28 October 2014

The importance of risk management

Having a robust risk management framework in place is a mark of maturity for any professional organisation.

It means that you’re being pro-active and forward thinking - acknowledging and planning for possible future events that may have a detrimental impact on your business.

RMIT has implemented a university wide framework that establishes a systematic process for the identification, management and monitoring of risk. The framework is supported by Council’s Audit and Risk Management Committee who regularly monitor and report on the risk arrangements in place. The committee’s June 2014 report lists some 18 Enterprise risk themes across the University, including technology risk.

Darren Bass, Senior Manager ICT Governance at ITS, explained that the growing reliance on IT as an enabler of RMIT business means that there will always be a level of risk involved with technology and shouldn’t be something to shy away from.

“With increasing dependencies on IT and the emergence of social media, mobile solutions and cloud computing, there are going to be vulnerabilities and risk that we need to account for. Good risk management is about creating a ‘no surprises’ culture. It’s important to be open and transparent and have honest conversations so that informed decisions and mitigation activity can be prioritised.”

A key finding in this year’s report was the acknowledgement of significant improvement in the understanding and management of technology risk, operating environments and infrastructure across the IT organisation.

“We’ve really made risk awareness a key platform and embedded it into the way we work at ITS. Monthly risk management meetings are held across the six divisions in ITS so that it’s always aligned with our work plan and front-of-mind in our ongoing process.”

[Source: Russell Burgess, ITS]