Risk management Module 1 Introduction to risk management Content of this module • Risk and risk management • Thinking about risk • Why Universities are concerned with risk management • Risk Management Standard • What CSU is doing about risk management Risk in our everyday lives We face risks of dying (for one year): • Traveling by train 1:10 283 615 • Traveling by bus 1: 6 696 307 • Lightning 1: 4 362 746 • Falling out of bed (or chair) 1: 366 804 • Falling on stairs 1:180 188 • Traveling by car 1: 17 625 What the psychologists say We are not perfect in assessing everyday risks – we tend to; • overestimate the significance of rare but dramatic factors • give risks greater weighting where consequence occurs immediately after cause • Pay greater attention to the potential losses than the potential gains Discussion point In your group, come up with: • Three everyday risks that we tend to underestimate; and • Three everyday risks that we tend to overestimate Definition • ‘Risk’ has a common language understanding: from the Oxford English Dictionary – the possibility that something unpleasant will happen (noun) – expose to danger or loss (verb) • The definition from the Standard: The chance of something happening that will have an impact upon objectives • Can be avoiding the adverse effects of negative events or capitalizing on positive events Definition of risk management Definition of risk management from the Standard: ‘The culture, processes and structures that are directed towards realizing the potential opportunities whilst managing adverse effects’ Represents a rational response to dealing with an unknowable future Objectives of risk management Objective: • To document the process to meet compliance requirements • Better decision-making • Better identification of opportunities and threats • Gaining values from uncertainty and variability Process ‘The systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying analysing, evaluating, treating monitoring and reviewing risk’ Risk management in universities Universities are large complex educational institutions and have similar risks to other large institutions, as well as many that are specific, for example students: • • • • undertaking projects off campus not yet legally adults who may be pregnant undertaking practical work in laboratories or with agricultural machinery Some university examples of risky behaviour • • • • We are going to look quickly at three real cases that occurred in NSW universities. At the end, we are going to: Identify the major risk(s) Discuss how we might prevent it happening at CSU Discuss how we should respond to the issues Could it happen at CSU? Plagiarism at University of Newcastle • Allegation of plagiarism by sessional staff member • Assignments remarked and passed to avoid controversy • University plagiarism policies not applied • Not properly investigated by the University • Breaches by senior academics of the University code of conduct Enrolment scam at University of Sydney • The University engaged external agents to recruit overseas students and certify that they have necessary qualifications • Those agents were paid by students and documents approved that were forgeries • Consequently a number of students were enrolled who did not meet the University’s standards Corruption at the University of Technology, Sydney • A staff member gained improper access to electronic student records • He used this access to alter those records in the students’ favour • He received payment and gifts for altering records Discussion point In your groups, looking at these cases: • Identify the major risk(s) • Discuss how we might prevent it happening at CSU • Discuss how we should respond to the issues • Could it happen at CSU? Risk Management Standard • Full Title: Risk Management AS/NZS 4360:2004 • Issued by Standards Australia, first version in 1995 • Available online to CSU staff and students • Accepted by all governments in Australia, regulators (including the NSW Audit Office) and internationally Outline of Standard Some thoughts about the Standard • Risk management is much more than a generic series of steps • These need to be backed up with the promotion of cultural change within an organization and structures for monitoring and evaluation • The Standard is of a general nature and most large institutions adapt it for their use with specific tools – CSU has done this and a more detailed description of one of these tools occurs in Module 2 What CSU is doing about risk management • • • • • Risk management policy Risk management responsibilities Strategic risk assessment Protocol 11 Promoting a risk management culture in CSU Risk management policy • The University’s risk management policy is its formal commitment to applying the principles of risk management to its operations • The policy recognises that risk management is necessary for the effective management of the business of the University, good corporate governance and taking advantage of opportunities • The policy commits CSU to applying the Risk Management Standard • It is recommended that all staff familiarise themselves with this document Objectives of the policy • • • to ensure that corporate risks are taken into account when undertaking strategic management decisions to ensure the management of operational risks is integrated into standard management and accountability processes to develop an environment where staff assume responsibility for identifying and managing risks Risk appetite • University needs to accept levels of risk commensurate with the expected opportunities and benefits • University’s tolerance is low for unmitigated risks to the environment and the health, safety and welfare of staff, students and visitors Key responsibilities University Council Approve policy, determine risk profile, monitor policy Vice Chancellor develop and implement policies and procedures, identify and manage strategic risks Executives and managers identify and determine actions to address risks Internal audit provide advice on the risk management framework and to monitor the effectiveness of the framework Key risk criteria The key risk categories used by CSU are outlined in the CSU Risk Management Policy and are: • health and safety and environment • values, ethics and institutional reputation, • business continuity, • quality • financial sustainability, • compliance with laws, regulations and policies Strategic risk assessment • The first draft was produced during 2005 • It looks at the key external and internal risks for CSU, including the effectiveness of treatment options • The assessment is being reviewed by Council and the Senior Executive Group • When finalised, the strategic risk assessment will assist managers in placing operational risks in context Protocol 11 • Under the Higher Education Support Act 2003 there are National Governance Protocols for Higher Education Institutions • One of these Protocols (Number 11) requires universities to undertake risk assessments of any joint ventures that they are involved in. Funding is linked to compliance with this requirement • CSU has completed its assessment of its joint ventures and has submitted the 2005 report to DEST Promoting a risk management culture in CSU • Establishment of the risk management committee, chaired by Professor Chambers (DVC) Academic • Development of risk management tools, specifically tailored for CSU • Establishing a program for raising awareness of risk management • Skills training in risk management • Including risk management in the performance management framework and as a selection criterion for the appointment of new staff • Maximising Opportunity and Managing Risk Conference for Managers and Leaders in November 2006 Discussion point What more could CSU be doing to promote good risk management practices?