Skip to content

Enterprise Risk Management Policy

PDF version of Enterprise Risk Management Policy
Print Version *

Policy overview

1 Purpose

To provide an integrated and balanced approach to the identification, treatment and management of Risk to support the achievement of strategic and operational objectives.

2 Scope

This policy applies to all University Members.

3 Policy Statement

The University recognises the need to appropriately leverage opportunities and manage threats through an integrated approach to enterprise Risk management. This approach aims to minimises the Risk of failing to deliver strategic objectives through the appropriate management of Strategic, Operational and Tactical Risks.

This policy aligns with:

Higher Education Standards Framework (Threshold Standards) 2021: Standard 6.2 Corporate Monitoring and Accountability

4 Principles

The University is committed to ensuring the appropriate management of Risk. The principles by which that is achieved are:

  • Integration of Risk identification, treatment and management into all planning and decision-making processes.
  • Adoption of the Three Lines Model (refer Figure 1 below).
  • A commitment through the Vice-Chancellor's Executive to:
    • develop an appropriate culture of Risk management in which all University Members understand their role;
    • implement effective Risk management practices that integrate Council-approved Risk Appetite and Tolerances;
    • ensure appropriate governance and oversight of Risk;
    • regularly monitor and review the implementation of this policy and supporting Policy Instruments; and
    • build Risk capability and capacity of the University through appropriate education and training.
  • Development of an enterprise Risk management framework and supporting tools and guidance to articulate the Risk management processes.
  • Articulation of the responsibility for Risk management, including line management responsibility.
  • Monitoring of and adjustment to the assessment of the external environment, opportunities and threats through regular reporting to Vice-Chancellor's Executive, Audit and Risk Committee and Council:

Figure 1: Three Lines Model

The Three Lines Model developed by the Institute of Internal Auditors providing for the role of the Governing Body, Management, Internal Audit and External Assurance Providers.

Adapted from Institute of Internal Auditors, 2021, Three lines Model.

5 References

Institute of Internal Auditors, 2020, The IIA's Three Lines Model - An update of the Three Lines of Defense, viewed 25 March 2022, https://www.theiia.org/globalassets/site/about-us/advocacy/three-lines-model-updated.pdf

Institute of Internal Auditors, 2018, Factsheet - Risk Management, viewed 12 May 2022, https://iia.org.au/sf_docs/default-source/technical-resources/2018-fact-sheets/factsheet---risk-management.pdf?sfvrsn=2

6 Schedules

This policy must be read in conjunction with its subordinate schedules as provided in the table below.

7 Policy Information

Accountable Officer

Deputy Vice-Chancellor (Enterprise Services)

Responsible Officer

Director (Risk Management, Compliance and Insurance)

Policy Type

Governance Policy

Policy Suite

Enterprise Risk Management Procedure

Subordinate Schedules

Risk Appetite and Tolerance Schedule (under development)

Approved Date

10/10/2022

Effective Date

6/12/2022

Review Date

6/12/2027

Relevant Legislation

Policy Exceptions

Policy Exceptions Register

Related Policies

Financial Management and Accountability Policy

Fraud and Corruption Management Policy

Insurance Policy

Integrated Planning and Performance Policy

Policy Framework

Work Health and Safety Policy

Related Procedures

Integrated Planning and Performance Procedure

Related forms, publications and websites

Crisis Management Framework

Fraud and Corruption Control Plan

Risk Management Framework (under development)

Definitions

Terms defined in the Definitions Dictionary

Council

Council means the governing body, the University of Southern Queensland Council....moreCouncil means the governing body, the University of Southern Queensland Council.

Policy Instrument

A Policy Instrument refers to an instrument that is governed by the Policy framework. These include Policies, Procedures and Schedules....moreA Policy Instrument refers to an instrument that is governed by the Policy framework. These include Policies, Procedures and Schedules.

Risk

The effect of uncertainty on objectives....moreThe effect of uncertainty on objectives.

Risk Appetite

The level of Risk the University is willing to accept or take in pursuit of its objectives....moreThe level of Risk the University is willing to accept or take in pursuit of its objectives.

Risk Tolerances

Boundaries for Risk taking expressed in upper and lower limits....moreBoundaries for Risk taking expressed in upper and lower limits.

University

The term 'University' or 'UniSQ' means the University of Southern Queensland....moreThe term 'University' or 'UniSQ' means the University of Southern Queensland.

University Members

Persons who include: Employees of the University whose conditions of employment are covered by the UniSQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; members of the University Council and University Committees; visiti...morePersons who include: Employees of the University whose conditions of employment are covered by the UniSQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; members of the University Council and University Committees; visiting, honorary and adjunct appointees; volunteers who contribute to University activities or who act on behalf of the University; and individuals who are granted access to University facilities or who are engaged in providing services to the University, such as contractors or consultants, where applicable.

Vice-Chancellor

The person bearing the title of Vice-Chancellor and President, or as otherwise defined in the University of Southern Queensland Act 1998, including a person acting in that position....moreThe person bearing the title of Vice-Chancellor and President, or as otherwise defined in the University of Southern Queensland Act 1998, including a person acting in that position.

Definitions that relate to this policy only

Operational Risk

Risks that arise from standard business as usual operations.

Strategic Risk

Risks that might impact the Strategic Plan aims and require coordinated effort across the Vice-Chancellor's Executive to mitigate.

Tactical Risk

Risks that arise from projects or initiatives.

Keywords

Record No

22/221PL

Complying with the law and observing Policy and Procedure is a condition of working and/or studying at the University.

* This file is available in Portable Document Format (PDF) which requires the use of Adobe Acrobat Reader. A free copy of Acrobat Reader may be obtained from Adobe. Users who are unable to access information in PDF should email policy@usq.edu.au to obtain this information in an alternative format.