Risk Management Policy and Procedure
- 1 Purpose
- 2 Scope
- 3 Policy Statement
- 4 Principles
- 5 Procedures
- 6 References
- 7 Schedules
- 8 Policy Information
To provide information and guidance on Risk Management
This Policy applies to all University officers, employees, students, and visitors and contractors to facilities controlled by the University. The policy extends to all current and future activities, and new opportunities.
Where necessary, more detailed risk management policies and procedures should be developed to cover specific areas of the University's operations, such as financial management and business management. Where this occurs, such policies and regulations should comply with the broad directions described in the USQ Risk Management Policy.
3 Policy Statement
3.1 Recognition of the need for risk management:
The University of Southern Queensland recognises the need for risk management to feature as a consideration in strategic and operational planning, day-to-day management and decision making at all levels in the organisation.
3.2 A commitment to implement risk management effectively:
USQ is committed to managing and minimising risk by identifying, analysing, evaluating and treating exposures that may impact on the University achieving its objectives and/or the continued efficiency and effectiveness of its operations. USQ will incorporate risk management into its institutional planning and decision-making processes. Risk management must also be included as a consideration in sectional and operational planning as a delegated line management responsibility. USQ staff must implement risk management according to relevant legislative requirements and appropriate risk management standards.
3.3 A commitment to training and knowledge development in the area of risk management:
USQ is committed to ensuring that all staff, particularly those with management, advisory and decision making responsibilities, obtain a sound understanding of the principles of risk management and the requisite skills to implement risk management effectively.
3.4 A commitment to monitor performance and review progress in risk management:
USQ will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organisation as a basis for continuous improvement.
4.1 Responsibility for Risk Management
Risk must first and foremost be managed at the corporate level as part of the University's good governance and corporate management processes. Risk management is considered an integral part of all management and decision-making functions within USQ. The responsibility for the identification of risk and the implementation of control strategies and follow up remains a delegated line management responsibility. All stakeholders have a significant role in the management of risk. This role may range from initially identifying and reporting risks associated with their own jobs to participation in the risk management process. The Vice-Chancellor's Executive (VCE) will facilitate the introduction and monitoring of risk management into key areas of USQ's activities
4.2 Objectives of and Rationale for Risk Management
- USQ, in its need for risk management, aims to:
- facilitate and review risk management activities across the institution through the Vice-Chancellor's Executive (VCE);
- integrate risk management into the management culture of the University; and
- foster an environment where staff assume responsibility for managing risks.
- To secure its commitment to implement risk management effectively, USQ aims to:
- implement risk management across all aspects of the University in accordance with best practice guidelines.
- To secure its commitment to training and knowledge development in the area of risk management, USQ aims to:
- ensure that performance in risk management is a consideration in the University's performance management systems; and
- ensure that staff and other stakeholders have access to appropriate information, training and other development opportunities in the area of risk management.
- To secure its commitment to monitoring performance and reviewing progress, USQ aims to:
- ensure that appropriate monitoring, review and reporting processes are in place in the area of risk management.
- The objectives of risk management are to:
- provide a structured basis for strategic, tactical and operational planning across USQ;
- enhance USQ's governance and corporate management processes;
- enable USQ to effectively discharge its statutory and legislative financial management responsibilities;
- provide a practical framework for managers to assess risks inherent in the decisions they take;
- assist and motivate decision makers, at all levels, to make good and proactive management decisions that do not expose USQ to unacceptable levels of risk of unfavourable events occurring which adversely impact on the attainment of organisational goals; encourage and commit decision makers to identify sound business opportunities that will benefit USQ without exposing the University to unacceptable levels of risk;
- minimise the risks of not identifying sound business opportunities;
- protect USQ from unacceptable costs or losses associated with its operations;
- safeguarding of USQ's resources - its people, finance, property and reputation;
- assist USQ in achieving its strategic objectives; and
- create an environment where all staff assume responsibility for risk management
5.1 Whole of University Risk Management Process
Risk must first and foremost be managed at the corporate level as part of USQ's good governance and corporate management processes. This process, coordinated and facilitated by the Vice-Chancellor's Executive (VCE), will involve the following key steps:
- an annual risk identification exercise undertaken by management facilitated by the Vice-Chancellor's Executive (VCE), which involves assessment of the consequence and likelihood of risk, the development and/or review of individual risk management plans for the risks identified which exceed the University's defined acceptable risks;
- wherever practicable the inclusion of a Risk Management Assessment for all business activities;
- the incorporation of risk management into institutional strategic planning, and operational and resource management planning processes;
- annual review of the risk management activities by the Audit and Risk Committee;
- at least annual reporting by the Vice-Chancellor's Executive (VCE) to the Audit and Risk Committee of the USQ Council, on action taken in respect of risk management;
- ensure risk management processes are incorporated into the quality assurance and improvement systems of the University community;
- clearly define and document escalation procedures for risk management;
- ensure a consistency in approach of responses to the same risk by different sections of the University;
- document all risks with a potentially high impact, as assessed on the basis of their likely occurrence or impact; and
- test documented risk management procedures at appropriate intervals.
5.1.1 Risk Management as a Delegated Line Management Responsibility
Risk management is a delegated line management responsibility. It is the responsibility of all line managers to continually monitor their areas of responsibility to ensure that risks are identified and managed. Line managers should ensure that a contribution is made to the whole-of-University risk management process, on behalf of their areas of responsibility, that identifies risks at all levels.
The sharing of documented responses to risks and knowledge of risk management principles and procedures will be fostered between line managers to ensure consistency across the University.
On an annual basis, line managers should review all activities to ensure that any unacceptable risk exposures are identified and managed at an appropriate level. All operational sections will be required to report on risk management as part of the institution's annual operational and resource management process.
Each employee or other stakeholder throughout the University has a role in the risk management process and is responsible for actively participating in the risk management process as appropriate to their position within the University.
5.1.3 Management of Risks Associated with New Opportunities
In addition to the risks that already exist, the University is continually exposed to new risks particularly from the introduction of new activities. The new risks should be incorporated into the initial planning and assessment processes conducted prior to undertaking the activity and, subsequently, into the annual risk management assessment at the appropriate level(s) of activity and management.
5.2 Principles to be Applied
The principles of risk management shall be applied to all areas of risk exposure, insurable and non-insurable, and shall include, but not be limited to the following areas:
| || |
On the advice of the Director (Internal Audit and Risk), the Vice-Chancellor's Executive (VCE) will regularly monitor and review the progress being made in developing an appropriate culture of risk management and the effective implementation of risk management strategies throughout the organisation.
5.4 Guidance on Acceptable Risk
Through its monitoring, review and reporting functions, the Vice-Chancellor's Executive (VCE) will ensure that the University maintains a consistent approach to its assessment of acceptable risk.
Each stage of the risk management process shall be appropriately documented. The extent of documentation required is dependent on the nature of the risk. Documentation will be controlled so as to inform part of an auditable quality management process.
A representation and compliance statement should be provided by each dean/centre head/manager as formal acknowledgement of their responsibility to comply with risk management policies and procedures. Each employee should have included in his/her Position Description a responsibility for risk management, and Annual Performance Appraisals should include an appropriate assessment thereof.
5.7 Staff Development
Management shall ensure that staff have available to them appropriate information and training opportunities in risk management as appropriate to their position and role within USQ.
This policy must be read in conjunction with its subordinate schedules as provided in the table below.
8 Policy Information
Director (Internal Audit and Risk)
Related forms, publications and websites
Terms defined in the Definitions Dictionary
Definitions that relate to this policy only
Risk is defined as the exposure to occurrences that will have an impact, either positive or negative, on USQ's organisational objectives. Risk arises out of uncertainty and has two elements:
Risk management is defined as the culture and processes for the systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, assessing, treating, monitoring and communicating risks that will direct USQ towards the effective and efficient management of potential opportunities and adverse effects.
Risk Management Compliance, business continuity
Failure to comply with this Policy or Policy Instrument may be considered as misconduct and the provisions of the relevant Policy or Procedure applied.
* This file is available in Portable Document Format (PDF) which requires the use of Adobe Acrobat Reader. A free copy of Acrobat Reader may be obtained from Adobe. Users who are unable to access information in PDF should email firstname.lastname@example.org to obtain this information in an alternative format.