(1) The purpose of this Policy is to ensure that Risks to the University, its strategic plan or its objectives are identified, analysed and appropriately managed. It does this by creating a framework based on the Australia/New Zealand Standard for Risk Management (AS/NZS ISO 31000:2009) that includes: (2) The framework established by this Policy is not intended to eliminate Risk but rather provide structures to support the management of Risks to the University in order to: (3) This Policy applies to: (4) This Policy uses the following definitions: (5) Risk, and Risk Management, is considered in decision-making at all levels of the University. (6) The University's management of Risk is proportionate to the ability of the Risk to cause harm to or promote the University and its objectives, regardless of the level of financial exposure associated with it. This means that all of the following must be tailored to the Risk being managed: (7) The Risk Management Framework will be reviewed at least every 5 years to ensure it is fit for purpose. (8) All staff are responsible for University Risk Management and will comply with the Risk Management Framework, including this Policy. This includes: (9) If a Risk or Risk Management matter is escalated to a staff member in accordance with this Policy, that staff member must provide timely feedback to the reporter about any action intended or taken on that matter. (10) All staff with line management responsibilities must ensure that Risk Management plays a role in performance management of direct reports. (11) Council is responsible for overseeing University Risk Management. This includes: (12) The Audit and Risk Management Committee's role and obligations are outlined in its Terms of Reference. Among other things, this involves: (13) The Vice-Chancellor is responsible for: (14) Members of the Vice Chancellor's Executive Group are responsible for: (15) Heads of work unit and directors of University controlled entities are responsible for Risk Management by their work unit or controlled entity including: (16) Managers of Major Projects are responsible for Risk Management of their Major Projects including: (17) The Manager Insurance and Risk is responsible for: (18) The University assesses Risk using the Risk Matrix and Descriptors approved by Council (Appendix B). (19) Risks with the potential to affect the University's ability to achieve its objectives must be managed using the Risk Management process (Appendix A). Less significant Risks may be managed using the whole or part of that process, provided that management of the Risk is proportionate to the ability of the Risk to cause harm to or promote the interests of the University, as described in clause 6. (20) Information about Risks and Risk Management must be reported to decision makers, advisers and oversight bodies through regular and ad hoc reporting channels as described in Appendix C. (21) Wherever an activity, function or decision has the capacity to affect the University's operations or ability to achieve its objectives, a Risk assessment is required before a decision can be made on whether to proceed with or withdraw from the activity, or to escalate the Risk. (22) The person or body responsible for the activity, function or decision must ensure that the Risks involved are assessed, documented and managed in accordance with clause 6. In the case of Strategic Risks, Major Project Risks and other Risks with the potential to affect the University's ability to achieve its strategic objectives, this must also involve developing a written plan on how Risks will be managed. (23) The Risk Manager will publish template Risk assessments and management plans on the University's Risk website. (24) Each work unit, and each controlled entity, will maintain an Operational Risk Register comprised of Risks to the work unit or controlled entity's operations. Each Risk in the Operational Risk Register must be allocated a Risk owner responsible for managing, monitoring and reporting on the Risk. (25) The project manager of each Major Project will maintain a register of Risks to the Major Project, each allocated to a Risk owner responsible for managing, monitoring and reporting on the Risk. (26) The Risk Manager annually collates all Operational and Major Project Risk Registers. The Risk Manager will provide feedback to Register-owners to ensure consistency in University documentation and make recommendations to the Vice Chancellor about any Risks they believes should be elevated to the Strategic Risk Register. (27) The University will maintain a Strategic Risk Register comprised of Risks to the University achieving its strategic objectives. Each Risk in the Strategic Risk Register will be owned by a member of the Vice Chancellor's Executive Group who will be responsible for managing, monitoring and reporting on the Risk. (28) The University's Strategic Risk Register will be developed as per the process in Appendix D. (29) The Risk Manager will maintain a Risk Management Action Plan on behalf of the Audit and Risk Management Committee of Risk issues of interest to the Committee that are not already reported on through the processes described in C. The Committee may specify, from time to time, any items to be added or removed from the Plan.Risk Management Policy
Section 1 - Purpose, Scope and Definitions
Purpose
Scope
Definitions
Top of PageSection 2 - Policy Statement
Section 3 - Responsibilities
General
Council
Audit and Risk Management Committee
Vice Chancellor
Vice Chancellor's Executive Group
Heads of Work Units and Directors of Controlled Entities
Project Managers
Manager, Insurance and Risk
Top of Page
Section 4 - Procedures
Risk Assessments and Management Plans
Operational and Major Project Risk Registers
Strategic Risk Register
Risk Management Action Plan
View Current
This is not a current document. To view the current version, click the link in the document's navigation bar.