Risk Management Policy
This policy outlines the expectations that the Council and University Executive have with respect to risk management, and to ensure management can demonstrate that risks in all parts of the University are being identified and managed in a way that is appropriate for the business environment and objectives.
This policy applies to all members of Council, Staff, Students, and Affiliates of James Cook University (JCU or the University) while engaged in activities undertaken as part of their study, research and, work, with JCU. The policy extends to wherever that activity takes place.
level of risk
magnitude of a risk, expressed in terms of the combination of consequences and their likelihood
effect of uncertainty on objectives
process to comprehend the nature of risk and to determine the level of risk
overall process of risk identification, risk analysis and risk evaluation
the amount and type of risk an organisation is prepared to accept in the pursuit of its organisational objectives
1.1 The University recognises that risk management is an integral part of good management practice. The University is committed to achieving best practice in the area of risk management, and will apply its principles and practices throughout its operations and activities. This will be done to facilitate the optimal use of resources and thus contribute to the University's overall strategic intent.
2.1 The main policy objectives for managing risks are to:
- assist the University in achieving its strategic objectives;
- safeguard the University's assets – people, financial, property and information; and
- create an environment where all staff members assume responsibility for risk management.
3. Risk Management Framework
3.1 JCU’s risk management framework is a set of components that provides the foundations and organisational arrangements for designing, implementing, monitoring reviewing and continually improving risk management throughout the organisation.
3.2 JCU is committed to maintaining an effective, efficient and tailored risk management framework that consists of:
- this policy
- a risk management plan
- supporting policies that complement risk management such as fraud prevention, business continuity management, Workplace Health and Safety management systems and code of conduct.
3.3 The framework will enable:
- a formal, structured approach to risk management that is appropriate to JCU’s activities and operating environment; and
- a risk management approach consistent with the principles of AS/NZS ISO 31000:2009
4. Appetite for Risk
4.1 The University’s risk appetite is expressed in the Risk Management Framework and Plan and is reviewed annually.
5.1 Council. Council is ultimately responsible for approving, and committing to, the risk management policy and setting and articulating the University’s appetite for risk.
5.2 Audit, Risk and Compliance Committee. The Audit, Risk and Compliance Committee is responsible for approving and reviewing the University’s Risk Management Framework and plan in accordance with the Committee’s Charter. Audit, Risk and Compliance Committee is also responsible for reviewing and making recommendations to Council regarding the Risk Management Policy. It also has a Health, Safety and Environment Sub Committee.
5.3 Other Council Committees. The various governance committees are responsible for monitoring the management of risk relating to their areas of responsibility (such as Finance Committee).
5.4 Vice Chancellor. The Vice Chancellor is responsible for leading the development of an enterprise risk management culture across the University through promoting and supporting the Risk Management Policy and Framework.
5.5 University Executive. Members of the University Executive are responsible for ensuring that appropriate resources, systems and processes are in place to implement the Risk Management Framework across the organisation and that key University Level risks have been identified and are being managed appropriately.
5.6 Chief of Staff (Risk Management Co-ordinator). The Risk Management Coordinator is responsible for ensuring that the Risk Management Framework and Policy are being effectively implemented across the organisation. The Chief of Staff is also responsible for providing independent assurance that the University’s financial and operational controls are designed and operating effectively.
5.7 Risk and Compliance Officer. The Risk and Compliance Officer supports the Chief of Staff in promoting and developing staff capability in risk assessment and management, and assists risk champions and staff with risk responsibilities within the Divisions.
5.8 Risk Champions. Risk champions within each Division are responsible for coordination of risk management activities within that Division.
5.9 All Managers and staff. Managers and staff at all levels may be risk owners and are responsible for developing an understanding of and becoming competent in the implementation of risk management principles and practices in their work areas.
Related policy instruments
Related documents and legislation
Australian/New Zealand Standard ISO 31000:2009 Risk management – Principles and guidelines (AS/NZS ISO 31000)
NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.
Date for next review:
Description of Changes
|18-1||07/09/2018||08/09/2018||Minor amendment noting changes in position titles and minor grammatical errors.||Chief of Staff|
Minor amendments including changes to the Risk Appetite definition.
Chief of Staff
Addition of Risk and Compliance Officer responsibilities, modifications to definitions
Chief of Staff
Amendments reflecting the University restructure and change to Committees of the 16th Council of JCU
Chief of Staff
Minor consequential amendments made following approval of Statement on Integrity by Council on 25/02/2010.
Reviewed by Policy Sponsor in March 2009 - no amendments required.
|Contact person:||Chief of Staff|
Risk, management, framework, appetite, audit committee, risk register