Risk Management Policy

Fact box

  • Policy owner: Vice President Operations
  • Policy category: Governance: Audit & Risk Management
  • Policy status: Approved
  • Approval body: Council
  • Endorsement body: Executive
  • Last amended: 20th Dec. 2022
  • Relevant HESF:


The purpose of this policy is to outline the approach of Alphacrucis University College (AC) to risk management in all academic, administrative and business activities of AC.


Whole of AC


AC is committed to appropriate, consistent, structured and effective risk management processes. The International Standard on Risk Management AS/NZS ISO 31000:2009 defines risk as “the effect of uncertainty on objectives” and risk management as “coordinated activities to direct and control an organization with regard to risk”. AC manages risk continuously and methodically, involving assessment, monitoring, mitigation and review of risks. The AC Risk Management Plan covers all academic and financial activities of AC and fosters an environment where staff assume responsibility for continuous improvement.


Corporate Governance and Risk Management

  • Finance and Audit Committee is responsible for oversight, maintenance and regular review of the financial risks of AC as defined in the AC Risk Management Plan. Academic Risk and Moderation Committee is responsible for oversight, maintenance and regular review of the academic risks of AC as defined in the AC Risk Management Plan.
  • Current and emerging risks will be incorporated into the AC Risk Management Plan as they are identified and reported.
  • The Chair of Finance and Audit Committee will report on financial risk issues to Council, and the Chair of Academic Risk and Moderation Committee will report on academic risk issues to Council.
  • Senior staff members are accountable for: risk management in their respective areas of responsibility and ensuring compliance with risk assessment procedures.
  • Risk management includes communication and reporting on risks that have been identified, as well as risk analysis, evaluation and mitigation options.

Monitoring and Review of Risks

  • The AC Risk Management Plan provides formal mechanisms for monitoring and reviewing risk to benchmark the effectiveness of risk management throughout AC and at all governance and management levels.
  • While risks may never be eradicated, they can be mitigated and controlled. AC employs the following tables to identify Risk Mitigation Strategies and Control Effectiveness:

Risk Mitigation Strategies
The following table is used when identifying and determining Risk Mitigation strategies:




Not proceeding with task, project or activity that is likely to generate the risk


Accept risk and establish appropriate management plan

Reducing Likelihood

Develop processes to reduce likelihood of risk, e.g. preventative maintenance, audits, inspection and testing

Reducing Consequence

Develop processes to reduce consequence of risk. e.g. Contractual arrangements, redesign, security measures, contingency planning


Transfer all or part of risk to second party through insurance, contractual arrangements, organisational structures


Accept all residual risk


Control Effectiveness
The following table is used when determining Control Effectiveness:





Highly Ineffective

Controls are non-existent or have major deficiencies and don’t operate as intended



Limited controls in place, high level of risk remains


Significant Improvement Required

Key controls in place, with significant opportunities for improvement identified


Limited Improvement Required

Controls properly designed and operating, with opportunities for improvement identified



Controls properly designed and operating as intended


The Risk Mitigation Strategy and Control Effectiveness rating relevant to each identified risk are recorded in the Risk Management Plan.


Risk Management Procedures

  • Finance and Audit Committee, and Academic Risk and Moderation Committee, will review the AC Risk Management Plan annually and report to Council.
  • Further, any identified risk may be reported to the appropriate Committee at any time for inclusion in the Risk Management Plan.
  • All staff must take reasonable care of AC property at all times, report all incidents, complaints, losses and near misses involving AC property, and incidents involving visitors and students including, but not limited to, injuries or potential hazards.
  • The AC person or committee responsible for managing each risk will provide an annual update to the appropriate Committee of Council on the mitigation strategies and control effectiveness.
  • Risk management awareness is to be incorporated into the functioning of the Council and its subcommittees, Executive and its subcommittees, and Academic Board and its subcommittees.


Risk ratings are determined through a combination of the consequences for AC if the risk is not treated, and the likelihood of this happening. The following AC Risk Assessment Matrix is to be used as a guide:

The main elements of the AC Risk Management Process are: