Risk Management Policy
1. Introduction
1.1 Effective risk management is central to the College achieving its strategic goals.
1.2 This means that the College must have a current, relevant, and comprehensive understanding of its risks and that those risks are of a type and at a level that are acceptable to the College.
1.3 By understanding its risks and treating its unacceptable risks, the College can provide greater certainty and security for its Fellows, Trainees, employees, regulators, and stakeholders.
1.4 The College will be better informed, more decisive, and function with increased confidence to achieve its goals.
2. Purpose and application
2.1 This document outlines the policy for risk management by The Royal Australasian College of Physicians (the College).
3. Scope
3.1 All College Bodies, Fellows, Trainees, Management and Team members must adhere to this policy.
4. Risk aware behaviours
The RACP will be risk aware as evidenced by the following expected behaviours:
4.1 Tone from the top – the RACP recognises that risk is inherent in every activity of the College and proactively integrates risk awareness, assessment, and management behaviours into all College activities. Risk will be assessed against the Board’s published risk appetite statements and management and mitigations approach developed as appropriate.
4.2 Continuous disclosure:
- The College community will communicate bad news (concerns) and good news (opportunities) on time to the relevant manager
- Managers will listen to, and respond appropriately to, concerns or opportunities, and the College community will be encouraged to speak openly and honestly
- Senior Leadership will monitor risk and will disclose risks identified as approaching or exceeding the RACP's risk appetite
4.3 Prudent decision-making – policies, delegations, processes, and procedures will reflect the degree of risk, empowering agility and innovation. Decisions will be prompt and prudent, based on relevant information.
4.4 Single line accountability – individuals will be held to account for the success of activities, projects, or functions, even when working in groups or teams. Team members will be appropriately empowered to deliver agreed outcomes within the RACP's risk appetite.
5. The policy
5.1 The College will adopt a structured and consistent approach to assess and treat all types of risk, at all levels and for all activities in the College, consistent with the AS/NZS ISO Standard 31000:2018 Risk management - Principles and guidelines.
5.2 The College will develop and maintain guidelines and procedures to assist Management, Team members, Fellows, trainees, and members in assessing and treating risks.
5.3 The College’s aim is for high-quality risk management activities to be integrated with all its critical processes so that before events occur or there is a change in circumstances that might enhance or prevent the College from achieving its purpose and objectives, the College can recognise and respond to the risks in a consistent, proactive way. Equally, if unintended events occur, the College will use systematic processes to learn the lessons from its successes, failures, and near misses. The College will drive operational excellence and organizational learning and growth.
5.4 The Finance and Risk Management Committee has delegated authority under section 7 of its By-Law to oversee the College’s risk management activities and performance and will report on such to the Board.
5.5 The Board, through the College Finance and Risk Management Committee, will make sure that the necessary resources are available to ensure that the College’s risks are managed effectively.
6. Roles and responsibilities
| Role |
Responsibilities |
| 6.1 Board |
1. Governance of the College and promotion of the College’s interests by:
- ensuring that a sound system of risk management and internal control is implemented which, in all material respects, implements the policies adopted by the Board
- oversight and monitoring of the College’s performance, the management of its most critical risks, and the effectiveness of its control processes
- determining the appropriate level of risk that the College is willing to accept
- reviewing recommendations from the Finance and Risk Management Committee and determining future actions
- approval of the College’s list of strategic risks and risk treatment strategies (the strategic risk register)
2. Setting the ‘tone at the top’ by championing the College’s risk management processes and encouraging the right attitude to risk management amongst Fellows, trainees, and Team members.
|
| 6.2 Finance and Risk Management Committee |
1. Monitoring the implementation of the risk management framework by:
- receiving reports from management, external and internal auditors, legal counsel, regulators, and consultants as appropriate
- monitoring the strategic risk register
2. Reporting to the Board concerning the management of risks within the College.
3. At least annually providing to the Board an up-to-date register of the key risks facing the College.
4. Assessing whether the College’s risk management processes are continually adapting to reflect the changing environment.
|
| 6.3 Chief Executive Officer |
1. Implementing a sound system of risk management and internal control which, in all material respects, implements the policies adopted by the Board.
2. Ensuring that the risk management policy and framework are understood, adopted, complied with and effective at all levels of the College.
3. Ensuring that a College-wide risk register, together with appropriate risk treatment plans, is reviewed and updated at least twice a year.
4. Championing the College’s risk management processes and encouraging the right attitude to risk management amongst Fellows, trainees, and Team members.
5. Making any reports and disclosures relating to risk required by law or regulation.
|
| 6.4 Senior Leadership Group |
1. Ensuring that:
- all material risks to the College are detected, understood, and responded to in accordance with its risk management policy and framework
- risk management activities and internal control systems operate effectively
- any inconsistencies, conflicts, and gaps in the College’s risk management activities and internal control systems are identified and addressed
- new and emerging risks are identified, assessed, and escalated to the Board where appropriate
2. Determining the relative priorities of strategies to manage risks and allocating resources between treatment strategies.
3. Assigning ownership of material risks.
4. Approving the risk analyses and risk treatment plans prepared by unit managers, project managers or process owners, including approval of additional resources where required.
5. Developing performance indicators to measure the effectiveness of the risk management activities and risk treatment plans for which they are accountable.
6. Identifying and monitoring:
- the adequacy and effectiveness of the key controls on which the College is heavily reliant
- legal and regulatory obligations imposed on the College and appropriate compliance regimes
- systems, policies, processes, and procedures that promote effective risk management
|
| 6.5 College Bodies, Heads of Programs, Projects and Functions |
1. Identifying potential risks and advising the relevant member of Senior Management accordingly.
2. Managing risk as it arises in their area(s) of responsibility as allowed by their By-Laws or Terms of Reference.
3. Complying with all College policies, frameworks, and guidelines, including the:
- Risk Management Policy
- College Code of Conduct (where relevant)
4. Being aware of and accountable for the risks, controls, and treatment tasks allocated to them.
|
| 6.6 Risk and Compliance Manager |
1. Supporting the CEO in ensuring that the:
- directives of the CEO and the Senior Leadership Group are implemented and followed
- risk management framework is understood and coordinated across the College
- risk management processes are implemented and working effectively
2. Collation and recording risks identified and treatment strategies in the Risk Register.
3. Providing the Board, College Bodies, and Team members with regular and appropriate training on risk management principles and procedures.
4. Monitoring of compliance with the risk management cycle; and reporting on new, emerging, and material risks to the Finance and Risk Management Committee.
5. Supporting program and business managers in their risk management responsibilities by:
- advising on appropriate risk management procedures and measurement methodologies throughout the College
- assisting in the identification of stakeholders and parties affected by a potential risk
- reviewing risk analyses and risk treatment plans prepared by management, challenging the bases of assumptions, and advising on potential treatment strategies prior to submission for approval by the Risk Owner
- providing risk workshops where required
6. Co-ordinating risk management training and a network of risk champions throughout the business.
|
7. Review of policy
7.1 This policy will be reviewed every two years or as required in the event of legislative changes or requirements. The policy may also be changed as a result of other amendments.
7.2 Team members and members of the College may provide feedback about this document by emailing RACPPolicy@racp.edu.au.
8. Definitions
| Term |
Meaning |
| 'Board' |
The Board of Directors of the College. |
| 'College' |
The Royal Australasian College of Physicians, ACN 000 039 047, an incorporated body limited by guarantee. |
| 'College Body' |
1) the council of each Division or Faculty of the College
2) the Committee of each Chapter formed within a Division or Faculty
3) each Board Committee
4) each Committee, sub-committee, working group, expert advisory group or other sub-group formed under the auspices of any of the above, whether limited in time or purpose or not |
| 'College Group' or 'Group' |
The Board and any College Body. |
'Fellow', 'Trainee' and 'Member'
|
Have the same meaning as in the College Constitution |
| “Material Risk” |
Those risks, either strategic or operational, that the Senior Leadership recognises as having the potential to materially impact the College’s performance |
| "Senior Leadership Team” |
The Chief Executive Officer, General Counsel, and Executive General Managers of the College |
| Team members |
Employees of the College, contract workers, and volunteers engaged in the operations of the College. |
9. History
| Item |
Amendment |
Date |
| 1 |
Initial approval |
22 March 2012 |
| 2 |
Updated references to College Risk Management Committee to reflect merger with Finance Committee |
2 February 2017 |
| 3 |
Updated reference to ‘Department’ and ‘Owner’ to reflect change in organisational structure
Updated reference to AS/NZS standard 31000 to reflect adoption of updated standard
|
February 2020 |
| 4 |
Amendment of section 2.4 and addition of Section 3 'Roles and Responsibilities'
|
April 2020 |
| 5 |
Addition of 'education' to the role of Risk and Compliance Manager
|
May 2020 |
| 6 |
1. Explicitly included Fellows, trainees, Management, and Team members in the scope
2. Inserted section 4 “Risk-aware Behaviours”
3. Strengthened wording of clause 5.4 to emphasise the role of the FRMC.
4. Minor terminology adjustments: “staff” and “employees” to “Team members”, “Senior Leadership Group” to “Senior Leadership Team.”
5. Minor grammatical and stylistic changes
6. Updated document to new template
|
June 2022 |
Policy is approved by the College Board, effective 22 March 2012. Last updated June 2022.