View Current

Corporate Risk Management Rule

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Overview

(1) This Rule outlines the University of New England's commitment to corporate risk management.

(2) The University recognises that managing corporate risk is an integral part of good governance and achieving strategic and operational objectives. UNE is committed to the application of corporate risk management in organisational processes at all levels within the University.

(3) The UNE Corporate Risk Management Rule is based on ISO 31000:2009 Risk Management Principles and Guidelines. This Rule facilitates achieving compliance requirements set out in the UNE Act and the Threshold Standards.

Top of Page

Section 2 - Scope

(4) This Rule applies to all UNE Representatives.

(5) UNE Representatives responsible for the management of a UNE function, business unit, or realisation of project objectives, are responsible for identifying, managing and communicating the corporate risks to the objectives of that function, business unit, or project.

Top of Page

Section 3 - Rule

(6) All corporate risk management practices at UNE must be in accordance with the Corporate Risk Management Framework. All corporate risk documentation and reporting must:

  1. Adhere to the mandated terms used in the framework; and
  2. Corporate risk documentation and reporting provided to the Senior Executive, Vice-Chancellor and Chief Executive Officer Committees, or Council Committees (including all sub-committees) must:
    1. Use the Corporate Risk Governance Report template; and
    2. Where evidence of risk assessment is requested, this information is to be presented in the Corporate Risk Assessment template.

(7) Corporate risk management practices must be transparent and include appropriate and timely involvement of stakeholders and decision makers at all levels of the University.

(8) The University will incorporate corporate risk management in organisational decision making to:

  1. Reduce uncertainty around the delivery of objectives; and
  2. Take advantage of potential opportunities in the effective delivery of objectives.

(9) The University must integrate corporate risk management into the approval, review and control of all governance, planning, and process management associated with:

  1. normal business operations;
  2. projects, including research projects; and
  3. Controlled Entities.

(10) The Audit and Risk Directorate will monitor and report on corporate risk management activities to the Vice-Chancellor and Chief Executive Officer and Council.

Authority and Compliance

(11) The Council, pursuant to Section 29 of the UNE Act makes this University Rule.

(12) UNE Representatives must observe it in relation to University matters.

(13) The Rule Administrator, Director Audit and Risk, is authorised to make procedures and guidelines for the operation of this University Rule. The procedures and guidelines must be compatible with the provisions of this Rule.

(14) This Rule operates as and from the Effective Date.

(15) Previous policy on corporate risk management and related documents are replaced and have no further operation from the Effective Date of this new Rule.

(16) Notwithstanding the other provisions of this University Rule, the Vice-Chancellor and Chief Executive Officer may approve an exception to this Rule where the Vice-Chancellor and Chief Executive Officer determines the application of the Rule would otherwise lead to an unfair, unreasonable or absurd outcome. Approvals by the Vice-Chancellor and Chief Executive Officer under this clause must be documented in writing and must state the reason for the exception.

Top of Page

Section 4 - Definitions

(17) Corporate Risk means the effect on the University's objectives from uncertainty in organisational decision making and action, leading to mismanagement or missed opportunities.

  1. NOTE 1: Uncertainty is the result of deficiencies in information, knowledge, or understanding on the management of, or strategy for, achieving set objectives.
  2. NOTE 2: Corporate risks are plausible instances of mismanagement. Risks identify where organisational effort, resources, and opportunities are most likely to be mismanaged or squandered.

(18) Risk Management means coordinated activities to direct and control an organisation with regard to its management of corporate risk.

  1. NOTE 1: The core focus of risk management is to identify what the plausible risks to an objective look like, and to communicate how these risks are being controlled.

(19) Threshold Standards means the standards made under subsection 58(1) of the Tertiary Education Quality and Standards Agency Act 2011.

(20) UNE Act means the University of New England Act 1993 No 68 (NSW).