Risk Management
This policy establishes Federation University’s commitment to enterprise risk management and outlines the principles that will be used to guide this process.
This policy establishes Federation University’s commitment to enterprise risk management and outlines the principles that will be used to guide this process.
• Federation University Act 2010 (Vic)
• The Standing Directions 2018 under the Financial Management Act 1994 (Vic) (incorporating the Victorian Government Risk Management Framework where applicable)
• The Tertiary Education Quality and Standards Agency Act 2011 (TEQSA Act)
• Higher Education Standards Framework (Threshold Standards) 2015
• The National Vocational Education and Training Regulator Act 2011
• Australian Skills Quality Authority (ASQA) Standards for Registered Training Organisations (RTOs) 2015 and ASQA Regulatory Risk Framework and related documentation.
| Term | Definition |
|---|---|
| Risk Management | The coordinated management of activities to direct and control an organisation with regard to risk. |
| Risk |
The effect of uncertainty on objectives:
|
| Members of the University Community | Includes staff, members of the University Council and members of any board, committee or other body established by or constituted under University Statutes and Regulations. |
| Risk Appetite | The amount and type of risk that the University is willing to take in order to meet its strategic objectives. |
| Consequence |
Outcome of a risk event or situation expressed qualitatively or quantitatively, being a loss, injury, disadvantage or gain:
|
| Likelihood | The chance or probability of a risk materialising. |
| Controls | The actions, activities or mitigation strategies in place to prevent the risk from materialising. |
| Contributing Factors | Factors internal and external that contribute to the risk existing or which could result in the risk materialising. |
| Accountability | Responsibility for ensuring that a risk is appropriately managed, including implementation of treatment plans and monitoring the effectiveness of controls |
| Risk Categories | Broad categories of risk that the University uses to identify and group risks. |
Managing risk is an essential component of good governance and leadership. Effective risk management both creates and protects value in an organisation by improving decision making.
In order to achieve its strategic goals the University must accept a measured degree of risk. Through identification and analysis of risk the University is able to innovate and deliver a successful and sustainable future.
This policy and the accompanying procedure are based upon the International Standard for Risk Management (AS/NZS ISO31000:2018).
The University’s risk management program is underpinned by the following principles:
| PRINCIPLE | DEMONSTRATED BY: |
|---|---|
| A positive risk culture |
• creating a culture where risk identification and management is acknowledged as a driver of positive outcomes. • driving excellence in corporate governance by increasing accountability, awareness and a positive attitude to risk management. |
| Risk based decision making | • decision making and responsiveness which is prioritised and informed by risk analysis. |
| Embedded risk management |
• all operational functions and processes should include a linkage to risk. • risk analysis and identification will include broad stakeholder consultation. |
| Strategic safeguards | • assisting the University to operate safely and securely. |
| Accountability | • clear accountability for each category of risk, individual risk and treatment plan to ensure action and monitoring is implemented. |
| Transparency | • providing transparency and oversight to senior management and the University Council that strategic, enterprise and critical operational risks are managed effectively. |
| Informed investment | • the consideration of the balance between risk and benefit in the development of investment strategies. |
| Informed resource allocation | • adoption of risk based approach to the allocation of resources to mitigate future risks. |
| Fraud risk identification and prevention | • all operational areas actively identifying fraud risks and implementing appropriate treatment plans to reduce the risk to an acceptable level. |
The primary purpose of the risk management framework is to provide a coordinated and managed approach to critical risks that, if they were to occur, would impact on the achievement of strategic and organisational objectives.
The University has defined three levels of risk and accountability.
Strategic Risk Profile
- Strategic risks are risks that affect or are created by the University’s strategic objectives.
- The strategic risk profile is forward looking and focused on risk to and from the strategic plan. The profile will be integrated with the overall strategic planning process.
- Strategic risks are typically over the horizon, large scale or game changing scenarios. Strategic risks are often interdependent and require an integrated management approach.
- The University Council, through the Audit and Risk Management Committee (A&RMC), and in consultation with the Vice Chancellor’s Senior Team (VCST), is responsible for the strategic risk profile.
- The Associate Director Risk and Integrity is responsible for the planning and facilitation of strategic risk profile activities.
- The Chief Operating Officer is responsible for finalising the strategic risk profile and quarterly monitoring and reporting to VCST, the A&RMC and University Council.
Enterprise Risk Profile
- Enterprise risks are organisation wide risks that, if they were to materialise, have the severity or materiality to threaten the survival or existence of the University.
- The enterprise risk profile is based on risks identified in strategic reviews that relate to University operations. Enterprise risks may also be identified in operational risk reviews as critical risks.
- The VCST is responsible for the enterprise risk profile. The profile is refreshed annually with quarterly monitoring and reporting by VCST to the University Council, through the A&RMC.
- The Associate Director Risk and Integrity is responsible for the planning and facilitation of the of the enterprise risk profile activities.
- The Chief Operating Officer is responsible for finalising the enterprise risk profile and quarterly monitoring and reporting to VCST, the A&RMC and University Council.
Operational Risk Profiles
- Operational risks affect a specific area of activity of the University.
- The operational risk profiles are developed based on risks to the achievement of school/division/directorate operational plans. Some risks will be similar across operational areas of the University.
- The Dean/Director or equivalent is responsible for an annual refresh of the operational risk profile within their area of responsibility.
- The Dean/Director or equivalent is responsible for ensuring that the operational management team on a quarterly basis monitor and review the risk profile. Quarterly monitoring and reporting will occur to the member of the VCST responsible for that division.
- The Associate Director Risk and Integrity is responsible for monitoring the review of the operational risk profile and facilitating an annual refresh of the risk profile.
- The VCST is responsible for monitoring the operational risk profiles and raising critical risks to the enterprise risk level if required.
Risk Matrix
Audit and Risk Management Committee Terms of Reference
Forms
- Risk Appetite Statement (DOCX 176.7kb)
- Risk Assessment Guideline (DOCX 334.4kb)
- Risk Management Plan (PDF 89.3kb)
- Risk Matrix (DOCX 176.1kb)
• The Audit and Risk Management Committee (as the Approval Authority) is responsible for the review and approval of this policy to ensure appropriate oversight and management of University wide risk.
• The Associate Director, Risk and Integrity (as the Policy Sponsor) is responsible for maintaining the content of this policy in consultation with the Audit and Risk Management Committee.
This policy will be communicated throughout the University via:
• an Announcement Notice via FedNews website and on the ‘Recently Approved Documents’ page on the ‘Policies, Procedures and Forms @ the University’ website to alert the University-wide community of the approved Policy; and
• distribution of e-mails to VCST, Deans, Directors or equivalent.
This policy will be implemented throughout the University via:
• an Announcement Notice via FedNews website and on the ‘Recently Approved Documents’ page on the ‘Policies, Procedures and Forms @ the University’ website to alert the University-wide community of the approved Policy; and
• Dean/Director or equivalent operational risk assessment and training workshops.
 Prev |
 Up |
 Next
|
| Risk Management | Risk Management Procedure |
Document Index
Policy Search
|
Printable PDF Version
|