Document Feedback - Review and Comment
Step 1 of 4: Comment on Document
How to make a comment?
1. Use this to open a comment box for your chosen Section, Part, Heading or clause.
2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.
3. Do not open more than one comment box at the same time.
4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.
Important Information
During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:
-
DO NOT jump between web pages/applications while logging comments.
-
DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.
-
DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.
-
DO NOT exit from the interface until you have completed all three stages of the submission process.
(1) This policy confirms the commitment of the University to good corporate governance through risk management. It defines the broad accountabilities and structures the University and its controlled entities will maintain to manage risks. (2) Risk is inherent in all academic, projects, administrative and commercial activities, and every member of the University community is continually managing risk. Risk may be potentially advantageous or harmful. The University recognises the primary objective of risk management is to eliminate exposure to adverse risk, but where its elimination is not possible to provide a structured approach to its identification and treatment by: (3) The purpose of this policy is to: (4) A structured risk management program will provide a number of beneficial outcomes by: (5) This policy applies to all staff and all current and future activities of the University and its controlled entities. (6) Detailed risk management policies or procedures should be developed to cover specific areas of the University's operations (i.e. insurance, work health and safety, research, commercial activities, campus safety and security, information technology, business continuity, and project management). (7) For this Policy, the following definitions apply: (8) The University is committed to making risk management an integral part of all the University processes and embedding risk management into the key decisions and approval processes of all major business processes and functions. (9) The University will embrace well-managed risk-taking in pursuit of its vision and strategic objectives, while: (10) All risks should be managed within the boundaries defined in the University's Risk Appetite Statement. Please refer to the University's Risk Appetite Statement for more information. (11) The University has adopted a methodology consistent with the International Standard for Risk Management Standard (ISO 31000:2018 Risk Management - Guidelines) for identifying, assessing, and managing risks. This methodology is the basis of the University's risk management framework. The framework helps to ensure a consistent approach to the same risk by different business units of the University. It also provides a structure for: (12) The University's Risk Management Framework is a set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing, and continually improving risk management throughout the University. The Risk Management Framework includes the following, in addition to this policy: (13) The University should evaluate its existing risk management practices and processes, assess any gaps, and address them within the framework. (14) A significant element of the framework is an ongoing program of risk assessment across the University. Risk assessments aim to establish a prioritised list of risks and issues for further consideration or action by senior management and executives. (15) Risk assessments are performed by the management or delegated staff as risk champions and may be facilitated by the Office of Audit and Risk Assessment. Typically, these risk assessments involve: (16) The University's Risk Appetite Statement sets out its desired level of risk-taking for its most significant risks. The University's management is aware of the high standards that the community expects of the University. (17) The Office of Audit and Risk Assessment has developed a Western Risk Assessment Guide (WRAG) which should be utilised by all staff. The WRAG provides an overview of how: (18) The WRAG should be adopted and implemented by other risk management functions of the University, including but not limited to: Work Health, Safety and Wellbeing; Campus Safety and Security; Strategic Projects Implementation and Improvements; Information Technology and Digital Services; Business Continuity and Planning; Office of General Counsel; and Compliance Program Unit. (19) The University's Senior Executive team must establish a Strategic Risk Register for the University which will be coordinated and maintained by the Chief Audit and Risk Officer. (20) The University Risk Registers are comprised of, but not limited to: (21) The risk registers should document key risk events that would impact the strategic or operational goals and objectives of each relevant area noted above. (22) The Board has overall responsibility for risk management and in exercising this function delegates: (23) The ARC advises and makes recommendations to the Board (or, as appropriate, the Chancellor or the Vice-Chancellor and President) on matters concerning risks to the University and its controlled entities and the effectiveness of systems of control or management of those risks. The roles and responsibilities of the ARC are formalised via the ARC Charter approved by the Board. (24) The ARC will oversee risk management activities across the University and its controlled entities and monitor the following: (25) The Committee will report at least quarterly to the Board of Trustees on the performance of risk management activities (this may form part of a broader report on the work of the Committee). (26) The Vice-Chancellor and President is responsible for the following: (27) Senior management and executives are responsible for regularly reporting to the Vice-Chancellor and President on risks, immediately in instances where a Critical or High-risk is identified. (28) Senior management and executives are to ensure that all major proposals including business cases for projects (involving significant financial or reputational risk, for example) that are submitted to the University Executives, Board of Trustees or any of its committees for endorsement/approval, indicate if a risk assessment has been undertaken (and if so whether risk mitigation plans have been developed for Critical and High-risk issues identified). Refer to the Guidelines for Writing Board and Committee Papers. (29) Senior management and executives are also responsible to the Vice-Chancellor and President for the implementation of this policy within their respective areas of responsibility, specifically: (30) The Chief Audit and Risk Officer is responsible for the establishment and ongoing maintenance of the Risk Management Policy, and: (31) Managers of the University are responsible for incorporating risk management into their standard management practices by: (32) As per the Responsible Conduct of Research Policy, in conducting research activities, researchers have responsibility to assess and manage the risk of their research activities by: (33) All staff are required to be aware of this policy, and to support and participate in the risk management processes adopted by the University by: (34) All staff must report any incident or knowledge of Critical and/or High risks immediately to their supervisor before escalating the matter to the Office of Audit and Risk Assessment. (36) Refer to the Western Risk Assessment Guide.Risk Management Policy
Section 1 - Purpose and Context
Benefits
Application
Section 2 - Definitions
Top of PageSection 3 - Policy Statement
Part A - Risk Management Principles
Part B - Risk Management Framework
Risk Appetite Statement
Risk Management Guidelines
Risk Registers
Part C - Responsibility for Risk Management
Board of Trustees
Audit and Risk Committee (ARC)
Vice-Chancellor and President
Senior Management and Executives (Senior Deputy Vice-Chancellor, Deputy Vice-Chancellors/Vice-Presidents, Pro Vice-Chancellors, Chief Officers, Deans, Campus Provosts, Executive Directors, Directors)
Chief Audit and Risk Officer
Team Leaders/Managers, Researchers and Project Managers (Managers)
Researchers
All Staff
Section 4 - Procedures
Top of PageSection 5 - Guidelines