Risk management procedure

Intent and objectives

To provide a systematic process for risk management that is directed towards realising opportunities whilst managing adverse effects on RMIT.


RMIT University.

Procedure steps and actions

Management of enterprise risks




1. The Vice Chancellor's Executive (VCE) undertake a formal review of RMIT’s enterprise risks together with the status of treatment actions relating to these risks twice annually.

2. Enterprise risks are those risks with a risk level that is Very High or High identified through application of the risk management process outlined in this procedure.

IARM prepares submissions for consideration and endorsement by the VCE.

Twice per annum

3. The Internal Audit & Risk Management Group (IARM) provide overall coordination and direction to the University’s risk assessment programme, perform analysis of risks underlying the key enterprise risk trends and report to VCE and the Council Audit and Risk Management Committee (ARMC) on the management of enterprise risks.

IARM prepared submissions incorporating VCE’s input for information of the ARMC.

4. All submissions to University Committees, Council and Council Committees address the potential risks to the University of recommendations that are made and outline the risk management plan to mitigate the identified risks.

All staff that submit papers

Upon each submission

Management of operational risks




1. Portfolios, Colleges, Schools and Operating Groups’ perform an assessment of operational risks as part of their annual Work Planning process. The risk assessment is conducted in accordance with Appendix 1 of this procedure and covers all activities managed by the Portfolio, College, School or Operating Group.

2. Portfolio’s Colleges, Schools and Operating Groups monitor the completion status of risk mitigation plans for risks associated with their Work Plans regularly throughout the year.

3. Risk Champions nominated within each Portfolio and College co-ordinate the risk management process in their respective areas, including facilitating a collaborative approach for the identification and assessment of risks and maintaining a register of these risks and the associated controls and risk treatment actions in the University’s risk management system, Risk Wizard. They also report on the completion status of treatment actions relating to Very High and High operational risks as part of the half yearly reports to VCE and the ARMC.

Executive Team members, Heads of School, Executive Directors and Directors responsible for Portfolio’s, Colleges, Schools or Operating Groups in conjunction with Risk Champions (where appointed).

Annually in conjunction with Work Planning

Regularly in conjunction with Work Plan review and monitoring

4. IARM provide training and advice to all staff in relation to the process for managing risks and administer the Risk Wizard application that is used by Risk Champions to capture and report on risk registers.

IARM Group

Management of risks associated with significant functions or activities




1. Staff with management responsibility for a significant function or activity (including projects, major events, agreements and commercialisation activities) integrate risk management into planning and management activities within that function or activity. This includes conducting a formal risk assessment in accordance with Appendix 1 of this procedure.

2. Staff should liaise with their Portfolio or College Risk Champions or the IARM Group to determine the most appropriate mechanism for capturing their risk assessments (i.e. through the RMIT Risk Management Information System Risk Wizard, or alternatively by maintaining a stand alone risk register using the University Risk Register template).

3. Responsible staff should monitor the completion status of risk mitigation plans for risks associated with their function or activity throughout the year.

Relevant RMIT University staff


[Next: Appendices]