Manual of Policies and Procedures

A/2.5 Risk management

Contact Officer

Director, Assurance and Risk Management Services

Approval Date


Approval Authority


Date of Next Review


2.5.1 Policy
2.5.2 Rationale
2.5.3 Definitions
2.5.4 Principles of risk management
2.5.5 Objectives
2.5.6 Roles and responsibilities
2.5.7 QUT Risk Management Framework
2.5.8 Relevant legislation and guidelines
Related Documents
Modification History

2.5.1 Policy

QUT is committed to establishing an organisational philosophy and culture that ensures effective risk management is an integral and embedded part of all University activities and a core management capability. Risk management allows the University to take advantage of opportunities to improve its outcomes and outputs by ensuring that any risk taken is based on informed decision-making and on realistic analysis of possible outcomes.

QUT is also committed to business continuity management (QUT staff access only) as an integral component of risk management, to ensure continuity of key business processes.

This policy does not intend to eliminate risk completely, rather it sets a framework to manage effectively the risks involved in all University activities.


2.5.2 Rationale

QUT's responsibility to establish and maintain an appropriate University-wide risk management system stems from the Financial and Performance Management Standard 2009 (Qld) which requires an agency to protect itself from unacceptable costs or losses associated with its operations including, for example, by developing and implementing systems for effectively managing the risks that may affect the agency's operations. QUT addresses this responsibility through implementation of a system for risk management based on the International and Australian and New Zealand Standard for Risk Management (AS/NZS 31000:2009). Further, QUT acknowledges that risk management is an integral part of good management practice and an essential element of good corporate governance.

The function of risk management is to provide a sound contribution to the achievement of QUT's corporate objectives and to support the strategic directions of divisions, faculties and institutes. This is demonstrated through the integration and embedding of risk management within the following QUT frameworks and plans:


2.5.3 Definitions

Risk is the effect of uncertainty on the University's ability to contribute to its vision, goals and organisational values.

Effect is a deviation from the expected and can be either positive (opportunity) or negative.

Level of risk is the magnitude of a risk or combination of risks, expressed in terms of the combination of consequences and their likelihood.

Residual risk is the risk remaining after risk treatment.

Risk assessment is the overall process of risk identification, risk analysis and risk evaluation.

Risk criteria are the terms of reference against which the significance of a risk is evaluated.

Risk management is the coordination of activities to direct and control QUT with regard to risk, including the establishment of culture, policy, processes and structures.

Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk.

Risk owner is a person or an entity with the accountability and authority to manage a risk.

  • Primary risk owner is the senior officer with accountability and authority to manage or coordinate the management of the risk.
  • Secondary risk owners are the senior officers with accountability to contribute towards the management of the risk and implementation of the risk treatment.

Risk treatment is the process of modifying risk by implementing a risk strategy.


2.5.4 Principles of risk management

Based on the principles of risk management as per AS/NZS 31000:2009, QUT defines that, in order to be effective, risk management should:

  • create and protect value
  • be an integral part of all University processes
  • be part of decision making
  • explicitly address uncertainty
  • be systematic, structured and timely
  • be based on the best available information
  • be tailored to suit the University’s context
  • take human and cultural factors into account
  • be transparent and inclusive
  • be dynamic, iterative and responsive to change
  • facilitate continual improvement of the University, and
  • be cost effective in that the costs associated with managing risks do not outweigh the anticipated positive or negative consequences.


2.5.5 Objectives

The objectives of this policy are to ensure:

  • a common or consistent approach to management of risk is adopted within QUT
  • the management of risk contributes to the quality of performance and continuous improvement of QUT business, its operations and delivery of services, and
  • all significant risks to QUT are identified, evaluated, managed and reported in a timely manner to Council through its Audit and Risk Management Committee.


2.5.6 Roles and responsibilities

The Vice-Chancellor and President and senior managers are responsible for implementing the risk management policy through a Risk Management Framework and for ensuring that adequate resources are available to enable the effective management of risk within the University.

Managers at all levels are accountable for the identification and effective management of risk within their areas of responsibility.


2.5.7 QUT Risk Management Framework

The QUT Risk Management Framework (QUT staff access only) provides detailed guidelines on the risk management process, the roles and responsibilities of key stakeholders, level of documentation and reporting requirements.


2.5.8 Relevant legislation and guidelines

  • Financial and Performance Management Standard 2009 (Qld) Part 2, Division 4, Section 28
  • AS/NZS 31000:2009 - Risk Management
  • HB 141-2004 Risk Financing Guidelines
  • HB 203:2006 Environmental Risk Management - Principles and Process
  • HB 205-2004 OHS Risk Management Handbook
  • HB 221-2004 Business Continuity Management
  • HB 240-2004 Guidelines for Managing Risk in Outsourcing Utilising the AS/NZS 4360:2004 Process
  • HB 246-2004 Guidelines to Managing Risk in Sport and Recreation
  • HB 254-2005 Governance, Risk Management and Control Assurance


Related Documents

MOPP A/1.1 QUT Governance Framework

MOPP A/2.2 University Planning Framework

MOPP A/7.1 Indemnity and Insurance

MOPP B/8.6 Corruption and fraud control

MOPP Appendix 2 Council Procedure 1 (Committees)

Corruption and Fraud Control Plan (QUT staff access only)

QUT Business Continuity Management Framework (QUT staff access only)

QUT Risk Management Framework (QUT staff access only)


Modification History

Date Sections Source Details
03.12.14 All Council Periodic review - policy revised to include definitions of additional risk management terms
06.07.14 A/2.5.2 Executive Director, Finance and Resource Planning Policy revised to reflect the Project Proposal Framework replacing the Business Case Framework
23.06.10 All Council Revised policy
13.12.06 All Council Revised policy (endorsed by Audit and Risk Management Committee 08.11.06)
04.06.04 A/2.5.1 Executive Director, Finance and Resource Planning Added statement re QUT's commitment to business continuity management (endorsed by Audit Committee 24.03.04)
12.02.04 A/2.5.1 Deputy Vice-Chancellor (Technology, Information and Learning Support) Added reference to Project Management Framework and Business Case Framework (endorsed by Vice-Chancellors Advisory Committee 17.07.03)


All Council Revised policy (endorsed by Audit Committee 08.05.02)
03.09.97 All Council New policy (endorsed by Planning and Resources Committee 27.08.97)