(1) UNE’s Risk Management Framework supports the consistent application of risk management across the institution. (2) While the outcomes of all activities and decisions are inherently subject to some level of uncertainty, a consistent enterprise risk management approach helps ensure UNE has in place: (3) This Policy applies to and are to be observed by all (4) Within this Policy: (5) The key elements of UNE’s Risk Management Framework are: (6) UNE aims to support effective risk management by implementing a principled approach consistent with AS ISO 31000:2018 Risk Management - Guidelines. (7) Risk management at UNE will be: (8) UNE’s approach to risk management involves the key stages outlined in Table 1. (9) Risk Management at UNE requires the use of consistent terminology and language to support shared understanding of risk assessments and to help compare and assess multiple risks. Refer to Annexure 1 of this Policy for the risk terminology to be used at UNE by all (10) Risk Management is the responsibility of all Managers and Supervisors within the University and is applied as a key part of due diligence informing decision making. Specific roles in risk management are outlined in table 2 below. (11) The Governance Division helps coordinate risk management practice via: (12) Managers should be aware that subject matter expertise for different areas of risk may reside in different areas of the University for example: (13) Advice and support to help with the implementation of the risk management is available via risk@une.edu.au. (14) UNE promotes a positive risk culture by supporting risk application in decision-making and supporting transparent reporting and discussions about risk levels and required actions. This means: (15) The implementation of this Policy will be supported and measured, by (16) Managers are responsible for ensuring that (17) The Chief Risk Officer is responsible for ensuring the data within the Enterprise Risk Management system is recorded in UNE’s approved Records Management System on a quarterly basis. (18) Where Risk Reports are provided to University Committees, the Committee Secretary is responsible for recording the reports in the applicable Committee containers in the Records Management System. (19) The Council, pursuant to Section 29 of the University of New England Act 1993 (NSW) makes this University Policy. (20) (21) The Policy Steward, the Director Governance and University Secretary, is authorised to develop associated documents and toolkits or manuals to support this Policy. (22) This Policy operates as and from the Effective Date. (23) Previous policy on corporate risk management and related documents are replaced and have no further operation from the Effective Date of this new Policy. (24) UNE Risk Management Policy and the principles and framework outlined within are based on AS ISO 31000:2018 Risk Management - Guidelines. This Policy supports UNE to achieve compliance requirements including those within the University of New England Act 1993 (NSW) and the Higher Education Standards Framework (Threshold Standards) Act 2015. (25) Notwithstanding the other provisions of this University Policy, the Vice-Chancellor and Chief Executive Officer may approve an exception to the Policy where the Vice-Chancellor and Chief Executive Officer determines the application of the Policy would otherwise lead to an unfair, unreasonable or absurd outcome. Approvals by the Vice-Chancellor and Chief Executive Officer under this clause will be documented in writing and must state the reason for the exception. (26) Risk is a preventable event or condition with unacceptable consequences. In the UNE context this means: a potential event or condition that is preventable, and will impact the University's objectives by either, providing a positive opportunity that would be unacceptable for UNE not to take, or exposing UNE to a negative threat that would be unacceptable for UNE to experience. (27) Risk Management is the activity of perceiving, understanding and managing risks so as to orientate operations and decision-making towards the achievement of set objectives and goals. The University actively promotes risk management through compliance with legislation and regulation, the application and adherence to modern professional standards and ways of working and the application and adherence to the UNE Risk Management Policy. (28) Risk Management Practice means the actions and activities undertaken to identify, assess, and manage the exposure to, and impact of, a risk. Risk Management Policy
Section 1 - Objective and Scope
Part A - Risk Management Framework
Part B - Principles of Risk Management
Part C - Risk Management Practice
Risk Management Approach
Table 1 – Risk Management Approach (see also Annexure 1 to this Policy for detailed steps and terminology
Support for Risk Management Practice
Table 2 – Key Roles and Responsibilities in Risk Management
Risk Culture
Top of PageSection 2 - Quality Assurance
Recordkeeping
Section 3 - Authority and Compliance
Section 4 - Definitions (specific to this Policy)
View Current
This is the current version of this document. To view historic versions, click the link in the document's navigation bar.
1. Context
2. Identify
3. Analyse
4. Evaluate
5. Treat
6. Actions (Monitor)
7. Report
Establish the context for the risk
Identify the risk and consequence categories
Analyse what would cause the risk to occur
Describe existing controls, type and effectiveness
Use risk matrix to determine risk consequences
Identify how risk will be treated and plan for treatment, assign responsibilities
Set notifications, review dates, escalation roles
Monitor and review risk and treatment plan
Agree report program, incorporate risk in dashboards;
Share and communicate key risk
Role / Body
Responsibility
Council
Council monitors strategic and key organisation risks and the overall institution risk exposure profile. Council, in conjunction with the Vice-Chancellor and Chief Executive Officer and Senior Executive agree the risk appetite associated with strategic priorities and key result areas (KRAs). Council members consider risk in Council decision making and strategic planning
Audit and Risk Committee of Council
Audit and Risk Committee oversees the risk management and control environment and approves policies relating to risk. The Committee reports to Council regarding UNE’s risk exposure profile, the control environment, emerging risks and those key risks which may be outside of agreed appetite or tolerance levels.
Vice-Chancellor and Chief Executive Officer
The Vice-Chancellor and Chief Executive Officer is responsible for reporting key emerging and risks, highlighting significant changes to risk exposure, to the Audit and Risk Committee. The Vice-Chancellor and Chief Executive Officer monitors the development of a positive risk culture (including level of risk maturity) and ensures that key management decisions and planning activities have considered risks.
Senior Executive
Senior Executive have specific responsibilities for monitoring risk exposure profiles within the portfolio and for the projects, and reporting key risks or risk changes to the Vice-Chancellor and Chief Executive Officer. Senior Executive consider risk in decision making including when prioritising projects, operational activities and resource allocation. Senior Executive may plan and budget for development of subject matter expertise relating to the risk activities within their areas
Chief Risk Officer
The Chief Risk Officer is the senior manager accountable for the policies and frameworks to enabling the efficient and effective oversight of significant risks or opportunities within organisational units. The Chief Risk Officer supports a positive risk culture by providing advice and programs of induction and training. The Chief Risk Officer at UNE is the Director Governance and University Secretary.
Governance Division
The Governance Division supports the implementation of the risk framework, risk system and outreach and support. Advice, support and training regarding risk can be requested via risk@une.edu.au.
UNE Managers
Managers at UNE are responsible for identifying, assessing, managing and communicating the key risks to achievement of department, operations or project objectives or to academic standards, within the risk management system.
UNE Managers are required to consider risk in decision-making and planning and to report to Senior Managers any areas of concern.