(1) The University has a statutory obligation to undertake risk management that is established within the University of Wollongong Act 1989 (the Act). (2) The University recognises that effective risk management is an integral part of good governance and best management practice that assists the University to meet its statutory objectives and deliver on its Strategic Plan. (3) The purpose of this Policy is to: (4) This Policy applies to all Faculties, Divisions and significant University activities. (5) This Policy should be read in conjunction with the Risk Management Framework and Guidelines and Risk Appetite Statement. (6) This Policy is supported by a range of documents that inform health, safety and risk management systems and practice across the University. These documents must be consistent with the broad directions of this policy. (7) The University has a robust risk framework in order to assess risks in its strategic and operational decision-making. (8) The University applies a structured and consistent approach to risk management at all levels across the University. (9) Effective risk management enables: (10) All staff are responsible for the management of risk, and contributing to a positive risk management culture. (11) Risk management must be incorporated internal policy development. (12) All risks, across all aspects of the University’s operations, should be understood and considered. (13) Formal risk assessments are required for: (14) Risk assessments should be based on the best available information, which may include historical data, experience, stakeholder feedback, observation, forecasts and expert judgement. (15) All risks are to be assessed as specified the Risk Management Framework and Guidelines. (16) The Risk, Audit and Compliance Committee is responsible for risk approach, subject to continuous assessment and improvement in line with current standards and conventions, and in line with direction of: (17) Emerging threats are: (18) Emerging threats: (19) The University relies on analysis and reporting by stakeholders and other sources for the identification and management of emerging threats. (20) Emerging threats are to be reported to the Senior Manager, Risk and Assurance. (21) The Senior Manager, Risk and Assurance will report and assess emerging threats to the Risk, Resilience and Assurance Group in accordance with the Risk Management Framework and Guidelines. (22) The Risk, Audit and Compliance Committee will receive regular updates on emerging risk assessments undertaken by the Risk, Resilience and Assurance Group. (23) The University Risk register is maintained by the Risk and Assurance Division. (24) The University Risk Register: (25) Local risk registers must be developed and maintained by each School, Faculty, Division and Portfolio. (26) The University may extend this requirement to other entities and business units, as appropriate. (27) Separate risk registers must be maintained for major projects, research projects, international collaborations or other specific activities which have been identified as requiring a separate or customised register. (28) Local risk registers and associated mitigation plans will require regular review and update by those accountable in accordance with the Risk Management Framework and Guidelines. (29) Emerging threats will be incorporated into the relevant risk register once the threat becomes a risk. Any new high-risk issue must be reported to the Risk, Resilience and Assurance Group. (30) If an identified high or extreme risk is reported and approved by the Risk, Resilience and Assurance Group, an appropriate mitigation plan must be developed. (31) Local risk registers must be endorsed by the relevant Head of School, Executive Dean, Director or Executive. (32) Risk registers will be maintained for: (33) The Senior Executive may require that these registers be reported to governance bodies. (34) The University Council and its Committees have responsibility under the University of Wollongong Act 1989 for overseeing risk management and risk assessment activities across the University. (35) The University Council, via the Risk, Audit and Compliance Committee, is responsible for endorsing this Policy, the Risk Management Framework and Guidelines and Risk Appetite Statement. (36) The Risk, Audit and Compliance Committee is responsible for: (37) The Vice-Chancellor and President is responsible for: (38) Senior Executives and Executive Deans are responsible for: (39) Directors, Faculty Executive Managers, Directors of Research Institutes and Project Managers are, within their respective areas of responsibility, responsible for: (40) The Chief Risk and Assurance Officer and Senior Manager, Risk and Assurance are responsible for: (41) Every staff member of the University is responsible for the effective management of risks including the identification and reporting of new and emerging threats. (42) Every staff member is responsible for participating, when required in training and workshops in relation to risk management practice provided by the University to ensure staff:Risk Management Policy
Section 1 - Purpose of Policy
Top of PageSection 2 - Application and Scope
Section 3 - Policy Principles
Section 4 - Risk Assessments
Section 5 - Risk and Control Allocation structure and responsibilities
Top of Page
Section 6 - Emerging Threats
Section 7 - University Risk Register
Top of Page
Section 8 - Local Risk Registers
Part A - 8. Risk Registers for Commercial Activities, Major Projects and Additional Activities
Section 9 - Roles and Responsibilities
University Council
Risk, Audit and Compliance Committee
Vice-Chancellor and President
Senior Executives and Executive Deans
Directors, Faculty Executive Managers, Directors of Research Institutes and Project Managers
Chief Risk and Assurance Officer, in conjunction with the Senior Manager, Risk and Assurance
All Staff
Top of PageSection 10 - Definitions
View Current
This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.
Word/Term
Definition
Commercial Activity
As defined in the Commercial Activities Guidelines.
Control
Any measure, action, or mechanism that is put in place to mitigate, minimize, or manage the impact or likelihood of identified risks.
Emerging Threat
An emerging threat refers to a new or evolving risk, danger, or challenge that is in the process of developing or gaining prominence.
Level of Risk
The magnitude of a risk expressed as a combination of consequence and likelihood. Also known as the risk rating, which could be inherent or residual.
Risk Register
The central register of the University’s risks that may be filtered to view risk at a local level.
Risk
The potential of uncertain events or situations to have adverse effects on objectives, goals, values, or assets. It involves the possibility of something going wrong, leading to undesirable consequences or losses. Risk encompasses both the likelihood of an event occurring and the potential impact or severity of its consequences.
Risk Appetite
Risk appetite considers the total risk exposure to UOW and stipulates the behaviours expected based upon the basis of risk-return trade-offs for one or more of the desired outcomes. Appetite may be expressed quantitatively or qualitatively e.g. behavioural, as applied in the Risk Appetite Statement.
Risk Management
Coordinated activities to direct and control the University with regard to risk.
Risk Owner
A risk owner is an individual within UOW who is assigned the responsibility for overseeing and managing a specific risk. The risk owner is accountable for the effective management of the identified risk, including implementing risk mitigation strategies, monitoring and reporting on risk status, and ensuring that appropriate actions are taken to address any potential negative outcomes associated with those risks.
Risk Sponsor
A Risk Sponsor is an individual within UOW that takes on the responsibility of overseeing and managing a group of risks. The role of a risk sponsor is to advocate for effective risk management, ensure that appropriate strategies are in place to address the identified risks, and provide guidance and support to the teams involved in managing those risks. Risk sponsors play a crucial role in aligning risk management efforts with UOW's objectives and overall risk management framework
Executive Risk Sponsor
An Executive Risk Sponsor refers to a senior-level individual within UOW who takes on a leadership role in overseeing and managing a specific category of risks at the highest level. This role involves providing strategic direction, guidance, and support for risk management efforts related to a particular set of risks. The executive risk sponsor plays a critical role in aligning risk management with UOW's overall strategy and ensuring that risks are appropriately addressed to support the achievement of goals. If required, the executive risk sponsor will speak to a category of risks at Council, any Council subcommittee or the University Leadership Group. Noting that the risk owner may be required to speak on a specific risk.