Risk Management Policy

Approving Authority:

Council

Establishment Date:

8 August 2002

Date Last Amendment:

1 March 2012

Nature of Amendment:
Addition of new clause 4.3

Date Last Reviewed:

n/a

Responsible Officer:

Vice-President (Strategic Finance and Resources)

Preamble

The Risk Management Policy forms part of a framework established by Council to provide for systematic and responsible management of risks that are, or could be, incurred by the University in carrying out its various activities. The Risk Management Policy is intended to ensure that the costs, anticipated benefits and the potential risks associated with particular activities are considered. Where the balance of advantage favours a particular activity or initiative, the possible risks will be planned for and managed, taking account of broader University objectives and priorities.

The Risk Management Policy applies to all areas of the University's operations, including routine internal activities. Because of the nature of the risks involved, the Policy includes specific provisions in relation to the University's commercial activities.

1

Risk Management within the University

1.1 For the purposes of this policy, risk is defined as the possibility of something happening that will have a significant negative impact either on the University or on the achievement of its objectives.

1.2 Significant areas of risk will be defined as those that may reasonably be expected to:

constitute a significant risk to the welfare of staff, students or the public;

jeopardise the reputation of the University as an academic, educational and research institution or present a significant legal exposure;

pose a significant commercial or business risk that may threaten the financial well-being or reputation of the University.

1.3 The University will continue to evaluate potential benefits alongside potential risks as a routine part of many of its activities. Risk identification, evaluation and management will be undertaken as a part of the day to day management and planning activities of the University.

1.4 Risks will be managed at the operational level in accordance with this policy, and in accordance with other policies and risk management processes relevant to the area of activity.

2

Responsibilities

2.1 Council will oversee risk management within the University, on advice from the Resources Committee, the Audit and Risk Committee and the Vice-Chancellor.

2.2 The Vice-Chancellor will be responsible for the implementation of risk management within the University, and for responding to and reporting on significant risks that may emerge from time to time.

2.3 The Deputy and Pro Vice-Chancellors, and Vice-Presidents will be responsible for implementing risk management within their portfolio areas, and will report regularly to the Vice-Chancellor on any significant risks or risk areas.

2.4 The Vice-President (Strategic Finance and Resources) will report regularly to the Vice-Chancellor on any significant risks or risk areas in respect of relevant University-wide budget areas..

2.5 Executive Deans, and heads of administrative divisions will be responsible for implementing risk management within their areas, and ensuring that all staff are made aware of their responsibilities.

2.6 University nominees on the governing body of an entity (defined in clause 5.2.1) will be responsible for reporting on risk issues, annually, or as the need arises, to the Vice-Chancellor, in a form prescribed by the University.

2.7 The Vice-Chancellor, Deputy and Pro Vice-Chancellors, Vice-Presidents and Executive Deans will be responsible for reporting on risk issues annually, or as the need arises, in a form prescribed by the University, in cases where:

(i) they appoint a nominee on the governing body of an entity who is a staff member or officer of another institution or agency; or

(ii) they sponsor the University's involvement in an entity and there is no nominee directly appointed by the University on the governing body.

2.8 All members of the University will be responsible for avoiding unnecessary risks to themselves, others and the University, and reporting to the Vice-Chancellor, through the Deputy Vice-Chancellors, Vice-Presidents, or Executive Dean, on any activities which may result in unacceptable risks.

3

Identifying, Assessing and Managing Risks

3.1 Risks will normally be identified, assessed and managed by responsible officers and reported in accordance with the University's decision making processes.

3.2 Risk identification, evaluation and management in respect of particular activities will be carried out in accordance with University procedures.

3.3 Risks will be assessed with reference to the University's strategic priorities, taking account of the likelihood of the risk occurring, its potential impact and the range of implications it may have for the University.

3.4 Where an unacceptable risk is identified, relevant University staff with management responsibilities in areas that may be affected, will be informed of it, and they will be required to take action, as required, to address the matter and inform staff, students or other persons within their areas of responsibility, about the matter.

3.5 Key factors to be considered in assessing and managing risk as defined in clause 1.2 include:

accurately identifying risks including risks to the University's reputation, before an activity is commenced;

establishing whether there is significant financial risk which is not already identified in the University's accounts;

whether the activity is using the University's financial system, in which case the University's internal controls are applied and are open to audit by the State Auditor-General;

and in the case of entities:

whether the entity's accounts are managed by another university or organisation similar in nature to Flinders University; and

whether there is a nominee of Flinders University on the governing body of that entity.

4

Monitoring and Reporting

4.1 The Vice-Chancellor will report annually or as the need arises to Council on significant risks to the University. Where appropriate, issues may be presented to the Resources Committee and/or the Audit and Risk Committee for their consideration prior to a report going to Council.

4.2 The Deputy and Pro Vice-Chancellors, Vice-Presidents and Executive Deans will monitor the operation of risk management within their areas of responsibility, and will report to the Vice-Chancellor:

on an annual basis, where ongoing significant risks are known to exist;

immediately, in instances where a significant new risk is identified.

4.3 The University will maintain a register of enterprise risks which will be regularly reviewed at least annually.

5
Operational Framework for Contracts, Entities and New Initiatives

5.1 Contracts and Agreements

5.1.1 Activities governed by contract or agreement will be entered into by authorised officers of the University in accordance with the Policy on Delegations of Authority to Enter into Contracts

5.1.2 Management of risks related to activities governed by contract or agreement will occur in accordance with the principles and procedures in this policy and the Policy on Delegations of Authority to Enter into Contracts.

5.2 University Involvement in Entities

5.2.1 For the purpose of this policy, entity means any entity (including an associated company as defined in the Accounting Standards issued by the Australian Accounting Standards Board), partnership or joint venture in which Flinders University has an investment of any size, whether cash or in kind.

5.2.2 The companies partnerships and other entities in which the University is involved, and the nature of that involvement, vary widely. Many, including national bodies with representation across the university sector and centres funded through government grants, represent minimal risk. A small number of commercial ventures represent potentially more significant risk.

5.2.3 Establishment and monitoring of University involvement in entities will occur in accordance with the principles and procedures in this policy.

5.2.4 The University will maintain a database ('Entities Register') to record details of new and existing entities as defined above, including a risk assessment in each case, in a form prescribed by the Vice-President (Strategic Finance and Resources). The Entities Register excludes funds investment in Australian Stock Exchange listed companies, which are approved in accordance with the University's Policy on Investments.

5.2.5 A re-assessment of risk from entities in the Entities Register will be undertaken annually, or as the need arises, in accordance with University procedures, noting that where an external audit of the entity is conducted, the University will receive a copy of the entity's financial statements and the auditor's certification.

5.2.6 The University will seek to obtain an auditor's report and audit management letter from the relevant State, Territory or Commonwealth Auditor-General or external auditor where Council deems it appropriate, in light of consideration of the nature of the entity, its significance and the associated risks.[1]

5.3 Planning Significant New Commercial Initiatives

To ensure that Flinders University's interests are protected and risk exposures and their management are properly addressed in the planning phase, proposals for establishment of, or participation in, new initiatives will be prepared and submitted with reference to the Procedures for Planning Significant New Commercial Initiatives at Schedule A.

[1]In compliance with Protocol 11 of the National Governance Protocols set out at http://www.dest.gov.au/highered/governance/nat gov prot.htm which Higher Education Providers eligible for grants under the Commonwealth Grant Scheme need to satisfy under section 33-15 (1)(a) of the Higher Education Support Act 2003.