Skip to main content

Risk Management Policy and Procedure

Policy overview

1 Purpose

To provide information and guidance on Risk Management

2 Scope

This Policy applies to all University officers, employees, students, and visitors and contractors to facilities controlled by the University. The policy extends to all current and future activities, and new opportunities.

Where necessary, more detailed risk management policies and procedures should be developed to cover specific areas of the University's operations, such as financial management and business management. Where this occurs, such policies and regulations should comply with the broad directions described in the USQ Risk Management Policy.

3 Policy Statement

3.1 Recognition of the need for risk management:

The University of Southern Queensland recognises the need for risk management to feature as a consideration in strategic and operational planning, day-to-day management and decision making at all levels in the organisation.

3.2 A commitment to implement risk management effectively:

USQ is committed to managing and minimising risk by identifying, analysing, evaluating and treating exposures that may impact on the University achieving its objectives and/or the continued efficiency and effectiveness of its operations. USQ will incorporate risk management into its institutional planning and decision-making processes. Risk management must also be included as a consideration in sectional and operational planning as a delegated line management responsibility. USQ staff must implement risk management according to relevant legislative requirements and appropriate risk management standards.

3.3 A commitment to training and knowledge development in the area of risk management:

USQ is committed to ensuring that all staff, particularly those with management, advisory and decision making responsibilities, obtain a sound understanding of the principles of risk management and the requisite skills to implement risk management effectively.

3.4 A commitment to monitor performance and review progress in risk management:

USQ will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organisation as a basis for continuous improvement.

4 Principles

4.1 Responsibility for Risk Management

Risk must first and foremost be managed at the corporate level as part of the University's good governance and corporate management processes. Risk management is considered an integral part of all management and decision-making functions within USQ. The responsibility for the identification of risk and the implementation of control strategies and follow up remains a delegated line management responsibility. All stakeholders have a significant role in the management of risk. This role may range from initially identifying and reporting risks associated with their own jobs to participation in the risk management process. The Vice-Chancellor's Committee will facilitate the introduction and monitoring of risk management into key areas of USQ's activities

4.2 Objectives of and Rationale for Risk Management

  1. USQ, in its need for risk management, aims to:
    1. facilitate and review risk management activities across the institution through the Vice-Chancellor's Committee;
    2. integrate risk management into the management culture of the University; and
    3. foster an environment where staff assume responsibility for managing risks.
  2. To secure its commitment to implement risk management effectively, USQ aims to:
    1. implement risk management across all aspects of the University in accordance with best practice guidelines.
  3. To secure its commitment to training and knowledge development in the area of risk management, USQ aims to:
    1. ensure that performance in risk management is a consideration in the University's performance management systems; and
    2. ensure that staff and other stakeholders have access to appropriate information, training and other development opportunities in the area of risk management.
  4. To secure its commitment to monitoring performance and reviewing progress, USQ aims to:
    1. ensure that appropriate monitoring, review and reporting processes are in place in the area of risk management.
  5. The objectives of risk management are to:
    1. provide a structured basis for strategic, tactical and operational planning across USQ;
    2. enhance USQ's governance and corporate management processes;
    3. enable USQ to effectively discharge its statutory and legislative financial management responsibilities;
    4. provide a practical framework for managers to assess risks inherent in the decisions they take;
    5. assist and motivate decision makers, at all levels, to make good and proactive management decisions that do not expose USQ to unacceptable levels of risk of unfavourable events occurring which adversely impact on the attainment of organisational goals; encourage and commit decision makers to identify sound business opportunities that will benefit USQ without exposing the University to unacceptable levels of risk;
    6. minimise the risks of not identifying sound business opportunities;
    7. protect USQ from unacceptable costs or losses associated with its operations;
    8. safeguarding of USQ's resources - its people, finance, property and reputation;
    9. assist USQ in achieving its strategic objectives; and
    10. create an environment where all staff assume responsibility for risk management

5 Procedures

5.1 Whole of University Risk Management Process

Risk must first and foremost be managed at the corporate level as part of USQ's good governance and corporate management processes. This process, coordinated and facilitated by the Vice-Chancellor's Committee, will involve the following key steps:

  1. an annual risk identification exercise undertaken by management facilitated by the Vice-Chancellor's Committee, which involves assessment of the consequence and likelihood of risk, the development and/or review of individual risk management plans for the risks identified which exceed the University's defined acceptable risks;
  2. wherever practicable the inclusion of a Risk Management Assessment for all business activities;
  3. the incorporation of risk management into institutional strategic planning, and operational and resource management planning processes;
  4. annual review of the risk management activities by the Audit and Risk Committee;
  5. at least annual reporting by the Vice-Chancellor's Committee to the Audit and Risk Committee of the USQ Council, on action taken in respect of risk management;
  6. ensure risk management processes are incorporated into the quality assurance and improvement systems of the University community;
  7. clearly define and document escalation procedures for risk management;
  8. ensure a consistency in approach of responses to the same risk by different sections of the University;
  9. document all risks with a potentially high impact, as assessed on the basis of their likely occurrence or impact; and
  10. test documented risk management procedures at appropriate intervals.

5.1.1 Risk Management as a Delegated Line Management Responsibility

Risk management is a delegated line management responsibility. It is the responsibility of all line managers to continually monitor their areas of responsibility to ensure that risks are identified and managed. Line managers should ensure that a contribution is made to the whole-of-University risk management process, on behalf of their areas of responsibility, that identifies risks at all levels.

The sharing of documented responses to risks and knowledge of risk management principles and procedures will be fostered between line managers to ensure consistency across the University.

On an annual basis, line managers should review all activities to ensure that any unacceptable risk exposures are identified and managed at an appropriate level. All operational sections will be required to report on risk management as part of the institution's annual operational and resource management process.

5.1.2 Individual

Each employee or other stakeholder throughout the University has a role in the risk management process and is responsible for actively participating in the risk management process as appropriate to their position within the University.

5.1.3 Management of Risks Associated with New Opportunities

In addition to the risks that already exist, the University is continually exposed to new risks particularly from the introduction of new activities. The new risks should be incorporated into the initial planning and assessment processes conducted prior to undertaking the activity and, subsequently, into the annual risk management assessment at the appropriate level(s) of activity and management.

5.2 Principles to be Applied

The principles of risk management shall be applied to all areas of risk exposure, insurable and non-insurable, and shall include, but not be limited to the following areas:

Insurable Risks

Non-Insurable Risks

  • Insurable workplace health and safety risks
  • Insurable fraud and corruption prevention activities
  • Unauthorised use of resources which represent an insurable risk
  • Reputation and image as an insurable risk
  • Fire prevention measures and security precautions
  • Property loss and damage
  • Computer security
  • Vehicle fleet management
  • Professional negligence
  • Other liability exposures
  • Legal liability
  • Non-insurable workplace health and safety risks
  • Non-insurable fraud and corruption prevention activities
  • Unauthorised use of resources which represent a non-insurable risk
  • Reputation and image as a non-insurable risk
  • Crisis contingency planning and disaster recovery
  • Accounting controls that are not cost effective
  • Loss of key staff and intellectual property
  • The impact of globalisation on risk exposures
  • Management system inadequacies and poor work quality
  • Failure or disruption of a major income source or investment

5.3 Review

On the advice of the Audit and Risk Manager, the Vice-Chancellor's Committee will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organisation.

5.4 Guidance on Acceptable Risk

Through its monitoring, review and reporting functions, the Vice-Chancellor's Committee will ensure that the University maintains a consistent approach to its assessment of acceptable risk.

5.5 Documentation

Each stage of the risk management process shall be appropriately documented. The extent of documentation required is dependent on the nature of the risk. Documentation will be controlled so as to inform part of an auditable quality management process.

5.6 Compliance

A representation and compliance statement should be provided by each dean/centre head/manager as formal acknowledgement of their responsibility to comply with risk management policies and procedures. Each employee should have included in his/her Position Description a responsibility for risk management, and Annual Performance Appraisals should include an appropriate assessment thereof.

5.7 Staff Development

Management shall ensure that staff have available to them appropriate information and training opportunities in risk management as appropriate to their position and role within USQ.

6 References

Nil.

7 Schedules

This policy must be read in conjunction with its subordinate schedules as provided in the table below.

8 Policy Information

Subordinate Schedules

Accountable Officer

Director (Audit and Risk)

Policy Type

Governance Policy

Approved Date

3/3/2015

Effective Date

3/3/2015

Review Date

Relevant Legislation

Related Policies

Work Health and Safety Policy

Business Continuity Policy

Fraud Corruption and Control Management Policy and Procedure

Policy and Procedure Framework

Related Procedures

Work Health and Safety Risk Management Procedure

Related forms, publications and websites

Definitions

Terms defined in the Definitions Dictionary

Definitions that relate to this policy only

Risk

Risk is defined as the exposure to occurrences that will have an impact, either positive or negative, on USQ's organisational objectives. Risk arises out of uncertainty and has two elements:

  • the frequency/likelihood of something happening; and
  • the severity/impact of the consequences arising from the event.

Risk Management

Risk management is defined as the culture and processes for the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, assessing, treating, monitoring and communicating risks that will direct USQ towards the effective and efficient management of potential opportunities and adverse effects.

Keywords

Risk Management Compliance, business continuity

Record No

13/435PL

Failure to comply with this Policy or Policy Instrument may be considered as misconduct and the provisions of the relevant Policy or Procedure applied.

* This file is available in Portable Document Format (PDF) which requires the use of Adobe Acrobat Reader. A free copy of Acrobat Reader may be obtained from Adobe. Users who are unable to access information in PDF should email policy@usq.edu.au to obtain this information in an alternative format.