Chancellery Legal and Assurance Enterprise Risk
Enterprise Risk and Compliance
- Courses
- Future Students
- Current Students
- Research and Teaching
- Partners and Community
- About JCU
- Celebrating 50 Years
- Anton Breinl Research Centre
- Agriculture Technology and Adoption Centre
- Living on Campus
- Advanced Prawn Breeding Research Hub
- Advanced Analytical Centre
- Applying to JCU
- Alumni
- AMHHEC
- Australian/NZ Students
- Australian Lions Stinger Research
- Boating and Diving
- Australian Tropical Herbarium
- ATSIP
- Careers at JCU
- Association of Australian University Secretaries
- Careers and Employability
- Australian Quantum & Classical Transport Physics Group
- CITBA
- Centre for Tropical Bioinformatics and Molecular Biology
- Chancellery
- CMT
- CASE
- College of Business, Law and Governance
- College of Healthcare Sciences
- College of Medicine and Dentistry
- College of Science and Engineering
- CPHMVS
- COVID-19 Advice
- CSTFA
- Cyclone Testing Station
- Daintree Rainforest Observatory
- Diploma of Higher Education
- Discover Nature at JCU
- Division of Research and Innovation
- Division of Tropical Environments and Societies
- Division of Tropical Health and Medicine
- Staff Intranet
- Economic Geology Research Centre
- Elite Athletes
- Estate
- Financial and Business Services Office
- Fletcherview
- Foundation for Australian Literary Studies
- Gender Equity Action and Research
- GetReady4Uni
- Give to JCU
- Governance
- Information for JCU Cairns Graduates
- Graduate Research School
- Graduation
- JCU Ideas Lab
- Indigenous Education and Research Centre
- Indigenous Legal Needs Project
- IT Services
- Information for Agents
- International Students
- JCU College
- JCU Connect
- JCU Contact Information
- JCU Eduquarium
- JCU Global Experience
- JCU Motorsports
- JCU Prizes
- JCU Sport
- Language and Culture Research Centre
- LTSE
- LearnJCU
- Library
- MARF
- Marine Geophysics Laboratory
- New Students
- Off-Campus Students
- Office of the Provost
- Office of the Vice Chancellor and President
- Open Day
- Orpheus
- Outstanding Alumni Awards
- Parents and Partners
- Pathways to University
- Planning and Performance
- Planning for your future
- Placements
- Policy
- PAHL
- Publications
- Professional Experience Placement
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
- Researcher Development Portal
- Safety and Wellbeing
- Scholarships @ JCU
- SICEM
- Staff
- State of the Tropics
- Strategic Procure to Pay
- Student Equity and Wellbeing
- SWIRLnet
- TARL
- TESS
- TREAD
- TropEco
- TQ Maths Hub
- TUDLab
- Unicare Centre and Unicampus Kids
- UAV
- VAVS Home
- Work Health and Safety
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
What is Enterprise Risk Management?
Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as:
"A process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
In relation to JCU's context and organisational structure, the Board of Directors in the above definition can effectively be interchanged with University Council.
Risks that potentially impact organisations can have varying consequences in terms of financial performance, professional reputation as well as environmental, health, safety and societal outcomes. Therefore, managing risk effectively and holistically helps organizations to perform better in an environment full of uncertainty.
The international standard on risk management, ISO31000:2009 Risk Management Principles and Guidelines defines risk as the "effect of uncertainty on objectives".
James Cook University has developed and approved a Risk Management Policy and aligned its Risk Management Framework and Plan to ISO31000:2009.
Compliance, whilst its own unique, overarching and yet specialised area, is part of Enterprise Risk Management because potential legislative non-compliance presents a risk to the University. See Compliance for further information.
Whether an organisation has a strategic plan or more informal objectives, Enterprise Risk Management is a key element in achieving those outcomes. The strategic plan outlines:
- Strategic emphasis or focus areas that have been determined;
- Specific strategic projects or initiatives in the plan period; and
- Financial and non-financial strategic goals and objectives (e.g. University Plan).
Once finalised, it is the role of those responsible for the ERM process to see that risks to all facets of the strategy are identified, analysed, prioritised and addressed in some way. Response to risks may involve risk mitigation, transfer, acceptance or even avoidance.
ERM is therefore a strategic activity that is intended to address all types of risk across all business functions and activities, whether strategic or operational, insurable and non-insurable, current and emerging.
Both strategic and non-strategic risks can be significant. However, strategic risks are generally more challenging because of the higher degree of uncertainty attached to them. Strategic risks actually threaten the organisation's core mission, service or product offering and ultimately the overall business model.
Strategic risks also constitute an ongoing concern rather than being temporary in nature.
You may be surprised, but there is a significant difference between Risk Management and Enterprise Risk Management. The table below summarises these key differences.
Risk Management | Enterprise Risk Management |
|---|---|
| Primarily addresses insurable risks | Addresses both non-insurable and insurable risks |
| Lacks major focus on strategic risks | Focuses on the strategic risks and how to manage them |
| Mostly concerned with annual insurance programme renewals | Is a continuous loop |
| More internally focused | Is internally and externally focused |
| Lacks multi-functional leadership and therefore tends to be more siloed | Involves multi-functional leadership through some form of committee structure (e.g Audit Committee of JCU Council or Futures Committee) |
| Does not generally promote open dialogue and risk awareness | Promotes an open dialogue and risk awareness across the entity |