|
About UQ ERMS
|
Operational Risks
|
Strategic Risks
|
|
Business Resilience
|
OH&S
|
Legal
|
|
HUPP
|
Insurance
|
ARMS
 |
|
Environmental Risk
|
Fraud & Corruption
|
Reputation
|
ABOUT UQ ERMS
UQ
Enterprise Risk Management Policy {LINK}
UQ
Enterprise Risk Management Procedures {LINK}
UQ ERM Guidelines
Guide to Enterprise Risk Management
What is Risk?
Risk is
defined in the International Standard IS 31000 as "the
effect (positive or negative) of uncertainty on objectives. Risk
is considered with reference to possible consequences and likelihood
of occurrence."
Risk
is integral to the achievement of university objectives. It is not
just about minimising the negative implications of risk, but also
enables us to focus on risk-taking opportunities that may result in
positive outcomes.
At UQ we manage
risk at all levels of the university;
- Strategic
Risk – tone at the top, those risks associated with our
strategic goals
- Operational
Risk – Faculty / Institute level, School / Centre level
- Project
Risk – contracts, research, systems
It is important
to remember that Risk Management is not something new. The
university and its staff have been facing and managing risk
successfully for over 100 years, and a long time before anyone used
the term ERM.
The ERM process
is as simple as formalising something that we already do, but as
complex as articulating just how much risk is acceptable.
What
is the Enterprise Risk Management Framework?
The ERM
framework provides a standardised approach to identify, assess and
manage risk at any level within the university.
The same
techniques can be applied whether you are operating at a strategic
level or managing a project. It applies to any type of risk whether
it be from financial, environmental, operational or safety.
The methodology
adopted at UQ is based upon the International Standard for Risk
Management ISO 31000, adopted as the Australian and New Zealand
Standard AS/NZS ISO
31000:2009.
The risk
assessment process involves
-
identification of risks
-
analysis and evaluation of risks
-
treatment of risk
When
should a risk assessment be conducted?
To be the most
effective a risk assessment should be conducted at the planning
stage, before any action has been taken. Then if the assessment
identifies an unacceptable level of risk, mitigating controls or
actions can be put in place before the university is exposed.
Risk
assessments for Faculties, Institutes and Corporate Administration
functions must be reviewed and revised at least annual, however
should be done more frequently when major changes occur, or new
risks are encountered.
Goals
of ERM
The overall aim
of ERM is to;
- create and
protect University value by contributing to the achievement of
UQ objectives,
- become an
integral part of the way we think - from strategic planning,
project management and day to day activities,
- make
“risk” part of decision making process – making informed choices
between activities with different risk profiles,
- explicitly
address “uncertainty”,
- be
systematic, structured, timely,
- use the
best available information, and acknowledge limitations of data,
- be based
on the University’s risk profile, and risk appetite,
- recognise
the impact of human, cultural and environmental factors on
objectives,
- include
perspectives of all stakeholders, not just management
- be dynamic
and responsive to change, taking account of new or emerging
risks,
-
continually improve as the University grows.
ERMS
Database
The ERMS
database is used to record the Risk assessments for Faculties,
Institutes and Corporate Administration Units.
The database
has been designed in-house.
Strategic
Risk
Operational
Risk
Project Risk
