Risk Management Framework
The University has a statutory obligation for risk that is set out in The University of Adelaide Act.
In addition, it recognises that risk management is an integral part of good governance and best management practice for an organisation charged with responsibility for the advancement of learning and knowledge and university education.
The University’s Risk Management Framework connects the University’s governance structure and the management structure so that the two work together to provide a combined commitment, set of expectations, and organisational and personal accountabilities and responsibilities.
The Council, the Audit Compliance and Risk Committee and the Vice-Chancellor and President, have ultimate responsibility for risk within the University. From this highest level of governance and management, each of the Divisions, led by the Vice Presidents, work with the Faculties, Schools and administrative areas so that risks are managed strategically and operationally. For the University’s Controlled Entities, the Board and Senior Management of each entity takes responsibility for managing their risks.
The University has adopted the principles of risk management as set out in the International, Risk Management Standard - AS/NZS ISO 31000:2009 Risk Management – Principles and guidelines.
The Risk Policy formally affirms the University’s strategic commitment to building a risk management culture in which risks and opportunities are identified and managed effectively. The University recognises that, in pursuing its strategic objectives, measured risk-taking is both acceptable and appropriate.
Risk Management Handbook
The Risk Management Handbook provides details on the principles and processes identified in the Policy. The Handbook includes resources which have been designed to assist with the risk management process and to encourage a consistent and comprehensive language and approach to managing risk across the whole University.
Risk appetite is the amount of risk the University is willing to accept or retain in order to achieve its objectives. It is a series of statements that describes the University’s approach to assess and eventually to pursue risk, retain risk, take risk or turn away from risk, setting out what the Senior Executive consider to be acceptable risk-taking. Risk appetite statements are usually aligned to categories of risk, such as financial, people or reputation risks. The statements are calibrated in accordance with the entity’s internal and external context.
Risk tolerance sets the boundaries or levels of risk-taking that the University will accept in order to achieve a specific objective or manage a category of risk. Risk tolerance represents the practical application of risk appetite.
Risk appetite sets the tone for risk taking in general, while tolerance informs:
- expectations for mitigating and pursuing specific types of risk;
- boundaries and thresholds for acceptable risk taking; and
- actions to be taken or consequences for acting beyond approved tolerances.
Risk appetites and tolerances will be set, approved, monitored and reviewed at appropriate intervals by both University governance and management noting that:
- Risk appetite is not a single, fixed concept.
- There will be a range of appetites for different risks which need to align and these appetites may vary over time: the temporal aspect of risk appetite is key to setting, monitoring, and adjusting risk appetite.
- Risk appetite must take into account differing views at a strategic, tactical and operational level.
- Although risk appetite is commonly thought of in strategic terms, risk appetite must be addressed throughout the University for it be useful.
- The propensity to take risk, and the propensity to exercise control, directly influence the setting and monitoring of risk appetite.
- It is important to determine what successful performance looks like in order to set risk appetite and tolerance.
Broadly speaking, the University’s appetite for risk is shown in the below table:
to take risks
Strategic / growth risk
Financial viability risk
Safety and health risk
Regulatory & compliance risk
Teaching, learning & research risk
Service disruption risk
Culture & values risk
Environmental & social
University Risk Matrix
The University Risk Matrix outlines the categories of likelihood and consequence and the 5 x 5 risk rating matrix. The Matrix also identifies the management action required for risks rated extreme, high, medium and low risk.