| Function |
Accountability |
| Council/ UF&GPC/ Campus F&GPC |
- Review and approve as appropriate the University’s/ Campus’ Risk Appetite based on the recommendation of the Risk
Steering Committee
- Approve the risk management framework (UF&GPC only)
- Review the enterprise risk profile and adequacy of controls
- Provide appropriate resources for risk management efforts
- Maintain oversight and obtain assurance of the effectiveness of risk management across the University/ Campus
|
| Risk Steering Committees |
- Oversight and governance of the University’s Risk Management activities
- Review and endorse the University’s Risk Management Framework, including the Risk Appetite Statement for consideration
by the Council/ F&GPC
- Advise Council on the University’s performance in managing risk
|
| Senior (Executive) Management Team (EMT) and Management Boards (MB) in subsidiaries |
- Resource risk management activities appropriately
- Actively participate and sponsor risk management, enabling the voice of risk to be heard
- Review of the University’s Risk Profile, ensuring the salient emerging / disruptive, strategic / growth and change and
known / operational risks are represented
|
| Risk Management Unit (RMU) |
- Lead the University’s risk management efforts as a strategic partner to the Executive through the Steering Committee
- Integrate innovative and leading risk practices into the University’s Risk Management Strategy, Framework and related
policies, procedures, standards, templates, tools and activities
- Build the University’s risk management culture and capability
- Facilitate risk workshops as appropriate
- Provide risk-related advice and review and challenge risk information / decisions
- Provide appropriate oversight of risk management activities
- Generate and submit the University Enterprise Risk Reports for discussion at the EMT, F&GPC and review at the Audit
and Risk Committees where requested
- Support the University Executives, Council and its Sub-Committees in decision-making and the management of risk
|
| Internal Audit |
- Provide independent review and assurance of the effectiveness of the risk management framework
- Draw on the risk profiles as an input into the Audit Plan
|
| All University staff |
- Implement the University’s Risk Management Framework and associated tools, in alignment with the requirements of their
role
- Seek information, training and/or support to enable them to identify and manage risks in their area
- Coordinate with those with overlapping responsibilities to ensure that the University’s risks are appropriately
identified and managed
|
| Deans, Directors, HoDs, Managers, etc ; |
In addition to the accountabilities for all University staff:
- Keep abreast of material risks and obtain assurance on controls in the areas of their responsibility
and influence
- Engage with the Risk Management Team to ensure the development, implementation and monitoring of risk
management plans for their areas
- Promote positive risk practices across their area to drive a risk-aware culture
- Ensure team capacity and capability to execute risk mitigation initiatives
- Maintain current Risk Profiles and discuss these with the Risk Management Team
- Ensure risk is integrated into decision-making
- Oversee the effectiveness of risk management performance in their area
|
| Risk Owners |
- Identify the risk controls and ratings as part of the risk assessment process
- Determine, obtain agreement, record and monitor implementation of related actions to manage risks and or controls
assigned to them, in alignment with the requirements of the Framework
- Communicate and escalate risks to relevant stakeholders as required
- Hand-over risks to appropriate individuals in the event of a change in Risk Ownership
|
| Risk Champions |
- Support the adoption of risk management activities within each Department, Faculty, Unit or School
- Promote risk activities in their area (e.g. seek opportunities for risk management effort, prompt actions and connect
to the risk team)
- Translate risk tools to align to the nature of activities in their area, and integrate into business processes and
forums
- Identify opportunities for improvement in risk management in their areas and support initiatives to address this
|
