Risk management Module 1 Introduction to risk management

Content of this module Risk and risk management Thinking about risk Why Universities are concerned with risk management Risk Management Standard What CSU is doing about risk management

Risk in our everyday lives We face risks of dying (for one year): Traveling by train 1: Traveling by bus1: Lightning1: Falling out of bed (or chair)1: Falling on stairs1: Traveling by car 1:

What the psychologists say We are not perfect in assessing everyday risks – we tend to ; overestimate the significance of rare but dramatic factors give risks greater weighting where consequence occurs immediately after cause Pay greater attention to the potential losses than the potential gains

Discussion point In your group, come up with: Three everyday risks that we tend to underestimate; and Three everyday risks that we tend to overestimate

Definition ‘Risk’ has a common language understanding: from the Oxford English Dictionary –the possibility that something unpleasant will happen (noun) –expose to danger or loss (verb) The definition from the Standard: The chance of something happening that will have an impact upon objectives Can be avoiding the adverse effects of negative events or capitalizing on positive events

Definition of risk management Definition of risk management from the Standard: ‘The culture, processes and structures that are directed towards realizing the potential opportunities whilst managing adverse effects’ Represents a rational response to dealing with an unknowable future

Objectives of risk management Objective: To document the process to meet compliance requirements Better decision-making Better identification of opportunities and threats Gaining values from uncertainty and variability Process ‘The systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying analysing, evaluating, treating monitoring and reviewing risk’

Risk management in universities Universities are large complex educational institutions and have similar risks to other large institutions, as well as many that are specific, for example students: undertaking projects off campus not yet legally adults who may be pregnant undertaking practical work in laboratories or with agricultural machinery

Some university examples of risky behaviour We are going to look quickly at three real cases that occurred in NSW universities. At the end, we are going to: Identify the major risk(s) Discuss how we might prevent it happening at CSU Discuss how we should respond to the issues Could it happen at CSU?

Plagiarism at University of Newcastle Allegation of plagiarism by sessional staff member Assignments remarked and passed to avoid controversy University plagiarism policies not applied Not properly investigated by the University Breaches by senior academics of the University code of conduct

Enrolment scam at University of Sydney The University engaged external agents to recruit overseas students and certify that they have necessary qualifications Those agents were paid by students and documents approved that were forgeries Consequently a number of students were enrolled who did not meet the University’s standards

Corruption at the University of Technology, Sydney A staff member gained improper access to electronic student records He used this access to alter those records in the students’ favour He received payment and gifts for altering records

Discussion point In your groups, looking at these cases: Identify the major risk(s) Discuss how we might prevent it happening at CSU Discuss how we should respond to the issues Could it happen at CSU?

Risk Management Standard Full Title: Risk Management AS/NZS 4360:2004 Issued by Standards Australia, first version in 1995 Available online to CSU staff and students Accepted by all governments in Australia, regulators (including the NSW Audit Office) and internationally

Outline of Standard

Some thoughts about the Standard Risk management is much more than a generic series of steps These need to be backed up with the promotion of cultural change within an organization and structures for monitoring and evaluation The Standard is of a general nature and most large institutions adapt it for their use with specific tools –CSU has done this and a more detailed description of one of these tools occurs in Module 2

What CSU is doing about risk management Risk management policy Risk management responsibilities Strategic risk assessment Protocol 11 Promoting a risk management culture in CSU

Risk management policy The University’s risk management policy is its formal commitment to applying the principles of risk management to its operations The policy recognises that risk management is necessary for the effective management of the business of the University, good corporate governance and taking advantage of opportunities The policy commits CSU to applying the Risk Management Standard It is recommended that all staff familiarise themselves with this document

Objectives of the policy to ensure that corporate risks are taken into account when undertaking strategic management decisions to ensure the management of operational risks is integrated into standard management and accountability processes to develop an environment where staff assume responsibility for identifying and managing risks

Risk appetite University needs to accept levels of risk commensurate with the expected opportunities and benefits University’s tolerance is low for unmitigated risks to the environment and the health, safety and welfare of staff, students and visitors

Key responsibilities University Council Approve policy, determine risk profile, monitor policy Vice Chancellor develop and implement policies and procedures, identify and manage strategic risks Executives and managers identify and determine actions to address risks Internal audit provide advice on the risk management framework and to monitor the effectiveness of the framework

Key risk criteria The key risk categories used by CSU are outlined in the CSU Risk Management Policy and are: health and safety and environment values, ethics and institutional reputation, business continuity, quality financial sustainability, compliance with laws, regulations and policies

Strategic risk assessment The first draft was produced during 2005 It looks at the key external and internal risks for CSU, including the effectiveness of treatment options The assessment is being reviewed by Council and the Senior Executive Group When finalised, the strategic risk assessment will assist managers in placing operational risks in context

Protocol 11 Under the Higher Education Support Act 2003 there are National Governance Protocols for Higher Education Institutions One of these Protocols (Number 11) requires universities to undertake risk assessments of any joint ventures that they are involved in. Funding is linked to compliance with this requirement CSU has completed its assessment of its joint ventures and has submitted the 2005 report to DEST

Promoting a risk management culture in CSU Establishment of the risk management committee, chaired by Professor Chambers (DVC) Academic Development of risk management tools, specifically tailored for CSU Establishing a program for raising awareness of risk management Skills training in risk management Including risk management in the performance management framework and as a selection criterion for the appointment of new staff Maximising Opportunity and Managing Risk Conference for Managers and Leaders in November 2006

Discussion point What more could CSU be doing to promote good risk management practices?