View Document

Risk Management Policy

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose

(1) This Policy has been developed to:

  1. support the achievement of the ACU Mission, Identity and Values and Strategic Priorities;
  2. ensure a consistent and effective approach to risk management;
  3. articulate ACU commitment to risk management and incorporate this into all areas of the University; and
  4. foster and encourage a risk-aware culture where risk management underpins good governance while supporting innovation and opportunity is seen as a positive attribute of decision-making.
Top of Page

Section 2 - Scope and Application

(2) This Policy applies to all areas of the University, including academic, research and operations. Its application remains the responsibility of all persons undertaking University business.

Top of Page

Section 3 - Definitions

(3) The following terms are used as defined as they apply to this Policy.

Term Definition
Risk ACU defines risk as ‘threats to its ability to deploy, balance and manage its resources and environment as it pursues its mission, vision and strategic goals’. ISO 31000:2018 - Risk Management Guidelines (codified by the International Organization for Standardization) defines risk as the “effect of uncertainty on objectives”. ACU’s interpretation of risk aligns with ISO 31000:2018 - Risk Management Guidelines, as it considers its capacity to respond to elements or events that impact its purpose. Risk and strategy are therefore intrinsically linked at ACU.
Risk Management The culture, processes and structures that support us to take advantage of potential opportunities and manage possible adverse effects
Top of Page

Section 4 - Risk Culture

(4) Critical to ACU’s abilities to achieve its mission, vision and strategic goals is the promotion and support of a positive risk culture where all university stakeholders appropriately manage risk as an intrinsic part of their day-to-day work, studies, research and activities.

(5) ACU’s risk culture is founded upon our core values, where our best performance is balanced by embedding astute risk management and informed decision making into everything we do. Such a culture supports an open discussion about uncertainties and opportunities, encourages all stakeholders to express concerns, and maintains processes to elevate concerns to appropriate levels.

Top of Page

Section 5 - Risk Management Principles

(6) Our approach to risk is underpinned by the following principles:

  1. Positive risk culture: risk is everyone’s responsibility and embedded as core business across all academic and non-academic operations;
  2. Accountability: risk management supports clear accountability, transparency and ownership;
  3. Evidence-based: our approach to risk is evidence based and insights driven, supporting effective communication; and
  4. Focused on quality: ACU will facilitate an environment of continual improvement.
Top of Page

Section 6 - Risk Management Model

(7) ACU aligns its risk management model and processes with ISO 31000:2018 - Risk Management Guidelines).

Top of Page

Section 7 - Risk Appetite

(8) ACU’s Risk Appetite Statement (RAS) sets limits for the types and amount of risk that ACU is willing to tolerate in pursuit of its strategic and operational goals.

Top of Page

Section 8 - Roles and Responsibilities

Senate [1]
  • Overseeing and monitoring the assessment and management of risk across the University.
  • Promotion of a positive risk culture.
Audit and Risk Committee [2] (sub-Committee of Senate)
Vice-Chancellor and President
  • Ensuring a robust risk management culture exists across the University by promoting and supporting enterprise risk management.
  • Advising the Senate and the Audit and Risk Committee on risk management matters.
  • Approval of Risk Management Procedure.
  • Ensuring the University is operating within its legal and regulatory obligations.
Chief Executive Officer and Members of the Senior Executive
  • Ensuring that the principles and practices of risk management are communicated and embedded into strategic and operational practices and planning processes.
  • Support and development of positive risk culture including risk awareness, risk management facilitation and capability development, risk leadership and adequate resourcing.
  • Ensuring the timely and effective identification, analysis, treatment, monitoring and evaluation, and reporting of significant risks in their relevant Portfolios.
  • Ensuring that all staff understand their responsibilities with respect to risk management.
Members of Executive and Senior Management Team
  • Fostering and encouraging an environment where managing risk is accepted as each person’s day-to-day responsibility.
  • Implementing risk management and managing risk within their areas of responsibility. 
  • Ensuring the timely and effective identification, analysis, treatment, monitoring and evaluation, and reporting of significant risks in their relevant Organisational Units including performance of risk assessments related but not limited to specific events, activities, projects, and student placements.
  • Reporting using ACU’s risk management systems and registers or other approved formal reports.
Legal, Assurance and Governance Directorate
  • Coordination, facilitation, analysis, reporting and periodically review the University's recorded strategic and organisational unit risks.
  • Periodic review and recommendations regarding Enterprise Risk Management Framework and other supporting documentation.
Managers and supervisors
  • Ensuring that staff within their areas understand their responsibilities and assist in fostering a risk-aware culture.
  • Ensuring that regular training and assistance is provided to relevant staff to assist with risk management.
All staff and students
[1] Please see the Terms of Reference for the Senate for more information.
[2] Please see the Terms of Reference for the Audit and Risk Committee for more information (included in Statute 2.3 - Governing Bodies: The Audit and Risk Committee).
Top of Page

Section 9 - Review

(9) This Policy will be reviewed at a minimum every two years. Unless otherwise indicated, this Policy will still apply beyond the review date.

Top of Page

Section 10 - Further Assistance

(10) For further assistance, please contact the Legal, Assurance and Governance Directorate.

Top of Page

Section 11 - Associated Information

(11) For related legislation, policies, procedures and guidelines and any supporting resources please refer to the Associated Information tab.