Enterprise Risk

Enterprise Risk Services promotes a risk aware culture at UQ where everyone considers risks in their daily decision making to achieve their objectives.  Enterprise Risk Services provides best practice risk leadership and consistency in approach via the Enterprise Risk Management Framework which includes the Senate’s risk appetite statement, training, practical advice, tools and risk workshop facilitation.

We support you to be successful in achieving your objectives!

For queries in relation to risk management, don’t hesitate to contact;

Daphne Drewes, Associate Director Enterprise Risk

Phone: +61 7 3365 1087

Email: d.drewes@uq.edu.au

Enterprise risk governance framework

Diagram of the enterprise risk management framework
View larger version image

Objective of the new Enterprise Risk Management Framework (ERMF) 

Risk management is to be an integral part of management thinking, discussions and decision making and help management to find the right balance of risk versus reward.

Risk Appetite Statement

The ERMF includes ‘non-negotiable’ risk appetite statements related to Reputation, Governance, Legal & Compliance, UQ Values, Safety and Financial Sustainability.  These are the risk categories for which the Senate has a ‘very low’ or ‘zero’ appetite to take risk.

Does the ERMF apply to my portfolio/entity?

The ERMF is a Senate approved Policy and applies UQ wide, including its controlled entities.

Who is responsible for implementing effective risk management?

Risk Management is all about gaining confidence in achieving objectives; if you are accountable for achieving specific objectives you are accountable for managing the risks related to achieving those objectives.

Where can I find the Enterprise Risk Management Framework?

Risk management process


Risk forms and templates

File type and size
Risk Matrix PDF, 213KB Rate and prioritise your identified risks
Risk Register template Word, 66KB Template for assessing risks
Project Risk Register template Excel, 45KB Template for assessing risks for projects (UQ Login required)

Training and development

The Enterprise Risk Unit offers the following training:

Risk, compliance and governance management

This course aims to develop participants understanding of various aspects of Risk, Compliance and Governance including;

  • Enterprise Risk Management; what is it, why we do it and how to do it - including the practical aspects of Enterprise Risk Management; tools and techniques to identify, assess, manage and monitor risk. 
  • Insurance; what role does insurance play in risk management, what coverage does UQ have, what do the insurance companies expect from UQ risk management, when to engage the Insurance Services team
  • Compliance Management; what is enterprise compliance, what you need to be aware of and how you demonstrate compliance to ensure obligations are met
  • Governance; what is governance and why it is important; what are delegations, why do we have delegations and how does it impact the decisions that you can make

Business Resilience

This course aims to develop participants understanding of various aspects of business resilience including;

  • Business continuity planning including business impact assessments, identification of critical functions and acceptable recovery time
  • Understand the difference between continuity planning, incident management and crisis management
  • Preparation of a business continuity management plan