The ANU recognises that the application of risk management is an important element of good governance and assists the University in achieving its stated objectives.  Specifically, the rigorous analysis and management of uncertainty surrounding these objectives will assist staff in ensuring that threats are mitigated whilst opportunities are advanced. 

The intention of this policy and the related risk management procedure is to embed the principles associated with the rigorous application of high quality and integrated risks analysis and risk management within the culture and organisational governance of the University.

This policy applies to all areas of the University.

APPROACH

The University endorses Australian & NZ Risk Management Standard 4360:2004 and its application based on the following essential elements: Establish the context; Identify the risks; Analyse the risks (including evaluating associated controls, determine consequence and likelihood); Evaluate the risks; Treat the risks; Communicate and consult; and Monitor & Review.

ACCOUNTABILITIES

All Staff are responsible for the management of risk including the identification, assessment and reporting of potential risks to the University's key assets (reputation, people, finances, infrastructure and intellectual property). Although University leadership is accountable and responsible for risk management and colleagues are urged to undertake rigorous risk analysis within their areas of specific responsibility, engagement in managing risks across the ANU community is sought from all members of staff.

ANU's risk management framework also assigns specific responsibilities (detailed in the risk management procedure) for:

• Council
• Vice-Chancellor
• University Executive
• ANU Deans, Directors & Heads (Colleges and Administrative Divisions):
• Heads of Budget Units
• Heads of Controlled entities, and Entities that are derived from the legal status of the University will be responsible to their respective Boards
• Audit & Risk Management Committee
• Risk Management Advisory Committee
• Risk Management and Audit Office

APPLICATION

Specific outcomes envisaged under this policy include:

Strategic Plans:

• Each ANU College and Central Administrative Division is to integrate risk management principles with its strategic plans (this applies also to Controlled entities, and those Entities that are derived from the legal status of the University).

OHS Risk Assessment Plans:

• In accordance with ANU's Safety Management Plan and associated risk management process, each College and Administrative Division should regularly review and identify its significant OHS risks and associated mitigation strategies.

Business Continuity Plans:

• As per the ANU Emergency Response Strategy, all ANU Colleges and Central Administrative Divisions are required to develop and maintain a Business Continuity Plan utilising the ANU Business Continuity Planning framework. This applies also to Controlled Entities, and those Entities that are derived from the legal status of the University.

Fraud Control Profile:

• As detailed in the ANU Fraud Control Procedure, all ANU Colleges and Central Administrative Divisions are required to develop and maintain a Fraud Control Profile. This applies also to Controlled Entities, and those Entities that are derived from the legal status of the University.

Annual Risk Reports:

• ANU College Convenors, Heads of Administrative Divisions and Heads of Budget Units may be required to report to the Vice-Chancellor via the Risk Management and Audit Office as part of their annual assurance report on the status of compliance with this policy. The Vice- Chancellor will present an annual report to Council through the Audit and Risk Management Committee on the status of risk management implementation and the University's risk profile.
  
• The Audit and Risk Management Committee will receive reports from the Risk Management and Audit Office and the Risk Management Advisory Committee on the identification and treatment of risk and will use these reports to inform the strategic audit plan.

Training & Development :

• The University is committed to ensuring all staff, particularly those in managerial and decision making roles, have access to guidance and training on the application of risk management principles. College Convenors, Deans and Directors, Heads of Administrative Divisions and Heads of Budget Units are to encourage staff to participate in risk management training activities that will be offered by the Risk Management and Audit Office, OH&S Unit or other parts of the University. Training and development will be specifically aimed at assisting ANU Colleges to comply with the requirements of this policy.

Compliance with Linking Policies:

• All staff are to ensure that they comply with risk management based policies including, but not limited to, the OH&S Policy, Travel Policy, Security Policy and Delegations Policy.

Previous approval 22 January 2007; reviewed June 2009