 |
 |
 |
Risk Management Policy
| Approving Authority: |
Council |
| Establishment
Date: |
8 August 2002 |
|
Date
Last Amendment: |
15 March 2007
|
| Nature of Amendment: |
Clauses 2.1 and 4.1 to include reference to
Audit Committee as a source of advice; and removal of clause
4.2 as a result.
|
| Date
Last Reviewed: |
n/a |
| Publication
Reference: |
n/a |
| Contact Officer: |
Executive Officer, Legal and Contracts |
Preamble
The Risk Management Policy forms part of a
framework established
by Council to provide for systematic and
responsible management
of risks that are, or could be, incurred by the University
in carrying out its various activities. The Risk Management
Policy is intended to ensure that the costs,
anticipated benefits
and the potential risks associated with
particular activities
are considered. Where the balance of advantage
favours a particular
activity or initiative, the possible risks will be planned
for and managed, taking account of broader
University objectives
and priorities.
The Risk Management Policy applies to all areas
of the University's
operations, including routine internal activities. Because
of the nature of the risks involved, the Policy
includes specific
provisions in relation to the University's
commercial activities.
|
| 1 |
Risk Management within the
University
1.1 For the purposes of this policy, risk is
defined as the
possibility of something happening that will have
a significant
negative impact either on the University or on
the achievement
of its objectives.
1.2 Significant areas of risk will be defined as
those that
may reasonably be expected to:
- constitute a significant risk to the welfare of staff,
students or the public;
- jeopardise the reputation of the University
as an academic,
educational and research institution or present
a significant
legal exposure;
- pose a significant commercial or business risk that may
threaten the financial well-being or reputation
of the University.
1.3 The University will continue to evaluate
potential benefits
alongside potential risks as a routine part of many of its
activities. Risk identification, evaluation and management
will be undertaken as a part of the day to day management
and planning activities of the University.
1.4 Risks will be managed at the operational
level in accordance
with this policy, and in accordance with other policies and
risk management processes relevant to the area of
activity. |
| 2 |
Responsibilities
2.1 Council will oversee risk management within the University,
on advice from the Resources Committee, the Audit Committee
and the Vice-Chancellor.
2.2 The Vice-Chancellor will be responsible for
the implementation
of risk management within the University, and for
responding
to and reporting on significant risks that may emerge from
time to time.
2.3 The Deputy Vice-Chancellors will be
responsible for implementing
risk management within their portfolio areas, and
will report
regularly to the Vice-Chancellor on any significant risks
or risk areas.
2.4 The Executive Director of Administration
will be responsible
for implementing risk management within the
Central Administration,
and in respect of relevant University-wide budget
areas, and
will report regularly to the Vice-Chancellor on
any significant
risks or risk areas.
2.5 Executive Deans, the Librarian, and Heads of Divisions
within the Central Administration will be responsible for
implementing risk management within their areas,
and ensuring
that all staff are made aware of their
responsibilities.
2.6 University nominees on the governing body of an entity
(defined in clause 5.3.1) will be responsible for reporting
on risk issues, annually, or as the need arises, to the Vice-Chancellor,
in a form prescribed by the University.
2.7 The Vice-Chancellor, Deputy Vice-Chancellors, the Executive
Director of Administration, University Librarian and Executive
Deans will be responsible for reporting on risk issues annually,
or as the need arises, in a form prescribed by the University,
in cases where:
(i) they appoint a nominee on the governing body of an entity
who is a staff member or officer of another institution or
agency; or
(ii) they sponsor the University's involvement in an entity
and there is no nominee directly appointed by the University
on the governing body.
2.8 All members of the University will be responsible for
avoiding unnecessary risks to themselves, others
and the University,
and reporting to the Vice-Chancellor, through the
Deputy Vice-Chancellors,
Executive Director of Administration, University Librarian
or Executive Dean, on any activities which may
result in unacceptable
risks. |
| 3 |
Identifying, Assessing and Managing Risks
3.1 Risks will normally be identified, assessed
and managed
by responsible officers and reported in accordance with the
University's decision making processes.
3.2 Risk identification, evaluation and
management in respect
of particular activities will be carried out in accordance
with University procedures.
3.3 Risks will be assessed with reference to the
University's
strategic priorities, taking account of the likelihood of
the risk occurring, its potential impact and the range of
implications it may have for the University.
3.4 Where an unacceptable risk is identified,
relevant University
staff with management responsibilities in areas that may be
affected, will be informed of it, and they will be required
to take action, as required, to address the
matter and inform
staff, students or other persons within their
areas of responsibility,
about the matter.
3.5 Key factors to be considered in assessing and managing
risk as defined in clause 1.2 include:
- accurately identifying risks including risks to the University's
reputation, before an activity is commenced;
- establishing whether there is significant
financial risk
which is not already identified in the
University's accounts;
- whether the activity is using the
University's financial
system, in which case the University's internal controls
are applied and are open to audit by the State
Auditor-General;
and in the case of entities:
- whether the entity's accounts are managed by
another university
or organisation similar in nature to Flinders University;
and
- whether there is a nominee of Flinders University on the
governing body of that entity.
|
| 4 |
Monitoring and Reporting
4.1 The Vice-Chancellor will report annually or as the need
arises to Council on significant risks to the University.
Where appropriate, issues may be presented to the Resources
Committee and/or the Audit Committee for their consideration
prior to a report going to Council.
4.2 The Deputy Vice-Chancellors, Executive Director of Administration,
and cost centre heads will monitor the operation of risk management
within their areas of responsibility, and will report to the
Vice-Chancellor:
- on an annual basis, where ongoing significant risks are
known to exist;
- immediately, in instances where a significant new risk
is identified.
|
| 5 |
Operational Framework for Contracts,
Entities and New Initiatives
5.1 Contracts and Agreements
5.1.1 Activities governed by contract or agreement will be
entered into by authorised officers of the
University in accordance
with the Policy on Delegations of Authority to Enter into
Contracts
5.1.2 Management of risks related to activities governed
by contract or agreement will occur in accordance with the
principles and procedures in this policy and the Policy on
Delegations of Authority to Enter into Contracts.
5.2 University Involvement in
Entities
5.2.1 For the purpose of this policy, entity
means any entity
(including an associated company as defined in
the Accounting
Standards issued by the Australian Accounting
Standards Board),
partnership or joint venture in which Flinders University
has an investment of any size, whether cash or in kind.
5.2.2 The companies partnerships and other
entities in which
the University is involved, and the nature of
that involvement,
vary widely. Many, including national bodies with
representation
across the university sector and centres funded
through government
grants, represent minimal risk. A small number of
commercial
ventures represent potentially more significant risk.
5.2.3 Establishment and monitoring of University
involvement
in entities will occur in accordance with the
principles and
procedures in this policy.
5.2.4 The University will maintain a database ('Entities
Register') to record details of new and existing entities
as defined above, including a risk assessment in each case,
in a form prescribed by the Executive Director of Administration
. The Entities Register excludes funds investment in Australian
Stock Exchange listed companies, which are approved in accordance
with the University's Policy on Investments.
5.2.5 A re-assessment of risk from entities in
the Entities
Register will be undertaken annually, or as the
need arises,
in accordance with University procedures, noting that where
an external audit of the entity is conducted, the
University
will receive a copy of the entity's financial
statements and
the auditor's certification.
5.2.6 The University will seek to obtain an
auditor's report
and audit management letter from the relevant
State, Territory
or Commonwealth Auditor-General or external auditor where
Council deems it appropriate, in light of consideration of
the nature of the entity, its significance and
the associated
risks.[1]
5.3 Planning Significant New Commercial
Initiatives
To ensure that Flinders University's interests
are protected
and risk exposures and their management are
properly addressed
in the planning phase, proposals for establishment of, or
participation in, new initiatives will be
prepared and submitted
with reference to the Procedures for Planning Significant
New Commercial Initiatives at Schedule
A.
[1]In compliance with Protocol 11 of the National Governance
Protocols set out at http://www.dest.gov.au/highered/governance/nat
gov prot.htm which Higher Education Providers eligible for
grants under the Commonwealth Grant Scheme need to satisfy
under section 33-15 (1)(a) of the Higher Education Support
Act 2003.
|
|
|
