| Principles of Risk Management: | Compliance with the principles will deliver or ensurethat: |
|---|---|
| Create and protect value | The organisation can demonstrably pursue its strategic objectives in research, learning and teaching, commercial undertakings and community engagement. |
| Are an integral part of all organisational processes | Risk management principles and practices are embedded into governance, enterprise and operational strategy, planning and management, policies, values and culture. |
| Is part of decision making | Each individual recognises the statutory mandate for risk management that is led by the Board of Directors, its Executive Committee, the Executive Director, the Director Programmes, and senior staff so that all decision-makers make informed choices, prioritise actions and recognise options and alternative courses of action and their consequences. |
| Explicitly address uncertainty | In taking account of uncertainty, decision-makers have regard for context and use knowledge, evidence and judgment to treat or mitigate risk. |
| Are systematic, structured and timely | The Organisation’s approach to risk pursues both effectiveness and efficiency to achieve consistent, comparable and reliable results. |
| Are based on the best available information | In using their judgment and discernment, decision-makers will consider available information, experience, forecasts and stakeholder feedback. |
| Are tailored for the internal and external context | Decision-makers consider the statutory and operational mandates, requirements and expectations of internal and external regulators, auditors, funders, governing authorities and agencies; and account for the Organisation’s strategic plans, risk profile and undertakings. |
| Takes human and cultural factors into account | The Organisation recognises the capabilities, perceptions and intentions of external and internal people and communities that can facilitate or hinder the achievement of the Organisation’s objectives. |
| Is transparent and inclusive | The Organisation engages with internal and external stakeholders and decision makers to ensure that risk management remains relevant and up to date. |
| Is dynamic, iterative and responsive to change | The Organisation responds to the changing needs of the Government, the NGO sector, the beneficiaries, staff and project partners by continually self-assessing, monitoring and reviewing its risk profile and identifying new and emerging risks. |
| Facilitates continual improvement of the organisation | The culture of risk management will continue to grow and mature across all areas of the Organisation. Robust risk assessments and processes will encourage the identification and application of controls and treatments and result in better decision making and improved support practices. The Organisation’s commitment to a centrally managed risk register has improved transparency, and will continue to facilitate better reporting, and enhance continual improvement. For this reason, the Organisation’s Risk Register is a mandatory part of reporting and managing risk. While the principles of risk and the risk management process are generic and applicable to all fields of risk, the reporting, management and monitoring of specific types of risk varies across the Organisation. In order for the Organisation to meet its statutory obligations, all occupational health and safety incidents, injuries, hazards, near-misses and concerns, are reported to, recorded, assessed and managed by the Human Resources Department using its systems and processes. |