Risk and Assurance
Risk and Assurance supports effective decision making across the University by ensuring any decisions made by staff are aligned to the agreed risk appetite. However, we can only deliver value when we build trusted relationships with you and a deep understanding of your goals and needs.
At Macquarie University, we all succeed when we achieve our goals, innovatively and safely for people, the environment and the future.
Risk and Assurance is responsible for supporting the University and its controlled entities by identifying and managing the uncertainties – the threats and opportunities – that arise in the pursuit of initiatives and activities, ensuring that everyone operates within the University’s acceptable risk limits.
Our approach recognises:
- the critical role the Council, sub-committees and University governance structures perform in setting the University’s risk appetite and overseeing the University group’s performance in managing risk
- the responsibility of the faculties, departments and Executive in assessing, managing and monitoring the strategic and operational risks when delivering their elements of the business plan
- the responsibility all staff and students have in adopting the risk management process so that we can realise the benefits of projects and operate within acceptable risk limits
- the responsibility the director of Risk and Assurance has in building capability across the University to work within the University’s risk appetite and balance risk and reward, consolidating meaningful risk information for the Executive and relevant council committees
- the value of independent assurance reviews, provided by internal and external audit, in verifying and supporting continuous improvement.
Specifically, that means you can seek support from us to:
- confirm opportunities/initiatives are within the University’s risk appetite and where the tolerance for exposure is low
- evaluate the risks and identify mitigation strategies to ensure we realise the benefits and keep within the University’s risk appetite.
Call on this support when:
- setting a strategic business plan
- considering and executing on a strategic initiative
- planning and executing on projects, events, off and on campus activities, conducting research, delivering on business plans
- scoping either internal or external audits.
Risk and Assurance is also responsible for analysing and presenting the risk profile and the university’s risk performance to the Audit and Risk Committee. Risk profiling is conducted at the strategic level on projects and business operations; it is embedded in strategic planning and in the execution of strategic initiatives.
Effective risk management is the process of identifying and evaluating the nature of uncertainty in an activity/initiative and implementing controls and strategies to limit adverse outcomes whilst realising the benefits.
Understanding our compliance obligations and ensuring appropriate actions are embedded into processes is essential for the effective governance of Macquarie University’s operations.
Given there is over 240 pieces of legislation that apply to the University and its Controlled Entities, a risk based approach has been applied to the review and management of our performance against obligations.
Macquarie’s definition of compliance is based on the AS 3806-2006 Compliance Programs but expanded to reflect the integrated and risk based approach to compliance. Compliance Management at Macquarie University is defined as:
The monitoring and active review of actions, supported by a working knowledge of our obligations, that are routinely and critically employed to reinforce the ‘living’ nature of our performance against legal, regulatory and industry standards obligations.
Given the scope of activities that Macquarie undertakes, the following categories reflect the scope of our Compliance Portfolio:
Macquarie Corporate includes the University and its controlled entities which are covered by legislation and regulations regarding the operations and governance.
Macquarie University Act 1989 sets out the boundaries for the operation of the university and the delivery of services.
Scholarship of Discovery, Teaching and Learning, Integration and Application
Legislation and regulations relate to the delivery and support of academic programs.
- Privacy Act
- Privacy and Personal Information Protection Act 1198
- Health Records and Information Privacy Act 2002
- Public Interest Disclosures Act 1994 (NSW) - PID
- Children and Young Persons (Care and Protection) Act 1998
- Ombudsman Act 1976 (NSW)
- Work Health and Safety Act 2011
- Tertiary Education Quality and Standards Agency - TESQA
- Education Services for Overseas Students - ESOS
- National Health and Medical Research Council - NHMRC
- Australian Research Council grant schemes - ARC
- Gene Technology Act 2000 and Biosecurity Act 2015
- Animal Research Act 1985 (NSW)
- National Statement on Ethical Conduct in Human Research (2007)
- Radiation Control Act 1990 (NSW)
- Environmentally Hazardous Chemicals Act 1985 (NSW)
- Defence Trade Controls Act
Specific industry legislation
There are specific legislation and regulations that the University must adhere to, which include:
- Health and Safety
- Medical, Hospital and Public Health
- Sport and Recreation
- Retail and Asset management
- Accommodation and Hotel
- Building and Asset
Detailed information on these Acts can be found at the Australasian Legal Information Institute.
For a more comprehensive list of the legislation or seek additional support or information contact: firstname.lastname@example.org.
Health and safety
Macquarie University has no appetite to expose any person interacting with the University to harm. As such, we have a rigorous and integrated approach to supporting the University, its personnel and partners to achieve, whilst protecting all those involved and the environment from harm.
The safety management approach follows the W&HS Act 2011 and related regulations and addresses the roles and responsibilities of all parties, the manner and approach to consultation and training and provides the necessary guidance and support to understand, assess and where possible eliminate safety risk.
As part of the safety management system, the University recognises and offers specialised guidance and support in the following categories:
- emergency management
- health monitoring
- individual health needs
- psychosocial safety
- event management
- research safety
- PACE and fieldwork
- hazardous materials
- contractor safety
- manual handling, ergonomics and office-based safety
- incidents and hazard management
- return to work
To seek additional support and information, contact: email@example.com
The University’s insurance program is a support mechanism that involves the proactive management and mitigation of known insurable risk events. We strive to help you prevent loss events, irrespective of the degree of insurance cover that can be purchased.
To help you understand and prevent a loss, we offer the following support:
- pre travel support and guidance
- education on what and how we support you when engaging with third parties and partners
- use and transport of University and personal equipment
- confirming and securing the right cover for your business-related activities and engagements
- information seminars and fact sheets.
If you do incur a loss, we are here to help you. The types of cover are:
- Public liability
- Professional indemnity (for medical and allied health professionals)
- Management, directors and officers liability
- Personal accident and health
- University-owned motor vehicles
- Transport of goods and equipment
- Medical malpractice
- Clinical trials.
To seek additional support and information contact: firstname.lastname@example.org
Modern day audits are valuable to you as they can help you benchmark how your controls and processes against the market/sector, provide insightful support and guidance on how to improve processes and also give you and your stakeholders (eg regulators, government agencies, commercial entities, the Council and the Executive) assurance over our performance.
Our internal audit program is reviewed annually against the Enterprise Risk Profile and ratified by the Audit and Risk Committee of Council. The audits are conducted by PwC and managed by the Risk and Assurance team.
When running an audit, there are three key phases:
- Scoping of the audit. This requires input from the stakeholders of the area to ensure the focus of the audit will add value to the organisation and all key personnel and information is identified. The scope is endorsed by the Executive responsible for the audited area and ratified by the Executive Group
- Conduct of the audit. The audit is conducted with the auditors securing times and material from the identified personnel. This is often called the fieldwork phase.
- Report generation and management sign-off. The auditors report is generated and then provided to management for comment and sign-off. At this stage management can correct any factual errors, query interpretations of information and findings, and make comment on the recommended actions. As an auditor’s report is an independent report, they will take into consideration all of management’s comments and reflect them, but has the right not to change their report.
Need more information?
Our team is structured to reflect the specialisation of our members and the areas of the University to which they are the prime contact person for each of the Faculty, DVC Offices and Controlled Entities. We look forward to working with you contact us at email@example.com
For training on Health and Safety please go to the training page.
For all other risk-related training please email firstname.lastname@example.org