Policy Corporate Governance Risk Management Policy

Risk Management Policy

Print Friendly and PDFPrint Friendly


This policy outlines the expectations that the Council and University Executive have with respect to risk management, and to ensure management can demonstrate that risks in all parts of the University are being identified and managed in a way that is appropriate for the business environment and objectives.


This policy applies to all members of Council, Staff, Students, and Affiliates of James Cook University (JCU or the University) while engaged in activities undertaken as part of their study, research and, work, with JCU. The policy extends to wherever that activity takes place.


Except as otherwise specified in this policy, the meaning of terms used in this policy are as per the Policy Glossary.

AffiliateIs a person (other than a Staff member or Student, including HDR candidates) who is affiliated with JCU by letter of appointment or invitation to work, research or study at the University for a particular activity and typically for a prescribed time frame and who is bound to comply with the University's policies during that period (for example, volunteers, visiting scholars and adjunct appointees).

level of risk

magnitude of a risk, expressed in terms of the combination of consequences and their likelihood


effect of uncertainty on objectives

risk analysis

process to comprehend the nature of risk and to determine the level of risk

risk assessment

overall process of risk identification, risk analysis and risk evaluation

risk appetite

the amount and type of risk an organisation is prepared to accept in the pursuit of its organisational objectives


1. Commitment

1.1  The University recognises that risk management is an integral part of good management practice. The University is committed to achieving best practice in the area of risk management, and will apply its principles and practices throughout its operations and activities. This will be done to facilitate the optimal use of resources and thus contribute to the University's overall strategic intent.

2. Objectives

2.1   The main policy objectives for managing risks are to:

  • assist the University in achieving its strategic objectives;
  • safeguard the University's assets – people, financial, property and information; and
  • create an environment where all staff members assume responsibility for risk management.

3. Risk Management Framework

3.1   JCU’s risk management framework is a set of components that provides the foundations and organisational arrangements for designing, implementing, monitoring reviewing and continually improving risk management throughout the organisation.

3.2   JCU is committed to maintaining an effective, efficient and tailored risk management framework that consists of:

  • this policy
  • a risk management plan
  • supporting policies that complement risk management such as fraud prevention, business continuity management, Workplace Health and Safety management systems and codes of conduct.

3.3   The framework will enable:

  • a formal, structured approach to risk management that is appropriate to JCU’s activities and operating environment; and
  • a risk management approach consistent with the principles of AS/NZS ISO 31000:2009

4. Responsibilities

4.1  Council. Council is ultimately responsible for approving, and committing to, the risk management policy and setting and articulating the University’s appetite for risk.

4.2 Audit, Risk and Compliance Committee. The Audit, Risk and Compliance Committee is responsible for approving and reviewing the University’s Risk Management Framework and plan in accordance with the Committee’s Charter. Audit, Risk and Compliance Committee is also responsible for reviewing and making recommendations to Council regarding the Risk Management Policy.

4.3  Other Council Committees. The various governance committees are responsible for monitoring the management of risk relating to their areas of responsibility (such as Workplace, Health and Safety Committee and Finance Committee).

4.4 Vice Chancellor. The Vice Chancellor is responsible for leading the development of an enterprise risk management culture across the University through promoting and supporting the Risk Management Policy and Framework.

4.5 University Executive. Members of the University Executive are responsible for ensuring that appropriate resources, systems and processes are in place to implement the Risk Management Framework across the organisation and that key University Level risks have been identified and are being managed appropriately.

4.6 Chief of Staff (Risk Management Co-ordinator). The Risk Management Coordinator is responsible for ensuring that the Risk Management Framework and Policy are being effectively implemented across the organisation. The Chief of Staff is also responsible for providing independent assurance that the University’s financial and operational controls are designed and operating effectively.

4.7 Risk and Compliance Officer. The Risk and Compliance Officer supports the Chief of Staff in promoting and developing staff capability in risk assessment and management, and assists risk champions and staff with risk responsibilities within the Divisions.

4.8 Risk Champions. Risk champions within each Division are responsible for coordination of risk management activities within that Division.

4.9 All Managers and staff. Managers and staff at all levels may be risk owners and are responsible for developing an understanding of and becoming competent in the implementation of risk management principles and practices in their work areas.

Related policy instruments

Risk Management Framework and Plan

Related documents and legislation

Australian/New Zealand Standard ISO 31000:2018 Risk management – Principles and guidelines

Work Health and Safety Act QLD (2011)


NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.

Approval Details

Policy DomainCorporate Governance

Policy Custodian

Vice Chancellor

Approval Authority


Date for next Major Review


Revision History


Approval Date

Implementation Date

Description of Changes


23-17/12/202314/12/2023Major review, no amendmentsChief of Staff
20-130/07/202003/09/2020Minor amendment to update reference to Committees and to update ISO Standard.Chief of Staff
18-107/09/201808/09/2018Minor amendment noting changes in position titles and minor grammatical errors.Chief of Staff




Minor amendments including changes to the Risk Appetite definition.

Chief of Staff




Addition of Risk and Compliance Officer responsibilities, modifications to definitions

Chief of Staff




Amendments reflecting the University restructure and change to Committees of the 16th Council of JCU

Chief of Staff







Minor consequential amendments made following approval of Statement on Integrity by Council on 25/02/2010.

Reviewed by Policy Sponsor in March 2009 - no amendments required.

Contact person:Chief of Staff


Risk, management, framework, appetite, audit committee, risk register