• Site Map
• Campus Map
• A-Z Index
• Staff Intranet
• Contacts

Home > About the University > Policy Directory > Risk Management Policy

RISK MANAGEMENT POLICY

Date approved	15 April 2005	Date Policy will take effect	Immediately	Date of Next Review	15 April 2008
Approved by	University Council
Custodian title & e-mail address	Manager, Internal Audit uowia-email@uow.edu.au
Author
Responsible Faculty/ Division & Unit	UOW Internal Audit, Vice Chancellor’s Unit
Supporting documents, procedures & forms of this policy	UOW Strategic Risks Register
References & Legislation	Australian Risk Management Standard AS/NZS 4360:2004 University of Wollongong Act, 1989 (NSW) Commercial Activity Guidelines Purchasing and Procurement Policy Occupational Health and Safety Policy
Audience	Public – accessible to anyone
Expiry Date of Policy	Not applicable

Contents

• 1 Purpose of Policy 3
• 2 Definitions 3
• 3 Application & Scope 3
• 4 Policy Principles 4
• 5 Risk Management Process 4
• 6 Roles & Responsibilities 5
• 7 Version Control and Change History 7

1 Purpose of Policy

• 1. The purpose of this policy is to prescribe an approach to be used for risk management in all areas of the University so that a single consistent approach is implemented in all areas where risk is being explicitly managed.
• 2. The University will apply a structured and consistent approach to risk management in accordance with the Australian Risk Management Standard AS/NZS 4360:2004.

2 Definitions

Word/Term	Definition (with examples if required)
Consequence	Outcome or impact of a particular event or occurrence.
Likelihood	Used as a general description of probability or frequency.
Operational Risk	Risks that relate to the University doing the right things the wrong way or otherwise inadequately. These risks arise directly from activities undertaken by the University and include financial management; corporate governance; information technology management; legal compliance; and staff and student management.
Risk	The chance of something happening that will have an impact on the achievement of the University’s objectives. Risk is measured in terms of consequences and likelihood.
Risk Assessment	The overall process of risk analysis and evaluation. This is the shaded component of the schematic diagram on page 3 of this policy.
Risk Management	The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects within the University environment.
Risk Management Process	The systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risk.
Strategic Risk	Risks that relate to the University undertaking wrong activities, inappropriate or less appropriate activities in pursuit of its goals. These are mainly related to the University functions and objectives and include risks that impact on the University’s reputation; stakeholder expectations; and staff and student service delivery.

3 Application & Scope

• 1. The University already has explicit risk management processes in place in respect of:
• a. strategic risks (through the triennial strategic risk assessment organised by Internal Audit),
• b. commercial activities,
• c. occupational health and safety (including workers compensation),
• d. insurance administration,
• e. ethics and bio-safety matters,
• f. business continuity management,
• g. purchasing and procurement; and
• h. legal action
• 2. There are other areas of significant activity that may benefit from a risk management approach including, inter alia:
• a. outsourcing, partnering or shared service arrangements of functions
• b. new academic offerings whether onshore or offshore
• c. environmental management
• d. construction projects
• e. major project management
• f. community events held on University property or those sponsored by the University;
• g. undertaking University business in public places; and
• h. major fundraising activities

4 Policy Principles

• 1. The provisions of this Policy should be adopted to manage risks inherent within the areas of the Universities activities as outlined above in section 3, ‘Application & Scope’.
• 2. The aims of this policy are to:
• a. create a framework that provides the University Council with assurance that risk is being appropriately managed;
• b. ensure that a consistent approach to the application of risk management techniques is applied across all areas of the University;
• c. ensure that risk management processes.

5 Risk Management Process

• 1. The University will maintain and implement procedures to provide a systematic view of the risks faced in the course of our academic, administrative and business activities. These procedures will be consistent with AS/NZS 4360:2004 - Risk Management. This will require the University to take the following step:
• 1.1. Establish a context. This is the strategic, organisational and risk management context against which the rest of the risk management process will take place. Criteria against which risk will be evaluated should be established and the structure of the risk analysis defined.
• 1.2. Identify Risks. This is the identification of what, why and how events arise as the basis for further analysis.
• 1.3. Analyse Risks. This is the determination of existing controls and the analysis of risks in terms of the consequence and likelihood in the context of those controls. The analysis should consider the range of potential consequences and how likely those consequences are to occur. Consequence and likelihood are combined to produce an estimated level of risk.
• 1.4. Evaluate Risks. This is a comparison of estimated risk levels against pre-established criteria. This enables risks to be ranked and prioritised.
• 1.5. Treat Risks. For higher priority risks, the University will develop and implement specific risk management plans. Lower priority risks may be accepted and monitored.
• 1.6. Monitor and Review. This is the oversight and review of the risk management system and any changes that might affect it. Monitoring and reviewing occurs concurrently throughout the risk management process.
• 1.7. Communication and Consultation. Appropriate communication and consultation with internal and external stakeholders should occur at each stage of the risk management process as well as on the process as a whole.
• 2. Systematically, the risk management process is depicted in the following diagram:

6
Roles & ResponsibilitiesUniversity Council

• 1. The University Council and its Committees have responsibility under the University of Wollongong Act for overseeing risk management and risk assessment activities across the University.

Vice Chancellor

• 2. The Vice-Chancellor is accountable for ensuring that a risk management system is established, implemented and maintained in accord with this policy in any designated functional area or activity. Assignment of responsibilities in relation to risk management is the prerogative of the Vice Chancellor.

Audit Management & Review Committee

• 3. The Audit Committee will be accountable for the oversight of the processes for the identification and assessment of the general risk spectrum, reviewing the outcomes of risk management processes, and for advising the Council as necessary.

Senior Executives

• 4. Senior Executives are accountable for risk management within areas under their control including the devolution of the risk management process to operational managers. Collectively they are responsible for:
• a. the formal identification of strategic risks that impact upon the University’s mission,
• b. allocation of priorities; and
• c. the provision of risk management guidance.

Deans, Directors, Heads of Schools and Directors of Research Institutes

• 5. Deans, Directors, Heads of Schools and Directors of Research Institutes are accountable for:
• a. implementation of this policy within their respective areas of responsibility,
• b. regular reporting on the status of the risks they manage, insofar as it impacts on their respective responsibilities, as part of the strategic planning and review cycle,
• c. ongoing maintenance of any relevant risk register insofar as it impacts on their respective responsibilities; and
• d. ensuring compliance with risk assessment procedures.

Associate Director, Financial Services

• 6. This officer will be accountable for the University insurance portfolio and will ensure that risk management is applied to commercial activities and business continuity.

Director Personnel Services

• 7. This officer will remain accountable for the occupational health and safety and workers compensation portfolio, procedures and administration.

Manager, Internal Audit

• 8. The Manager, Internal Audit will be accountable through the Audit Management and Review Committee for the implementation of this policy in key areas of the University, maintaining a program for risk reassessment and a Risk Register for the University. The Manager, Internal Audit will provide advice to the relevant Deans and Directors on risk management matters.

General

• 9. Every staff member of the University is responsible for the effective management of risk including the identification of potential risks.
• 10. Management (both academic and general) is responsible for the development of risk mitigation plans and the implementation of risk reduction strategies.
• 11. There is legislation in place for the management of specific risks such as Occupational Health and Safety, Equal Opportunity and Research Ethics. The Risk Management Policy does not relieve the University of its’ responsibility to comply with other legislation.
• 12. Training and facilitation in relation to risk management practice will, in the first instance, be the responsibility of Internal Audit in conjunction with the Professional and Organisational Development Unit.

7 Version Control and Change History

Version Control	Date Effective	Approved By	Amendment
1	15 April 2005	University Council	First version
2	6 May 2009	Vice Principal (Administration)	Migrated to UOW Policy Template as per Policy Directory Refresh