Avondale College Limited Enterprise Risk Management Framework

Size: px
Start display at page:

Download "Avondale College Limited Enterprise Risk Management Framework 2014 2017"

Transcription

1 Avondale College Limited Enterprise Risk Management Framework

2 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it. It is the process of considering the potential consequences of our actions or inactions, and the probability of those consequences occurring, and then making decisions accordingly. This framework, and its supporting documentation, provides guidance to all Avondale College of Higher Education staff on how to deal with risks in the work context. Effective risk management at all operational levels of the College will ensure that we are able to provide a high quality learning program for our students preparing them with the knowledge, skills and confidence to participate effectively in the community and economy and to achieve our mission: - Fostering a Christian higher education learning community that is dedicated to serving world needs. I therefore ask all staff to ensure that they familiarise themselves with this framework to effectively manage risks that arise in the course of delivering our services. Professor Ray Roennfeldt President Avondale College of Higher Education 2 P a g e

3 Contents Introduction 4 Purpose 4 What is risk management? 4 Our Policy 4 Risk management principles 5 Risk hierarchy 6 Risk governance and accountabilities 8 Risk system 9 Risk management process 9 Risk registers 10 Risk reporting 11 Risk capability 11 Implementing risk management 11 Monitoring, review and continual improvement of the Framework 13 Definitions 14 Acknowledgements 16 3 P a g e

4 Introduction Purpose The implementation of this framework will ensures that we embed risk management in our academic and business practices and that we manage risks effectively and efficiently to deliver our outcomes. What is risk management? Risk is the effect of uncertainty on business objectives. This effect can be either positive or negative. Risk management is the coordination of activities that direct and control Avondale with regard to risks. 1 Risk management involves managing these adverse effects as well as realising opportunities. Risk management refers to the deliberate actions that Avondale takes to identify, understand and deal with risks as we achieve our objectives. Our policy Risk management helps us to promote accountability through good governance and ethical decision making. We embed risk management into our culture, governance and accountability arrangements, planning, reporting, quality management, review and evaluation, and improvement processes. Avondale has a low risk appetite for risks relating to: The health, safety and wellbeing of our students, our staff and the community we interact with; The administration of our finances and the assets available to us, and Legislative and policy compliance. At the same time, Avondale may have a higher risk appetite for innovation and improving best practices including improvement of our service delivery and/or increased efficiencies, where these benefits outweigh the risks. Each administrator and business unit manager will determine and communicate to their staff, the business unit s risk appetite as part of their risk assessment process. They will also ensure that the business unit s risk appetite stays within the Enterprise Risk Appetite Framework as determined by the College Council. Our risk management approach is directed through: Compliance with legislation, policies and procedures; and Alignment with the provider standards and best practice. 1 AS/NZ ISO 31000:2009 Risk Management Principles and Guidelines 4 P a g e

5 Effective risk management practice is modelled by: Administrators and Senior Executives by demonstrating leadership managing risk; and Employees by identifying, analysing, evaluating, treating, monitoring and reviewing risk. All Avondale employees are responsible and accountable for risk management. Risk management principles 2 1. Creating value effective risk management contributes to the achievement of the Avondale s objectives and improves performance in corporate governance, project management, finance, work health safety of employees and customer satisfaction. 2. An integrated pat of organisational processes risk management is not something that is in isolation to the operations of the College and as such needs to be an integral part of the Avondale s governance and accountability arrangements, performance management, planning and reporting processes. 3. Part of decision-making risk management assists Avondale s decision makers by allowing them to make informed decisions, prioritise activities and identify the most effective and efficient courses of action. 4. Explicitly addresses uncertainty risk management assists College Council, Administrators and senior managers with the identification of uncertainty and how it can be addressed through a range of strategies such as sourcing risk assessment information and the implementation of risk controls. 5. Systematic structured and timely risk management contributes to Avondale being efficient and being able to produce consistent, comparable and reliable results. 6. Based on the best available information risk management should focus Avondale on drawing on diverse sources of historical data, expert judgement and stakeholder feedback to allow it to make evidence- based decisions. The College s decision makers should also be cognisant of the limitations of data, modelling and divergence amongst experts. 7. Tailored risk management aligns with the internal and external environment within which the College operates, such as the Australian corporation legislation, higher education standards framework and risk assessment framework, higher education legislation, privacy legislation and consumer guarantee legislation, labour legislation, work health safety legislation to mention a few and in the context of Avondale s risk profile. 2 AS/NZ ISO 31000:2009 Risk management Principles and guidelines 5 P a g e

6 8. Human and cultural factors taken into account risk management recognises that that capabilities, perceptions and aims of people both internal and external to the College can aid or hinder the achievement of the its objectives and strategies. 9. Transparent and inclusive risk management requires appropriate and timely involvement of the Avondale s stakeholders to ensure that it stays relevant and up to date. By involving stakeholders in decision making processes enables the Company to take diverse views into account when determining risk criteria. 10. Dynamic, iterative and responsive to change risk management allows the College to respond swiftly to both internal and external events such as changes to the environmental context and knowledge, the results of monitoring and reviewing activities engaged by the Avondale and the new risks that emerge and others that change or disappear. 11. Facilitates continual improvement and enhancement of the company risk management facilitates continuous improvement of the College s operations by developing and implementing strategies to improve risk management maturity. Risk hierarchy Risk management should be implemented by ensuring that the risk management process is applied to all relevant levels and functions of the organisation as part of its practices and process. 3 In the framework there are three levels of risk management strategic, corporate and operational. The risk hierarchy defines accountability for identifying, treating, monitoring, communicating and managing risks throughout the organisation. Plans Hierarchy of Risk Accountability Strategic Plan Strategic Risks College Council The strategic plan describes the common purpose and direction of Avondale, identifies key priorities and strategies to achieve objectives and sets the policy for the next three year planning cycle. Risks that may have a positive or negative impact on achieving the College s strategic purpose and objectives. This also includes wider organisational and sector risks. Risks at this level affect the decisions made around organisational 3 AS/NZ ISO 31000:2009 Risk management Principles and guidelines 6 P a g e

7 Enterprise Operational Plans Annual plans that identify the key accountabilities in implementing the strategic plan, key strategies and targets. Plans are developed through a process of environmental scanning and reviewing past performance and risks to determine upcoming challenges and new priorities. Other cascading Plans These include planning done by Faculties, Schools and business units as well as planning for projects. Individual Performance and & Development Plans Individual employee Performance Review, Planning and Professional Development (PRPPD) enables staff to identify how their work contributes to achieving their business unit objectives priorities, resource allocation and tolerance and acceptance of risk. Corporate Risks Risk or opportunities that may affect achieving the objectives of the planned outcomes of performance identified through the operational plans. Operational Risks Risks or opportunities that affect plans cascading from the enterprise operational plan and achieving the deliverables of projects. Risks at this level relate to the business unit s systems, resources and processes. Operational Risks When identifying their responsibilities or professional development requirements, employees also need to consider their responsibility in regard to risk management. President and Executive Committee Deans, Heads of School, Managers and Supervisors Individuals 7 P a g e

8 Risk governance and accountabilities Risk governance includes mechanisms that ensure accountability and authority for managing risk, implementing the risk management framework, and providing risk management assurance. The President has ultimate responsibility and accountability for implementing the risk management framework and encouraging a risk management culture. The College Council sets and reviews the strategic direction, priorities and performance objectives for the College. It is responsible for: o Championing a risk management culture and embedding risk into the Council s strategic discussion and analysis; and o Overseeing the management of strategic risks, including reviewing and approving controls and treatments established in the organisation. The Audit and Risk Committee provides the President and College Council with independent audit and risk management advice. The Academic Board ensures that there are controls in place to manage the risks associated with ensuring the quality and delivery of the academic program. The Executive Committee ensures that there are controls in place to manage the risk associated with with the operation the College. Vice Presidents (within their area of responsibility) are responsible for: o Ensuring that all employees are aware of and comply with the risk management framework, policy and procedures. o Ensuring risk management is integrated into planning, reviewing and reporting procedures; and o Reporting on corporate risks. Faculty Deans, Heads of School, managers and supervisors are responsible for: o Overseeing operational risks, including reviewing and approving controls and treatments; and o Escalating high or extreme operational risks to the Presidents and/or Vice Presidents and where applicable College Council. All employees are required to apply risk management processes within their work unit. The Control owner is responsible for the management of policy, procedures or process that has been identified as a control for a risk. The risk owner: o Ensures that the risks they own are managed appropriately; o Monitors progress against treatment plans; o Ensures that the risk review is timely; o Ensures the currency of the risk register and responds to actions that have been assigned to them; o Ensures treatment owners(s) are assigned; and o Accepts that risk escalation does not remove risk owner s responsibilities The Treatment owner: o Is responsible for treating risks; and 8 P a g e

9 o Reports to the risk owner about implementing treatments within specified timeframes. The Vice President Finance and Risk is responsible for developing, implementing, reviewing and continuously improving the Enterprise Risk Management Framework, Business Continuity Management Framework and associated policies and procedures. The Audit and Risk Committee provides the President and College Council with objective assurance on the effectiveness of risk management. Risk System As part of the Framework, the risk system consists of components which are intended to assist the College with getting risk management right. These components are: The Risk Management Process; Risk Registers; Risk Reporting; and Risk capacity. Risk management process The risk management process is designed to ensure a robust approach to informed decision-making, consistent assessments, and that a common language is used and understood across Avondale College. Consistent with AS/NZS ISO 31000, the risk management process consists of seven steps as outlined below. Steps in the risk management process Process Step Description Purpose Communication and Consultation Involving Stakeholders (internal and external and information sharing throughout the risk management process, vertically and horizontally across the College. Context is appropriately defined. Employees that are involved throughout the risk process understand the basis for decisions and actions required. Lessons learnt are shared and transferred to those who can benefit from them. Establish Context Understanding the College s objectives and defining the external and internal environment within which the College operates. Understand factors influencing the ability to achieve objectives Determine boundaries within which the risk management framework operates 9 P a g e

10 Risk Assessment Risk Identification Identifying risks, their sources, causes and potential consequences Risk Analysis Comprehending the nature of the risk and determining the level of risk exposure (likelihood and consequence). Risk Evaluation Comparing the risk analysis with the risk criteria to determine whether the risk is acceptable or tolerable Risk Treatment Selecting one or more options for modifying the risk. Reassessing the level of risks with controls and treatments in place. (residual risk) Monitoring and Review Determining whether the risk profile has changed and whether new risks have emerged. Checking control effectiveness and progress of the treatment plan. Define risk criteria to ensure risks are assessed in a consistent manner. Generate a comprehensive list of threats and opportunities based on those events that might enhance, prevent, degrade, accelerate or delay the achievement of objectives. Provide an understanding of the inherent (level of exposure should controls fail) and controlled risk (level of exposure with controls in place) Assist with identifying ineffective controls. Inform risk evaluation and guide risk treatment. Determine whether the controlled risk is acceptable. Determine if controlled risks need further treatment. Identify priority order in which individual risks should be treated. Identify treatments for risk that fall outside the College s risk tolerance Provide an understanding of the residual risk (level of risk with controls and treatments in place). Identify priority order in which individual risks should be treated monitored and reviewed. Provide currency of risk information Identify emerging risks. Provide feedback on control efficiency and effectiveness. Identify whether any further treatment is required. Provide a basis to reassess risk priorities. Capture lessons learnt from event failures, near misses and success. Risk registers The risk register enables Administrators, Managers and employees to document, manage, monitor, review and update strategic, corporate and operational risk information. Risk register reporting allows Council and management to monitor and review risks in alignment with the strategic plan, operational plans and other cascading plans. 10 P a g e

11 Information from the risk management process is recorded, reported and monitored using the College s risk register and/or the business unit s risk register. Risk Reporting Risk reports are to be tailored by the entity or business unit to support management decision making during the planning and review process. Risk reports draw information from the risk registers and may include the following: A demonstration of the link between objectives and risks; Priorities, based on the risk rating, accompanied by information on key controls and treatments needed to modify the risk; Risks that are getting worse, success of treatment plans and risks that require additional attention; New risks that may still need to be fully considered and understood; Main areas of exposure; Systemic control analysis; Untreated risks and risk treatments that are overdue; and Risk owners Building Risk Capacity Avondale has to build manager and employee awareness and develop skills in getting risk management right. This increased awareness and understanding provides managers and employees with greater self confidence and willingness to take responsibility for the management of risk across the College. To facilitate this Avondale is working on developing various training and development tools and products that business units will be able to access to improve their risk management capability. Implementing risk management Risk management should be implemented by ensuring that the risk management process is applied at all relevant levels and functions of the organisation as part of its practices and processes. 4 The risk management process for the College is articulated in the diagram below which provides an overview of how the steps in the College s Enterprise Risk Management Process integrate with the College s planning, reviewing and reporting cycle; risk governance components of the Framework; and the actions required from the risk monitoring and reviewing process. 4 Risk management Principles and guidelines (AS/NZS ISO 31000:2009) 11 P a g e

12 Communication and consultation Risk Assessment Monitor and review Risk Register Avondale College Risk Management Process Plans (Strategic, Operational, Cascading) Risk Management Process President Establish and maintain a suitable system of internal controls and risk management Audit & Risk Committee Provides independent audit and risk management advice College Council Sets and reviews the strategic direction, priorities and performance objectives of the College. Establish context Identify risks Analyse risks Evaluate risks Vice-Presidents and Managers Integrate risk management within areas of responsibility Comply with risk management framework and processes, including maintenance of a risk register Extreme High Medium Risk Monitoring and Review Undertake control evaluation Treatment plan required Immediate escalation to College Council Undertake control evaluation Treatment plan required Review by President and Vice- Presidents with escalation to College Council Monitor using routine procedures/appropriate internal controls Undertake control evaluation Treat risks Low Monitor at operational level using routine procedures / appropriate internal controls Performance Reviews Risk Reports (Strategic, Corporate, other specialty areas) 12 P a g e

13 The Enterprise Risk Management Process has been designed to provide the risk owner with the necessary resources to ensure that risk management decisions are based on a robust approach, assessments are conducted in a consistent manner and a common language is used and understood across the College. As part of the Enterprise Risk Management Process, the Risk Appetite Table provides risk owners with a tool for considering the severity of the consequences of risk The Risk Matrix expresses the College s tolerance for risk, by making a determination as to the level of risk that is acceptable, based on the combined likelihood of the risk occurring and potential consequences of the risk. The matrix will dictate the points at which risks need to be escalated. Monitoring, review and continual improvement of the Framework Risk management should support organisational performance through indicator based risk review, progress measurement against the risk management plan, risk framework appropriateness and effectiveness and risk reporting. Continual review of the framework should be based on results of monitoring and reviews, with decisions relating to how the framework, policy and plan can be improved to support management of risk and an improved risk management culture 5 Continuous improvement is strategically integrated within the College s corporate objectives to ensure that the College continues to evolve towards best practice. Governance, Strategy and Planning is responsible for continual improvement of the College s risk management which includes the Enterprise Risk Management Framework. Some of the processes that are designed to support continuous improvement and review of the Framework include: Regular assessment of the quality of risk management processes and evidence prepared by business units to identify opportunities for improvement A baseline and ongoing risk management culture survey data to inform improvement, communication and training requirements Regular benchmarking reviews of models, frameworks and standards used in other organisations and jurisdictions to ensure that Avondale s Framework continues to reflect best practice Ongoing training and development for Administrators and Managers to ensure that they are equipped with a sound knowledge and skills base Inclusion of, and measurement against, performance measures relating to the College s performance with regard to risk management and other key governance processes in Corporate Strategy and Performance operational plan. 5 Risk management Principles and guidelines (AS/NZS ISO 31000:2009) 13 P a g e

14 The Council will review the Framework annually to ensure that it continues to meet the College s demands as risk management coninuously matures and improves. Definitions Consequence Outcome of an event Control Any pre-existing process, policies, devices, practices or other actions which modify risk. Controls may not always exert the intended or assumed modifying effect. Controlled Risk Levels of risk, taking into account the adequacy and the effectiveness of controls in place. Control Owner The officer/position responsible for managing a policy, procedure, process or other action that has been identified as a control for a risk. Event Occurrence or change of a particular set of circumstances Environmental Scanning The careful monitoring of an organization's internal and external environments for detecting early signs of opportunities and threats that may influence its current and future plans. In comparison, surveillance is confined to a specific objective or a narrow sector. Inherent risk Level of risk without consideration of the effect of existing controls and treatments. Likelihood Chance of the risk occurring. Priority Risks Risks that are assessed as high or extreme after controls and treatments. Residual Risk Level of risk remaining after controls and treatment are taken into account. Risk Effect of uncertainty on the achievement of objectives. An effect is a deviation from the expected and can be positive and/or negative. Risk Appetite The willingness to accept risk in pursuit of outcomes. Risk Criteria Terms of reference against which the significance of a risk is evaluated. Risk Escalation Communicating risks requiring attention to the appropriate level of management for higher level involvement. Risk Level Expression of the effect of a risk, in terms of its likelihood of occurring, and the consequences if it were to occur. Risk levels are assessed at the inherent, controlled, and residual (after treatments have been applied) positions. Risk Management Coordinated activities to direct and control an organisation with regard to risk. Risk Management Framework Components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management. 14 P a g e

15 Risk Owner A person with accountability and authority to manage risk. Risk Profile Description of any set of risks. Risk Tolerance Readiness to bear the risk, after treatment, in order to achieve outcomes. Risk Treatment A process to modify risk. Treatment Owner Officer/position responsible for treating risks. 15 P a g e

16 Acknowledgements This Framework has been based on and adapted from: 1. State of Queensland (Department of Education Training and Environment), Enterprise Risk Management Framework State of Queensland (Department of Education Training and Environment), Enterprise Risk Management Framework Standards Australia, AS/NZS ISO 31000:2009 Risk management Principles and guidelines. 4. The State of Queensland (Queensland Treasury) A Guide to Risk Management, July The State of Queensland Department of the Premier and Cabinet, Risk Management Guide, May Victorian Managed Insurance Authority, Risk Management: Developing & Implementing a Risk Management Framework, March Department of Treasury and Finance (Vic), Victorian Government Risk Management Framework, March HM Treasury, The Orange Book: Management of Risk Principles and Concepts, October HS Government, Risk: Good Practice in Government, March P a g e

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

Council Meeting Agenda 27/07/15

Council Meeting Agenda 27/07/15 3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities

More information

Victorian Government Risk Management Framework. March 2015

Victorian Government Risk Management Framework. March 2015 Victorian Government Risk Management Framework March 2015 This document reproduces parts of the AS/NZS ISO 31000:2099 Risk Management Principles and Guidelines. Permission has been granted by SAI Global

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Risk Management Basics - ISO 31000 Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company

Risk Management Basics - ISO 31000 Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company Risk Management Basics - ISO 31000 Standard Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company Risk Management Basics - ISO 31000 Standard 1. Risk Management Basics 2. ISO 31000 Risk Management

More information

Administration and General Order No. AD/1/TBC

Administration and General Order No. AD/1/TBC COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority

More information

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk Kevin W Knight AM CPRM; Hon FRMIA; FIRM (UK); LMRMIA: ANZIIF (Mem) ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk History of the ISO and Risk Management Over

More information

RM Advancer. Liability Risk Management Award Winner Echo Entertainment Group Business overview

RM Advancer. Liability Risk Management Award Winner Echo Entertainment Group Business overview Liability Risk Management Award Winner Echo Entertainment Group Business overview Please provide an overview of your business that includes: Number of years established and brief company history Private,

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

Commonwealth Risk Management Policy

Commonwealth Risk Management Policy Commonwealth Risk Management Policy 1 July 2014 Department of Finance Business, Procurement and Asset Management 978-1-922096-51-7 (Print) 978-1-922096-50-0 (Online) Copyright Notice Content This work

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

Risk Management Framework

Risk Management Framework Risk Management Framework THIS PAGE INTENTIONALLY LEFT BLANK Foreword The South Australian Government Risk Management Policy Statement 2009 advocates that consistent and systematic application of risk

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

RISK MANAGEMENT STRATEGY AND FRAMEWORK

RISK MANAGEMENT STRATEGY AND FRAMEWORK Uniting Church in Australia Synod of Victoria and Tasmania RISK MANAGEMENT STRATEGY AND FRAMEWORK Prepared by: Synod Risk Management Committee Date Prepared and Issued: February 2010 S:\AdminFinance\EDAF\Risk

More information

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 Version 1.0 October 2013 Not protectively marked INDEX PAGE NO TITLE 3 Executive Summary 4 Our Shared Vision and Priorities 5 Outline of the Risk and

More information

Risk management framework

Risk management framework Risk management framework Security classification: PUBLIC Reference number: DSITI:FW:001P Policy owner: Executive Director, Strategic Transformation & Performance Contact officer: Principal Consultant,

More information

The University of Adelaide RISK MANAGEMENT HANDBOOK

The University of Adelaide RISK MANAGEMENT HANDBOOK The University of Adelaide RISK MANAGEMENT HANDBOOK CONTENTS PART A: Introduction 2 1. Risk Management Standard 3 2. Risk management - in general 4 3. Risk management - in the University context 5 PART

More information

Risk Management The International Standard

Risk Management The International Standard Risk Management The International Standard John Crawley & Emer McAneny June 2014 Who I am Accountant Banker Businessman Trainer Turnaround Expert Risk Expert Agenda Strategy GRC Tolera nce Identifica tion

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

Risk Management Policy

Risk Management Policy 1 Purpose Risk management relates to the culture, processes and structures directed towards the effective management of potential opportunities and adverse effects within the University s environment.

More information

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Management Policy. Corporate Governance Risk Management Policy Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance

More information

Risk Management Policy

Risk Management Policy Risk Management Policy DOCUMENT CONTROL Developed by: Date: Origination: Quality, Systems & Shared s March 2014 Authorised by: Colette Kelleher April 2014 DOCUMENT REVIEW HISTORY Original Circulation date:

More information

Managing Risk in Procurement Guideline

Managing Risk in Procurement Guideline Guideline DECD 14/10038 Managing Risk in Procurement Guideline Summary The Managing Risk in Procurement Guideline assists in the identification and minimisation of risks involved in the acquisition of

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

Disclosure to Promote the Right To Information

Disclosure to Promote the Right To Information इ टरन ट म नक Disclosure to Promote the Right To Information Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information

More information

ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES

ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES ENTERPRISE RISK MANAGEMENT NARACOORTE LUCINDALE COUNCIL GUIDELINES December 2015 NLC Enterprise Risk Management Guidelines Contents INTRODUCTION... 3 1. Enterprise Risk Management Principles... 5 2. The

More information

RISK MANAGEMENT POLICY (Revised October 2015)

RISK MANAGEMENT POLICY (Revised October 2015) UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.

More information

Good governance outcomes for CCGs: A survey tool to support development and improvement of governance

Good governance outcomes for CCGs: A survey tool to support development and improvement of governance Good governance outcomes for CCGs: A survey tool to support development and improvement of governance Good Governance Institute Part of a programme commissioned by NHS England Publications gateway reference

More information

Performance Management Framework

Performance Management Framework Purpose of the framework: To explain how we manage in Poole. It applies to all directly managed services of the Council. Introduction: Effective management at the council will: Ensure our goals are prioritised

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

V1.0 - Eurojuris ISO 9001:2008 Certified

V1.0 - Eurojuris ISO 9001:2008 Certified Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

treasury risk management

treasury risk management Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

The Orange Book Management of Risk - Principles and Concepts. October 2004

The Orange Book Management of Risk - Principles and Concepts. October 2004 The Orange Book Management of Risk - Principles and Concepts October 2004 The Orange Book Management of Risk - Principles and Concepts October 2004 Crown copyright 2004 Published with the permission of

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the

More information

Title: Rio Tinto management system

Title: Rio Tinto management system Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23

More information

NSW Government ICT Benefits Realisation and Project Management Guidance

NSW Government ICT Benefits Realisation and Project Management Guidance NSW Government ICT Benefits Realisation and Project Management Guidance November 2014 CONTENTS 1. Introduction 1 2. Document purpose 1 3. Benefits realisation 1 4. Project management 4 5. Document control

More information

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK RISK MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational Development

More information

Risk Management Plan 2012-2015

Risk Management Plan 2012-2015 Risk Management Plan 2012-2015 This controlled document shall not be copied in part or whole without the express permission of the author or the author s representative. Revision Date Previous Revision

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY 1. Purpose The purpose of the Risk Management Policy is to embed risk management as part of the culture of AFTRS where a shared understanding of risk leads to well-informed decision

More information

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines AS/NZS ISO 31000:2009 Risk management Principles and guidelines AS/NZS ISO 31000:2009 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee OB-007, Risk Management. It was

More information

Xavier Catholic College Risk Management. Policy

Xavier Catholic College Risk Management. Policy Xavier Catholic College Risk Management Policy 18 March 2013 Sourced from CSOHS Online. Source CSO Broken Bay 2012 Page 1 Risk Management Policy (Draft) PURPOSE Risk management is the culture, processes

More information

Title: OHS Risk Management Procedure

Title: OHS Risk Management Procedure Issue Date: July 2011 Review Date: July 2013 Page Number: 1 of 9 1. Purpose: To outline the methodology by which Department of Education and Early Childhood Development (DEECD) identifies, assesses, controls

More information

The integrated leadership system. ILS support tools. Leadership pathway: Individual profile APS6

The integrated leadership system. ILS support tools. Leadership pathway: Individual profile APS6 The integrated leadership system ILS support tools Leadership pathway: Individual profile APS6 APS 6 profile Supports strategic direction Achieves results Supports productive working relationships Displays

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

Policy and Procedure Statement

Policy and Procedure Statement Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However,

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

Principles for An. Effective Risk Appetite Framework

Principles for An. Effective Risk Appetite Framework Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective

More information

FOREWORD. set clear benchmarks for performance and accountability. drive consistent application of processes and tools

FOREWORD. set clear benchmarks for performance and accountability. drive consistent application of processes and tools GROUP POLICY MANUAL GROUP POLICY MANUAL FOREWORD As a leading construction, mining and services company, Thiess is committed to maintaining best practice standards across our operations. This Group Policy

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Better Practice Guide

Better Practice Guide Better Practice Guide June 2008 Risk Management COMCOVER Commonwealth of Australia 2008 ISBN 1 921182 78 4 print ISBN 1 921182 79 2 online Department of Finance and Deregulation This work is copyright.

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

Health and Safety Management Standards

Health and Safety Management Standards Health and Safety Management Standards Health and Safety Curtin University APR 2012 PAGE LEFT INTENTIONALLY BLANK Page 2 of 15 CONTENTS 1. Introduction... 4 1.1 Hierarchy of Health and Safety Documents...

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

the Defence Leadership framework

the Defence Leadership framework the Defence Leadership framework Growing Leaders at all Levels Professionalism Loyalty Integrity Courage Innovation Teamwork Foreword One of the founding elements of Building Force 2030, as outlined in

More information

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM September 2011 OUR HEALTH, SAFETY AND ENVIRONMENT POLICY OUR PRINCIPLE OF DUE CARE We care about the wellbeing of our people and our impact on the environment.

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Risk Management Strategy 2012-2014

Risk Management Strategy 2012-2014 Management Strategy 2012-2014 Mission: To support and develop a sustainable, thriving and resilient community through leadership and partnerships NOTE: This Document should be read in conjunction with

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Effective from 4 July 2015 Version Number: 2.1 Author: Director of Planning Planning Directorate Document Control Information Status and reason for development Revised updating the

More information

St Patrick s Catholic School

St Patrick s Catholic School St Patrick s Catholic School Risk Management Policy Date 2012 Version No 1 Responsible Person Rodney Linhart Approved By Rodney Linhart Review Date 2016 Related Documents 2a WHS Hazard and Risk Register,

More information

International Diploma in Risk Management Syllabus

International Diploma in Risk Management Syllabus International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.

More information

Risk Management Strategy & Implementation Plan 2014 2016

Risk Management Strategy & Implementation Plan 2014 2016 St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received

More information

INTERNAL AUDIT FRAMEWORK

INTERNAL AUDIT FRAMEWORK INTERNAL AUDIT FRAMEWORK April 2007 Contents 1. Introduction... 3 2. Internal Audit Definition... 4 3. Structure... 5 3.1. Roles, Responsibilities and Accountabilities... 5 3.2. Authority... 11 3.3. Composition...

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT

RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) RISK MANAGEMENT JUST A PART OF PROJECT MANAGEMENT RISK MANAGEMENT OVERVIEW - APM Project Pathway (Draft) Risk should be defined as An uncertain event that, should it occur, would have an effect (positive or negative) on the project or business objectives.

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES

GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES Level 37, 2 Lonsdale Street Melbourne 3000, Australia Telephone.+61 3 9302 1300 +61 1300 664 969 Facsimile +61 3 9302 1303 GUIDELINE NO. 22 REGULATORY AUDITS OF ENERGY BUSINESSES ENERGY INDUSTRIES JANUARY

More information

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES GOVERNMENT ACCOUNTING SECTION DEPARTMENT OF FINANCE MARCH 2004 Risk Management Guidance CONTENTS Pages List of guidelines on risk management

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Issue Date: February 2010 Reviewed: July 2011 Contents Scope...3 Key Points...3 Background...3 Roles and Responsibilities...3 Classification of Risks...4 Risk Evaluation...4 Risk

More information

COMPLIANCE CHARTER 1

COMPLIANCE CHARTER 1 COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...

More information

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb. Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance

More information

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014

CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014 CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014 1 Version 1.0 CONTENTS Security Risks 3 Information Assurance Risk 3 Spreading Best Practice 3 Reporting Risks Upwards 4 Typical Risk Escalation

More information

ENGINEERING COUNCIL. Guidance on Risk for the Engineering Profession. www.engc.org.uk/risk

ENGINEERING COUNCIL. Guidance on Risk for the Engineering Profession. www.engc.org.uk/risk ENGINEERING COUNCIL Guidance on Risk for the Engineering Profession www.engc.org.uk/risk This guidance describes the role of professional engineers and technicians in dealing with risk, and their responsibilities

More information