Policies and procedures
POLICY NO: C-24.0
DATE: 4 May 1998, Resolution 98/3/40
AMENDMENTS: 1 August 2001
REFERENCE AUTHORITY: Vice Chancellor
CROSS REFERENCES: Guidelines for Managing Business Risks; ISO 9001 Quality Procedures; ISTS Guidelines for Risk Management
Risk is inherent in all our corporate and personal activities, and we continuously manage risks. Formal and systematic approaches to managing risk have evolved, and are regarded as sound business practice. The University believes that the adoption of a formal approach to risk management will improve decision-making, performance and accountability.
The goal is not to eliminate risk, rather to manage the risks inevitably involved in many University activities to maximise our opportunities and minimise negative outcomes. Risk management requires:
The University has previously developed systematic approaches to dealing with risks to the safety of employees, students and visitors in its Occupational Health Safety and Welfare Policy, Prevention of Violence on Campus Policy and the Security on Campus Policy.
This policy should be read in conjunction with the Guidelines for Managing Business Risks. Further information is available from the Director: Planning and Assurance Services.
The University will maintain procedures that provide it with a systematic view of the risks it faces in the course of its activities. Where appropriate, these procedures will be consistent with the Australian Risk Management Standard AS/NZS 4360.
Risk: Risk is the chance that an event will occur that will impact upon the University's objectives. It is measured in terms of consequence and likelihood.
Risk assessment: Risk assessment is the process used to determine risk management priorities by evaluating and comparing the level of risk against predetermined acceptable levels of risk.
Risk management: Risk management is the systematic application of management policies, procedures and practices to the tasks of identifying, analysing, assessing, treating and monitoring risk.
1. Responsibility
1.1 General
Everyone in the University is responsible for the effective management of risk. All staff are responsible for identifying potential risks. Management is responsible for developing risk mitigation plans and implementing risk reduction strategies. The risk management process should be integrated with other planning processes and management activities.
1.2 Vice Chancellor
The Vice Chancellor is responsible for ensuring that a risk management system is established, implemented and maintained in accordance with this policy. Assignment of responsibilities in relation to risk management is the prerogative of the Vice Chancellor.
1.3 Audit and Risk Management Committee
Audit and Risk Management Committee will be responsible for oversight of the processes for the identification and assessment of the general risk spectrum, reviewing the outcomes of risk assessments programmed by Audit and Risk Management Committee, and for advising Council as necessary.
1.4 Director: Planning and Assurance Services
The Director: Planning and Assurance Services will be responsible through the Audit and Risk Management Committee to the Vice Chancellor for: the introduction of the system and processes into key areas of the University; development, maintenance and appropriate distribution of the Guidelines for Managing Business Risks; and maintaining a program for a reassessment of risks and risk registers in key areas of the University.
1.5 Divisional Pro Vice Chancellors/Dean: Whyalla, Directors of Institutes and Directors/Managers of Units
Divisional Pro Vice Chancellors/Dean: Whyalla, Directors of Institutes and Directors/Managers of Units will be responsible to the Vice Chancellor through their line manager for the implementation of this policy within their respective areas of responsibility; annual reporting on the status of the risk register as part of the annual planning and review cycle; and ensuring compliance with the risk assessment and other requirements of the ISO 900l Project Management Quality Assurance.
2. Risk assessments
Risk assessments will be undertaken at different levels within the Organisation, as shown in the diagram below.
The University has adopted a standard methodology consistent with the Australian Risk Management Standard AS/NZS 4360 for identifying and measuring risks. The standard methodology will be applied where appropriate in Unit, Division and Institute, and University-wide level assessments. This methodology assesses the consequences and likelihood of each risk event. The objective of the risk assessment process is to establish a prioritised list of risks for further consideration. The standard methodology is documented in the Guidelines for Managing Business Risks, which will be available to all staff.
The Audit and Risk Management Committee will approve an ongoing program of assessments at the University-wide level and the Unit, Division and Institute levels. New project and contract level assessments will be undertaken as required by the ISO 9001 Project Management Quality Assurance.
Within assigned authority, management or University committees may commission Specialist Reviews.
3. Reporting
3.1 Units, Divisions, Institutes, Research Centres:
Risk registers will initially be established for each relevant area by the Director: Planning and Assurance Services. An annual review of the risk register will be required as part of the annual planning and review cycle.
3.2 Vice Chancellor
The Vice Chancellor will present an annual report to Council through its Audit and Risk Management Committee on the performance of the system, as a basis for improvement. This may form part of a broader report on the system of internal control. On a triennial basis, the Vice Chancellor shall arrange for a review to be conducted of the continuing suitability of the system in meeting the requirements of this policy.
3.3 Audit and Risk Management Committee
Audit and Risk Management Committee will receive regular reports on the identification and treatment of risk and will advise Council as necessary.
