effectively; QA at the heart of HEIs’ processes; effectiveness and QA

Risk management implementation as a major contributor to the academic programme accreditation, institutional effectiveness and QA.

 Theme 1: Risk management adoption as a mandatory and essential component to HEIs’ corporate governance bodies, rather than an option.

The introduction of a “risk-based approach” to institutional licensure and programme accreditation by the CAA (2019a, p. 9) presented risk management as a mandatory and essential element that HEIs’

governance bodies cannot avoid:

A new addition to the Standards 2019 is the introduction of a ‘risk-based approach’ to institutional licensure and programme accreditation by the CAA. This context-sensitive assessment of institutional performance is determined against baseline regulatory requirements. The risk level of institutions is identified according to the threshold risk level as determined by the CAA.

Since, according to the Standards, programme licensure is mandatory for acknowledgment, accreditation, and ranking, both risk-based institutional reviews and programme reviews are required to determine whether an HEI meets the requirements of both the SIL and the SPA, with the researcher finding that the adoption of some sort of risk management by any HEI in the UAE does not seem to be an option. It is the external review team’s decision that will determine whether an HEI’s risk level is low, medium, or high. All the SIL and SPA processes are centred around the fact that an HEI must provide a “full understanding [and awareness] of the implications of risk evaluation for different providers, their students and other stakeholders” (CAA, 2019a, p. 9). In a sense, the study was based in the first place on this premise, where the researcher conducted some investigation on the requirements by the CAA that HEIs in the UAE must be subject to a risk-based evaluation exercise should they wish to obtain their licensure and accreditation.

 Theme 2: Risk management as a quantifiable QA measurement tool for academic institutional licensure and accreditation.

Upon analysis of the Standards, the researcher identified a quantifiable relationship between academic programmes’ accreditation and risk management implementation. The Standards stipulates that at the end of the licensure review, being one of the most important stages towards an HEI’s successful licensure and later official accreditation, two risk evaluation determinants need to be conducted in order to ensure the finalisation of the licensure process:

 Risk Evaluation Part A: considers the extent to which the HEI (during the licensure visit) has provided evidence of meeting the requirements of the Standards.

 Risk Evaluation Part B: evaluates the risk of strategic, operational, legal, and financial, academic and international dimensions as applied to specific risk statements. The five risk dimensions have been determined to effectively fit across the SIL and the SPA.

(CAA 2019a, p. 9)

,

In this sense, the risk level of institutions is identified according to the threshold risk level as determined by the CAA. The risk levels establish the ongoing review arrangements for HEIs on a schedule of three- , five-, or seven-year visit cycles. Successful applications for Institutional Licensure or Program Accreditation will be shown on the CAA website. One statement from each section of the Risk Evaluation Part B will be included on the CAA website to provide a public overview of the findings of the review:

Strategic, Operational Legal and Financial, Academic, and International.

 Theme 3: Risk management implementation as a major contributor to the academic programme accreditation, institutional effectiveness, and QA.

The CAA claims that by all means their Standards helps HEIs meet their quality and effectiveness objectives. The researcher, in the CAA context, found it very convenient to link the introduction of risk management to academic institutional licensure and accreditation with the achievement of the academic programme accreditation, institutional effectiveness and QA. With the refinement of the Standards, the CAA managed to clearly identify a set of eleven Stipulations required for both the SIL and SPA. These Stipulations “describe good academic practice and explain to providers how each of the Standards can be met effectively” (CAA 2019a, p. 11), with “good” and “effectively” in the sense that academic practice is not a haphazard occurrence, but rather a systematic way of meeting institutional objectives. If these Stipulations are adopted and implemented regularly and ideally, the CAA (2019a & 2019b) claimed they should help each HEI ensure the quality of their programmes, as well as the whole teaching and learning process they provide to their students.

As concluded in the literature review of this study, the researcher agrees with the CAA that QA, or Standard 2, is the ultimate achievement that all HEIs must aspire to attain. Standard 2 is supported by Annex 8 Quality Assurance Manual (CAA 2019a, p. 88), which further details the requirements of a QA system and unit in every licensed and accredited HEI. For the CAA (2019a), QA must be at the centre of HEIs’ endeavours towards achieving high quality and effective academic programmes. With the application of the Standards in academic programmes, it is now clear how academic QA can best be attained by HEIs. The Standards has identified the means and quantifiable measures (as detailed in Theme 2) through which HEIs are able to meet common expectations for academic and institutional quality and programme effectiveness.

Therefore, through using the interactive document analysis techniques, the researcher found that these risk-based measures need to exist and be ideally implemented in HEIs, and they include:

 Using solid risk analysis and management centred measures to help better understand how successful risk evaluation leads to successful academic programme management and effectiveness.

 Setting a QA manual that evidently encompasses all QA policies, procedures, and activities, and

“shows how they are integrated into a single system to continually appraise and improve the institution as a whole and its programs, services, and operations, including any joint programs”

(CAA 2019a, p. 30).

 Setting up an independent QA unit responsible for implementing the institution’s internal QA system.

 Using the results of evaluations for better planning.

 Using evaluation tools, both direct and indirect, to measure academic programme effectiveness.

 Setting priorities and enhancing academic programmes.

 Benchmarking the institution’s quality and performance against best local and international practices.

 Using the results of an institution’s reviews of programme effectiveness in its self-studies for external reviews and accreditations.

iii) Summary

Therefore, the themes obtained from reviewing the CAA Standards show that the risk-based approach to institutional licensure and programme accreditation determines how an institution can achieve their required performance through a solid programme accreditation process and manageable QA. One of the basic aspects learned from the Standards is that risk management can and should be implemented through

“baseline regulatory measures” mandated through quantifiable measures. The risk-based approach, as discussed in Theme 2 of this document analysis, is a major contributor to this fact. It is clear that, according to the Standards, effective operation of the institution’s QA and institutional effectiveness must be carried out through a separate independent office that comes at the heart of its institutional and programmatic development. As will be seen in the risk management and QA document analysis of several selected UAE HEIs (see sections 4.2.3.2, 4.2.3.3 and 4.2.3.4), “evidence-based improvements to programs, support services and administration must be embedded in the institutional culture and its internal QA systems” (CAA 2019a, p. 9).

4.3.5.4 HEI 1 ERM Policies and Manuals (Risk Management Policy Manual and Risk Procedures