Manual of Policies and Procedures

A/2.5 Risk management

Contact Officer

Director, Assurance, Risk and Integrity Services

Approval Date


Approval Authority


Date of Next Review


2.5.1 Purpose
2.5.2 Application
2.5.3 Roles and responsibilities
2.5.4 Risk appetite
2.5.5 QUT's Enterprise Risk Management approach
2.5.6 QUT Risk Management Framework
2.5.7 QUT Risk Management Procedure
2.5.8 Business continuity management
2.5.9 Definitions
Related Documents
Modification History

2.5.1 Purpose

This policy details QUT’s approach to risk management. The University is committed to promoting an organisational culture that values effective risk management as a core management capability. QUT recognises that risk management is a critical component of good management practice and an essential element of governance. Effective risk management allows the University to take advantage of opportunities to improve its outcomes by ensuring that any risk taken is based on informed decision-making and realistic analysis.

QUT’s risk management system does not intend to eliminate risk completely, but is designed to ensure:

  • the University’s risk appetite is set and approved by QUT Council
  • a common or consistent approach to the management of risk is used across QUT
  • risk management is integrated into QUT’s planning framework
  • the management of risk contributes to the quality of performance and continuous improvement of QUT business, its operations and delivery of services
  • all significant risks to QUT are identified, evaluated, managed and reported in a timely manner to Council through its Risk and Audit Committee.


2.5.2 Application

This policy applies to all QUT operations as an integral and embedded part of all University activities.


2.5.3 Roles and responsibilities

Position Responsibility


  • sets, monitors and approves the University’s risk appetite statements

Risk and Audit Committee

  • evaluates the adequacy and effectiveness of the University’s risk management and compliance framework
  • advises Council on QUT’s exposure to, and management of, significant business risks
Management and staff
  • identifies and manages risks within their areas of responsibility


2.5.4 Risk appetite

QUT’s risk appetite is described in a set of qualitative, directional risk appetite statements that are prescribed, monitored and approved by Council as part of the University’s planning processes.


2.5.5 QUT’s Enterprise Risk Management approach

QUT’s Enterprise Risk Management approach is consistent with the Financial and Performance Management Standard 2009 (Qld) and designed on the principles and process set out in the International and Australian Standard for Risk Management (AS ISO 310000:2018 – Risk management - Guidelines) and comprises:

  • Policy
  • Risk Management Framework
  • Risk Management Procedure
  • Risk Consequence Matrix
  • Templates for Risk Management Plan and Risk Assessment Worksheets.

The function of risk management is to provide a sound contribution to the achievement of QUT's corporate objectives and to support the strategic directions of divisions, faculties and institutes. This is demonstrated through the integration and embedding of risk management within the following QUT policies, frameworks and plans:


2.5.6 QUT Risk Management Framework

The QUT Risk Management Framework outlines how risk will be managed and reported and demonstrates alignment of governance and risk management including optimising opportunities and achieving the University’s objectives.

The Framework comprises the following elements:

  • risk appetite and linkage to strategic priorities
  • governance accountabilities and responsibilities for risk management in accordance with the ‘Three Lines of Defence’ model
  • QUT’s risk management process, including
    • establishing context, objective and scope of the activity
    • identifying, analysing and evaluating risks
    • treating risks
    • recording and reporting risks
    • monitoring and reviewing risks.


2.5.7 QUT Risk Management Procedure

QUT Risk Management Procedure provide a step-by-step guide on the risk assessment process and how to complete the Risk Management Plan and Risk Assessment Worksheet.


2.5.8 Business continuity management

QUT is committed to business continuity management as an integral component of risk management, to ensure the University is able to resume business after a disruption. Business continuity management enables QUT to resume day-to-day operations as quickly and efficiently as possible, while minimising the impact on people, processes, systems, assets, and reputation.

Further information on how the University’s ensures the continuity of key business activities is available in the QUT Business Continuity Management Framework (QUT staff access only).


2.5.9 Definitions

Business Continuity management is any preparation in a systematic manner to resume business after a disruption.

Risk is an event which, if realised, has the potential to affect the achievement of the University’s ability to contribute to its vision, goals, organisational values and objectives.

Risk appetite is the amount of risk QUT is willing to accept in the pursuit of its strategic objectives or strategic priorities for the purpose of maximising value to its stakeholders.

Risk management is the coordination of activities to direct and control QUT with regard to risk, including the establishment of culture, policy, processes and structures.

Risk treatment is the process of modifying risk by implementing a risk strategy.


Related Documents

MOPP A/1.1 QUT Governance Framework

MOPP A/1.2 Delegations

MOPP A/2.2 University Planning Framework

MOPP A/7.1 Indemnity and insurance

MOPP B/8.6 Corruption and fraud control

MOPP Appendix 2 Council Procedure 1 (Committees)

Corruption and Fraud Control Plan (QUT staff access only)

QUT Business Continuity Management Framework (QUT staff access only)

QUT Risk Management Framework (QUT staff access only)

QUT Risk Management Procedure, Templates and Definitions (QUT staff access only)

Financial and Performance Management Standard 2009 (Qld) Part 2, Division 4, Section 28

AS/NZS 31000:2009 - Risk Management

HB 141-2004 Risk Financing Guidelines

HB 203:2006 Environmental Risk Management - Principles and Process

HB 205-2004 OHS Risk Management Handbook

HB 221-2004 Business Continuity Management

HB 240-2004 Guidelines for Managing Risk in Outsourcing Utilising the AS/NZS 4360:2004 Process

HB 246-2004 Guidelines to Managing Risk in Sport and Recreation

HB 254-2005 Governance, Risk Management and Control Assurance


Modification History

Date Sections Source Details
25.11.19 All Council Periodic review - policy revised to reference University’s risk appetite and update QUT’s Enterprise Risk Management approach
03.12.14 All Council Periodic review - policy revised to include definitions of additional risk management terms
06.07.14 A/2.5.2 Executive Director, Finance and Resource Planning Policy revised to reflect the Project Proposal Framework replacing the Business Case Framework
23.06.10 All Council Revised policy
13.12.06 All Council Revised policy (endorsed by Audit and Risk Management Committee 08.11.06)
04.06.04 A/2.5.1 Executive Director, Finance and Resource Planning Added statement re QUT's commitment to business continuity management (endorsed by Audit Committee 24.03.04)
12.02.04 A/2.5.1 Deputy Vice-Chancellor (Technology, Information and Learning Support) Added reference to Project Management Framework and Business Case Framework (endorsed by Vice-Chancellors Advisory Committee 17.07.03)


All Council Revised policy (endorsed by Audit Committee 08.05.02)
03.09.97 All Council New policy (endorsed by Planning and Resources Committee 27.08.97)