• Section 1 - Audience
• Section 2 - Executive Summary
• Section 3 - Purpose
• Section 4 - Scope
• Section 5 - Principles
• Section 6 - Details
• Section 7 - Review Process

Section 1 - Audience

(1) This policy applies to all staff and all areas of the University including any entities it may control from time to time.

Section 2 - Executive Summary

(2) Risk Management is an essential component of the University’s governance arrangements. It is a systematic, structured and timely approach to the identification and management of risks.

(3) Effective risk management contributes to and provides assurance to the University Council, Risk Committee and Vice-Chancellor that risks are being clearly identified, managed appropriately, with consideration to Council's risk appetite and objectives.

Section 3 - Purpose

(4) This policy sets out the University’s commitment to risk management and outlines key roles and responsibilities. The process for integrating effective risk management into the operations is outlined in the Risk Management Framework.

Section 4 - Scope

(5) Specific risk management policies, procedures and/or guidelines supporting specialised areas such as work health and safety, environmental sustainability, business continuity management and commercial activities may apply and will be prepared and implemented consistent with the broad direction of this policy and the Risk Management Framework. 

Section 5 - Principles

(6) Risk Management practices create and protect value and are an integral part of the University’s critical business activities, functions and processes. Risk understanding, assessment and determination of tolerance for risk are key considerations in decision-making and management practices.

(7) Sound risk management is designed to identify potential events or activities that could affect the University, enable management of risk within the defined risk appetite and provide reasonable assurance on the achievement of strategic objectives.

(8) This Policy and the Risk Management Framework have been prepared based on the International Standard which has been adopted by Standards Australia AS/NZS ISO 31000:2009 (Risk Management – Principles & Guidelines).

Section 6 - Details

(9) The objective of the Risk Management Framework is to provide the University Council, Risk Committee, Vice-Chancellor and Executive reasonable assurance that:-

1. strategic and corporate objectives are supported by an efficient and effective risk identification and management framework;
2. risk exposures are identified, assessed, effectively monitored and managed, with the effectiveness of controls  maintained and improved, where necessary;
3. key strategic, financial, research, academic, operational and management information is accurate, relevant, timely and reliable which enables decision making in a systematic, structured and timely manner; and
4. there is an adequate level of compliance with policies, standards, procedures and applicable laws, regulations and licences.

(10) The Council's responsibilities for risk are set out in the University of Newcastle Act (1989) and in the statement of primary responsibilities adopted by Council. These responsibilities include the review of the policies on risk oversight and management and to satisfy itself that management has developed and implemented a sound system of risk management and internal control.

(11) At least annually, the Council considers the risk profile and strategic risks as part of the strategic planning processes.

(12) To assist the Council in discharging its responsibilities in relation to risk management, the Council has delegated certain risk activities to the Risk Committee and other standing Committees of Council. The responsibilities of the Committees are contained in the Committee Charters.

(13) The Vice-Chancellor is responsible for ensuring that the management of risk is established and provides leadership on the implementation of the Risk Management Framework in line with the Council's risk appetite, maintaining the framework and controls to manage the University’s material risks and to report to the Council and Risk Committee on whether the risks are being managed effectively.

(14) Executive Committee provide advice to the Vice-Chancellor on matters of risk management and provide leadership in portfolio areas.

(15) The management of risk is the responsibility of all staff and will be incorporated into academic, strategic and operational planning and review processes at all levels across the University. University leaders are responsible for the implementation of the Risk Management Framework within their respective areas of responsibility.

(16) The Director, Assurance Services is responsible for facilitating the development, implementation, review and continuous improvement of the Risk Management Framework.

(17) The Risk Management Framework provides the guidelines to assist University employees understand their obligations under this policy.

Section 7 - Review Process

(18) The Director, Assurance Services is responsible for review of this policy at least annually.

(19) Amendments to this policy require the approval of the Risk Committee and Council.