Document Currently Under Review
Current Status: Under Review - With Editor 30 November 2017
- Legislative Context
- Risk Management Roles & Responsibilities
- Risk Management Process
- Associated Documents
The University's Risk Management Framework is intended for use by the University community to ensure consistent application of risk management processes to the wide range of activities undertaken by the University.
The Risk Management Framework brings together information on policies, accountabilities and roles and responsibilities for all those involved in risk management. The Framework provides a structured approach to the identification and management of risks which are likely to adversely impact on the performance and continued growth of the University.
The analysis and management of risks and mitigation strategies enables the achievement of strategic goals. The University’s risk management program is based on the International Organisation for Standardisation’s Risk Management Standard ISO/FDIS 31000:2009 , which provides a rigorous approach to identifying, assessing and managing risks. This Standard establishes a number of principles that are required to be satisfied before risk management will be effective.
The strategic planning process is integral to identifying, communicating and focussing on those factors that are critical to the University achieving its fundamental purpose. This process forms one of the key elements of this Risk Management Framework, as it is through effective planning that management identifies, analyses and documents risks and risk management strategies.
The University recognises that risk is inherent in all academic, administrative and business activities and that every member of the University community manages risk. The University continues to evolve in how it manages risk and does so through formal and systematic processes that are regarded as good management practice. The University promotes the adoption of a culture, which integrates a strategic and formal approach to risk management to improve decision-making and enhancing outcomes and accountability.
For the University’s risk management to be effective, it needs to:
- Create and protect value;
- Be an integral part of all University processes;
- Be part of decision making;
- Explicitly address uncertainty;
- Be systematic, structured and timely;
- Be based on the best available information;
- Be tailored;
- Take human and cultural factors into account;
- Be transparent and inclusive;
- Be dynamic, iterative and responsive to change; and,
- Facilitate continual improvement of the University.
|Consequence||outcome of an event.|
|Establishing the context||defining the external and internal parameters to be taken into account when managing risk, and setting the scope and risk criteria for the risk management policy.|
|Level of Risk||magnitude of a risk, expressed in terms of the combination of consequences and their likelihood.|
|Likelihood||chance of something happening.|
|Operational Risk||an event that may adversely impact on a School's or Directorate's ability to achieve its key objectives|
|Risk||the effect of uncertainty that may impact upon the University's objectives. It is measured in terms of the consequence of an event and the associated likelihood of occurrence.|
|Risk Analysis||process to comprehend the nature of risk and to determine the level of risk.|
|Risk Assessment||overall process of risk identification, risk analysis and risk evaluation.|
|Risk Criteria||terms of reference against which the significance of a risk is evaluated.|
|Risk Evaluation||process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable.|
|Risk Management||coordinated activities to direct and control an organisation with regard to risk.|
|Risk Management Framework||set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation.|
|Risk Management Plan||scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk.|
|Risk Management Policy||statement of the overall intentions and direction of an organisation related to risk management.|
|Risk Management Process||systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing the risk.|
|Risk Source||element which alone or in combination has the intrinsic potential to give rise to risk.|
|Risk Treatment||process to modify risk.|
The Federation University Australia Council (“Council”), as the governing body of Federation University Australia, is ultimately responsible for overseeing the overall risk profile of the University.
The Federation University Australia Act 2010 as amended by the University of Ballarat Amendment (Federation University Australia) Act 2013, establishes the following as responsibilities of the Council:
“Part 2 – Constitution and Governance of the University (Division 2 – The Council)
(e) approving and monitoring systems of control and accountability of the
University, including those required to maintain a general overview of
any entity over which the University has control within the meaning of
section 3 of the Audit Act 1994;
(f) overseeing and monitoring the assessment and management of risk across
the University, including university commercial activities.”
The Federation University Australia Audit and Risk Committee (A&RC) assists the Council in fulfilling its oversight responsibilities for the system of internal control, the audit process (both internal and external) and the University’s process for monitoring compliance with laws and regulations.
The Charter of the Audit & Risk Committee establishes the following risk management responsibilities for the Committee:
- Oversee management’s overall risk management strategy/framework and ensure the required actions are appropriately resourced;
- Oversee the establishment and implementation of the University’s risk management system;
- Ensure that the University has identified, reviews and regularly updates the profile of the principal strategic, operational and financial risks to which it is exposed and assessed the appropriateness of the steps management has taken to manage these risks;
- Review trends on the University’s risk profile, reports on specific risks and the status of the risk management process;
- Review the University’s policy for the oversight and management of business risks;
- Monitor performance of management in implementing risk management responses and internal control rectification activities and ensure that there are appropriate systems for identifying and monitoring risks in place and that these are operating as intended;
- Review the proposed internal audit plan for the coming year, ensure that it covers key risks and that there is appropriate co-ordination with the external auditor;
- Ensure that the annual work plan of internal audit includes an analysis of the effectiveness of the University’s risk management, internal compliance and control system; and,
- Receive and consider the annual audited financial statements and provide comment to the Finance Committee, where appropriate.
The A&RC receives monthly financial management reports (including financial Key Performance Indicator data with trend analysis), Strategic Capital Infrastructure Project reports, quarterly Risk Management Reports and online access to the Strategic Risk Register. The Committee also receive specific reports annually or bi-annually, including Purchase Card reporting, Controlled Entities, FedUni Compliance Legislation and the FedUni Compliance Policies & Procedures report.
The A&RC has oversight of the scope of work of Internal Audit. Internal Audit is established to provide independent, objective and consultancy functions to Senior Management to assist the University in achieving its mission and accomplishing its objectives by evaluating and monitoring the effectiveness of the University’s risk management processes, internal controls and governance processes. Internal Audit functions to assist the University to achieve sound managerial review and control over all of its operations to ensure these activities can be carried out effectively and efficiently (FedUni Internal Audit Charter).
Internal Audit services may be provided either by suitably qualified member(s) of the University or outsourced to a third party professional services or auditing firm.
In consultation with the Vice-Chancellor and other Senior Managers, the appointed Internal Auditor, and/or the external audit agency, shall recommend a Strategic Internal Audit Plan for approval by the Audit and Risk Committee. The Committee shall determine by whom the audits will be undertaken.
- The Internal Audit function: monitors and evaluates the effectiveness of the University’s risk management processes, internal controls and governance processes;
- Provides independent and confidential advice to Council and Senior Management on remedial action to improve the effectiveness and efficiency of the use of resources; and,
- Provides progress reports regarding remedial action taken by Management.
The Internal Auditor must review the policies, procedures, systems, records, accounts and plans of the University and consider and report upon the effectiveness by which the University meets its objectives.
The following tables describe the core roles of Internal Audit (Table 1), as well as those roles and activities which Internal Audit should not fulfil (Table 3) or only do so when adequate safeguards are in place to ensure a conflict of interest does not arise or the independence of the audit function is not compromised (Table 2).
|CORE ROLES||Core Roles of Internal Audit|
|Reviewing the management of material risks|
The functions in Table 2 below should only be performed by the Internal Auditor if the following safeguards are in place and approval of A&RC is obtained:
- Segregation of duties;
- Membership of the Institute of Internal Auditors, that requires strict professional and ethical standards to be adhered to;
- Appropriate Audit & Risk Management qualifications, for example CIA (Internal Audit), CISA (IT Audit) and CRM (Risk Management);
- Appropriate skill level and knowledge of the University; and
- Council review and approval of risk management outcomes.
|WITH SAFEGUARDS||Possible Roles of Internal Audit with Safeguards in Place|
|Advice on Risk Identification and Evaluation|
|Championing establishment of Enterprise-wide Risk Management (ERM)|
|Central co-ordination point for ERM|
|Risk monitoring across the University|
|Holistic reporting on risk|
|Operating the ERM framework|
|Assisting in the development of a Risk Management strategy/procedure for Council approval|
The activities outlined in Table 3 below should never be performed by the Internal Auditor:
|DO NOT||Activities Internal Audit should NOT perform|
|Set risk appetite|
|Impose risk management processes or procedures|
|Make decisions on risk response|
|Manage risks on behalf of Management or Council|
|Take accountability for risks and controls|
The Finance Committee will assist the Council in fulfilling its statutory and fiduciary responsibilities in accordance with the requirements of the Federation University Australia Act 2010 and the Statutes and Regulations of Federation University Australia.
The Terms of Reference for the Finance Committee establishes the following risk management responsibilities for the Committee:
- Assess whether management has appropriate controls in place for unusual types of transactions and/or any particular transactions that may carry more than an acceptable degree of risk;
- Receive and report to Council on the annual audited financial statements including making appropriate enquiries to satisfy itself that all regulatory compliance matters related to the business of the University have been appropriately considered in the preparation of the financial statements.
The Infrastructure Committee’s responsibilities are to advise Council on and make recommendations for the development of the physical and technological infrastructure of the University.
The Terms of Reference for the Infrastructure Committee establishes the following risk management responsibilities for the Committee:
- To make recommendations to Council on major physical and technological projects, which involves expenditure that exceeds the financial delegation granted to University officers; or where the project has been recommended to the Infrastructure Committee for consideration as part of the University's Integrated Infrastructure Management Plan; or where responsibility for the project has been designated to the Infrastructure Committee under the University's Integrated Infrastructure Management Plan ("the project");
- Be responsible for the oversight of the approval process for the major infrastructure: design and construction of new projects; appointment of architects, designers and consultants; and selection of contractors and sub-contractors for the purpose of tendering or submitting prices.
All advice and recommendations made by the Committee should be based upon consideration of: the report received from the University’s Probity Advisor; a risk and benefit assessment; and an examination of the fit of the proposed project with issues of educational, cultural, community and economic significance.
Statute 2.2 – Academic Board highlights the following responsibilities of the Board:
2. (1) The Academic Board will be responsible for the supervision and development of
academic activities of the University, including the maintenance of high standards in teaching and research, and communication with the academic community through the Schools and Portfolios.
(2) In addition to the powers and duties conferred or imposed upon it by the Act, the
Academic Board, subject to the Statutes and Regulations of the University and any resolution of the Council shall:
a) provide advice to Council on matters pertaining to academic strategic issues;
b) make recommendations to Council on matters pertaining to teaching and learning;
c) make recommendations to Council on matters pertaining to research and research training;
d) establish policies and procedures for approval of programs and TAFE courses and monitor compliance with such policies and procedures;
e) programs, content, assessment and student progress;
f) make recommendations to Council on the approval of programs;
g) make recommendations to Council on requirements for conferral or granting of degrees, diplomas and certificates for undergraduate, honours and postgraduate coursework programs offered by the University;
h) communicate with the academic community through the Schools and Portfolios.
- Accountable to the University Council for ensuring a risk management program is in place as part of the University’s Corporate Governance framework and compliance with national and state government protocols;
- Ensure that risk management processes are established, implemented and maintained.
The Vice-Chancellor’s Budget Advisory Committee (VC’s BAC) shall have oversight of the financial monitoring and control cycle for the University and is an advisory committee to the Vice-Chancellor.
The Terms of Reference for the VC’s BAC establishes the following risk management responsibility for the Committee:
- Review and approve the earned income activities of the University to ensure they are conducted in a fiscally responsible manner, including: monitoring of financial risk; review of attribution of expenses; examination of operational budgets for “stand alone” earned income activities and fee return from international programs.
- The VCST receive reports from the Risk, Health and Safety Manager consisting of the updated University-wide Strategic Risk Register and specialist risk reports;
- Manage risk by identifying, evaluating and treating risks across the organisation and within each member’s particular management portfolio; and,
- Establish, oversee and support risk management policy and framework.
- Manage risk by identifying, reporting, monitoring, evaluating and treating risks within the relevant area;
- Each School/Directorate is required to submit an Occupational Health and Safety Plan for the forthcoming year to the Dean/Director, with a copy to the Manager of Risk, Health and Safety. The Plan must be based on the Annual OHS Plan Template (docx, 210kb), and should be submitted by the end of December. The Schools/Directorates then implement their Plan throughout the year, ensuring compliance with the University’s Risk Management Framework.
The role of the UHSPC is to consider and make recommendations to the Vice-Chancellor for compliance and improvement on university-wide health and safety matters relating to:
- The prevention of injuries and illnesses among members of the University Community;
- Employee consultation regarding health and safety issues and workplace change;
- The management of incidents and emergencies arising in the context of University-endorsed activities;
- The rehabilitation and compensation of injured university employees;
- Legislative compliance, auditing programs and monitoring the implementation of actions incorporated in Health and Safety Plans; and
- The performance of the University in relation to health and safety.
To support its approach to the provision of a safe working and learning environment, the University of Ballarat has three levels of teams to address health and safety issues. These are:
In addition to the contractual arrangements between the University and the Partner Provider, the UB and Partner Provider Responsibilities Manual has been developed to provide a statement of Partner Provider and University responsibilities. The Manual is designed to assist staff of both Partner Providers and the University by providing clarity of responsibilities.
|1.||Potential Third Party Provider Identified||VCST, PVC, Dean, Director CUP|
|2.||Initial strategic approval to proceed||Obtain advice on the viability of the proposed partnership including matching with the universities strategic intent and business needs.|
|3.||Raise MOU||Where appropriate an MOU may be prepared (Legal Office)|
DUE DILIGENCE & BUSINESS CASE
|1.||Proposed Third Party Provider completes Due Diligence Checklist||Proposed Partner to complete and forward to PVC office for review. Partner/country check obtained.|
|2.||School completes Business Case||Dean of Faculty completes Business Case with Director CUP assistance. Business Case to include consultation and approval from administrative areas and a preliminary site visit.|
|3.||Due Diligence Check||Due Diligence report obtained and any follow-up undertaken by PVC office.|
|4.||International & partners Committee & Academic Board||Dean of Faculty present the Business Case to I&PC for discussion including: an analysis against the University’s strategic direction; examination of the business plan and the financials; and, the fit of academic direction. The I&PC makes a determination. Any partnership arrangement that involves changes to existing admission and English language requirements or credit arrangements shall be referred to Academic Board.|
|5.||DVC & VC Budget Advisory Committee||The proposal is accepted by VC on advice from I&PC/AB. Where the financial arrangements are outside the (former Earned Income Committee) guidelines they will be presented to the VC Budget Advisory Committee for approval. IF approved, the Legal Office proceeds to draft the contract on instruction from the PVC.|
FINAL APPROVAL PROCESS
|1.||Site Inspection||Prior to the official signing of the contract, site inspections will be conducted by the Director CUP or nominee.|
|2.||Contract Negotiation||The contract will be negotiated through the PVC/Legal Office in consultation with the relevant Dean of Faculty (including start date, teaching location(s), financial arrangements and approved programs for delivery).|
|3.||Contract and associated documents ready for signature||The Legal Office will arrange signature of the Contract. The executed contract will be entered on the Partner data-base, filed in the Legal Office & CUP, the relevant Dean will be provided with a copy and Council notified.|
|4.||Operational notifications and registration||Once the contract has been signed, the Director CUP will notify relevant sections for CRICOS registration, Finance for accounts, Registrar Services for Provider locations on systems.|
In addition to the contractual arrangements between the University and the Partner Provider, the Operational Requirements for Partner Provider Agreements Procedure has been developed to provide a statement of Partner Provider and University responsibilities. The Procedure is designed to assist staff of both Partner Providers and the University by providing clarity of responsibilities.
The Project Management Framework is based on the universal principles of the PMBOK® guide and PRINCE-II® methodology, in conjunction with the University's policies, procedures and guidelines. This framework for Project Management is based on the generic process flows of Initiating, Planning, Executing, Controlling & Monitoring and Closing (IPECC).
All projects that are considered to be of ‘medium’ or above risk level, at an institutional level via the Audit & Risk Committee, as defined in the Risk Management Policy.
A Risk Management Plan must be submitted detailing risks identified in the planning process and those risks inherent in a project, prescribing the likelihood, consequences and mitigation strategy for each risk.
The Project Management Framework Policy describes the University's policy regarding the essential elements in the management of all projects. The objectives of this policy are to ensure that:
- Projects are effectively managed within the limitations of Scope, Quality, Resources (Time and Budget) and Risk;
- Appropriate governance and control is established;
- Communication, quality and risk management plans are developed and executed throughout a project's life;
- Appropriate authorisation and acceptance is established throughout the life of a project;
- Stakeholder communication is inclusive; and,
- Post implementation reviews are conducted and actively used to improve the conduct of project delivery.
In order to achieve these objectives the elements of this Project Management Policy must be included in the initiation, planning, and execution of all major projects.
The Project Management Framework Procedure defines the processes that are performed throughout the life of a Project to ensure the Project Management Framework Policy is adhered to.
The Project Register is a central reporting and tracking tool for all physical and virtual projects being planned, conducted and completed within the University.
Establish the context within which the School/Directorate operates, considering both the internal and the external environments of the School/Directorate (the University, the industry sector, stakeholders, etc). The following should be clearly defined:
- the objectives of the School/Directorate;
- the criteria that must be met to achieve these objectives;
- the purpose and scope of this risk management plan; and
- the consultative methods that will be employed for the development and implementation of this plan.
The objectives of the School/Directorate must be consistent with the key objectives of the University, and reference to the relevant key objective must be included when identifying an operational risk.
Risk identification is the process of finding, recognising and recording risks. The purpose is to identify what might happen or what situation might exist that may have an effect on the University achieving its objectives.
In the educational sector, risks can be classified under the following headings:
- Commercial and financial (e.g. loss of commercial income streams, loss of University funds through fraud, mismanagement or theft, breach of contract);
- Human (e.g. injury or illness to members of the University community);
- Business continuity (e .g. interruption to or downgrading of delivery of programs or services through loss of physical assets [fire, flood], essential services [water, power, information technology], labour [strike, resignation], etc);
- Environmental (e.g. contamination of air, water, land by a chemical or other substance);
- Reputation or public relations (e.g. allegations of academic fraud, of misuse of public resources, of mistreatment of staff/students, etc);
- Political or economic (e.g. UB's activities being jeopardised through political decision or intervention, loss of research grant or other public income stream); and,
- Legal or management (e.g. prosecution against FedUni, loss of key personnel).
Risk analysis is the process of understanding risk to determine the most appropriate forms of treatment and its acceptability. Risk analysis consists of determining contributing factors and consequences and taking into account the presence and effectiveness of current controls. During the process the likelihood and consequence of a risk occurring are determined and an inherent risk rating is applied. Consequence and likelihood are combined to produce an estimated level of risk. Controls are then considered and a residual risk rating is determined.
|Almost Certain||Imminent or will occur within 12 months|
|Probably||Will probably occur between 1 to 5 years|
|Possible||May occur after 3 years|
Example table: Determine the consequence rating for each adverse event and its severity
|ConsequenceRating||CommercialFinancial||Human||Business Continuity||Environmental||ReputationPublic Relations||PoliticalEconomic||LegalManagement|
Loss > $20m of revenue
Extreme loss of market share
Large programs terminated
Multiple loss of life or permanent impairment
Pandemic or epidemic
|Extensive loss of essential services for longer than 1 month affecting a Campus||Long term environmental damage affecting a Campus||
Substantial loss of reputation/loss of confidence by media/public
International/National media coverage
Parliamentary enquiry/ loss of Govt/Minister's support
Unexpected loss of several key personnel/ extensive staff turnover
Critical compliance error
|High||Loss < $20m of revenueMajor loss of market shareMajor program delayed > 12 monthsCompetition from new providersStudent numbers declining||Single loss of life or permanent impairment||Extensive loss of essential service for longer than a month affecting a School||Environmental damage affecting a Campus and requiring extensive remediation||Major loss of reputationLoss of stakeholder supportMajor complaints by stakeholders on program managementExtended national/local media coverage||
Ministerial attention: matters reported in Parliament / Departmental oversight
Significant public concern raised
Unexpected loss of a key senior manager, or significant staff turnover
Major commitment made without authorisation
< $5m of revenue
Some loss of market share
Student numbers low
|Health impairments to students and staff requiring rehabilitation||Critical service loss for more than a week affecting a program||Local environmental damage affecting a School/Directorate and requiring minor works||
Significant complaints about programs
Inability to provide quality and consistent service
Adverse local media coverage
|Decrease in support from Government or stakeholders||
Unexpected loss of key manager, or moderate staff turnover in key area
Inadequate records of a commercial negotiation
< $1m of revenue
Student numbers stable
|Minor health incident with local treatment||Local only, service loss for a small number of days||Brief pollution with remediation/ damage to small area||Minor complaints about programs resolves locally||Performance concerns resolved by Vice-Chancellor||Inadequate consultation with program stakeholders|
Risk evaluation is the process of prioritising risks due to the level of risk found during the analysis process, the need for treatment and the priority for treatment implementation. Decisions on how to prioritise risks are made based on determining whether a risk is acceptable or unacceptable.
Combine likelihood and consequence rating to arrive at a risk rating.
The level of risk corresponds to the priority level for each of the risk treatment actions and the level of resources that may be invested in them.
Risk treatment involves selecting and agreeing on one or more relevant options to change the likelihood or consequence of the risk and then implementing these options appropriately.
A risk treatment plan needs to include:
- One or several risk treatment actions for each risk identified;
- Responsibilities, schedules, expected outcomes, performance measures and budgets for each action;
- Mechanisms for assessing and monitoring the progress of the implementation of the actions and their effectiveness against objectives.
Risk treatment actions can be classified under the following headings:
- Avoiding the risk (e.g. ceasing an activity, disposing of assets).
- Reducing the likelihood of the risk (e.g. modifying work practices to prevent incidents, implementing stricter controls).
- Reducing the consequences of the risk (e.g. reducing inventory, improving early detection mechanisms, physically protecting assets, implementing incident management measures).
- Sharing the risk (e.g. insurance, partnerships).
- Retaining the risk.
When determining what treatment options are appropriate for a given risk, you should consider:
|Acceptability||Is the option likely to be accepted by relevant stakeholders?|
|Administrative efficiency||Is this option easy to implement or will it be neglected because of difficulty of administration or lack of expertise?|
|Authority||Does your School/Directorate have the authority to apply this option? If not, can higher levels be encouraged to do so?|
|Compatibility||How compatible is the treatment with others that may be adopted?|
|Continuity of effects||Will the effects be continuous or only short term? Will the effects of this option be sustainable? At what cost?|
|Cost effectiveness||Is it cost-effective, could the same results be achieved at lower cost by other means?|
|Economic and social effects||What will be the economic and social impacts of this option?|
|Effects on the environment||What will be the environmental impacts of this option?|
|Equity||Are risks and benefits distributed fairly e.g. do those responsible for creating the risk pay for its reduction?|
|Individual freedom||Does the option deny any basic rights?|
|Leverage||Will the treatment options lead to additional benefits in other areas?|
|Objectives||Are organisational objectives advanced by this option?|
|Political acceptability||Is it likely to be endorsed by the relevant government authority? Will it be acceptable to communities?|
|Regulatory||Does the treatment (or lack of treatment) breach any regulatory requirements?|
|Risk creation||Will this treatment introduce new risks?|
|Timing||Will the beneficial effects be realized quickly?|
This is the oversight and review of the risk management process in any given context and changes that might affect it. Monitoring and reviewing occurs concurrently throughout the risk management process.
Actions for Extreme and High risks are monitored regularly and require quarterly reporting to the VCST. Actions for lower risks require annual reporting.
Appropriate communication and consultation with internal and external stakeholders should occur at each stage of the risk management process.
Communication efforts must be focussed on consultation, rather than a one-way flow of information from decision-makers to stakeholders, especially those outside the University.
Consequently, communication and consultation are critical to ensure that stakeholders have access to relevant information. It is also critical that this information be presented in a manner that the recipients understand.
Purchasing Card Policy FN1284
Purchasing Card Procedure FN1285
Parking Procedure FN1498
Probity Auditing Policy FN1522
Tender Evaluation Guidelines FN1532
|Educational Sector Risks||Managing the Risks|
|Commercial and Financial||
Commercial Income Streams
Fraud, Mismanagement or Theft
Breach of Contract
Injury or illness
Interruption to or downgrading of delivery of programs or services through loss of physical assets, essential services or labour
|Reputation or Public Relations||
Allegations of Academic Fraud
Misuse of Public Resources
Mistreatment of Staff/Students
|Political or Economic||
FedUni's Activities being Jeopardised through Political Decision or Intervention
|Legal or Management||
Prosecution against UB
Loss of Key Personnel
The Audit and Risk Committee is informed of any high or extreme risks through the Committee Structure.
|Identify||Define risk level||Treat||Report||Review||Monitor/oversee|
|Strategic Extreme and High||
|VCST||VCST Corp Governance||VCST||
|Strategic Moderate and Low||VCST Corp Governance||VCST||
|Operational Extreme and High||Committees/ Deans/Directors||Committees/ Deans/Directors||Deans/Directors||VCST Corp Governance||Deans/Directors VCST||A&RC Internal Audit|
|Operational Moderate and Low||Committees/ Deans/Directors||Committees/ Deans/Directors||N/A|
|Projects||Project Manager||Project Manager||Project Manager||Manager – Major Projects Manager – SCI&P||Project Manager SCI&P||A&RC|
|International and on-shore Partner Providers||Partner Provider/Director, CUP||
|International & Partners Committee||Council|
* There is some overlap between strategic and operational risks. For instance, a very serious adverse event taking place within a School or Directorate will often impede the achievement of University-wide strategic objectives. In reverse, a strategic risk will often have a serious impact on individual Schools or Directorates.
Specific responsibilities under this procedure are shown under Actions.
The Manager - Risk, Health and Safety is responsible for the maintenance of this procedure.
The Risk Management Procedure will be communicated throughout Federation University Australia via:
- an Announcement Notice under ‘FedUni Communicate’ on the ‘FedUni Gateway’ website and through the Federation University Australia Policy - ‘Recently Approved Documents’ webpage to alert the University-wide community of the approved Policy;
- inclusion on the Federation University Australia Policy, Procedure and Forms website; and/or
- distribution of e-mails to Head of School / Head of Department / University staff; and/or
- documentation distribution, eg. posters, brochures.
- Other - please describe
The Risk Management Procedure will be implemented throughout the Federation University Australia via: