The University is committed to embedding a robust risk management culture that will enable the University to be agile and responsive to changes in the higher education landscape, while driving maximum benefit from opportunities and innovation.
The risk environment
The University operates in an inherently complex and dynamic risk environment, where staff are encouraged to embrace informed risk-taking in pursuit of strategic and organisational imperatives, supported by evidence-based decisions and in compliance with legislation, policy and operational guidelines.
The University governance process provides an effective framework and systems for risk oversight, management and reporting; and provides staff with the capability, knowledge and tools to effectively identify and manage risks.
The University’s Audit and Risk Management Committee provides advice on the appropriateness of the system of risk oversight and management as a whole and any specific areas of concern or suggestions for improvement. The Finance Committee supports and advises Council and the Executive in respect of risks as they apply to the University’s financial performance, investment portfolio and commercial activities. The Internal Audit program of performance and compliance audits assist to validate and improve the effectiveness of the University’s systems of internal control and risk management.
The University’s Fraud Control Framework and Fraud Control Plan, policy and procedures are still maturing and serve to underpin the University’s zero tolerance for fraud. These are supported by fraud risk assessments and ongoing activities in relation to fraud prevention, detection and reporting. The University also engages with government and industry to monitor and respond to emerging and continuing strategic risks involving, for example, foreign interference, money-laundering and information/cyber security.
During 2022, further awareness-raising will be delivered to support and promote positive and informed risk behaviour.
The University recognises that it is not possible, nor desirable, to eliminate all of the risks inherent in its work. Accepting some degree of risk in business practices promotes efficiency and innovation. The University is willing to accept higher levels of risk when the potential benefits outweigh the negative consequences of informed risk taking. In doing so, it must be able to demonstrate that it made evidence and risk based decisions.
The University’s risk appetite statements assist in decision-making and help determine the University’s approach to controlling risks and prioritising resources.