Skip to Content
Need Help Live Chat

Risk Management Policy

1. Purpose

To provide assurance to the Canberra Institute of Technology (CIT) Board, the ACT Government and community stakeholders that CIT has an effective risk management framework underpinning all CIT business and learning activities.

2. Scope

This policy applies to all CIT employees, activities, students, contractors, and visitors.

3. Principles

3.1 CIT is committed to ensuring that all business, operational and learning and teaching activities are underpinned by an effective risk management process.

3.2 CIT has adopted an organisational-wide approach, integrating risk management strategies with CIT business processes. Risk management forms part of the overall CIT governance framework.

3.3 This policy aligns with the ACT Government Risk Management Policy 2019 that details the risk management standard expected across Territory entities.

3.4 Risk at CIT is managed through Audit, Risk Management and Corporate Governance. Risk is supported through the Risk Management Framework that consists of a Risk Management Policy and Procedures, the Fraud Control Plan and Workplace Health and Safety (WHS) Policy and Procedures. WHS Risks are managed independently through the WHS Unit.

3.5 CIT's Risk Management Framework is designed to create value, be an integral part of CIT’s organisational governance and decision-making processes.

3.6 Strategic and operational risks are recorded in the CIT Strategic Risk Register, which is reviewed quarterly. Changes to risk ratings, controls and treatments and identification of emerging risks must be recorded.

3.7 The updated CIT Strategic Register is approved quarterly by the Executive Management Committee and endorsed by the Audit Committee and the CIT Board.

3.8 A major review of all risks must be conducted every two years.

3.9 The application of risk management at CIT is conducted in accordance with the Australian and New Zealand Standard ASISO 31000:2018 and the ACT Insurance Authority Risk Management Policy and Framework.

4. Documentation

5. Definitions

Risk management - The processes, structures and culture developed to identify, analyse, evaluate, treat, monitor and communicate risks associated with any activity, function or process in a way that enables organisations to minimise losses and maximise opportunities.

Risk - The chance of something happening that could prevent or impair the achievement of objectives and outcomes. It can be a hazard or an opportunity.

Risk Register - The document to report risk assessment, treatment, and other management information. CIT uses the ACTIA risk register template.

6. Policy Contact Officer

Manager Audit, Risk and Corporate Governance on 62052968.

Contact CIT Student Services on (02) 6207 3188 or email for further information.

7. Procedures

This policy is implemented through the associated Risk Management Procedure. Authority to make changes to the procedure rests with the policy owner.