Risk In Research
All researchers have a responsibility to identify risks associated with their research and ensure these risks are managed appropriately at the outset and throughout the full lifecycle of proposed and current research activities.
Risk management benefits researchers and research activities in a number of ways. The actions, processes, and controls put in place to manage risks in research enable you to:
- Effectively plan and acquire the appropriate training/certificates, resources, and infrastructure necessary to achieve research objectives/targets
- Ensure that research is conducted in a safe manner for all personnel and participants involved
- Conduct high quality and responsible research that complies with relevant laws, regulation guidelines, and policies
- Minimise the loss of critical data and materials and interruptions to supply chain
- Minimise significant financial costs/losses
- Protect and manage the application of research findings and outcomes to maximise economic and social impacts
Protect you personally, and the University, from serious consequences ranging from reputational damage to legal action and the possibility of financial penalties, and in extreme cases, periods of imprisonment
A new process has been established to support researchers in their effective management of key risks, which may be associated with their projects, and ensure that projects can be responsibly managed and monitored to avoid any adverse consequences. This entails completing a simple risk assessment using the University risk assessment and management plan and registering of high or extreme risks in the University Risk Register, which will be subject to a review and approval process.
Who needs to do a risk assessment?
Under the University’s Risk Management Policy and Framework, Chief Investigators, as the designated ‘risk owners' for their research projects, are required to complete a risk assessment using the University risk assessment and management plan before applying for funding or establishing any research projects or programs that are not the subject of a specific funding application and ensure that risks rated as extreme or high are referred to the Director Risk Services for recording in the University Risk Register.
Chief Investigators will be prompted to undertake a risk assessment when submitting a research funding request (RFR) form and research funding acceptance (RFA) form to Research Services, or when approving a Project approval form (PAF) from Innovation and Commercial Partners.
All researchers, however, have a responsibility to proactively identify, assess and monitor threats and opportunities on an ongoing basis and report extreme and high risks to the relevant risk owners for appropriate escalation and treatment.
How do I conduct a risk assessment?
A risk assessment and management plan has been developed to assist researchers with undertaking an easy risk assessment of their research activities, and should be completed in accordance with the University Risk Matrix. For a detailed explanation of risk management steps, see Part C: Methodology/Process of the Risk Management Framework.
What do I do with my risk assessment?
If your project is rated HIGH or EXTREME, you must send your risk assessment and a copy of any supporting documentation to Risk Services (firstname.lastname@example.org) for logging onto the University’s risk register.
Entering High/Extreme projects into the Risk Register triggers a consistent delegation and approval process as well as ongoing support and management of risk at the Faculty / School level:
- Risk = High - approval from the Head of School and Executive Dean is required
- Risk = Extreme - approval from the Head of School, Executive Dean, and DVCR is required
If your project risk is rated as low or medium, save a local copy for your records and revisit this document throughout the lifecycle of the project and as conditions to your project change. These risks can be monitored and/or mitigated locally.
Risk assessments should be retained in accordance with the University’s Information Management Policy (contact the University’s Records Services Office for further assistance/information if required).
What are the key risks in research?
Research activities may give rise to major or extreme consequences for the University when they are not managed appropriately according to a risk management plan.
Certain types of research are particularly of concern:
- Engagements with foreign entities - that have not been evaluated by delegated authorities and deemed to be compliant to the Foreign Influence Transparency Scheme (FITS), Foreign Arrangements Scheme, Foreign Interference, Defence Trade Controls Act, International Sanctions and other foreign relations obligations that may be imposed by Government
- Research involving non-human primates, gene technology, biohazardous material, quarantine of goods, and minors (children < 18 years of age)
- Personal and sensitive data
- Plant or seed research involving genetically modified organisms (GMOs) or the tobacco industry
- Activities requiring handling or storing of chemical, biological, security sensitive or radiological agents
- Cold storage of research samples
- IP and commercialisation
Note that this list only includes some types of research, not the risks related to these areas of research. For example, there is little risk in gene technology when working with materials in appropriate facilities – the risk lies in unauthorised use of certain technologies, transporting material inappropriately, risk of an inadvertent release of GMOs from a containment facility, etc. Moreover, the University holds numerous accreditations/approvals/permits under legislation and that non-compliance with or loss of any of these potentially risks all research at the University.
Consequently, it is important to not only consider the risks to your own project but also the risks associated with the following:
- potential for and/or possible causes of an incident/adverse event, including those that would constitute a notifiable event human behavioural risks (staff/students/others)
- risks associated with reduced staffing, staff availability (e.g. weekends, holidays, closures)
- potential emergency situations – infection, physical security
A research risk assessment guide has been created to assist in identifying whether you may be introducing a high or extreme risk to the University or putting yourself at risk.
What is the University’s appetite for research risk?
The University is committed to expanding and diversifying its research programs and industry engagement, the recruitment of high calibre students and staff, while maintaining the student experience and our reputation. At all times, our initiatives must remain ethical and must be appropriately considered in terms of the feasibility of success and the investment required.
The University has a balanced to entrepreneurial appetite for risk towards research. Risk tolerance levels vary as follows:
- Higher tolerance for pursuing research opportunities, partnerships and high performing staff that contribute to the translation of research, our reputation of excellence, and enhance our rankings.
- Higher tolerance for responding to and accommodating the industry specific (Industry Engagement Partners) appetites for investment in development (R&D).
- Higher tolerance for systems, philosophy and spaces that activate the maximum benefit of R&D outcomes (utilisation, management of conflict of interest).
- Lowest tolerance for engagement with organisations who don’t share our values, or from whose association with us will cause unacceptable risk to our reputation and brand, and damage our overall engagement with community.
- Lowest tolerance for compromising the quality of research.
- Zero tolerance for research misconduct, breach of relevant National Codes, fraudulent research, or false publication of research data or material.
See Appendix 3 of the Risk Management Framework for more details.