View Document

Risk Management Policy

This is not a current document. To view the current version, click the 'Current Version' tab above.

Section 1 - Purpose / Objectives

(1) This policy provides the basis for Victoria University's risk management approach. Risk management informs the University's governance arrangements and it supports the University to achieve its organisational goals by:

  1. providing assurance to the University Council and Vice Chancellor and President that the University is complying with the Victorian Government legislation and guidelines and that it is managing risks in accordance with the risk management standard AS/NZS ISO 31000 : 2009;
  2. providing the University with a formal process to identify, analyse, evaluate, mitigate and monitor the key strategic and operational risks impacting on the objectives of the University's strategic plan;
  3. embedding a culture of continuous improvement that encourages the continuous assessment, reviewing and mitigations of risks throughout the University;
  4. mitigating those risks that can harm the reputation of the University; and
  5. reducing the cost through the mitigation of risks.
Top of Page

Section 2 - Scope / Application

(2) This policy applies across the University.

Top of Page

Section 3 - Definitions

(3) Risk Owner - The designated responsible officer for the risk area.

(4) Risk register - A document that includes material identified risks of an organisational unit or portfolio or the university. This Register is maintained by the Manager, Risk Management and Internal Audit.

Top of Page

Section 4 - Policy Statement

(5) Risk is the likelihood of something happening that can prevent an organisation from achieving its goals and objectives. The ISO31000 defines risk as 'the effect of uncertainty on objectives'.

(6) Risk is inherent in all academic, administrative and commercial activities and every member of the University community is continually managing risk. Risk may be potentially advantageous or harmful.

(7) The University recognises the primary objective of risk management is to mitigate exposure to adverse risk, but where its elimination is not possible, to provide a structured approach to its identification and treatment by:

  1. Prioritising risks so that appropriate resources can be directed towards their mitigation; and
  2. Obtaining leverage from risk management by converting risks into opportunities.

(8) Risk management is a key feature of good corporate governance. VU uses risk management processes to identify, assess, manage and report risks to the University Council, the Compliance Audit and Risk committee, the Vice Chancellor and President and the Senior Leadership Team.

(9) The implementation of risk management throughout the organisation allows VU to:

  1. comply with the requirements of the Financial Management Act 1994;
  2. provide assurance to the University Council that the University is managing all its risks; and
  3. be in a better position to achieve organisational goals.

(10) Risk management is part of the University's day-to-day management processes and is managed proactively.

  1. All organisational units will complete risk registers and risk plans at least every six months.
  2. Senior management, from directors upwards, are accountable for having risk management plans in place.

(11) The University will adopt a structured and consistent approach to recording, assessing and responding to all types of risk, at all levels and for all activities in the organisation.

  1. Risk management will be integrated into VU's strategic planning process and Quality Improvement Review.
  2. High risk register will be updated every six months.
  3. University-wide risk register will be updated annually.

(12) The University's approach to risk management will be consistent with the risk management Standard AS/NZS ISO 31000:2009 (Risk Management - Principles and Guidelines).

(13) University staff will demonstrate a high level of awareness, acceptance and support of risk management.

Top of Page

Section 5 - Procedures

(14) Risk Management Procedure

Top of Page

Section 6 - Guidelines

(15) Nil