Risk management

Module 1

Introduction to risk management

Content of this module

• Risk and risk management

• Thinking about risk

• Why Universities are concerned with risk management

• Risk Management Standard

• What CSU is doing about risk management

Risk in our everyday lives

We face risks of dying (for one year):• Traveling by train 1:10 283 615• Traveling by bus 1: 6 696 307• Lightning 1: 4 362 746• Falling out of bed (or chair) 1: 366 804 • Falling on stairs 1:180 188• Traveling by car 1: 17 625

What the psychologists say

We are not perfect in assessing everyday risks – we tend to;

• overestimate the significance of rare but dramatic factors

• give risks greater weighting where consequence occurs immediately after cause

• Pay greater attention to the potential losses than the potential gains

Discussion point

In your group, come up with:

• Three everyday risks that we tend to underestimate; and

• Three everyday risks that we tend to overestimate

Definition• ‘Risk’ has a common language understanding:

from the Oxford English Dictionary– the possibility that something unpleasant will happen

(noun)– expose to danger or loss (verb)

• The definition from the Standard:The chance of something happening that will have an

impact upon objectives

• Can be avoiding the adverse effects of negative events or capitalizing on positive events

Definition of risk managementDefinition of risk management from the Standard:

‘The culture, processes and structures that are directed towards realizing the potential opportunities whilst managing adverse effects’

Represents a rational response to dealing with an unknowable future

Objectives of risk managementObjective:• To document the process to meet compliance requirements• Better decision-making• Better identification of opportunities and threats• Gaining values from uncertainty and variability

Process ‘The systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying analysing, evaluating, treating monitoring and reviewing risk’

Risk management in universities Universities are large complex educational

institutions and have similar risks to other large institutions, as well as many that are specific, for example students:

• undertaking projects off campus• not yet legally adults• who may be pregnant • undertaking practical work in laboratories or with

agricultural machinery

Some university examples of risky behaviour

We are going to look quickly at three real cases that occurred in NSW universities. At the end, we are going to:

• Identify the major risk(s)• Discuss how we might prevent it

happening at CSU• Discuss how we should respond to the

issues• Could it happen at CSU?

Plagiarism at University of Newcastle

• Allegation of plagiarism by sessional staff member

• Assignments remarked and passed to avoid controversy

• University plagiarism policies not applied• Not properly investigated by the University• Breaches by senior academics of the University

code of conduct

Enrolment scam at University of Sydney

• The University engaged external agents to recruit overseas students and certify that they have necessary qualifications

• Those agents were paid by students and documents approved that were forgeries

• Consequently a number of students were enrolled who did not meet the University’s standards

Corruption at the University of Technology, Sydney

• A staff member gained improper access to electronic student records

• He used this access to alter those records in the students’ favour

• He received payment and gifts for altering records

Discussion pointIn your groups, looking at these cases:

• Identify the major risk(s)

• Discuss how we might prevent it happening at CSU

• Discuss how we should respond to the issues

• Could it happen at CSU?

Risk Management Standard

• Full Title: Risk Management AS/NZS 4360:2004

• Issued by Standards Australia, first version in 1995

• Available online to CSU staff and students

• Accepted by all governments in Australia, regulators (including the NSW Audit Office) and internationally

Outline of Standard

Some thoughts about the Standard• Risk management is much more than a generic

series of steps • These need to be backed up with the promotion

of cultural change within an organization and structures for monitoring and evaluation

• The Standard is of a general nature and most large institutions adapt it for their use with specific tools– CSU has done this and a more detailed description of

one of these tools occurs in Module 2

What CSU is doing about risk management

• Risk management policy

• Risk management responsibilities

• Strategic risk assessment

• Protocol 11

• Promoting a risk management culture in CSU

Risk management policy

• The University’s risk management policy is its formal commitment to applying the principles of risk management to its operations

• The policy recognises that risk management is necessary for the effective management of the business of the University, good corporate governance and taking advantage of opportunities

• The policy commits CSU to applying the Risk Management Standard

• It is recommended that all staff familiarise themselves with this document

Objectives of the policy• to ensure that corporate risks are taken into

account when undertaking strategic management decisions

• to ensure the management of operational risks is integrated into standard management and accountability processes

• to develop an environment where staff assume responsibility for identifying and managing risks

Risk appetite

• University needs to accept levels of risk commensurate with the expected opportunities and benefits

• University’s tolerance is low for unmitigated risks to the environment and the health, safety and welfare of staff, students and visitors

Key responsibilitiesUniversity Council

Approve policy, determine risk profile, monitor policy

Vice Chancellordevelop and implement policies and procedures, identify and manage strategic risks

Executives and managersidentify and determine actions to address risks

Internal auditprovide advice on the risk management framework and to monitor the effectiveness of the framework

Key risk criteriaThe key risk categories used by CSU are outlined in the CSU Risk Management Policy and are:• health and safety and environment• values, ethics and institutional reputation,• business continuity,• quality• financial sustainability,• compliance with laws, regulations and policies

Strategic risk assessment• The first draft was produced during 2005• It looks at the key external and internal risks for

CSU, including the effectiveness of treatment options

• The assessment is being reviewed by Council and the Senior Executive Group

• When finalised, the strategic risk assessment will assist managers in placing operational risks in context

Protocol 11• Under the Higher Education Support Act 2003

there are National Governance Protocols for Higher Education Institutions

• One of these Protocols (Number 11) requires universities to undertake risk assessments of any joint ventures that they are involved in. Funding is linked to compliance with this requirement

• CSU has completed its assessment of its joint ventures and has submitted the 2005 report to DEST

Promoting a risk management culture in CSU

• Establishment of the risk management committee, chaired by Professor Chambers (DVC) Academic

• Development of risk management tools, specifically tailored for CSU

• Establishing a program for raising awareness of risk management

• Skills training in risk management• Including risk management in the performance management

framework and as a selection criterion for the appointment of new staff

• Maximising Opportunity and Managing Risk Conference for Managers and Leaders in November 2006

Discussion point

What more could CSU be doing to promote

good risk management practices?