This is the current version of this document. To view historic versions, click the link in the document's navigation bar.
Section 1 - Audience
(1) This policy applies to all staff and all areas of the University including any entities it may control from time to time.
Top of PageSection 2 - Executive Summary
(2) Risk management is an essential component of the University's governance arrangements. It is a systematic, structured and timely approach to the identification and management of risks.
(3) Effective risk management contributes to and provides assurance to the University Council, Risk Committee and Vice-Chancellor that risks are being clearly identified and managed appropriately, with consideration to Council's risk appetite and objectives.
Top of PageSection 3 - Purpose
(4) This policy sets out the University's commitment to risk management and outlines key roles and responsibilities. The process for integrating effective risk management into the operations is outlined in the Risk Management Framework.
Top of PageSection 4 - Scope
(5) Specific risk management policies, procedures and/or guidelines supporting specialised areas such as work health and safety, environmental sustainability, business continuity management and commercial activities may apply and will be prepared and implemented consistently with the broad direction of this policy and the Risk Management Framework.
Top of PageSection 5 - Principles
(6) Risk management practices create and protect value and are an integral part of the University's critical business activities, functions and processes. Risk understanding, assessment and determination of appetite for risk are key considerations in decision-making and management practices.
(7) Sound risk management is designed to identify potential events or activities that could affect the University, enable management of risk within the defined risk appetite and provide reasonable assurance on the achievement of strategic objectives.
(8) This Policy and the Risk Management Framework have been prepared based on the International Standard ISO 31000:2018-02 (Risk Management Guidelines).
Top of PageSection 6 - Details
(9) The objective of the Risk Management Framework is to provide the University Council, Risk Committee, Vice-Chancellor and Executive reasonable assurance that:-
- strategic and corporate objectives, as well as the Ethical Framework, are supported by an efficient and effective risk identification and management framework;
- risk exposures are identified, assessed, effectively monitored and managed, with the effectiveness of controls maintained and improved, where necessary;
- key strategic, financial, research, academic, operational ethical and management information is accurate, relevant, timely and reliable which enables decision making in a systematic, structured and timely manner; and
- there is an adequate level of compliance with policies, standards, procedures and applicable laws, regulations, licences and the Ethical Framework.
(10) The Council's responsibilities for risk are set out in the University of Newcastle Act (1989) and in the statement of primary responsibilities adopted by Council. These responsibilities include the review of the policies on risk oversight and management and to satisfy itself that management has developed and implemented a sound system of risk management and internal control.
(11) At least annually, the Council considers the risk profile and strategic risks as part of the strategic planning processes.
(12) To assist the Council in discharging its responsibilities in relation to risk management, the Council has delegated certain risk activities to the Risk Committee and other standing Committees of Council. The responsibilities of the Committees are contained in the Committee Charters.
(13) The Vice-Chancellor is responsible for ensuring that the management of risk is established and provides leadership on the implementation of the Risk Management Framework in line with the Council's risk appetite, maintaining the framework and controls to manage the University's material risks and to report to the Council and Risk Committee on whether the risks are being managed effectively.
(14) Executive Leadership Team provide advice to the Vice-Chancellor on matters of risk management and provide leadership in portfolio areas.
(15) The management of risk is the responsibility of all staff and will be incorporated into academic, strategic and operational planning and review processes at all levels across the University. University leaders are responsible for the implementation of the Risk Management Framework within their respective areas of responsibility.
(16) The University Secretary is responsible for facilitating the development, implementation, review and continuous improvement of the Risk Management Framework.
(17) The Risk Management Framework provides the guidelines to assist University employees understand their obligations under this policy.
Top of PageSection 7 - Review Process
(18) The University Secretary is responsible for review of this policy at least bi-annually.
(19) Amendments to this policy require the approval of the Risk Committee and Council.