Chancellery Legal and Assurance Enterprise Risk
Enterprise Risk Management
- Aboriginal and Torres Strait Islander in Marine Science
- Courses
- Future Students
- Current Students
- Research and Teaching
- Partners and Community
- About JCU
- Reputation and Experience
- Celebrating 50 Years
- Academy
- Anthropological Laboratory for Tropical Audiovisual Research (ALTAR)
- Anton Breinl Research Centre
- Agriculture Technology and Adoption Centre (AgTAC)
- Living on Campus
- How to apply
- Advanced Analytical Centre
- Alumni
- AMHHEC
- Aquaculture Solutions
- AusAsian Mental Health Research Group
- ARCSTA
- Area 61
- Association of Australian University Secretaries
- Australian Lions Stinger Research
- Australian Tropical Herbarium
- Australian Quantum & Classical Transport Physics Group
- Boating and Diving
- JCU-CSIRO Partnership
- Employability Edge
- Clinical Psychedelic Research Lab
- Centre for Tropical Biosecurity
- Career Ready Plan
- Careers at JCU
- Careers and Employability
- Chancellery
- Centre for Tropical Bioinformatics and Molecular Biology
- CITBA
- CMT
- CASE
- College of Business, Law and Governance
- College of Healthcare Sciences
- College of Medicine and Dentistry
- College of Science and Engineering
- CPHMVS
- Centre for Disaster Solutions
- CSTFA
- Cyber Security Hub
- Cyclone Testing Station
- The Centre for Disaster Studies
- Daintree Rainforest Observatory
- Defence
- Discover Nature at JCU
- Research Division
- Services and Resources Division
- Education Division
- Elite Athletes
- eResearch
- Environmental Research Complex [ERC]
- Estate
- Fletcherview
- Foundation for Australian Literary Studies
- Gender Equity Action and Research
- General Practice and Rural Medicine
- JCU Orientation
- Give to JCU
- Governance
- Art of Academic Writing
- Art of Academic Editing
- Graduate Research School
- Graduation
- Indigenous Education and Research Centre
- Indigenous Engagement
- Indigenous Legal Needs Project
- Inherent Requirements
- IsoTropics Geochemistry Lab
- IT Services
- International Students
- Research and Innovation Services
- JCU Eduquarium
- JCU Heroes Programs
- JCU Webinars
- JCU Events
- JCU Global Experience
- JCU Ideas Lab
- JCU Job Ready
- JCU Motorsports
- JCU Prizes
- JCU Sport
- JCU Turtle Health Research
- Language and Culture Research Centre
- CEE
- LearnJCU
- Library
- Mabo Decision: 30 years on
- MARF
- Marine Geophysics Laboratory
- New students
- Off-Campus Students
- Office of the Vice Chancellor and President
- Virtual Open Day
- Orpheus
- Open Day
- Outstanding Alumni
- Parents and Partners
- Pathways to university
- Pharmacy Full Scope
- Planning for your future
- Placements
- Policy
- PAHL
- Publications
- Professional Experience Placement
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
- RDIM
- Researcher Development Portal
- Roderick Centre for Australian Literature and Creative Writing
- Safety and Wellbeing
- Scholarships
- Contextual Science for Tropical Coastal Ecosystems
- Staff
- State of the Tropics
- Strategic Procurement
- Student Equity and Wellbeing
- Student profiles
- SWIRLnet
- TARL
- TESS
- TREAD
- TropEco for Staff and Students
- TQ Maths Hub
- TUDLab
- Unicare Centre and Unicampus Kids
- UAV
- VAVS Home
- Work Health and Safety
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
- Pay review
The international standard on risk management, AS ISO 31000:2018 Risk Management Principles and Guidelines defines risk as the "effect of uncertainty on objectives".
Risks that potentially impact organisations can have varying consequences in terms of financial performance, professional reputation as well as environmental, health, safety and societal outcomes. Therefore, managing risk effectively and holistically will allow the University to perform better in an environment full of uncertainty.
Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as:
"A process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
The University’s Risk Management process complies with AS ISO 31000:2018 and is in line with JCU Risk and Compliance Management policies and performs the following key risk management activities:
- Establish the context
- Risk identification
- Risk analysis
- Risk evaluation
- Risk treatment
- Monitoring and review
- Communication and consultation
Refer to the Risk Management Policy and Risk Management Framework and Plan for more information.
Compliance, whilst its own unique, overarching and yet specialised area, is part of Enterprise Risk Management because potential legislative non-compliance presents a risk to the University. See Compliance for further information.
Risk Management is the responsibility of all. The management of risk is an essential aspect of the overall management of the University. By implementing a risk management framework an organisation can realise the following benefits:
- Achievement of business objectives
- Awareness of key risks facing the University
- Appropriate resource allocation
- Supports planning and decision making
- Internal and external communication
- Ensures accountability of risk
- Fosters proactive management, rather than reactive
- Promotes early identification and treatment of risks
- Encourages a positive risk culture
The University Council has specific responsibility for setting the University's Risk Appetite, being the amount and type of risk that the Unviersity is willing to take in order to meet its strategic objectives. JCU’s Risk Appetite Statement is a quantitative and qualitative statement reviewed annually by the Executive and Council, with key risk indicators reported on quarterly and annual bases.
The Riskware Enterprise Risk Management (ERM) Register is a comprehensive record of all risks across the University landscape.
The ERM Register is a module available in Riskware that allows a Risk Owner to create, manage, review and report on risks. The ERM Register has an integrated workflow capability that offers users the ability to approve, review and assign tasks to mitigate risks.
The ERM Register provides a series of steps that, when undertaken in sequence, enable you to identify, assess, control, manage and report on potential impacts and opportunities:
- The key risks to your business unit or area of operation
- The consequences of the risk materialising
- The impact and likelihood of the risk materialising
- The management and control treatments for risk mitigation
- Assignment of those responsible for managing and treating risks
The creation of a risk is completed in the risk assessment form explained in this Quick Reference Guide. The Risk Assessment Form closely follows the International Risk Management Standard ISO 31000:2018 to help you perform your risk management responsibilities in a clear and consistent manner.
All new risk assessments will require approval from the supervisor/manager within your business unit or area of operation. Once a risk assessment has been submitted, an email will be forwarded to a Risk Approver who may make some edits before either approving or rejecting the new risk.
Risks need to be continuously monitored and reviewed. The effectiveness of the controls currently in place to manage risks should be periodically assessed to ensure changing circumstances do not alter risk priorities.
The Risk Owner can appoint a person responsible for the treatment of the risk is typically known as a Task Owner. A task is assigned to the Task Owner and usually requires some work/investigation/review/consultation to be done to mitigate a risk. Treatment plans can also referred to as controls.
Riskware provides a comprehensive array of reporting analytics in the form of summarised reports, detailed risk registers and dashboards.
Click on the above link to log in to the Riskware system.
If you have been assigned access, you will see to the Enterprise Risk Management (ERM) Register module in the Home page.
Alternatively, use the following link to access the "What is Riskware" webpage.
Please contact riskmanagement@jcu.edu.au to inquire about training or for further information and support.