Risk Management Policy
Responsibility for policy: Audit and Risk Committee
Approving authority: Council
Last reviewed: December 2016
Next review date: December 2019
- This policy applies to all staff of the University of Waikato.
- The purpose of this policy is to set out the principles and responsibilities that underpin the University's Risk Management Framework.
- The following documents set out further information relevant to this policy:
- In this policy:
risk means the possibility of an event or circumstance occurring that has a negative impact on the achievement of objectives. It is measured in terms of the likelihood of an event of circumstance and its potential consequences
risk assessment means the process of identification, analysis, and evaluation of risk, and may involve qualitative (e.g. reputation) and/or quantitative (e.g. financial) assessment
risk management means the coordination of strategic and/or operational activities in order to control risk.
- Council and the Vice Chancellor encourage the taking of controlled risks, the exploration of new opportunities and the use of innovative approaches to further the interests of the University provided an appropriate risk assessment has been undertaken in accordance with the Risk Management Framework and the resultant risk exposure has been determined to be acceptable by the relevant Dean, Director or equivalent and, in the case of risks assessed as ‘High’ or ‘Very High’, the Manager – Internal Audit and Risk.
- Risk assessment must be incorporated as part of planning processes at all levels of the University, including for all new research and teaching initiatives, investments and capital projects.
The Risk Management Framework
- The University has developed a Risk Management Framework, endorsed by the Audit and Risk Committee, that applies to strategic and operational risks and that sets out the University’s levels of risk appetite.
- The Risk Management Framework and levels of risk appetite are reviewed annually by the Manager – Internal Audit and Risk.
Responsibilities and authorities
- Specific responsibilities and authorities for risk assessment and management are set out in the University’s Risk Management Framework, however a risk may be identified by any staff member at any time.
- Deans, Directors and equivalent are responsible for:
- ensuring that a Risk Management Register is maintained for their Faculty or Division in accordance with the Risk Management Framework
- ensuring that all staff within their Faculty or Division are aware of the process for identifying risks and adding them to the Register
- ensuring that the Register is reviewed every six months
- reporting to the Manager, Internal Audit and Risk, any risk evaluated in accordance with the Risk Management Framework as ‘Very High’ or ‘High’ as soon as possible once identified.
- The Manager, Internal Audit and Risk, is responsible for:
- the design, implementation, monitoring, and review of a Risk Management Framework that upholds the principles set out in this policy
- facilitating risk assessments and risk management activities
- providing training, advice and support with respect to the assessment, analysis and evaluation of risks
- providing an annual report to the Audit and Risk Committee on the application of the Risk Management Framework and resulting levels of risk appetite
- providing an annual report to the Audit and Risk Committee on compliance with this policy.
Responsibility for monitoring compliance
- The Manager, Internal Audit and Risk is responsible for monitoring compliance with this policy and reporting any breaches to the Audit and Risk Committee.
- Breaches of this policy may result in disciplinary action under the Staff Code of Conduct.