Risk oversight & management

ANU is committed to embedding a robust risk management culture that will enable the University to be agile and responsive to changes in the higher education landscape, while generating maximum benefit from opportunities and facilitating innovation.

The risk environment

ANU operates in an inherently complex and dynamic risk environment, where staff are encouraged to embrace informed risk-taking in pursuit of the University’s strategic and organisational imperatives, supported by evidence- based decisions and in compliance with legislation, policy and operational guidelines.

University governance provides the appropriate frameworks and systems for risk oversight, management and reporting, and provides staff with the capability, knowledge and tools to effectively identify and manage risks. The University’s Enterprise Risk Management Framework (ERMF) and Risk Management Policy draw on section 16 of the PGPA Act as well as the Australian/New Zealand Standard Risk Management standard (called ISO31000:2018).

Creating a positive risk culture

During 2019 and for much of 2020, the University has sought to enhance its risk management maturity and capability through a staged roadmap. To do this, the Enterprise Risk Management Framework:

• develops a positive risk culture where University management has a common understanding of key risks and feeds risk information into decision-making at all levels
• ensures that significant risks have been identified, understood, documented and actively managed
• assesses risk in a balanced way, with upside risks (opportunities) considered alongside downside risks (threats)
• sustains the usefulness of risk registers and practical risk analysis tools.

Managing risk

In 2020, the University will continue to implement Strategy Dot Zero (SDZ), an online platform designed to support the University’s strategic planning, monitoring and reporting functions. SDZ provides the University leadership and key stakeholders with a coherent view of its strategic and operational risks, and the controls in place to address them. The University’s Audit and Risk Management Committee and Internal Audit program of performance and compliance audits assist to validate and improve the effectiveness of the University’s systems of internal control and risk management.

The Finance Committee supports and advises the Council and Executive throughout the year on the University’s financial risk management.

The University’s Fraud Control Framework and Fraud Control Plan, policy and procedures are maturing (now also including future resourcing) and underpin the University’s zero tolerance for fraud. These are supported by fraud risk assessments and ongoing activities related to fraud prevention, detection and reporting.

The University also engages with government and industry to monitor and respond to emerging strategic risks involving, for example, foreign interference, money laundering and information security, in conjunction with the work of the University’s Chief Information Security Officer (CISO).