Risk Management Policy

Policy Corporate Governance Risk Management Policy

Risk Management Policy

Print Friendly and PDFPrint Friendly


This policy outlines the expectations that the Council and University Executive have of all employees with respect to risk management, to ensure management can demonstrate that risks in all parts of the University are being identified and managed in a way that is appropriate for the business environment and objectives.


All employees of James Cook University.


level of risk

magnitude of a risk, expressed in terms of the combination of consequences and their likelihood


effect of uncertainty on objectives

risk analysis

process to comprehend the nature of risk and to determine the level of risk

risk assessment

overall process of risk identification, risk analysis and risk evaluation

risk appetite

the amount and type of risk an organisation is prepared to accept in the pursuit of its organisational objectives


1. Commitment

1.1  The University recognises that risk management is an integral part of good management practice. The University is committed to achieving best practice in the area of risk management, and will apply its principles and practices throughout its operations and activities. This will be done to facilitate the optimal use of resources and thus contribute to the University's overall strategic intent.

2. Objectives

2.1   The main policy objectives for managing risks are to:

  • assist the University in achieving its strategic objectives;
  • safeguard the University's assets – people, financial, property and information; and
  • create an environment where all staff members assume responsibility for risk management.

3. Risk Management Framework

3.1   JCU’s risk management framework is a set of components that provides the foundations and organisational arrangements for designing, implementing, monitoring reviewing and continually improving risk management throughout the organisation.

3.2   JCU is committed to maintaining an effective, efficient and tailored risk management framework that consists of:

  • this policy
  • a risk management plan
  • supporting policies that complement risk management such as fraud prevention, business continuity management, Workplace Health and Safety management systems and code of conduct.

3.3   The framework will enable:

  • a formal, structured approach to risk management that is appropriate to JCU’s activities and operating environment; and
  • a risk management approach consistent with the principles of AS/NZS ISO 31000:2009

4. Appetite for Risk

4.1   The University’s risk appetite is expressed in the Risk Management Framework and Plan and is reviewed annually.

5. Responsibilities

5.1  Council. Council is ultimately responsible for approving, and committing to, the risk management policy and setting and articulating the University’s appetite for risk.

5.2 Audit Committee. The Audit Committee is responsible for approving and reviewing the University’s Risk Management Framework and plan in accordance with the Committee’s Charter. Audit Committee is also responsible for reviewing and making recommendations to Council regarding the Risk Management Policy.

5.3  Other Council Committees. Other Council Committees with responsibilities in risk management are:

a) Futures Committee – recommends to Council an appropriate risk appetite or level of exposure for the University; and

b) Health Safety and Environment Committee – which considers governance issues relating to the Health, Safety and Environment category of risk and compliance risk.

5.4 Vice Chancellor. The Vice Chancellor is responsible for leading the development of an enterprise risk management culture across the University through promoting and supporting the Risk Management Policy and Framework.

5.5 University Executive. Members of the University Executive are responsible for ensuring that appropriate resources, systems and processes are in place to implement the Risk Management Framework across the organisation and that key University Level risks have been identified and are being managed appropriately.

5.6 Chief of Staff (Risk Management Co-ordinator). The Risk Management Coordinator is responsible for ensuring that the Risk Management Framework and Policy are being effectively implemented across the organisation. The Chief of Staff is also responsible for providing independent assurance that the University’s financial and operational controls are designed and operating effectively.

5.7 Risk and Compliance Officer. The Risk and Compliance Officer supports the Chief of Staff in promoting and developing staff capability in risk assessment and management, and assists risk champions and staff with risk responsibilities within the Divisions.

5.8 Manager Internal Audit The Manager Internal Audit develops and implements the University's Internal Audit Strategy and risk based Internal Audit Annual Work Plan under the oversight of the Audit Committee of Council and in consultation with Senior Management particularly the Chief of Staff; by assessing key business risks, identifying assurance gaps and emerging needs, and providing advice on how these might be addressed within the overall University assurance framework and the independent Internal Audit budget allocation.

5.9 Risk Champions. Risk champions within each Division are responsible for coordination of risk management activities within that Division.

5.10 All Managers and staff. Managers and staff at all levels may be risk owners and are responsible for developing an understanding of and becoming competent in the implementation of risk management principles and practices in their work areas.

Related policy instruments

Risk Management Framework and Plan

Related documents and legislation

Australian/New Zealand Standard ISO 31000:2009 Risk management – Principles and guidelines (AS/NZS ISO 31000)

Work Health and Safety Act QLD (2011)


NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.

Approval Details

Policy Sponsor:

Vice Chancellor

Approval authority:


Date for next Major Review in accordance with the Policy Handbook:

August 2018

Revision History

Approval date - the date the approval authority approved the establishment, minor or major amendment or disestablishment

Implementation Date - the date the policy was published in the Policy Library and is the date the policy takes effect


Approval Date

Implementation Date

Description of Changes





Minor amendments including changes to the Risk Appetite definition.

Chief of Staff




Addition of Risk and Compliance Officer responsibilities, modifications to definitions

Chief of Staff




Amendments reflecting the University restructure and change to Committees of the 16th Council of JCU

Chief of Staff







Minor consequential amendments made following approval of Statement on Integrity by Council on 25/02/2010.

Reviewed by Policy Sponsor in March 2009 - no amendments required.



Risk, management, framework, appetite, audit committee, risk register