Risk Management Framework
The University Council is the governing body and has statutory responsibility, among other things, for overseeing and monitoring the assessment and management of risk.
A sound approach to managing risk is essential to the ongoing sustainability and success of the University.
Demonstrable risk management helps to assure stakeholders that University governance and management understand the risks of operating a university, that adequate steps have been taken to minimise and mitigate risks, and that the University has in place systems to operate commercially, flexibly and responsibly.
The University’s approach to risk management aligns with the Standard ISO 31000:2018 Risk Management – Guidelines.
The University’s Risk Management Framework connects the University’s governance structure and the management structure so that the two work together to provide a joint commitment, set of expectations, and organisational and personal accountabilities and responsibilities. The Framework defines risk operating model, appetite, responsibilities, methodology, and monitoring and reporting obligations for the University of Adelaide and all its operations and entities.
Risk Management Policy
The Risk Management Policy affirms the University’s commitment to building a risk culture that encourages deliberate and proactive risk management in a manner and at intervals commensurate with the University’s strategies.
The Policy is to be read in conjunction with the University’s Risk Management Framework and other resources, directions and guides approved and published from time to time by the University’s governing body and by University management.
Risk appetite is the amount of risk the University is willing to accept or retain in order to achieve its objectives. It is a series of statements that describes the University’s approach to assess and eventually to pursue risk, retain risk, take risk or turn away from risk, setting out what the Senior Executive consider to be acceptable risk-taking. Risk appetite statements are usually aligned to categories of risk, such as financial, people or reputation risks. The statements are calibrated in accordance with the entity’s internal and external context.
Risk tolerance sets the boundaries or levels of risk-taking that the University will accept in order to achieve a specific objective or manage a category of risk. Risk tolerance represents the practical application of risk appetite.
Risk appetite sets the tone for risk taking in general, while tolerance informs:
- expectations for mitigating and pursuing specific types of risk;
- boundaries and thresholds for acceptable risk taking; and
- actions to be taken or consequences for acting beyond approved tolerances.
Risk appetite is assessed as conservative, balanced or entrepreneurial, as follows:
Conservative: unless there is a compelling reason to do so, the University should not accept opportunities with risks attached that could result in significant exposure or loss, and should proceed with caution in pursuing these opportunities.
Balanced: there is some risk associated with the opportunity being pursued, however there are mitigating actions available to help reduce these risks to an acceptable level of exposure.
Entrepreneurial: there is some higher risk associated with the opportunity being pursued, but there are treatments available to mitigate the risk, and the opportunity is worth pursuing / too good to miss.
University Risk Matrix
The University Risk Matrix outlines the categories of likelihood and consequence and the 5 x 5 risk rating matrix. The Matrix also identifies the management action required for risks rated extreme, high, medium and low risk.