Risk Management Policy

The university will maintain procedures to provide a systematic view of the risks faced in the course of our academic, administrative and business activities. This will require the University to:

• Establish a context. This is the strategic, organisational and risk management context against which the rest of the risk management process in the University will take place. Criteria against which risk will be evaluated should be established and the structure of the risk analysis defined.
• Identify Risks. This is the identification of what, why and how events arise as the basis for further analysis.
• Analyse Risks. This is the determination of existing controls and the analysis of risks in terms of the consequence and likelihood in the context of those controls. The analysis should consider the range of potential consequences and how likely those consequences are to occur. Consequence and likelihood are combined to produce an estimated level of risk.
• Evaluate Risks. This is a comparison of estimated risk levels against pre-established criteria. This enables risks to be ranked and prioritised.
• Treat Risks. For higher priority risks, the University is required to develop and implement specific risk management plans including funding considerations. Lower priority risks may be accepted and monitored.
• Monitor and Review. This is the oversight and review of the risk management system and any changes that might affect it. Monitoring and reviewing occurs concurrently throughout the risk management process.
• Communication and Consultation. Appropriate communication and consultation with internal and external stakeholders should occur at each stage of the risk management process as well as on the process as a whole.