Enhanced risk management includes comprehensive, fully defined and fully accepted accountability for risks and controls and risk treatment activities (ISO 31000:2009 Annex A.3.2). Designated individuals must fully accept accountability, have the appropriate skills and access to adequate resources. This will enable checking of control effectiveness, monitoring risks, improve controls and enable effective communication about risks and their management to a wide range of stakeholders.
At JCU, risk management responsibilities are shared across all levels of the organisation and include:
Council is ultimately responsible for approving, and committing to, the risk management policy and setting and articulating the University’s attitude to risk.
The Vice Chancellor is responsible for leading the development of an enterprise risk management culture across the University.
The Audit Committee is responsible for approving and reviewing the University’s Risk Management Framework and Plan and overseeing the risk management process of the University as a whole in accordance with the Committee’s Charter.
The various University committees are responsible for monitoring the management of risk relating to their areas of responsibility. In particular the Futures Committee of Council will review the University Executive’s assessment of risks to the University as encapsulated in the University Level Risk Assessment.
Members of the University Executive are responsible for ensuring that appropriate resources, systems and processes are in place to implement the Risk Management Framework across the organisation and that key University Level risks have been identified and are being managed appropriately.
The Risk Management Coordinator is responsible for ensuring that the Risk Management Framework and Policy are being effectively implemented across the organisation.
The Risk and Compliance Officer supports the Chief of Staff in promoting and developing staff capability in risk assessment and management, and assists risk champions and staff with risk responsibilities within the Divisions. The Risk and Compliance Officer also oversees the requirements of the University’s Compliance Framework, understanding legislative obligations relevant to the Higher Education Sector and the activities specific to JCU.
Risk champions within each Division are responsible for coordination of risk management activities within that Division.
Managers and staff at all levels may be risk owners and are responsible for developing an understanding of and becoming competent in the implementation of risk management principles and practices in their work areas.