Enterprise Risk

Enterprise Risk Services promotes a risk aware culture at UQ where everyone considers risks in their daily decision making to achieve their objectives. Enterprise Risk Services provides best practice risk leadership and consistency in approach via the Enterprise Risk Management Framework which includes the Senate’s risk appetite statement, training, practical advice, tools and risk workshop facilitation.

We support you to be successful in achieving your objectives!

Enterprise risk governance framework

Diagram of the enterprise risk management framework — View larger version image

Objective of the new Enterprise Risk Management Framework (ERMF)

Risk management is to be an integral part of management thinking, discussions and decision making and help management to find the right balance of risk versus reward.

Risk Appetite Statement

The ERMF includes Risk Appetite Statement (RAS) that consists of statements that articulate the nature and level of risk that the University is prepared to take in pursuit of its strategic objectives.

Access the Risk Appetite Statement.

Does the ERMF apply to my portfolio/entity?

The ERMF is a Senate approved Policy and applies UQ wide, including its controlled entities.

Who is responsible for implementing effective risk management?

Risk Management is all about gaining confidence in achieving objectives; if you are accountable for achieving specific objectives you are accountable for managing the risks related to achieving those objectives.

Where can I find the Enterprise Risk Management Framework?

Access the Enterprise Risk Management Framework (ERMF).

Risk management process

Risk forms and templates

Name	File type and size	Description
General
Risk Matrix	PDF, 169.2KB	Rate and prioritise your identified risks
Risk Register template (Word)	Word, 61.2KB	Recommended template for assessing your top risks
Local Risk Register template (Excel)	Excel 354KB	Recommended template for assessing your local operational risks (UQ Login required)
Risk Register template (Excel)	Excel, 346.2KB	Recommended template for assessing an activity/event (UQ Login required)
Program/Project Risk Register Template	Excel, 371KB	Template for assessing program/project risks (via the PGO webpage)
Risk Assessment Quality Checklist	PDF, 270.8KB	Quick tips to achieve a quality risk assessment - Version 1.0, published February-2020 (UQ Login required)
Prompt Lists
Clinical Trials Risk Assessment and Management Plan	Excel, 353.3KB	Prompt list and template for assessing risk for clinical trial – Version 1.7 updated Sept 2021 (UQ Login required)
Research Project & Consultancy Agreement Risk Register template	Excel, 600.7KB	Prompt list and template for assessing risks for research project & consultancy agreement - Version 1.2 updated July 2021 (UQ Login required)
Controlled Environment Risk Assessment and Management Plan	Excel, 64KB	Form to assist in protecting your research samples and specimens stored in a controlled environment – Ver 1.1 updated April 2023 (UQ Login required)

Training and development

The Enterprise Risk Unit offers the following training:

Enterprise Risk training videos (UQ staff login required)

Risk, compliance and governance management

This course aims to develop participants understanding of various aspects of Risk, Compliance and Governance including;

Enterprise Risk Management; what is it, why we do it and how to do it - including the practical aspects of Enterprise Risk Management; tools and techniques to identify, assess, manage and monitor risk.
Insurance; what role does insurance play in risk management, what coverage does UQ have, what do the insurance companies expect from UQ risk management, when to engage the Insurance Services team
Compliance Management; what is enterprise compliance, what you need to be aware of and how you demonstrate compliance to ensure obligations are met
Governance; what is governance and why it is important; what are delegations, why do we have delegations and how does it impact the decisions that you can make

Business Resilience

This course aims to develop participants understanding of various aspects of business resilience including;

Business continuity planning including business impact assessments, identification of critical functions and acceptable recovery time
Understand the difference between continuity planning, incident management and crisis management
Preparation of a business continuity management plan

Critical Incident Management Plan

The Critical Incident Management Plan (CIMP)* exists to guide the Critical Incident Management Team (CIMT) in anticipating, responding to, recovering, and learning from critical incidents that may negatively impact UQ. The CIMT is activated and CIMP applied whenever a natural or induced incident affecting the University reaches a severity that cannot be managed by established measures, plans and procedures.

The CIMP provides the framework, structures, responsibilities and processes to coordinate and unify people, resource and efforts in response to a Critical Incident to:

Protect and preserve life, health and wellbeing;
Minimise loss, damage or disruption to UQ’s facilities, resources and operations; and
Manage immediate and ongoing communication and information to stakeholders during and after a Critical Incident.

The CIMP is made up of the following component parts:

CIMP Part 1 - Procedures (PDF, 684.5 KB): The Procedures are a series of response checklists that the Critical Incident Management Team (CIMT) members should use for guidance during a Critical Incident.

The Procedures refer to a suite of forms and checklists to capture / record incident information which are available as attachments:
- Attachment 1 - Incident Action Plan and Log (PDF, 221.5 KB)
- Attachment 2 - Role Cards (PDF, 451.6 KB)
CIMP Part 2 – Framework (PDF, 1 MB): The Framework is the overarching document that establishes the purpose, structures and key roles and responsibilities associated with Critical Incident management.

*Confidentiality – CIMP is a confidential internal document and should not be disclosed to external entities without the consent of the Director, Governance and Risk.

If you have any questions regarding the CIMP, please email critical-incident@uq.edu.au.