Policy: Risk management
This document provides a consistent framework for the identification, assessment, management and reporting of risk, and to enhance the University's internal controls.
Provides the governing principles for the identification, assessment, management and reporting of risk.
This Policy applies across the University.
- The ANU recognises that the application of risk management is an important element of good governance and assists the University in achieving its stated objectives. Specifically, the rigorous analysis and management of uncertainty surrounding these objectives will assist staff in ensuring that threats are mitigated whilst opportunities are advanced.
- The intention of this policy and the related risk management procedure is to embed the principles associated with the rigorous application of high quality and integrated risks analysis and risk management within the culture and organisational governance of the University.
- This policy applies to all areas of the University.
- The University endorses Australia and NZ Risk Management Standard AS/NZS ISO 31000:2009 and its application based on the following essential elements: Establish the context; Identify the risks; Analyse the risks (including evaluating associated controls, determine consequence and likelihood); Evaluate the risks; Treat the risks; Communicate and consult; and Monitor and Review.
- All Staff are responsible for the management of risk including the identification, assessment and reporting of potential risks to the University's key assets (reputation, people, finances, infrastructure and intellectual property). Although University leadership is accountable and responsible for risk management and colleagues are urged to undertake rigorous risk analysis within their areas of specific responsibility, engagement in managing risks across the ANU community is sought from all members of staff.
- The University’s risk management framework also assigns specific responsibilities (detailed in the risk management procedure) for:
- University Executive
- ANU Deans, Directors and Heads (Colleges and Service Divisions):
- Heads of Budget Units
- Heads of Controlled entities, and entities that are derived from the legal status of the University will be responsible to their respective Boards
- Audit and Risk Management Committee
- Risk Management Advisory Committee
- Corporate Governance and Risk Office
Specific outcomes envisaged under this policy include:
Each ANU college and service division is to integrate risk management principles with its operational plans.
Strategic Risk Profiles:
All ANU colleges and service divisions are required to develop and maintain a Strategic Risk Profile, with reference to guidance provided by the Corporate Governance and Risk Office (CGRO).
Fraud Risk Profiles:
As detailed in the ANU Fraud Control Procedure, all colleges and service divisions are required to develop and maintain a Fraud Risk Profile.
Business Continuity Plans:
As per the ANU Emergency Response Strategy, all ANU colleges and service divisions are required to develop and maintain a Business Continuity Plan utilising the ANU Business Continuity Planning framework.
Annual Risk Reports:
- ANU college Deans, service division Directors and/or Heads of budget units may be required to report to the Vice-Chancellor as part of their annual assurance report on the status of compliance with this policy. The Vice-Chancellor will present an annual report to Council through the Audit and Risk Management Committee on the status of risk management implementation and the University's risk profile.
- The Audit and Risk Management Committee will receive reports from the CGRO and the Risk Management Advisory Committee on the identification and treatment of risk and will use these reports to inform the strategic audit plan.
Training and Development:
The University is committed to ensuring all staff, particularly those in managerial and decision making roles, have access to guidance and training on the application of risk management principles. College Deans and Directors, service division Directors and Heads of budget units are to encourage staff to participate in risk management training activities that will be offered by the CGRO, OH&S Unit or other parts of the University. Training and development will be specifically aimed at assisting ANU colleges to comply with the requirements of this policy.
Compliance with Linking Policies:
All staff are to ensure that they comply with risk management based policies including, but not limited to, the OH&S Policy, Travel Policy, Security Policy and Delegations Policy.