Risk management
Module 1
Introduction to risk management
Content of this module
• Risk and risk management
• Thinking about risk
• Why Universities are concerned with risk
management
• Risk Management Standard
• What CSU is doing about risk
management
Risk in our everyday lives
We face risks of dying (for one year):
• Traveling by train
1:10 283 615
• Traveling by bus
1: 6 696 307
• Lightning
1: 4 362 746
• Falling out of bed (or chair) 1: 366 804
• Falling on stairs
1:180 188
• Traveling by car
1: 17 625
What the psychologists say
We are not perfect in assessing everyday
risks – we tend to;
• overestimate the significance of rare but
dramatic factors
• give risks greater weighting where consequence
occurs immediately after cause
• Pay greater attention to the potential losses than
the potential gains
Discussion point
In your group, come up with:
• Three everyday risks that we tend to
underestimate; and
• Three everyday risks that we tend to
overestimate
Definition
• ‘Risk’ has a common language understanding:
from the Oxford English Dictionary
– the possibility that something unpleasant will happen
(noun)
– expose to danger or loss (verb)
• The definition from the Standard:
The chance of something happening that will have an
impact upon objectives
• Can be avoiding the adverse effects of negative
events or capitalizing on positive events
Definition of risk management
Definition of risk management from the
Standard:
‘The culture, processes and structures that
are directed towards realizing the potential
opportunities whilst managing adverse
effects’
Represents a rational response to dealing
with an unknowable future
Objectives of risk management
Objective:
• To document the process to meet compliance requirements
• Better decision-making
• Better identification of opportunities and threats
• Gaining values from uncertainty and variability
Process ‘The systematic application of management policies,
procedures and practices to the tasks of communicating, establishing the
context, identifying analysing, evaluating, treating monitoring and
reviewing risk’
Risk management in universities
Universities are large complex educational
institutions and have similar risks to other
large institutions, as well as many that are
specific, for example students:
•
•
•
•
undertaking projects off campus
not yet legally adults
who may be pregnant
undertaking practical work in laboratories or with
agricultural machinery
Some university examples of risky
behaviour
•
•
•
•
We are going to look quickly at three real
cases that occurred in NSW universities.
At the end, we are going to:
Identify the major risk(s)
Discuss how we might prevent it
happening at CSU
Discuss how we should respond to the
issues
Could it happen at CSU?
Plagiarism at University of
Newcastle
• Allegation of plagiarism by sessional staff
member
• Assignments remarked and passed to avoid
controversy
• University plagiarism policies not applied
• Not properly investigated by the University
• Breaches by senior academics of the University
code of conduct
Enrolment scam at University of
Sydney
• The University engaged external agents to
recruit overseas students and certify that they
have necessary qualifications
• Those agents were paid by students and
documents approved that were forgeries
• Consequently a number of students were
enrolled who did not meet the University’s
standards
Corruption at the University of
Technology, Sydney
• A staff member gained improper access to
electronic student records
• He used this access to alter those records
in the students’ favour
• He received payment and gifts for altering
records
Discussion point
In your groups, looking at these cases:
• Identify the major risk(s)
• Discuss how we might prevent it
happening at CSU
• Discuss how we should respond to the
issues
• Could it happen at CSU?
Risk Management Standard
• Full Title: Risk Management AS/NZS
4360:2004
• Issued by Standards Australia, first version
in 1995
• Available online to CSU staff and students
• Accepted by all governments in Australia,
regulators (including the NSW Audit
Office) and internationally
Outline of Standard
Some thoughts about the Standard
• Risk management is much more than a generic
series of steps
• These need to be backed up with the promotion
of cultural change within an organization and
structures for monitoring and evaluation
• The Standard is of a general nature and most
large institutions adapt it for their use with
specific tools
– CSU has done this and a more detailed description of
one of these tools occurs in Module 2
What CSU is doing about risk
management
•
•
•
•
•
Risk management policy
Risk management responsibilities
Strategic risk assessment
Protocol 11
Promoting a risk management culture in
CSU
Risk management policy
• The University’s risk management policy is its formal
commitment to applying the principles of risk
management to its operations
• The policy recognises that risk management is
necessary for the effective management of the business
of the University, good corporate governance and taking
advantage of opportunities
• The policy commits CSU to applying the Risk
Management Standard
• It is recommended that all staff familiarise themselves
with this document
Objectives of the policy
•
•
•
to ensure that corporate risks are taken into
account when undertaking strategic
management decisions
to ensure the management of operational risks
is integrated into standard management and
accountability processes
to develop an environment where staff assume
responsibility for identifying and managing
risks
Risk appetite
• University needs to accept levels of risk
commensurate with the expected
opportunities and benefits
• University’s tolerance is low for
unmitigated risks to the environment and
the health, safety and welfare of staff,
students and visitors
Key responsibilities
University Council
Approve policy, determine risk profile, monitor policy
Vice Chancellor
develop and implement policies and procedures,
identify and manage strategic risks
Executives and managers
identify and determine actions to address risks
Internal audit
provide advice on the risk management framework and
to monitor the effectiveness of the framework
Key risk criteria
The key risk categories used by CSU are outlined
in the CSU Risk Management Policy and are:
• health and safety and environment
• values, ethics and institutional reputation,
• business continuity,
• quality
• financial sustainability,
• compliance with laws, regulations and policies
Strategic risk assessment
• The first draft was produced during 2005
• It looks at the key external and internal risks for
CSU, including the effectiveness of treatment
options
• The assessment is being reviewed by Council
and the Senior Executive Group
• When finalised, the strategic risk assessment
will assist managers in placing operational risks
in context
Protocol 11
• Under the Higher Education Support Act 2003
there are National Governance Protocols for
Higher Education Institutions
• One of these Protocols (Number 11) requires
universities to undertake risk assessments of
any joint ventures that they are involved in.
Funding is linked to compliance with this
requirement
• CSU has completed its assessment of its joint
ventures and has submitted the 2005 report to
DEST
Promoting a risk management
culture in CSU
• Establishment of the risk management committee, chaired by
Professor Chambers (DVC) Academic
• Development of risk management tools, specifically tailored
for CSU
• Establishing a program for raising awareness of risk
management
• Skills training in risk management
• Including risk management in the performance management
framework and as a selection criterion for the appointment of
new staff
• Maximising Opportunity and Managing Risk Conference for
Managers and Leaders in November 2006
Discussion point
What more could CSU be doing to promote
good risk management practices?