View Document

Risk Management Policy

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose

(1) This Policy details QUT’s approach to risk management. The University is committed to promoting an organisational culture that values effective risk management as a core management capability. QUT recognises that risk management is a critical component of good management practice and an essential element of governance. Effective risk management allows the University to take advantage of opportunities to improve its outcomes by ensuring that any risk taken is based on informed decision-making and realistic analysis.

(2) QUT’s Risk Management System does not intend to eliminate risk completely, but is designed to ensure:

  1. the University’s risk appetite is set and approved by QUT Council;
  2. a common or consistent approach to the management of risk is used across QUT;
  3. risk management is integrated into QUT’s planning framework;
  4. the management of risk contributes to the quality of performance and continuous improvement of QUT business, its operations and delivery of services;
  5. all significant risks to QUT are identified, evaluated, managed and reported in a timely manner to Council through its Risk and Audit Committee.
Top of Page

Section 2 - Application

(3) This Policy applies to all QUT operations as an integral and embedded part of all University activities.

Top of Page

Section 3 - Roles and Responsibilities

Position Responsibility
QUT Council
Sets, monitors and approves the University’s risk appetite statements.
Risk and Audit Committee
Evaluates the adequacy and effectiveness of the University’s risk management and compliance framework.
Advises Council on QUT’s exposure to, and management of, significant business risks.
Director, Governance and Performance
Provides risk services (including training, facilitation and advisory) to assist management and staff with identifying, assessing and treating enterprise risks associated with achieving University objectives.
Informs and reports to Risk and Audit Committee regarding emerging trends and changes to risks and risk treatments.
Oversees QUT’s Enterprise Risk Management Framework, including integration of the annual risk assessment process with the University Integrated Planning Framework.  
Management and staff Identifies and manages risks within their areas of responsibility.
Top of Page

Section 4 - Risk Appetite

(4) QUT’s risk appetite is described in a set of qualitative, directional risk appetite statements that are prescribed, monitored and approved by Council as part of the University’s planning processes.

Top of Page

Section 5 - QUT’s Enterprise Risk Management Approach

(5) QUT’s Enterprise Risk Management approach is consistent with the Financial and Performance Management Standard 2019 (Qld) and designed on the principles and process set out in the International and Australian Standard for Risk Management (AS ISO 31000:2018 – Risk management - Guidelines) and comprises:

  1. Policy;
  2. Risk Management Framework;
  3. Risk Management Procedure;
  4. Risk Consequence Matrix;
  5. Template for Risk Management Plan and Risk Assessment Worksheet.

(6) The function of Risk Management is to provide a sound contribution to the achievement of QUT's corporate objectives and to support the strategic directions of divisions, faculties and portfolios. This is demonstrated through the integration and embedding of risk management within the following QUT policies, frameworks and plans:

  1. Governance Framework;
  2. University Integrated Planning Framework;
  3. Project Management Framework (Projects – Getting started, QUT staff access only);
  4. Corruption and Fraud Control Policy;
  5. Business Continuity Management Framework (QUT staff access only).
Top of Page

Section 6 - QUT Risk Management Framework

(7) The QUT Risk Management Framework outlines how risk will be managed and reported and demonstrates alignment of governance and risk management including optimising opportunities and achieving the University’s objectives.

(8) The Framework comprises the following elements:

  1. risk appetite and linkage to strategic priorities;
  2. governance accountabilities and responsibilities for risk management in accordance with the 'Three Lines Model';
  3. QUT’s risk management process, including;
    1. establishing context, objective and scope of the activity;
    2. identifying, analysing and evaluating risks;
    3. treating risks;
    4. recording and reporting risks;
    5. monitoring and reviewing risks.
Top of Page

Section 7 - QUT Risk Management Procedure

(9) QUT Risk Management Procedure provides a step-by-step guide on the risk assessment process and how to complete the Risk Management Plan and Risk Assessment Worksheet.

Top of Page

Section 8 - Business Continuity Management

(10) QUT is committed to business continuity management as an integral component of risk management, to ensure the University is able to resume business after a disruption. Business continuity management enables QUT to resume day-to-day operations as quickly and efficiently as possible, while minimising the impact on people, processes, systems, assets, and reputation.

(11) Further information on how the University ensures the continuity of key business activities is available in the QUT Business Continuity Management Framework (QUT staff access only).

Top of Page

Section 9 - Definitions

Term Definition
Business Continuity Management Is any preparation in a systematic manner to resume business after a disruption.
Risk Is an event which, if realised, has the potential to affect the achievement of the University’s ability to contribute to its vision, goals, organisational values and objectives.
Risk Appetite Is the amount of risk QUT is willing to accept in the pursuit of its strategic objectives or strategic priorities for the purpose of maximising value to its stakeholders.
Risk Management Is the coordination of activities to direct and control QUT with regard to risk, including the establishment of culture, policy, processes and structures.
Risk Treatment Is the process of modifying risk by implementing a risk strategy.