Director, Assurance, Risk and Integrity Services
Date of Next Review
2.5.3 Roles and responsibilities
2.5.4 Risk appetite
2.5.5 QUT's Enterprise Risk Management approach
2.5.6 QUT Risk Management Framework
2.5.7 QUT Risk Management Procedure
2.5.8 Business continuity management
This policy details QUT’s approach to risk management. The University is committed to promoting an organisational culture that values effective risk management as a core management capability. QUT recognises that risk management is a critical component of good management practice and an essential element of governance. Effective risk management allows the University to take advantage of opportunities to improve its outcomes by ensuring that any risk taken is based on informed decision-making and realistic analysis.
QUT’s risk management system does not intend to eliminate risk completely, but is designed to ensure:
- the University’s risk appetite is set and approved by QUT Council
- a common or consistent approach to the management of risk is used across QUT
- risk management is integrated into QUT’s planning framework
- the management of risk contributes to the quality of performance and continuous improvement of QUT business, its operations and delivery of services
- all significant risks to QUT are identified, evaluated, managed and reported in a timely manner to Council through its Risk and Audit Committee.
This policy applies to all QUT operations as an integral and embedded part of all University activities.
Risk and Audit Committee
|Management and staff||
QUT’s risk appetite is described in a set of qualitative, directional risk appetite statements that are prescribed, monitored and approved by Council as part of the University’s planning processes.
QUT’s Enterprise Risk Management approach is consistent with the Financial and Performance Management Standard 2009 (Qld) and designed on the principles and process set out in the International and Australian Standard for Risk Management (AS ISO 310000:2018 – Risk management - Guidelines) and comprises:
- Risk Management Framework
- Risk Management Procedure
- Risk Consequence Matrix
- Templates for Risk Management Plan and Risk Assessment Worksheets.
The function of risk management is to provide a sound contribution to the achievement of QUT's corporate objectives and to support the strategic directions of divisions, faculties and institutes. This is demonstrated through the integration and embedding of risk management within the following QUT policies, frameworks and plans:
- Governance Framework (A/1.1)
- Planning Framework (A/2.2)
- Project Management Framework (QUT staff access only)
- Project Proposal Framework (QUT staff access only)
- Corruption and Fraud Control (B/8.6)
- Business Continuity Management Framework (QUT staff access only).
The QUT Risk Management Framework outlines how risk will be managed and reported and demonstrates alignment of governance and risk management including optimising opportunities and achieving the University’s objectives.
The Framework comprises the following elements:
- risk appetite and linkage to strategic priorities
- governance accountabilities and responsibilities for risk management in accordance with the ‘Three Lines of Defence’ model
- QUT’s risk management process, including
- establishing context, objective and scope of the activity
- identifying, analysing and evaluating risks
- treating risks
- recording and reporting risks
- monitoring and reviewing risks.
QUT Risk Management Procedure provide a step-by-step guide on the risk assessment process and how to complete the Risk Management Plan and Risk Assessment Worksheet.
QUT is committed to business continuity management as an integral component of risk management, to ensure the University is able to resume business after a disruption. Business continuity management enables QUT to resume day-to-day operations as quickly and efficiently as possible, while minimising the impact on people, processes, systems, assets, and reputation.
Further information on how the University’s ensures the continuity of key business activities is available in the QUT Business Continuity Management Framework (QUT staff access only).
Business Continuity management is any preparation in a systematic manner to resume business after a disruption.
Risk is an event which, if realised, has the potential to affect the achievement of the University’s ability to contribute to its vision, goals, organisational values and objectives.
Risk appetite is the amount of risk QUT is willing to accept in the pursuit of its strategic objectives or strategic priorities for the purpose of maximising value to its stakeholders.
Risk management is the coordination of activities to direct and control QUT with regard to risk, including the establishment of culture, policy, processes and structures.
Risk treatment is the process of modifying risk by implementing a risk strategy.
MOPP A/1.1 QUT Governance Framework
MOPP A/1.2 Delegations
MOPP A/2.2 University Planning Framework
MOPP A/7.1 Indemnity and insurance
MOPP B/8.6 Corruption and fraud control
MOPP Appendix 2 Council Procedure 1 (Committees)
Corruption and Fraud Control Plan (QUT staff access only)
QUT Business Continuity Management Framework (QUT staff access only)
QUT Risk Management Framework (QUT staff access only)
Financial and Performance Management Standard 2009 (Qld) Part 2, Division 4, Section 28
AS/NZS 31000:2009 - Risk Management
HB 141-2004 Risk Financing Guidelines
HB 203:2006 Environmental Risk Management - Principles and Process
HB 205-2004 OHS Risk Management Handbook
HB 221-2004 Business Continuity Management
HB 240-2004 Guidelines for Managing Risk in Outsourcing Utilising the AS/NZS 4360:2004 Process
HB 246-2004 Guidelines to Managing Risk in Sport and Recreation
HB 254-2005 Governance, Risk Management and Control Assurance
|25.11.19||All||Council||Periodic review - policy revised to reference University’s risk appetite and update QUT’s Enterprise Risk Management approach|
|03.12.14||All||Council||Periodic review - policy revised to include definitions of additional risk management terms|
|06.07.14||A/2.5.2||Executive Director, Finance and Resource Planning||Policy revised to reflect the Project Proposal Framework replacing the Business Case Framework|
|13.12.06||All||Council||Revised policy (endorsed by Audit and Risk Management Committee 08.11.06)|
|04.06.04||A/2.5.1||Executive Director, Finance and Resource Planning||Added statement re QUT's commitment to business continuity management (endorsed by Audit Committee 24.03.04)|
|12.02.04||A/2.5.1||Deputy Vice-Chancellor (Technology, Information and Learning Support)||Added reference to Project Management Framework and Business Case Framework (endorsed by Vice-Chancellors Advisory Committee 17.07.03)|
|All||Council||Revised policy (endorsed by Audit Committee 08.05.02)|
|03.09.97||All||Council||New policy (endorsed by Planning and Resources Committee 27.08.97)|