This policy outlines the expectations that the Council and University Executive have of all employees with respect to risk management, to ensure management can demonstrate that risks in all parts of the University are being identified and managed in a way that is appropriate for the business environment and objectives.
All employees of James Cook University.
level of risk
magnitude of a risk, expressed in terms of the combination of consequences and their likelihood
effect of uncertainty on objectives
process to comprehend the nature of risk and to determine the level of risk
overall process of risk identification, risk analysis and risk evaluation
the amount and type of risk an organisation is prepared to accept in the pursuit of its organisational objectives
1.1 The University recognises that risk management is an integral part of good management practice. The University is committed to achieving best practice in the area of risk management, and will apply its principles and practices throughout its operations and activities. This will be done to facilitate the optimal use of resources and thus contribute to the University's overall strategic intent.
2.1 The main policy objectives for managing risks are to:
3.1 JCU’s risk management framework is a set of components that provides the foundations and organisational arrangements for designing, implementing, monitoring reviewing and continually improving risk management throughout the organisation.
3.2 JCU is committed to maintaining an effective, efficient and tailored risk management framework that consists of:
3.3 The framework will enable:
4.1 The University’s risk appetite is expressed in the Risk Management Framework and Plan and is reviewed annually.
5.1 Council. Council is ultimately responsible for approving, and committing to, the risk management policy and setting and articulating the University’s appetite for risk.
5.2 Audit Committee. The Audit Committee is responsible for approving and reviewing the University’s Risk Management Framework and plan in accordance with the Committee’s Charter. Audit Committee is also responsible for reviewing and making recommendations to Council regarding the Risk Management Policy.
5.3 Other Council Committees. Other Council Committees with responsibilities in risk management are:
a) Futures Committee – recommends to Council an appropriate risk appetite or level of exposure for the University; and
b) Health Safety and Environment Committee – which considers governance issues relating to the Health, Safety and Environment category of risk and compliance risk.
5.4 Vice Chancellor. The Vice Chancellor is responsible for leading the development of an enterprise risk management culture across the University through promoting and supporting the Risk Management Policy and Framework.
5.5 University Executive. Members of the University Executive are responsible for ensuring that appropriate resources, systems and processes are in place to implement the Risk Management Framework across the organisation and that key University Level risks have been identified and are being managed appropriately.
5.6 Chief of Staff (Risk Management Co-ordinator). The Risk Management Coordinator is responsible for ensuring that the Risk Management Framework and Policy are being effectively implemented across the organisation. The Chief of Staff is also responsible for providing independent assurance that the University’s financial and operational controls are designed and operating effectively.
5.7 Risk and Compliance Officer. The Risk and Compliance Officer supports the Chief of Staff in promoting and developing staff capability in risk assessment and management, and assists risk champions and staff with risk responsibilities within the Divisions.
5.8 Manager Internal Audit The Manager Internal Audit develops and implements the University's Internal Audit Strategy and risk based Internal Audit Annual Work Plan under the oversight of the Audit Committee of Council and in consultation with Senior Management particularly the Chief of Staff; by assessing key business risks, identifying assurance gaps and emerging needs, and providing advice on how these might be addressed within the overall University assurance framework and the independent Internal Audit budget allocation.
5.9 Risk Champions. Risk champions within each Division are responsible for coordination of risk management activities within that Division.
5.10 All Managers and staff. Managers and staff at all levels may be risk owners and are responsible for developing an understanding of and becoming competent in the implementation of risk management principles and practices in their work areas.
Risk Management Framework and Plan
Australian/New Zealand Standard ISO 31000:2009 Risk management – Principles and guidelines (AS/NZS ISO 31000)
Work Health and Safety Act QLD (2011)
NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.
Date for next Major Review in accordance with the Policy Handbook:
Approval date - the date the approval authority approved the establishment, minor or major amendment or disestablishment
Implementation Date - the date the policy was published in the Policy Library and is the date the policy takes effect
Description of Changes
Minor amendments including changes to the Risk Appetite definition.
Chief of Staff
Addition of Risk and Compliance Officer responsibilities, modifications to definitions
Chief of Staff
Amendments reflecting the University restructure and change to Committees of the 16th Council of JCU
Chief of Staff
Minor consequential amendments made following approval of Statement on Integrity by Council on 25/02/2010.
Reviewed by Policy Sponsor in March 2009 - no amendments required.
Risk, management, framework, appetite, audit committee, risk register