Chancellery Legal and Assurance Enterprise Risk
Enterprise Risk Management
- Courses
- Future Students
- Current Students
- Research and Teaching
- Partners and Community
- About JCU
- Celebrating 50 Years
- ALTAR
- Anton Breinl Research Centre
- Agriculture Technology and Adoption Centre
- Living on Campus
- Advanced Prawn Breeding Research Hub
- Advanced Analytical Centre
- Applying to JCU
- Alumni
- AMHHEC
- AusAsian Mental Health Research Group
- ARCSTA
- Area 61
- Australian/NZ Students
- Australian Lions Stinger Research
- Boating and Diving
- ATSIP
- Australian Tropical Herbarium
- Careers at JCU
- Association of Australian University Secretaries
- Careers and Employability
- Australian Quantum & Classical Transport Physics Group
- CITBA
- Centre for Tropical Bioinformatics and Molecular Biology
- Chancellery
- CMT
- CASE
- College of Business, Law and Governance
- College of Healthcare Sciences
- WHOCC for N&M Education and Research
- College of Medicine and Dentistry
- College of Science and Engineering
- CPHMVS
- COVID-19 Advice
- Centre for Disaster Solutions
- CSTFA
- Cyclone Testing Station
- The Centre for Disaster Studies
- Daintree Rainforest Observatory
- Diploma of Higher Education
- Discover Nature at JCU
- Research Division
- Services and Resources Division
- Education Division
- Division of Tropical Environments and Societies
- Division of Tropical Health and Medicine
- Economic Geology Research Centre
- eResearch
- ERC
- Estate
- Financial and Business Services Office
- Fletcherview
- Foundation for Australian Literary Studies
- Gender Equity Action and Research
- GetReady4Uni
- Give to JCU
- Governance
- Information for JCU Cairns Graduates
- Art of Academic Writing DRAFT
- Graduate Research School
- Graduation
- Indigenous Education and Research Centre
- Indigenous Legal Needs Project
- Inherent Requirements
- IsoTropics Geochemistry Lab
- IT Services
- International Schools
- International Students
- JCU Connect
- JCU Contact Information
- JCU Eduquarium
- JCU Events
- JCU Global Experience
- JCU Ideas Lab
- JCU Motorsports
- JCU Prizes
- JCU Sport
- JCU Turtle Health Research
- Language and Culture Research Centre
- LTSE
- LearnJCU
- Library
- Mabo Decision: 30 years on
- MARF
- Marine Geophysics Laboratory
- New students
- Off-Campus Students
- Office of the Vice Chancellor and President
- Virtual Open Day
- Orpheus
- Outstanding Alumni Awards
- Parents and Partners
- Pathways to university
- Planning and Performance
- Planning for your future
- Placements
- Policy
- PAHL
- Publications
- Professional Experience Placement
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
- RDIM
- Researcher Development Portal
- Safety and Wellbeing
- Scholarships
- Contextual Science for Tropical Coastal Ecosystems
- Staff
- State of the Tropics
- Strategic Procurement
- Student Equity and Wellbeing
- Student profiles
- SWIRLnet
- TARL
- TESS
- TREAD
- TropEco
- TQ Maths Hub
- TUDLab
- Unicare Centre and Unicampus Kids
- UAV
- VAVS Home
- Work Health and Safety
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
- Indigenous Engagement
The international standard on risk management, ISO 31000:2018 Risk Management Principles and Guidelines defines risk as the "effect of uncertainty on objectives".
Risks that potentially impact organisations can have varying consequences in terms of financial performance, professional reputation as well as environmental, health, safety and societal outcomes. Therefore, managing risk effectively and holistically will allow the University to perform better in an environment full of uncertainty.
- Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as:
"A process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
The University’s Risk Management process complies with AS ISO 31000:2018 and is in line with JCU Risk and Compliance Management policies and performs the following key risk management activities:
- Establish the context
- Risk identification
- Risk analysis
- Risk evaluation
- Risk treatment
- Monitoring and review
- Communication and consultation
Refer to the Risk Management Policy and Risk Management Framework and Plan for more information.
Compliance, whilst its own unique, overarching and yet specialised area, is part of Enterprise Risk Management because potential legislative non-compliance presents a risk to the University. See Compliance for further information.
Risk Management is the responsibility of all. The management of risk is an essential aspect of the overall management of the University. By implementing a risk management framework an organisation can realise the following benefits:
- Achievement of business objectives
- Awareness of key risks facing the University
- Appropriate resource allocation
- Supports planning and decision making
- Internal and external communication
- Ensures accountability of risk
- Fosters proactive management, rather than reactive
- Promotes early identification and treatment of risks
- Encourages a positive risk culture
The Riskware Enterprise Risk Management (ERM) Register is a comprehensive record of all risks across the University landscape.
The ERM Register is a module available in Riskware that allows a Risk Owner to create, manage, review and report on risks. The ERM Register has an integrated workflow capability that offers users the ability to approve, review and assign tasks to mitigate risks.
The ERM Register provides a series of steps that, when undertaken in sequence, enable you to identify, assess, control, manage and report on potential impacts and opportunities:
- The key risks to your business unit or area of operation
- The consequences of the risk materialising
- The impact and likelihood of the risk materialising
- The management and control treatments for risk mitigation
- Assignment of those responsible for managing and treating risks
The creation of a risk is completed in the risk assessment form explained in this Quick Reference Guide. The Risk Assessment Form closely follows the International Risk Management Standard ISO 31000:2018 to help you perform your risk management responsibilities in a clear and consistent manner.
All new risk assessments will require approval from the supervisor/manager within your business unit or area of operation. Once a risk assessment has been submitted, an email will be forwarded to a Risk Approver who may make some edits before either approving or rejecting the new risk.
Risks need to be continuously monitored and reviewed. The effectiveness of the controls currently in place to manage risks should be periodically assessed to ensure changing circumstances do not alter risk priorities.
The Risk Owner can appoint a person responsible for the treatment of the risk is typically known as a Task Owner. A task is assigned to the Task Owner and usually requires some work/investigation/review/consultation to be done to mitigate a risk. Treatment plans can also referred to as controls.
Riskware provides a comprehensive array of reporting analytics in the form of summarised reports, detailed risk registers and dashboards.
Click on the above link to log in to the Riskware system.
If you have been assigned access, you will see to the Enterprise Risk Management (ERM) Register module in the Home page.
Alternatively, use the following link to access the "What is Riskware" webpage.
Please contact riskmanagement@jcu.edu.au to inquire about training or for further information and support.