(1) The purpose of this policy is to set out the key principles and expectations to support the effective management of risks to RMIT’s activities, objectives and strategy, and promote transparency and integrity in the University’s decision making. (2) RMIT University is a public institution under Victorian law and stands on Aboriginal Country of the Kulin Nation. RMIT recognises and acknowledges the Bundjil Statement that helps all RMIT staff to respectfully work, live and study on Aboriginal Country. (3) This policy outlines the University’s approach to risk management which is based on the international standard ISO 31000 and describes the key principles and responsibilities to facilitate the effective management of risks across the University. (4) This policy applies to all employees, researchers and contractors of RMIT, its controlled entities and to any other person notified that this policy applies to them. (5) Risk management activities operate under RMIT’s risk management framework. Adherence to this framework enables the University to have a consistent approach for managing risks across the University. (6) Everybody in RMIT plays a role in the management of risks. The Three Lines of Defence Model supports effective enterprise risk management by distinguishing roles and responsibilities within RMIT’s risk management framework. (7) Risks are inherent in the activities, markets and countries in which RMIT operates. They are considered as part of all key conversations, analysis, recommendations, and decision making. (8) Risk management takes account of any RMIT thresholds and limits that are set out in policies and procedures, delegations of authority, and other measures. (9) Risks change over time. Risk are monitored and reviewed to ensure decisions regarding risks remain relevant and appropriate. (10) All employees, researchers and contractors are responsible for: (11) RMIT University Council (Council) is responsible for: (12) Audit and Risk Management Committee is responsible for: (13) Senior Management is responsible for: (14) The Central Risk Management team is responsible for: (15) Compliance with this policy will be monitored. Non-compliance with this policy may result in disciplinary action. This may include termination of employment or engagements. If the law is broken, the person or people responsible for the breach may also be personally liable. (16) This policy will be reviewed every three years in accordance with the Policy Governance Framework. (17) This policy includes the following schedules:Risk Management Policy
Section 1 - Purpose
Section 2 - Overview
Section 3 - Scope
Section 4 - Policy
Principles
Responsibilities
Breach of this Policy
Review
Section 5 - Schedules
Section 6 - Definitions
Risk
The effect of uncertainty on the University objectives.
Risk management
Coordinated activities to direct and control the University’s activities with regards to risk.
Risk management framework
A set of documents that provide the foundations and arrangements for designing, implementing, monitoring, reviewing and continually improving risk management at the University.
Control
A measure that currently exists which will change the likelihood and/or consequence of a risk. This can include any process, policy, device, practice, action that modifies the risk.
Risk exposure
The extent or severity of the risk expressed in terms of consequence and likelihood.
Risk acceptance
Not undertaking any additional risk mitigations and accepting the current consequences of a risk.
ISO 31000
The International Standard for Risk Management provided by the International Standards Organisation.
Three Lines of Defence Model
A model that delineates the risk management roles across the university in terms of day-to-day management of risks, risk facilitation and assurance.
View Document
This is not a current document. To view the current version, click the link in the document's navigation bar.
(Note: Commonly defined terms are in the RMIT Policy Glossary. Any defined terms below are specific to this policy).