Risk management framework

A risk management framework includes the policies, processes and activities employed in the management of risk.  Central to the University’s risk management framework are the risk management policy and the use of tailored risk register and risk management reports.  The policy sets out the University’s objectives and strategy for risk management, and the arrangements it has adopted to enable it to manage its risks. 

The risk management framework is designed to allow the University to manage risk in accordance with its stated risk appetite:

University statement of risk appetite

In pursuing its objectives, as expressed in its Strategic Plan and elsewhere, the University will generally accept a level of risk proportionate to the expected benefits to be gained, and the scale or likelihood of damage. 

The University has a high appetite for risk in the context of encouraging and promoting critical enquiry, academic freedom, freedom of expression, and open debate. 

The University has a very low appetite for risk where there is a likelihood of significant and lasting damage to its provision of world-class research or teaching; loss of life or harm to students, staff, collaborators, partners or visitors; significant and lasting reputational damage; significant financial loss or significant negative variations to financial plans; or illegal or unethical activity.

The University operates a light-touch approach to risk management, while seeking to ensure that it complies with its regulatory obligations.  Divisions, departments, faculties and other units are expected to manage risk in a manner appropriate to each unit.  The University’s risk management approach therefore allows risk management tools and techniques to be adapted to suit the needs of different parts of the University.  Template risk registers and risk management reports may be used to encourage consistency in the treatment of risk and to facilitate the comparison of risk across different parts of the University.  Template risk registers and risk management reports are available from the Head of Assurance.

Heads of Division, Heads of Department, Faculty Board Chairs and Heads of University Services (ASUC and UAS) are responsible for ensuring that the Risk Management Policy is implemented and followed in their respective divisions, departments, faculties and sections (as appropriate); and for ensuring that staff are made aware of the policy.  Every member of staff is also responsible for familiarising themselves with the Risk Management Policy, in particular any aspects that have a direct bearing upon the role that they perform for the University.

Any questions on the application of the University’s Risk Management Policy should be addressed to the Head of Assurance.