Enterprise Risk

UQ embraces a risk aware culture where risk is considered in daily decision making and supports the achievement of strategic and operational objectives. Enterprise Risk Services provides 2^nd line services through risk leadership, advice, consistency in approach via the Enterprise Risk Management Framework and the Senate approved risk appetite statement, workshop design and facilitation, tools, templates and general risk support for you and your teams. Please reach out to discuss the ways in which we can support you to implement effective risk management in your area.

Enterprise risk governance framework

Diagram of the enterprise risk management framework — View larger version image

Objective of the Enterprise Risk Management Framework (ERMF)

Active risk management forms an integral part of management discussions and decision making and supports management to find the right balance of risk versus reward.

Risk Appetite Statement

The ERMF includes the Senate approved Risk Appetite Statement (RAS) that consists of qualitative statements that articulate the nature and level of risk that the University is prepared to take in pursuit of its strategic objectives.

Access the Risk Appetite Statement here.

Does the ERMF apply to my portfolio/entity?

The ERMF is a Senate approved Policy and applies UQ wide, including to its controlled entities.

Who is responsible for implementing effective risk management?

Risk Management is best seen as an enabler for achieving objectives; those of us accountable for achieving specific objectives are also accountable for identifying and actively managing the risks related to achieving those objectives.

Where can I find the Enterprise Risk Management Framework?

Access the Enterprise Risk Management Framework (ERMF) here.

Risk management process

Risk forms and templates

Training and development

Enterprise Risk Services offers the following training:

Enterprise Risk training videos (UQ staff login required)

Risk, compliance and governance management

This course aims to develop participants understanding of various aspects of Risk, Compliance and Governance including;

Enterprise Risk Management; what is it, why we do it and how to do it - including the practical aspects of Enterprise Risk Management; tools and techniques to identify, assess, manage and monitor risk.
Insurance; what role does insurance play in risk management, what coverage does UQ have, what do the insurance companies expect from UQ risk management, when to engage the Insurance Services team
Compliance Management; what is enterprise compliance, what you need to be aware of and how you demonstrate compliance to ensure obligations are met
Governance; what is governance and why it is important; what are delegations, why do we have delegations and how does it impact the decisions that you can make

Business Resilience

This course aims to develop participants understanding of various aspects of business resilience including;

Business continuity planning including business impact assessments, identification of critical functions and acceptable recovery time
Understand the difference between continuity planning, incident management and crisis management
Preparation of a business continuity management plan

Critical Incident Management Plan

The Critical Incident Management Plan (CIMP)* exists to guide the Critical Incident Management Team (CIMT) in anticipating, responding to, recovering, and learning from critical incidents that may negatively impact UQ. The CIMT is activated and CIMP applied whenever a natural or induced incident affecting the University reaches a severity that cannot be managed by established measures, plans and procedures.

The CIMP provides the framework, structures, responsibilities and processes to coordinate and unify people, resource and efforts in response to a Critical Incident to:

Protect and preserve life, health and wellbeing;
Minimise loss, damage or disruption to UQ’s facilities, resources and operations; and
Manage immediate and ongoing communication and information to stakeholders during and after a Critical Incident.

The CIMP is made up of the following component parts:

CIMP Part 1 - Procedures (PDF, 684.5 KB): The Procedures are a series of response checklists that the Critical Incident Management Team (CIMT) members should use for guidance during a Critical Incident.

The Procedures refer to a suite of forms and checklists to capture / record incident information which are available as attachments:
- Attachment 1 - Incident Action Plan and Log (PDF, 221.5 KB)
- Attachment 2 - Role Cards (PDF, 451.6 KB)
CIMP Part 2 – Framework (PDF, 1 MB): The Framework is the overarching document that establishes the purpose, structures and key roles and responsibilities associated with Critical Incident management.

*Confidentiality – CIMP is a confidential internal document and should not be disclosed to external entities without the consent of the Director, Governance and Risk.

If you have any questions regarding the CIMP, please email critical-incident@uq.edu.au.

Name	File type and size	Description
General
Risk Matrix	PDF, 169.2KB	Rate and prioritise your identified risks
Risk Register template (Word)	Word	Recommended template for assessing an activity/event (UQ Login required)