(1) This policy confirms the commitment of the University to good corporate governance through risk management. It defines the broad accountabilities and structures the University will maintain in order to manage risks. (2) Risk is inherent in all academic, projects, administrative and commercial activities and every member of the University community is continually managing risk. Risk may be potentially advantageous or harmful. The University recognises the primary objective of risk management is to eliminate exposure to adverse risk, but where its elimination is not possible to provide a structured approach to its identification and treatment by: (3) The purpose of this policy is to: (4) A structured risk management program will provide a number of beneficial outcomes by: (5) This policy applies to all staff and to all current and future activities of the University. (6) Detailed risk management policies or procedures should be developed to cover specific areas of the University's operations (i.e. insurance, work health and safety, research, commercial activities, campus safety and security, information technology, business continuity, and project management). (7) For the purposes of this Policy, the following definitions apply: (8) The University is committed to making risk management an integral part of all the University processes and embedding risk management into the key decisions and approval processes of all major business processes and functions of the University. (9) The University will embrace well-managed risk-taking in pursuit of its vision and strategic objectives, while: (10) All risks should be managed within the boundaries defined in the University’s Risk Appetite Statement. (11) The University has adopted a methodology consistent with the Risk Management Standard (ISO 31000:2018) for identifying, assessing and managing risks. This methodology is the basis of the University's risk management framework. (12) The framework helps to ensure a consistent approach to the same risk by different business units of the University. It also provides a structure for: (13) The University's Risk Management Framework is a set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the University. (14) The University should evaluate its existing risk management practices and processes, evaluate any gaps and address those gaps within the framework. (15) A major element of the framework is an ongoing program of risk assessment across the University. The objective of risk assessments is to establish a prioritised list of risk issues for further consideration or action by senior management and executives. (16) The assessments are facilitated by the Office of Audit and Risk Assessment and involve: (17) The University's Risk Appetite Statement sets out the University's desired level of risk taking for its most significant risks. The University's management is aware of the high standards that the community expects of the University. (18) The University has adopted the principles of risk management as set out in the International, Risk Management Standard ISO 31000:208 Risk Management – guidelines. (19) The Risk Policy formally affirms the University's strategic commitment to building a risk management culture in which risks and opportunities are identified and managed effectively. The University recognises that, in pursuing its strategic objectives, measured risk-taking is both acceptable and appropriate. (20) The University's Senior Executive team must establish a Strategic Risk Register for the University which will be coordinated and maintained by the Chief Audit and Risk Officer. (21) The University Risk Registers comprises of strategic risk register, operational risk register and projects and commercial activities risk registers. (22) The University Risk Register must document key risk events that would likely impact the University as a whole, in the manner and with the detail set out in the Risk Management Framework. (23) The following risk registers must also be established: (24) Business Unit or Project risk registers must document key risk events that would impact the unit or projects, in the manner and with the details set our in the Risk Management Framework. (25) The Board has overall responsibility for risk management and in exercising this function delegates: (26) The ARC will provide oversight to risk management activities across the University and its related entities and monitor the implementation of remedial actions to minimise or eliminate adverse risk. (27) The Committee will report at least quarterly to the Board of Trustees on the performance of risk management activities (this may form part of a broader report on the work of the Committee). (28) The Vice-Chancellor and President is responsible for: (29) Senior management and executive are responsible for reporting regularly to the Vice-Chancellor and President on risk immediately in instances where a significant new risk is identified. (30) Senior management and executive are to ensure that all major proposals (involving significant financial or reputational risk for example) are submitted to the Board of Trustees or any of its Committees for endorsement, indicate if a risk assessment has been undertaken (and if so whether contingency plans have been developed for any significant risk issues identified). (31) Senior management and executive are also responsible to the Vice-Chancellor and President for the implementation of this policy within their respective areas of responsibility, specifically: (32) The Chief Audit and Risk Officer is responsible for the implementation and ongoing maintenance of the Risk Management Policy. Its responsibilities also include: (33) Managers of the University are responsible for incorporating risk management into their standard management practices by: (34) All staff are required to be aware of this policy, support and participate in the risk management processes adopted by the University. (35) Nil. (36) Refer to the Western Risk Assessment Guide.Risk Management Policy
Section 1 - Purpose and Context
Benefits
Application
Section 2 - Definitions
Top of PageSection 3 - Policy Statement
Part A - Risk Management Principles
Part B - Risk Management Framework
Risk Appetite Statement
Risk Management Guidelines
Risk Registers
Part C - Responsibility for Risk Management
Board of Trustees
Audit and Risk Committee
Vice-Chancellor and President
Senior Management and Executive (DVCs/VPs, PVCs, Chief Officers, Deans, Campus Provosts, Executive Directors, Directors)
Chief Audit and Risk Officer
Line Manager and Project Managers
All Staff
Section 4 - Procedures
Section 5 - Guidelines
View Current
This is not a current document. To view the current version, click the link in the document's navigation bar.