Risk Management Policy

Fact box

  • Policy owner: Vice President Operations
  • Policy category: Governance: Audit & Risk Management
  • Policy status: Approved
  • Approval body: Council
  • Endorsement body: Executive Committee
  • Last amended: 11th Jan. 2018


The purpose of this policy is to outline the approach of Alphacrucis College (AC) to risk management in all academic, administrative and business activities of the College.


Whole College


AC is committed to appropriate, consistent, structured and effective risk management processes. The International Standard on Risk Management AS/NZS ISO 31000:2009 defines risk as “the effect of uncertainty on objectives” and risk management as “coordinated activities to direct and control an organization with regard to risk”. AC manages risk continuously and methodically, involving communication, consultation, contextualisation, assessment, treatment, monitoring, mitigation and review of risks. The AC Risk Management Plan covers all activities of the College and fosters an environment where staff assume responsibility for continuous improvement.


Corporate Governance and Risk Management

  • The Finance and Audit Committee is responsible for oversight, maintenance and regular review of the AC Risk Management Plan, which is directly linked to the AC Strategic Plan.
  • Current and emerging risks will be incorporated into the Risk Management Plan as they are identified and reported.
  • The Chair of the Finance and Audit Committee will report on risk issues to Council.
  • Senior staff members are accountable for: risk management in their respective areas of responsibility and ensuring compliance with risk assessment procedures.
  • Risk management includes communication and reporting on risks that have been identified, as well as risk analysis, evaluation, prioritisation and treatment options.

Monitoring and Review of Risks

  • The AC Risk Management Plan provides formal mechanisms for monitoring and reviewing risk to benchmark the effectiveness of risk management throughout the College and at all governance and management levels.
  • While risks may never be eradicated, they can be mitigated and controlled. AC employs the following tables to identify Risk Mitigation Strategies and Control Effectiveness:

Risk Mitigation Strategies
The following table is used when identifying and determining Risk Mitigation strategies:




Not proceeding with task, project or activity that is likely to generate the risk


Accept risk and establish appropriate management plan

Reducing Likelihood

Develop processes to reduce likelihood of risk, e.g. preventative maintenance, audits, inspection and testing

Reducing Consequence

Develop processes to reduce consequence of risk. e.g. Contractual arrangements, redesign, security measures, contingency planning


Transfer all or part of risk to second party through insurance, contractual arrangements, organisational structures


Accept all residual risk


Control Effectiveness
The following table is used when determining Control Effectiveness:





Highly Ineffective

Controls are non-existent or have major deficiencies and don’t operate as intended



Limited controls in place, high level of risk remains


Significant Improvement Required

Key controls in place, with significant opportunities for improvement identified


Limited Improvement Required

Controls properly designed and operating, with opportunities for improvement identified



Controls properly designed and operating as intended


The Risk Mitigation Strategy and Control Effectiveness rating relevant to each identified risk are recorded in the Risk Management Plan.


Risk Management Procedures

  • No contract, agreement or obligation shall be bound upon AC without prior risk assessment by the relevant committee or executive staff member.
  • All staff must take reasonable care of College property at all times, report all incidents, complaints, losses and near misses involving College property, and incidents involving visitors and students including, but not limited to, injuries or potential hazards.
  • A Department Head shall manage all the risks for which s/he is responsible, including documenting and reports the risks and associated management strategies.
  • Risk management training and awareness is to be incorporated into the induction process and ongoing professional development of all AC staff.


Risk ratings are determined through a combination of the consequences for the College if the risk is not treated, and the likelihood of this happening. The following AC Risk Assessment Matrix is to be used as a guide:

The main elements of the AC Risk Management Process are: