Comments

Document Feedback - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Protected Document to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

 

Risk Management Policy

Section 1 - Purpose

(1) To set out the key principles and expectations to support the effective management and oversight of risks to the RMIT Group strategy, objectives, and activities, and promote transparency and integrity in the RMIT Group decision-making processes. 

Top of Page

Section 2 - Overview

(2) RMIT University is a public institution under Victorian law and stands on Aboriginal Country of the Kulin Nation. RMIT recognises and acknowledges the Bundjil Statement that helps all RMIT staff to respectfully work, live and study on Aboriginal Country.

(3) This policy outlines the RMIT Group’s approach to risk management, which is based on the international standard ISO 31000, and describes the key principles and responsibilities to facilitate the effective management and oversight of risk across the RMIT Group.

Top of Page

Section 3 - Scope

(4) This policy is Group-wide and applies to all RMIT Group entities, employees, contractors and third parties undertaking RMIT Group business in any location.

(5) The policy extends to all current and future activities of the RMIT Group.

Top of Page

Section 4 - Policy

Risk Management Objective

(6) The objective of risk management is to support the delivery of our strategic objectives, while taking advantage of potential opportunities and managing possible adverse effects, through the effective identification, measurement, prioritisation, treatment, and ongoing monitoring of risk.

Risk Management Principles

(7) Risk is inherent: Risk is inherent in all academic and administrative activities of RMIT Group, and in all markets where RMIT Group operates.

(8) Risk is aligned to strategy: Our risk appetite specifies the amount of risk the RMIT Group is willing to seek or accept in pursuit of its strategic objectives and delivery of its annual operating plans. 

(9) Clarity of accountability: RMIT Group risk management supports clear accountabilities for all stakeholders across the risk management lifecycle, and ensures those stakeholders are adequately equipped to exercise them.

(10) Evidence-based: RMIT Group approach to risk management is evidence-based and data-driven, supporting effective evaluation, prioritisation and decision-making.

(11) Positive risk culture: Risk is everyone’s responsibility and is embedded in the way work is conducted across all RMIT Group academic, research and non-academic operations. It encourages open and transparent discussion about risk and opportunity.

(12) Risk is a life cycle: Risks change over time. Risks are monitored, reviewed and assured to ensure RMIT’s position remains relevant and appropriate, and in line with our risk appetite.

Risk Management Framework

(13) This policy seeks to establish and maintain the culture, structure and processes to support the RMIT Group to take advantage of potential opportunities and manage possible adverse effects in line with the RMIT Group risk appetite.

(14) This policy is implemented through the RMIT Group Risk Management Framework. It consists of the following components:

  1. Risk Management Model (refer to diagram in Schedule 1)
    The Risk Management Model describes the key components of the RMIT Group Risk Management Framework. It sets out the overall risk management process, along with the supporting oversight, accountability and operating models.
  2. Risk Appetite Statement
    The Risk Appetite Statement specifies the amount of risk the University is willing to accept in pursuit of its strategic objectives and delivery of its annual operating plans (business objectives). The Risk Appetite Statement is set by Council and reviewed annually. It is considered during RMIT Group planning and decision-making processes.
  3. Risk Management Lines of Accountability
    The Risk Management Lines of Accountability provides detailed guidance, based on the Responsibilities section below, on the risk and assurance activities specific to key roles and committees across the RMIT Group.
  4. Supporting Risk Management Procedures, Systems, Processes and Training
    These are the supporting processes and tools that enable the effective implementation of the Risk Management Process.

Responsibilities

(15) RMIT University Council (Council) is responsible for:

  1. overseeing and monitoring the assessment and management of risk across the RMIT Group, including commercial activities, in accordance with the Royal Melbourne Institute of Technology Act 2010
  2. setting the risk appetite for the RMIT Group
  3. ensuring a sound system of risk oversight and assurance, with appropriate policies and processes for management, internal control, and external oversight, in accordance with the RMIT Council Governance Charter.

(16) Academic Board is responsible for:

  1. oversight and monitoring of the academic affairs of the RMIT Group as required by the RMIT Act and Council’s establishment of Academic Board as the peak academic governance body within the RMIT Group.
  2. oversight of academic risks as specified in the Academic Board Regulations.

(17) Audit and Risk Management Committee is responsible for:

  1. acting on behalf of Council to monitor the audit and risk management of the RMIT Group and associated processes
  2. reviewing RMIT’s risk profile, risk framework, risk identification and risk management on a regular basis to ensure they are regularly updated, and material business risks of the RMIT Group are dealt with appropriately and on a timely basis.

(18) The Enterprise Risk Management Team is responsible for:

  1. developing and maintaining the Risk Management Policy and associated framework; this includes the risk management operating rhythm, processes, guidance and tools
  2. facilitating and coordinating the regular reporting of risks to Council and sub-committees, the Audit and Risk Management Committee, the Academic Board and Vice-Chancellor's Executive
  3. advising and supporting teams across RMIT in the implementation of the Risk Management Framework, and the effective identification of risks, assessment of risk exposure, and in the development of risk mitigation and monitoring strategies.

(19) Executive and Senior Management is responsible for:

  1. demonstrating risk leadership by taking accountability for risk management, dedicating appropriate resources to the management of risks, and implementing risk management processes within their area of responsibility, including executive management committee oversight
  2. promoting a strong risk culture by adhering to delegation thresholds, managing risk exposures, and enabling considered, transparent and risk-aware decisions to be made.
     

(20) All employees, including contractors and third parties are responsible for:

  1. identifying, understanding, owning, and managing any relevant or emerging risks related to their activities, role or area of responsibility
  2. developing appropriate treatment plans when they decide to manage a risk by reducing the risk exposure within risk appetite
  3. appropriately documenting risks, controls, action plans and risk decisions within their area of responsibility or influence 
  4. continuing to monitor and review risks within their area of responsibility or influence
  5. reporting and escalating any actual or perceived risks that may impact the RMIT Group as they become known.

(21) Specific responsibilities defined by role and leadership position are outlined in the Risk Management Policy – Schedule 2 - Lines of Accountability.

Review

(22) This policy and the Risk Management Model demonstrate the RMIT Group commitment to managing risks and will be reviewed annually and aligned in accordance with:

  1. Royal Melbourne Institute of Technology 2010 Act
  2. ISO (the International Organization for Standardization) 31000 (2018)
  3. Victorian Government Risk Management Framework (VGRMF)
  4. Commonwealth Government Risk Management Policy. 

Compliance

(23) Performance against this policy, including non-compliance with the schedules, statements, and procedures, are reported to Council, Audit and Risk Management Committee and Vice-Chancellor's Executive.

(24) Breaches of this policy will be managed in accordance with the relevant staff and student procedures and Code of Conduct.

Top of Page

Section 5 - Schedules

(25) This policy includes the following schedules:

  1. Risk Management Policy Schedule 1 – Risk Management Model Diagram
  2. Risk Management Policy Schedule 2 – Lines of Accountability 
  3. Risk Management Policy Schedule 3 – Risk Appetite Statement 
Top of Page

Section 6 - Procedures and Resources

(26) Refer to the following documents, which are established in accordance with this policy:

  1. Risk Management Procedure.