Risk Management Policy

Intent

UTS Council has approved the introduction and embedding of risk management into the key controls and approval processes of all major business processes & functions of the University.

Risk is inherent in all academic, administrative and business activities, and every member of the University community continuously manages risk. UTS recognises that the aim of risk management is not to eliminate risk totally, but rather to provide the structural means to identify, prioritise and manage the risks involved in all University activities. It requires a balance between the cost of managing and treating risks and the anticipated benefits that will be derived.

UTS acknowledges that risk management is an essential element in the framework of good corporate governance, and is an integral part of good management practice. The intent is to embed risk management in a very practical way into business processes and functions via key approval processes, review processes and controls, not to impose risk management as an extra requirement.

Policy objectives

The Risk Management policy has been created to;

• Protect the University from those risks of significant likelihood and consequence in the pursuit of the University's stated strategic goals and objectives;
• Provide a consistent risk management framework in which the risks concerning business processes & functions of the University will be identified, considered, and addressed in key approval, review and control processes;
• Encourage pro-active rather than re-active management;
• Provide assistance to, and improve the quality of decision making throughout the University;
• Meet legal or statutory requirements; and
• Assist in safeguarding the University's assets – people, finance, property and reputation.

Policy statement

UTS adopts the Risk Management approach and general methodology specified in the AS/NZS4360:1999 Risk Management Standard.

All UTS business processes and functions will adopt a risk management approach consistent with the AS/NZS4360:1999 Risk Management Standard in their approval, review and control processes. The generic UTS risk management approach and methodology for this purpose is as set out in the UTS Risk Management Guidelines, as approved by the Vice-Chancellor from time-to-time.

The responsible manager for each UTS business process and function shall develop a form of risk management approach and associated documentation appropriate to their domain, which will be approved by the Vice-Chancellor upon recommendation from the Vice-President (Organisational Support).

Policy scope

This policy is applicable to all areas of the University, including;

• faculties and academic units
• UTS centres and institutes
• administrative units
• controlled entities, and entities that are derived from the University's legal status.

Responsibilities

Overall

Everyone in the University has a role in the effective management of risk. All staff should actively participate in identifying potential risks in their area, and contribute to the implementation of appropriate treatment actions.

Governance

The Vice-Chancellor will be responsible on behalf of UTS Council for ensuring that a risk management system is established, implemented and maintained in accordance with this policy.

The Audit & Review Committee of UTS Council will be responsible for oversight and assurance of the processes for the identification and assessment of the strategic-level risk environment.

Operational

The Vice-Chancellor has delegated responsibility for oversight and implementation of this policy to the Vice-President (Organisational Support).

The Senior Executive of the University will ensure risk management is embedded into the key controls and approval processes of all major business processes & functions. The Executive will be responsible to the Vice-President (Organisational Support) for the implementation of this policy within their respective areas of responsibility.

Heads of UTS subsidiaries and controlled entities – and associated entities operating under the name or legal status of University – will be responsible to their respective Boards for the implementation and maintenance of appropriate risk management processes; and will provide reports to the Vice-Chancellor as directed on the implementation of these risk management processes.

The Vice-Chancellor (Organisational Support) will provide reports to the Vice-Chancellor and Audit & Review Committee on the status of risk management implementation and effectiveness across the University; and will periodically report on the identification and assessment of major, strategic level risks

Communication

This policy is to be made available to all UTS staff, observed by all members of staff, both academic and administrative.

There will be an ongoing professional development and educational strategy to accompany the implementation of this policy.

Definitions

Definitions are taken from the Australian & New Zealand Risk Management Standard, with some modifications as appropriate to the particular UTS context.

A complete listing of methodology definitions related to risk management at UTS are included in the UTS Risk Management Guidelines.

Key definitions are:

• Risk
  The chance of something happening which will have an impact upon objectives. It is measured in terms of consequence and likelihood.
• Consequence
  The outcome of an event or situation, expressed qualitatively or quantitatively, being a loss, injury, disadvantage or gain. There may be a range of possible outcomes associated with an event.
• Likelihood
  A qualitative description or synonym for probability or frequency.
• Risk Assessment
  The overall process of risk analysis and risk evaluation.
• Risk Management
  The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects.
• Risk Treatment
  Selection and implementation of appropriate options for dealing with risk. Conceptually, treatment options will involve one or a combination of the following five strategies;
  • Avoid the risk
  • Reduce the likelihood of occurrence
  • Reduce the consequences of occurrence
  • Transfer the risk
  • Retain/Accept the risk.
• Risk Management Process
  The systematic application of management policies, procedures and practices to the tasks of establishing the context, identifying, analysing, evaluating, treating, monitoring and communicating risk.

Exclusions

There are no exclusions. This policy applies to all areas of the University.

Related information

• AS/NZS 4360:1999 Risk Management Standard
• Treasury Management Policy TPP 97-1, Office of Financial Management, NSW Treasury, July 1997.
• Risk Management & Internal Control: Guidelines & Strategies for Improvement TPP 97-3, NSW Treasury, 1997.
• NSW Government Procurement Guidelines: Risk Management, NSW Government, March 2001.
• Performance Audit Report: Managing Risks in the NSW Public Sector, NSW Audit Office, June 2002.
• Information Management & Technology: Risk Management Guideline, NSW Office of Information Technology.
• Developing a Strategy to Manage Enterprisewide Risk in Higher Education, National Association of College & University Business Officers (NACUBO)
• Risk Management: A guide to good practice for higher education institutions 01/28, Higher Education Funding Council for England (HEFCE), May 2001.

Further administrative information about this policy

Related documents

UTS Statement of Strategic Directions "Setting the Pace"

UTS Strategic Plan

UTS Environment, Health and Safety Policy

AS/NZS4360:1999 Risk Management Standard

Responsibilities and contacts

The following person may be approached on a routine basis in relation to this policy:

Last administrative update on this policy: February 2006