Risk Management

Risk Management Framework Procedure

Policy Code: CG2029

Purpose

This Procedure aims to ensure consistent application of sound risk management processes to all University activities.  

Scope

This procedure applies to all staff of the University and to all University activities. 

Legislative Context

  • Federation University Australia Act 2010
  • Occupational Health and Safety Act 2004
  • Audit Act 1994

Definitions

A complete list of definitions relevant to this procedure is contained within the Risk Management Framework Policy.

Actions

1. Managing risk at governance level

  ACTIVITY RESPONSIBILITY STEPS
A.      Fulfilling the requirements of the Federation University Australia Act 2010 (Part 2, Division 2).  Council of Federation University Australia
  1. Approve and monitor the systems of control and accountability of the University, including those required to maintain a general overview of any entity over which the University has control within the meaning of section 3 of the Audit Act 1994. 
  2. Oversee and monitor the assessment and management of risk across the University, including university financial and commercial activities. 
B.      Fulfilling the risk management roles and responsibilities assigned under the Charter of the Audit & Risk Committee.  Audit and Risk Committee
  1. Review the University’s policy and procedure for the oversight and management of business risks. 
  2. Oversee management’s overall risk management strategy/framework and ensure the required actions are appropriately resourced. 
  3. Oversee the establishment and implementation of the University’s risk management system. 
  4. Ensure that the University has identified, reviews and regularly updates the profile of the principal strategic, operational and financial risks to which it is exposed and assesses the appropriateness of the steps management has taken to manage these risks. 
  5. Review trends on the University’s risk profile, reports on specific risks and the status of the risk management process. 
  6. Monitor performance of management in implementing risk management responses and internal control rectification activities and ensure that there are appropriate systems for identifying and monitoring risks in place and that these are operating as intended.
C.      Fulfilling other responsibilities regarding risk management at Governance level.  Audit and Risk Committee
  1. Receive regular financial management reports (including financial Key Performance Indicator data with trend analysis), Strategic Capital Infrastructure Project reports, quarterly Risk Management Reports. 
  2. Receive specific reports annually or bi-annually, including Purchase Card reporting, Controlled Entities, FedUni Compliance Legislation and the FedUni Compliance Policies & Procedures report. 
D.      Providing independent, objective and consultancy functions to Senior Management to assist the University in achieving its mission and accomplishing its objectives.  Internal Audit
  1. Evaluate and monitor the effectiveness of the University’s risk management processes, internal controls and governance processes. 
  2. Assist the University to achieve sound managerial review and control over all of its operations to ensure these activities are carried out effectively and efficiently (FedUni Internal Audit Charter). 
  3. In consultation with the Vice-Chancellor and other Senior Managers, recommend a Strategic Internal Audit Plan for approval by the Audit and Risk Committee, as described in the Guideline – Internal Audit, Risk Management and Compliance Processes.  The A&RC determines who undertakes the audits. 
  4. Provide independent and confidential advice to Council and Senior Management on remedial action to improve the effectiveness and efficiency of the use of resources, and provides progress reports regarding remedial action taken by Management. 
E.      Assisting Council in fulfilling its statutory and fiduciary responsibilities in accordance with the requirements of the Federation University Australia Act 2010 and the Statutes and Regulations of Federation University Australia.  Finance Committee
  1. Assess whether management has appropriate controls in place for unusual types of transactions and/or any particular transactions that may carry more than an acceptable degree of risk. 
  2. Receive and report to Council on the annual audited financial statements including making appropriate enquiries to satisfy itself that all regulatory compliance matters related to the business of the University have been appropriately considered in the preparation of the financial statements. 
F.      Advising Council on, and making recommendations for, the development of the physical and technological infrastructure of the University.  Infrastructure Committee
  1. Monitor strategic risks associated with the University’s infrastructure in accordance with its Terms of Reference. 
G.      Supervising and developing academic activities of the University, including the maintenance of high standards in teaching and research, and communication with the academic community through the Schools and Portfolios.  Academic Board
  1. Consider risk as part of the responsibilities assigned to it in its Terms of Reference. 
H.      Supporting FedUni’s provision and maintenance of a safe working and learning environment.  University Health and Safety Policy Committee (UHSPC)
  1. Consider and make recommendations for compliance and improvement on University-wide health and safety matters relating to:
    1. the performance of portfolios against the requirements of the University’s health and safety management system;
    2. the prevention of injuries and illnesses among members of the University Community;
    3. employee consultation regarding Health and Safety Issues and workplace change;
    4. the management of Incidents and Emergencies arising in the context of University activities;
    5. the rehabilitation and compensation of injured university employees;
    6. legislative compliance, auditing programs and monitoring the implementation of actions incorporated in Health and Safety Plans; and
    7. the performance of the University in relation to health and safety.

2. Managing risk at executive management level

  ACTIVITY RESPONSIBILITY STEPS
A.      Being accountable to University Council for risk management.  Vice-Chancellor
  1. Ensure a risk management program is established, implemented and maintained as part of the University’s Corporate Governance framework and in compliance with national and state government protocols. 
B.      Managing strategic risk.  Vice-Chancellor Senior Team (VCST)
  1. Develop the Strategic Risk Profile for the University whenever necessary in accordance with the Guideline – Risk Management Process referenced below. 
  2. Update the Strategic Risk Profile every quarter and provide the updated information to the Manager – Risk, Health and Safety who includes it into a report to the A&RC. 
  3. Identify, evaluate and treat strategic risks across the University and operational risks within each member’s particular Portfolio, in liaison and consultation with the Manager – Risk, Health and Safety. 
  4. Regularly review the Risk Management Process, in particular to ensure that the risk analysis process reflects the amount of risk the University is able to support and willing to accept in pursuit of its business objectives. 
C.      Overseeing the financial monitoring and control cycle for FedUni.  Vice-Chancellor’s Budget Advisory Committee (VC’s BAC)
  1. Review and approve the earned income activities of the University to ensure they are conducted in a fiscally responsible manner, including monitoring of financial risk; review of attribution of expenses; examination of operational budgets for “stand alone” earned income activities and fee return from international programs.

3. Managing risk within Schools, Centres and Directorates

  ACTIVITY RESPONSIBILITY STEPS
A.      Managing operational risk.  Deans and Directors
  1. Identify report, monitor, evaluate and treat operational risks within their own School, Centre or Directorate in accordance with the Guideline – Risk Management Process referenced below. 
  2. Comply with all provisions of the Health and Safety Policy and associated documents. 
  3. Comply with all provisions of the Security Policy and associated documents. 

4. Managing risk in partner provider agreements

  ACTIVITY RESPONSIBILITY STEPS
A.      Integrating risk in Partner Provider Agreements.  International and Partners’ Committee
Vice-Chancellor
DVC – Engagement
Director – Partnerships and Commercial Engagements
VC’s BAC
  1. Comply with all provisions of the Higher Education Partner Provider Delivery Policy
  2. Comply with all provisions of the Operational Requirements for Partner Provider Agreements Procedure

5. Managing risk in projects

  ACTIVITY RESPONSIBILITY STEPS
A.      Integrating risk in the structured management of projects.  Project Steering Committees - Strategic Capital and Infrastructure
Project Manager
  1. Comply with all provisions of the Project Management Framework Policy and Project Management Framework Procedure, which describe the essential elements in the management of all projects, including risks. 
B.      Managing risk in a project.  Project Manager
  1. Comply with all provisions of the Project Management Framework Policy and Project Management Framework Procedure, which describe the essential elements in the management of all projects, including risks. 

Responsibility

  • The Vice-Chancellor is responsible for monitoring the implementation, outcomes and scheduled review of this procedure. 
  • The Manager – Risk, Health and Safety responsible for maintaining the content of this procedure as delegated by the Vice-Chancellor. 

Promulgation

The Risk Management Framework Procedure will be communicated throughout the University via an Announcement Notice on the FedNews website and on the ‘Recently Approved Documents’ page on the ‘Policies, Procedures and Forms @ the University’ website. 

Implementation

The Risk Management Framework Procedure will be implemented throughout the University via an Announcement Notice on the FedNews website and on the ‘Recently Approved Documents’ page on the ‘Policies, Procedures and Forms @ the University’ website. 

Records Management

Document Title Location Responsible Officer Minimum Retention Period
Strategic Risk Profile The University’s approved records management system Policy Systems Administrator or delegate

Copies can be disposed of once the administrative use has concluded

Electronic record will be retained in the University’s records management system

Operational Risk Register The University’s approved policy management system Policy Systems Administrator or delegate

Copies can be disposed of once the administrative use has concluded

Electronic record will be retained in the University’s records management system