Skip to Content
Need Help Live Chat

Risk Management Policy

1. Purpose

To improve decision-making, performance and accountability, while reducing the likelihood of risk, through a systematic approach to the identification, analysis and reporting of risk, as part of sound corporate governance.

2. Scope

This policy applies to all of Canberra Institute of Technology (CIT) employees, activities, students, contractors, and visitors.

3. Principles

3.1 CIT is committed to ensuring that all business and operational processes are underpinned by an effective risk management process.

3.2 CIT has adopted an organisational-wide approach, integrating risk management strategies with CIT business processes. Risk management forms part of the overall CIT governance framework.

3.3 CIT's Risk Management Framework, including the Enterprise Risk Management Profile, is designed to create value, be an integral part of CIT’s organisational governance and decision making processes, and is factored into CIT operations including: business planning; performance management; accountability; audit and assurance; business continuity; and project management.

3.4 The Enterprise Risk Management Profile explicitly addresses uncertainty, is dynamic and adaptable to change.

3.5 The Enterprise Risk Management Profile is comprehensively reviewed every two years, updated quarterly and is recommended by the CIT Audit Committee, to the CIT Board for approval.

3.6 The application of risk management at CIT is conducted in accordance with the Australian and New Zealand Standard, AS/NZS 31000 2018; the ACT Government Risk Management Framework; and the ACT Insurance Authority Risk Management Framework.

4. Documentation

5. Definitions

Context - This is the environment which makes up CIT. It includes stakeholder needs, customer expectations, Information Technology capabilities available to CIT etc. The section under Procedure 'Establish the operating and organisational context' under Risk Management Procedures Page 3, provides a more detailed definition.

Risk - The chance of something happening that could prevent or impair the achievement of objectives and outcomes. It can be a hazard or an opportunity.

Risk management - The processes, structures and culture developed to identify, analyse, evaluate, treat, monitor and communicate risks associated with any activity, function or process in a way that enables organisations to minimise losses and maximise opportunities.

Risk management profile - The document to report risk assessment, treatment, and other management information.

6. Policy Contact Officer

For more information about this policy contact the Senior Manager Audit, Risk and Corporate Governance.

Contact CIT Student Services on (02) 6207 3188 or email

7. Procedures

This policy is implemented through the associated Risk Management Procedure. Authority to make changes to the procedure rests with the policy owner.

Policy No: 2017/885
Approved: August 2019
Next Review: August 2020
Category: Student Policies, Staff Policies, Corporate Policies
Policy Owner: Executive Director, Corporate Services
Risk Management Procedures
(PDF File 1.0 MB)


Browse Policies
Policy Glossary
Complaints Form
Client Service Charter
Student Code of Conduct
2020-09-11: Advertising, Marketing and Program Information for Students Policy
2020-08-04: Sponsorship Policy
2020-07-03: Australian Aboriginal and Torres Strait Islander Student Policy
2020-05-27: Assessment Policy
2020-03-10: Home Garaging of CIT Vehicle Policy