This paper presents a model of risk management in higher education, to support the quality assurance framework and the activities, more generally, of a Higher Education Institute. Its purpose is to define the Institute's approach to academic risk and its management and to inform decision-making. Academic risk is defined and contextualized in terms of published literature. Decision-making and judgement is at the centre of all academic activities and accordingly inherent risk will always exist, through the exercise of judgement, the operation of academic policies and procedures and through compliance. A normative model of academic risk assessment is proposed, based on three levels: isolated academic risk, repeated academic risk and systemic academic risk. This is followed by a proposed model for action according to the level of risk. Finally the operation of the model in our higher education institute is presented.