Risk Management Framework

The University Council is the governing body and has statutory responsibility, among other things, for overseeing and monitoring the assessment and management of risk.

A sound approach to managing risk is essential to the ongoing sustainability and success of the University.

Demonstrable risk management helps to assure stakeholders that University governance and management understand the risks of operating a university, that adequate steps have been taken to minimise and mitigate risks, and that the University has in place systems to operate commercially, flexibly and responsibly.

The University’s approach to risk management aligns with the Standard ISO 31000:2018 Risk Management – Guidelines.

The University’s Risk Management Framework connects the University’s governance structure and the management structure so that the two work together to provide a joint commitment, set of expectations, and organisational and personal accountabilities and responsibilities. The Framework defines risk operating model, appetite, responsibilities, methodology, and monitoring and reporting obligations for the University of Adelaide and all its operations and entities.

Risk management framework

  • Risk Management Policy

    The Risk Management Policy affirms the University’s commitment to building a risk culture that encourages deliberate and proactive risk management in a manner and at intervals commensurate with the University’s strategies.

    The Policy is to be read in conjunction with the University’s Risk Management Framework and other resources, directions and guides approved and published from time to time by the University’s governing body and by University management.

  • Risk Appetite

    Risk appetite refers to the amount of risk the University is willing to accept or retain in order to achieve its objectives. The University’s risk appetite is applicable at strategic, tactical and functional level. 

    At the University, risk appetite is described as conservative, balanced or entrepreneurial.


    • The University is reluctant to accept risk exposures or potential losses.  Risk taking should proceed with caution and the University expects a higher level of confidence around the management of associated risks.
    • The University may be reluctant to take risks for the expected returns.


    • The University is willing to accept some risks to pursue opportunities and potential benefits commensurate with the risk taking. The University will take well justified risks in return for associated benefits.
    • The University expects some uncertainties in the undertaking for the expected returns.


    • The University expects a level of uncertainty and is willing to accept risks associated with the opportunity being pursued, where the opportunity is worth pursuing or too good to miss. 

    The Council sets the tone for risk taking in the University’s Risk Appetite Statement.  The document describes the application of risk appetite, and behaviours the University has zero appetite for. 

    It is important to consider all applicable risk categories during decision making. Willingness to pursue risk is contextual and therefore the risk appetite associated with a specific risk category should not be viewed in isolation.

    Risk appetite table

  • University Risk Matrix

    The University Risk Matrix outlines the categories of likelihood and consequence and the 5 x 5 risk rating matrix. The Matrix also identifies the management action required for risks rated extreme, high, medium and low risk.