-
Courses
Courses
-
Future Students
Courses
-
Current Students
You and Your CourseOpportunities
-
Research and Teaching
Our ResearchResearch Degrees
-
Partners and Community
Partner with JCU
- About JCU
Partner with JCU- Advanced Analytical Centre
- Applying to JCU
- Accommodation
- Alumni
- ATSIP
- Association of Australian University Secretaries
- Australian Quantum & Classical Transport Physics Group
- Careers and Employability
- CMT
- College of Healthcare Sciences
- College of Medicine and Dentistry
- Division of Tropical Environments and Societies
- Estate
- Graduation
- IERC
- International Students
- JCU Eduquarium
- JCU Halls of Residence
- Language and Culture Research Centre
- Library
- Marine Geophysics Laboratory
- Open Day
- Parents and Partners
- Pathways to University
- Planning and Performance
- Policy
- Professional Experience Placement
- Rapid Assessment Unit
- JCU Connect
- Scholarships @ JCU
- Staff
- Tropical Sustainable Design Case Studies
- VAVS Home
- Media & Comms
- Australian Institute of Tropical Health & Medicine
- About JCU
Chancellery Legal and Assurance Enterprise Risk
Enterprise Risk and Compliance
What is Enterprise Risk Management?
Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO) as:
"A process, effected by an entity’s board of directors, management and other personnel, applied in strategy-setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."
In relation to JCU's context and organisational structure, the Board of Directors in the above definition can effectively be interchanged with University Council.
Risks that potentially impact organisations can have varying consequences in terms of financial performance, professional reputation as well as environmental, health, safety and societal outcomes. Therefore, managing risk effectively and holistically helps organizations to perform better in an environment full of uncertainty.
The international standard on risk management, ISO31000:2009 Risk Management Principles and Guidelines defines risk as the "effect of uncertainty on objectives".
James Cook University has developed and approved a Risk Management Policy and aligned its Risk Management Framework and Plan to ISO31000:2009.
Compliance, whilst its own unique, overarching and yet specialised area, is part of Enterprise Risk Management because potential legislative non-compliance presents a risk to the University. See Compliance for further information.
Applying ERM in the real world
Whether an organisation has a strategic plan or more informal objectives, Enterprise Risk Management is a key element in achieving those outcomes. The strategic plan outlines:
- Strategic emphasis or focus areas that have been determined;
- Specific strategic projects or initiatives in the plan period; and
- Financial and non-financial strategic goals and objectives (e.g. University Plan).
Once finalised, it is the role of those responsible for the ERM process to see that risks to all facets of the strategy are identified, analysed, prioritised and addressed in some way. Response to risks may involve risk mitigation, transfer, acceptance or even avoidance.
ERM is therefore a strategic activity that is intended to address all types of risk across all business functions and activities, whether strategic or operational, insurable and non-insurable, current and emerging.
Both strategic and non-strategic risks can be significant. However, strategic risks are generally more challenging because of the higher degree of uncertainty attached to them. Strategic risks actually threaten the organisation's core mission, service or product offering and ultimately the overall business model.
Strategic risks also constitute an ongoing concern rather than being temporary in nature.
Risk Management vs. Enterprise Risk Management
You may be surprised, but there is a significant difference between Risk Management and Enterprise Risk Management. The table below summarises these key differences.
Risk Management | Enterprise Risk Management |
|---|---|
| Primarily addresses insurable risks | Addresses both non-insurable and insurable risks |
| Lacks major focus on strategic risks | Focuses on the strategic risks and how to manage them |
| Mostly concerned with annual insurance programme renewals | Is a continuous loop |
| More internally focused | Is internally and externally focused |
| Lacks multi-functional leadership and therefore tends to be more siloed | Involves multi-functional leadership through some form of committee structure (e.g Audit Committee of JCU Council or Futures Committee) |
| Does not generally promote open dialogue and risk awareness | Promotes an open dialogue and risk awareness across the entity |
- James Cook University
- Bachelor of Advanced Science
- Bachelor of Arts
- Bachelor of Biomedical Sciences
- Bachelor of Business
- Bachelor of Business / Laws
- Bachelor of Business & Environmental Science
- Bachelor of Dental Surgery
- Bachelor of Early Childhood Education
- Bachelor of Primary Education
- Bachelor of Secondary Education
- Bachelor of Environmental Practice
- Bachelor of Geology
- Bachelor of Information Technology
- Bachelor of Laws
- Bachelor of Nursing Science (External)
- Bachelor of Midwifery
- Bachelor of Pharmacy
- Bachelor of Physiotherapy
- Bachelor of Planning
- Bachelor of Psychological Science
- Bachelor of Science
- Bachelor of Social Work
- Bachelor of Speech Pathology
- Bachelor of Sport & Exercise Science
- Bachelor of Veterinary Science
- Bachelor of Clinical Sciences (Honours)
- Bachelor of Engineering (Honours)
- Bachelor of Engineering / Science (Honours) MBA in Tourism
- Master of Public Health and Tropical Medicine
- Master of Data Science
- Bachelor of Sports Psychology
- Bachelor of Marine Science
- Bachelor of Medicine / Surgery
- Bachelor of Nursing Science [Pre-Registration]
- Bachelor of Medical Laboratory Science (Honours)
- Bachelor of Occupational Therapy (Honours)
- Bachelor of Psychology
- Master of Conflict Management & Resolution
- Graduate Certificate of Conflict Management & Resolution
- Master of Global Development
- Master of International Tourism & Hospitality Management
- Bachelor of Technology and Innovation
- Bachelor of Science & Bachelor of Laws
- Diploma of Higher Education
- Diploma of Higher Education (Business)
- Diploma of Higher Education Majoring in Business Studies
- Diploma of Higher Education Majoring in Engineering and Applied Science
- Diploma of Higher Education Majoring in General Studies
- Diploma of Higher Education Majoring in Health
- Diploma of Higher Education Majoring in Information Technology
- Diploma of Higher Education Majoring in Science
- Diploma of Higher Education, Majoring in Society and Culture