Defines the accountabilities and structures for ensuring that sound risk management practices are incorporated into RMIT’s planning and decision making processes.This enables RMIT to maximise opportunities, minimise adversity and increase organisational resilience.
Who is it for?
This policy is applicable to all students and staff members. It also applies to contractors, service providers, clients, customers and visitors when they are engaged in University activities, and is applicable to all RMIT locations whether in Australia or overseas.
1.1. The Risk Management Framework is based upon and guided by the International Risk Management Standard AS/NZS ISO 31000:2009 (the Standard).
1.2. The RMIT Council provides strategic oversight and monitoring of the RMIT Group’s risk management activities and performance and ensures the degree of exposure that RMIT is prepared to accept in pursuit of its objectives is established and articulated in RMIT’s statement on risk appetite.
1.3. The Council Audit & Risk Management Committee, with support of the Internal Audit and Risk Management function, periodically reviews the effectiveness of the RMIT Risk management policy process and its application to potential risk exposures, monitor the alignment of risk-appetite and risk-profile, and ensures internal audit plans for the RMIT Group include appropriate consideration of risk.
1.4. The Internal Audit and Risk Management function is responsible for:
1.4.1. The development and continuous review of the RMIT Risk Management Framework.
1.4.2. Conducting periodic reviews of risk register reports of the RMIT Group and providing an analysis of trends and changes in risk-profile against risk-appetite to the Executive and the Council Audit & Risk Management Committee
1.4.3. Ensuring the placement of insurances for the RMIT Group that achieves the optimal balance between retention and transfer of insurable risk exposures and providing interpretation and advice to staff and students with regards to details of policy cover, conditions, exclusions and limitations.
2.1. Executive Team members, Heads of School, Executive Directors and Directors are responsible for applying the RMIT Risk Management Framework to develop risk management plans for their Portfolio, College, School or Operating Groups’ normal operations, and for monitoring implementation of strategies identified in those plans to ensure that material business risks are dealt with appropriately and on a timely basis, including:
2.1.1. Championing a culture of risk awareness that includes a focus on the identification of opportunities as well as risks.
2.1.2. Ensuring the Risk Register is current.
2.1.3. Allocating responsibility for managing individual risks and actions required to implement risk mitigation strategies.
2.1.4. Monitoring and reporting on progress of risk mitigation strategies.
2.2. Staff allocated with responsibility for managing individual risks must:
2.2.1. Manage the risk, including designing, implementing and monitoring appropriate mitigation actions.
2.2.2. Assess the effectiveness of existing controls and design improvements as required.
3.1. The Internal Audit & Risk Management function is responsible for developing, testing and periodically reviewing the effectiveness of the Business Continuity Management Framework. to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise,
3.2. Executive and management staff are responsible for the development of Business Impact Assessments that identify processes and resources required to ensure they can continue to meet critical objectives during conceivable material disruption events, including the identification of local material disruption threats; business continuity planning and implementation; and managing business continuity or recovery efforts in the event of a significant disruption in their areas of responsibility
3.3. These BCP’s will be reviewed annually as part of our overall risk management framework.
4.1. RMIT will establish and maintain a systematic approach for the management of incidents that may affect RMIT's people, operations or reputation.
4.2. Critical incident and emergency response processes are routinely tested.
4.3. The COO (Chief Operating Officer) is responsible for developing and implementing processes for the establishment and mobilisation of a Critical Incident Management Team (CMT) to provide oversight and direction of Critical Incident management and recovery effort.
4.3.1. Campus Safety & Security division within Facilities and Asset Management (Property Services) is responsible for developing and implementing processes for Emergency response and management
4.4. The designated Critical Incident Team Leader will be the Chief Operating Officer, unless this role is otherwise appointed by the Vice-Chancellor and President.
4.5. Protocols and processes to be followed for the management of Critical Incidents are set out in the Critical Incident Manual.
Staff should refer to Risk management on the WorkLife policy site for more information.
Status & details
Custodian: Vice-President Strategy & Governance
Operational responsibility: Internal Audit and Risk Management / Property Services / Human Resources
Effective from: 9 November 2017
Last updated: 9 November 2017