• Section 1 - Purpose / Objectives
• Section 2 - Scope
• Section 3 - Definitions
• Section 4 - Policy Statement
• Section 5 - Procedures
• Section 6 - Guidelines

Section 1 - Purpose / Objectives

(1) This Policy establishes the framework, language, roles and responsibilities for the management of risk at Victoria University (‘VU’). 

(2) Refer to Risk Management Policy Appendix for further detail.

Section 2 - Scope

(3) This Policy applies to:

1. All staff, students, Council members, contractors, honorary and adjunct staff.
2. All activities under the control or direction of VU, whether conducted on or off University property.

Section 3 - Definitions

(4) Risk Appetite: The amount and type of risk that the University is willing to take in order to meet its strategic objectives.

Section 4 - Policy Statement

(5) VU is committed to:

1. VU’s Best Interests: using the processes surrounding the identification and appropriate dealing with risk as tools in order to take advantage of opportunities which are in the best interests of the University and which facilitate the achievement of its Strategic Plan.
2. A Positive Risk Culture: creating a robust and ethical culture where risk informs all operational activities; driving excellence in corporate governance by increasing accountability, awareness and a positive attitude for risk management.
3. Risk Based Decision Making: making strong decisions and responding to situations in a manner which is prioritised and informed by risk.
4. Embedded Risk Management: embedding a link to risk in all business functions and processes, including developing appropriate treatment plan for significant risks.
5. Acceptable Risk Taking: aligning VU’s risk taking with the acceptable level of risk taking determined by the Council; Compliance, Audit and Risk Committee; and Senior Executive Group as being that which is best suited to facilitate VU achieving its Strategic Plan.
6. Categories of Risk: recognising that Strategic Risk, Enterprise Risk and Operational Risk are distinct types of risk and characterising each risk with this framework.
7. Clear Accountability: having clear accountability for each category of risk, individual risk and each treatment plan to ensure action and monitoring is implemented.
8. Transparency: providing transparency evidence based assurances and oversight at all levels of VU, including senior management and the Council, that critical strategic, enterprise and operational risks are managed effectively.
9. Informed Investment: facilitating the risk informed consideration of the balance between cost and benefit in the pursuit of investment objectives which must be in VU’s best interests.
10. Informed Resource Allocation: informing the effective prioritisation and allocation of resources to control risks that could prevent the achievement of VU’s Strategic Plan.
11. Fraud Risk Identification and Prevention: ensuring that all business areas actively identify fraud risks and implement appropriate treatment plans to reduce the risk to an acceptable level.

(6) VU implements risk management practices to enable better management decision making, and to ensure the University is sustainable and grows responsibly. Implementing such practices will enable the University to maintain agility without stifling innovation.

(7) The common process for the management of risk across the University is based upon and modified from the International Standard for Risk Management (AS/NZS ISO31000:2009). This approach includes a consistent process for the identification, assessment, treatment and monitoring of risks.

Section 5 - Procedures

(8) Refer to Risk Management Procedure.

Section 6 - Guidelines

(9) Refer to Risk Management Framework Guidelines.