Skip Navigation

Corporate Risk Management Rule

This is the current version of this document. To view historic versions of this document click the link in the main navigation (grey) bar above or contact policies@une.edu.au for versions that expired pre 27 July 2015.

Section 1 - Overview

(1) This Rule outlines the University of New England's commitment to corporate risk management.

(2) The University recognises that managing corporate risk is an integral part of good governance and achieving strategic and operational objectives. UNE is committed to the application of corporate risk management in organisational processes at all levels within the University.

(3) The UNE Corporate Risk Management Rule is based on ISO 31000:2009 Risk Management Principles and Guidelines. This Rule facilitates achieving compliance requirements set out in the UNE Act and the Threshold Standards.

Section 2 - Scope

(4) This Rule applies to all UNE representatives.

(5) UNE representatives responsible for the management of a UNE function, business unit, or realisation of project objectives, are responsible for identifying, managing and communicating the corporate risks to the objectives of that function, business unit, or project.

Section 3 - Rule

(6) All corporate risk management practices at UNE must be in accordance with the Corporate Risk Management Framework. All corporate risk documentation and reporting must:

  1. Adhere to the mandated terms used in the framework; and
  2. Corporate risk documentation and reporting provided to the Senior Executive, VC Committees, or Council Committees (including all sub-committees) must:
    1. Use the Corporate Risk Governance Report template; and
    2. Where evidence of risk assessment is requested, this information is to be presented in the Corporate Risk Assessment template.

(7) Corporate risk management practices must be transparent and include appropriate and timely involvement of stakeholders and decision makers at all levels of the University.

(8) The University will incorporate corporate risk management in organisational decision making to:

  1. Reduce uncertainty around the delivery of objectives; and
  2. Take advantage of potential opportunities in the effective delivery of objectives.

(9) The University must integrate corporate risk management into the approval, review and control of all governance, planning, and process management associated with:

  1. normal business operations;
  2. projects, including research projects; and
  3. Controlled Entities.

(10) The Audit and Risk Directorate will monitor and report on corporate risk management activities to the Vice-Chancellor & CEO, and UNE Council.

Authority and Compliance

(11) The UNE Council, pursuant to Section 29 of the University of New England Act, makes this University Rule.

(12) University Representatives must observe it in relation to University matters.

(13) The Rule Administrator is authorised to make procedures and guidelines for the operation of this University Rule. The procedures and guidelines must be compatible with the provisions of this Rule.

(14) This Rule operates as and from the Effective Date.

(15) Previous policy on Corporate Risk Management and related documents are replaced and have no further operation from the Effective Date of this new Rule.

(16) Notwithstanding the other provisions of this University Rule, the Vice-Chancellor may approve an exception to this Rule where the Vice-Chancellor determines the application of the Rule would otherwise lead to an unfair, unreasonable or absurd outcome. Approvals by the Vice-Chancellor under this clause must be documented in writing and must state the reason for the exception.

Section 4 - Definitions

(17) Corporate Risk means the effect on the University's objectives from uncertainty in organisational decision making and action, leading to mismanagement or missed opportunities.

  1. NOTE 1: Uncertainty is the result of deficiencies in information, knowledge, or understanding on the management of, or strategy for, achieving set objectives.
  2. NOTE 2: Corporate risks are plausible instances of mismanagement. Risks identify where organisational effort, resources, and opportunities are most likely to be mismanaged or squandered.

(18) UNE Council's means the Council of the University of New England, being the governing body of the University.

(19) Effective Date means - takes effect on the day on which it is published or on such later day as may be specified in the Rule.

(20) Risk Management means coordinated activities to direct and control an organisation with regard to its management of corporate risk.

  1. NOTE 1: The core focus of risk management is to identify what the plausible risks to an objective look like, and to communicate how these risks are being controlled.

(21) Threshold Standards means the standards made under subsection 58(1) of the Tertiary Education Quality and Standards Agency Act 2011.

(22) Rule Administrator is the Director, Audit and Risk.

(23) University Representative means a University employee (casual, fixed term and permanent) contractor, agent, appointee, UNE Council member, adjunct, visiting academic and any other person engaged by the University to undertake some activity for or on behalf of the University. It includes corporations and other bodies falling into one or more of these categories.

(24) UNE Act means the University of New England Act 1993 No 68 (NSW).