Amazing Opportunities

for everyone

Apply Now

Risk Management Policy

PURPOSE

This policy provides information and guidance on Global Leadership Institute (GLI)’s approach to risk management. This policy covers the two major types of risk, namely operational risks and financial risks. GLI recognises the need for risk management to feature as a consideration in strategic and operational planning, day to day management and decision making at all levels of the Institute.

DEFINITIONS

Risk: effect (positive or negative) of uncertainty on objectives. Risk is considered with reference to possible consequences and likelihood of occurrence.

Risk Management: tool used to support the achievement of strategic and operational goals of the company. The risk management framework provides a standardised approach to assessing risk at any level of the organisation. Risk management:

  • creates and protects value by contributing to the achievement of objectives and improved performance;
  • is an integral part of organisational processes, from strategic planning to project management and day to day activities;
  • forms part of the decision-making process, allowing informed choices between alternative courses of action with different risk profiles;
  • explicitly addresses “uncertainty”;
  • is systematic, structured, timely;
  • is based on the best available information, and acknowledges limitations of data;
  • recognises the impact of human, cultural and environmental factors on objectives;
  • includes perspectives of all stakeholders, not just management;
  • is dynamic and responsive to change and continues to take account of new or emerging risks; and
  • is continually improving as the organisation grows.

Action Owner: person responsible for implementing the future treatments.

Causes: origin of the risk and/or the mechanisms that fail.

Consequence Rating is the extent to which the risk will affect the Institute/Unit if it occurs.

Existing Treatments: existing treatments that may include procedural or administrative policies or physical barriers.

Future Treatments: specific treatments that will further prevent and/or mitigate the risk event.

Impacts: consequences or outcome that the Institute can expect if the risk eventuates.

Likelihood Rating: chance that the risk will occur.

Resolution/ Review Date: date the treatments will be resolved or reviewed.

Risk Event: brief description of an event that impacts on the achievement of the Institute’s objectives.

Risk Owner: person with responsibility for ensuring that the risk is effectively managed.

Risk Rating: product of the consequence and likelihood that defines the magnitude of the risk.

Risk Register: summarises all the assessed risks within the Institute.

All Accounting definitions: within this document are in accordance with Australian Accounting Standards.

Fraud: Dishonest activity causing actual or potential loss to any person or entity including theft of money or the property of other employees or people external to the Institute and where deception is used immediately before or immediately following the activity. The deliberate falsification, destruction, concealment or use of falsified documentation intended for use for a normal purpose or the improper use of information or a position for personal benefits.

A critical incident: situation or traumatic event which causes or presents a significant risk to students and staff of the Institute outside the normal range of experience of the people affected. Critical incidents encompasses situations such as bodily harm, property damage, legal involvement, media activity, pandemics, natural disasters, war or acts of terrorism or other unusual activity that falls outside the scope of activity undertaken by Governing Board.

Business Continuity Management (BCM): whole of organisation process for managing the Institute’s operations to ensure that critical functions can, in the event of a material disruption arising from internal or external events, be maintained or restored in a timely fashion with minimal impact to staff, students and the general community.

Business Continuity Plans (BCP): collate the instructions / actions that underpin the business continuity management strategy for the Institute’s critical functions.  They are used to manage incidents.  The BCP details continuity / interim actions to be immediately implemented to achieve the highest level of operational performance with the resources available and taking into account the specifics of the interruption situation.

Business Impact Analysis: series of analyses to determine function criticality and to gather information about critical functions, their dependencies and resource requirements.

PRINCIPLES

GLI principles for risk management include:

  • acknowledging that as a part of the Institute’s good governance and corporate management processes, risk must first and foremost be managed at the corporate level;
  • managing and minimising risk by identifying, analysing, evaluating and treating exposure that may impact on the Institute achieving its objectives;
  • training and knowledge development in the area of risk management;
  • monitoring and reviewing the performance and the progress being made in developing an appropriate culture and implementation of risk management strategies;
  • ensuring that risk management is an integral part of the decision-making process at all levels of the Institute;
  • fostering an environment where staff assume responsibility for identification, implementation of control strategies and management of risk;
  • implementing risk management across all aspects of the Institute in accordance with best practice;
  • ensuring that appropriate monitoring, review and reporting processes are in place for risk management;
  • affirming that risk management is the responsibility of all staff, including identifying, assessing and monitoring by staff on an ongoing basis;
  • incorporating risk management into the strategic and operational planning and quality processes at all levels within the Institute.

The GLI Risk Management Plan details the process for the identification, analysis, treatment, monitoring and reporting of risks. This includes strategic, operational and project-based risk and the development of the Institute’s Risk Register.

Risks will be identified, analysed, treated, monitored and reported on an ongoing basis at nominated levels within the Institute in accordance with organisational responsibilities.

GLI’s risk management principles require its Risk Management Framework to:

  • align with GLI’s vision and mission;
  • have clear accountability, ownership and governance;
  • be embedded within its operations, processes and systems;
  • be systematic, transparent and consistently applied;
  • include effective consultation and communication across the Institute;
  • consider the context in terms of both the internal and external environments;
  • be integral to evidence-based decision-making at all levels of the Institute; and
  • facilitate continual improvement

ROLES AND RESPONSIBILITY

  • Governing Board is responsible to ensure that the Risk Management Policy is formulated, implemented and regularly updated.
  • Department managers must report directly to the President on hazards within their areas of responsibility so that plans can be made to alleviate potential risks.
  • The President is responsible for making a full disclosure to Governing Board of risks, as they arise.
  • The risk management policy is the responsibility of Governing Board.
  • The Institute’s Risk Management Committee is responsible for reviewing the risk management practices of the Institute and assessing the effectiveness of the risk management framework.
  • The Executive Management Team will coordinate, facilitate and periodically review the Institute’s Risk Management Plan;
  • Managers will ensure that staff within their areas understand their responsibilities and assist in fostering a risk-aware culture. Training and assistance will be provided as required, to relevant staff to assist with risk management.
  • Staff are responsible for adhering to the Institute’s Risk Management Policy, Risk Management Plan and other related documentation.
  • All staff and students have a role in the management of risk within their area of influence.

RISK MANAGEMENT FRAMEWORK

GLI basis its Risk Management Framework on Standards Australian and Standards New Zealand: 

  CONSEQUENCES
LIKELIHOOD Insignificant Minor Moderate Major Severe
Almost Certain Moderate Moderate High Very High Very High
Likely Moderate Moderate High High Very High
Possible Low Moderate Moderate High Very High
Unlikely Low Low Moderate Moderate High
Rare Low Low Low Moderate High

 

KEY:

Very High Potentially devastating consequences – Immediate action required
High Potentially damaging – Action required
Moderate Implement monitoring or response procedures
Low Treat with routine procedures

RISK MANAGEMENT PLAN

The Risk Management Plan assesses the operational risk that may occur due to the breakdown of internal controls and corporate governance. Other risks include major failure of information technology systems or events such as fires and other natural disasters, as well as financial risk that may occur due to factors such as decreased enrolments that could reduce the revenues needed to carry on daily operations.

The Risk Management Plan includes:

  • Comprehensive policies approved by Governing Board;
  • Processes in place to implement necessary policies;
  • Code of Conduct for staff and students;
  • Responsibilities and levels of authority required in relation to various types of activities and exposures are clearly defined;
  • Proper and adequate delegation of duties;
  • Adequate procedures for recording, monitoring and reporting the complaints received from the students and ensuring that this is done in a systematic manner;
  • Adequate screening processes are in place for recruiting staff with the necessary experience and professional capabilities;
  • Staff training programs are organised to provide adequate training;
  • Adequate policies and controls are in place to ensure that all transactions are documented and properly executed, confirmed and maintained;
  • Adequate controls are in place over the accounting and record keeping processes.

Risk Management Model

The Institute’s Risk Management Model integrates the Risk Management Principles and Risk Management Process. The Risk Management will be implemented through the following key processes:

  • establish context;
  • identify;
  • analyse;
  • evaluate;
  • treat;
  • communicate and consult
  • monitor and review.

Establish Context

Establish the external, internal and risk management context in which the risk process will take place.

Identify

Identify where, when, why and how events could prevent, delay or degrade the achievement of the Institute’s strategic goals and objectives. Staff will need to outline the:

  • Risk Event – brief description of the risk; and
  • Risk Owner – person responsible for the risk and ensures that the risk is effectively managed

The Risk Owner will usually be a member of the Executive Management.  When identifying risks, staff are encouraged to focus on the high-level risks that impact upon the relevant organisational unit (Unit) and/or the Institute.

Analyse

Identify and evaluate the causes, impacts and existing treatments, and assess the consequence and likelihood of the risk and determine the risk rating controls. This analysis should consider the range of potential consequences and how these could occur. Staff will need to outline the:

  • Causes – origin of the risk and/or mechanisms that might fail
  • Impacts – consequences or outcomes that the Unit and/or Institute can expect if the risk eventuates
  • Existing Treatments – existing treatments that are in place, which may include procedural or administrative policies or physical barriers
  • Likelihood Rating – chance that the risk event will occur
  • Consequence Rating – extent to which the risk will affect the Unit and/or the Institute if it occurs; and
  • Risk Rating – product of the consequence rating and likelihood rating, which defines the magnitude of the risk

The Institute’s Risk Rating Plan is used to determine the risk rating for identified risks with existing treatments. Staff will need to consider the likelihood of the risk occurring (ranging from ‘Rare’ to ‘Almost Certain’) and the consequence if the risk is realised (ranging from ‘Insignificant’ to ‘Severe’).

Evaluate

Compare estimated levels of risk against the pre-established criteria and consider the balance between potential benefits and potential adverse outcomes. This enables decisions to be made about the treatment required and about priorities.

Treat

Implement both existing and future treatments in order to prevent and/or mitigate the risk. Staff will need to outline the:

  • Future Treatments – specific treatments that will further prevent and/or mitigate the risk event
  • Action Owner – person responsible for implementing the future treatments; and
  • Resolution/ Review Date – the date the treatments will be resolved or reviewed

Staff should outline all the future treatments that will be implemented, either in the short- term or long-term, to prevent and/or mitigate the risk event. The risk treatments should be appropriate for and indicative of the risk rating.

The Action Owner, in consultation with the Risk Owner, is responsible for ensuring that the risk treatments are implemented in accordance with the resolution/review date. Following the continuation of existing treatments and implementation of future treatments, the risk should be reduced or minimised.

Once a future treatment has been implemented, it will become part of usual business practice and be considered an existing treatment.

Communicate and Consult

Provide regular reports and updates to assure Governing Board, Risk Management Committee and key stakeholders that risks are being appropriately managed and treated.

The frequency and method of reporting may vary and would reflect the significance of the risk and whether the risk is managed at a Unit level or is listed on the Institute Risk Register. Reporting on risks identified in the Risk Register will occur each quarter to Risk Management Committee and Governing Board.

The President and Executive Management Team will be responsible for determining whether any of the risks identified by Units pose a significant risk to the Institute and should be included on the Institute Risk Register. A communication plan for both internal and external stakeholders will be developed to address issues relating to both the risks and the process to manage them.

Monitor and Review

The strategies used to manage risk must be regularly monitored and evaluated. Ongoing reviews are essential to ensure the effectiveness and appropriateness of the Institute’s Risk Management.

The Risk Owner, in consultation with relevant staff, will need to review the:

  • Risk event, causes and impacts
  • Risk rating to ensure it is appropriate; and
  • Existing and future treatments (including the resolution/review dates) to determine whether further treatments are required

The strategies used to manage risk must be regularly monitored and evaluated. Ongoing reviews are essential to ensure that the management plan remains relevant.  A review of the risk management plan will:

  • Monitor existing risks
  • Identify new risks
  • Identify any potential hazards
  • Evaluate the effectiveness of current risk treatment or its management strategies.

The risk management plans can be reviewed by the following methods:

  • Observations
  • Physical inspections
  • Incident reports
  • Questionnaires
  • Interviews with stakeholders
  • Regular review of risk treatment procedures, and
  • Repeat of the risk management process.

Risk management processes should be recorded appropriately. Assumptions, methods, data sources, analyses, results and reasons for decisions should all be recorded

Business Continuity Planning

Business continuity planning is necessary to consider the legal responsibility of the Institute, the possibility of financial loss and the impact of an event which may interrupt the operations of the Institute and the provision of higher education.

Management has a legal responsibility to protect its corporate resources and information. Any interruption to the normal operations of the Institute can be damaging to the Institute’s reputation and future relationships with students and other stakeholders, including regulators.

A Critical Incident is a situation or traumatic event which causes or presents a significant risk to students and staff of the Institute such as bodily harm, property damage, legal involvement, media activity, pandemics, natural disasters, war or acts of terrorism or other unusual activity that falls outside the scope of activity undertaken by Governing Board. The Institute’s Critical Incident Management Policy (CIMP) covers the management of critical incidents.

The Business Continuity Plan (BCP) complements the Institute’s procedures guiding safe practices for staff, regular maintenance of buildings and facilities and evacuation procedures in case of emergency. It includes Information Technology (IT) continuity planning; financial contingencies; academic continuity planning and succession planning. The BCP will identify and assess risks which could give rise to disruptions to critical services.

Financial contingencies

The owners have pledged adequate financial resources in the start-up phase of the Institute’s operations. The Strategic Plan requires the Institute to maintain substantial cash and investments of at least 10% of annual operating revenue to ensure long term financial sustainability and ready availability of funds to meet contingencies. The Institute recognises there may be calls upon these contingency funds to ensure business continuity. These contingency arrangements are separate from Course Assurance and Tuition Assurance arrangements the Institute have in place.

Governing Board monitors all financial matters of the Institute and receives advice on financial risk from the Finance and Budget Committee. The Institute mitigates financial risk through:

  • careful monitoring of financial activities through regular reporting processes to Governing Board
  • financial delegations through the Institute’s Delegations Register; and
  • through relevant financial, risk and fraud policies and procedures.

IT continuity planning

The Institute’s IT continuity plans are part an aspect of the Business Continuity Plan. This plan includes the backup procedures for all the Institute information systems including data, student management system, accounting management system and email system, access to backup servers and the ability to mitigate server failure through multiple servers. A detailed service level agreement, including disaster recovery and backup arrangements, will be executed with the outsourced IT provider prior to the implementation of the organisational IT systems.

Academic continuity planning

The Institute’s academic continuity planning is about providing a quality student experience for all students enrolled with the Institute.

The following are possible events that could affect the academic continuity of students:

  1. Disruptions to teaching continuity
  2. A course of study is discontinued by the Institute
  3. A course of study is not offered due to revocation or non-renewal of accreditation by the regulator
  4. The Institute ceases to operate as a higher education provider due to revocation of registration or non-renewal of registration by the regulator

  1. Disruptions to teaching continuity

Disruptions to teaching can be due to a planned event e.g. study or conference leave, annual leave or planned sick leave of the academic staff; or an unplanned event – e.g. death, sudden illness, injury or bereavement, unexpected resignation or dismissal, or a critical incident. The disruption can be either short- or long-term.

The Institute does not consider planned instances where teaching continuity is affected as posing a risk to students’ learning needs as these are addressed in the relevant policies, procedures and administrative arrangements.

If the disruption due to an unplanned event is short term in nature, then arrangements could include:

  • alternative learning support
  • rescheduling of classes (mutually agreed time for the relevant staff and students), or
  • the academic staff member ensures that the learning outcomes of the unit are met through a variety of possible means, according to the professional judgment of the academic staff member concerned

If the disruption due to an unplanned event is long term (more than a week) in nature due to academic staff unavailability or a critical incident which renders facilities unavailable, then arrangements could include:

  • existing staff able to cover part or full period of disruption
  • engaging suitably qualified and experienced staff to provide teaching continuity
  • use of alternate sites in the event of critical incident

  1. A course of study is discontinued by the Institute

In the event of a course of study being discontinued by the Institute, the Discontinuation and Teach-out Policy and Procedures will be followed.

  1. A course of study not offered due to revocation or non-renewal of accreditation by the regulator; or
  2. The Institute ceases to operate as a higher education provider due to revocation of registration or non-renewal of registration by the regulator

Should the Institute cease to operate or cease to offer a course of study in which domestic students are enrolled, the Institute has contingency plans in place.

The Institute’s overseas students and domestic students covered by FEE-HELP will be protected by the Tuition Protection Service (TPS) which is established under the Education Services for Overseas Students Act 2001 (Cth). The TPS ensures that overseas students are able to complete their studies in another course or with another higher education provider or to receive a refund of their unspent tuition fees.

Succession planning

The Institute is cognisant of the risk of loss of key staff and the need for it to be mitigated through succession planning. The HR Manager will work with Risk Management Committee and Academic Board to develop a succession plan for Governing Board’s consideration and approval.

Risk Management Plan Review

The Risk Management Plan will be reviewed every three years.

Scope

Whole Institute

Key Stakeholder

All staff and students

Fact Box

Owner : Chair, Executive Management Team

Approval Body : Governing Board

Endorsement Body : Executive Management Team

Close

Associate Professor Jason Hartley

Jason Hartley is lecturer in criminology at Griffith University in Brisbane, Australia. He is a former police officer with 23 years of experience, and has trained personnel for deployment in Timor Leste, the Solomon Islands, Iraq and Afghanistan. Jason specializes in, and has published on engagement with Muslim communities, Indigenous Polynesian approaches to rehabilitation and reducing recidivism, and Asian Organised Crime. Jason also completed a community internship in Hebron on the West Bank.

Close

Simone Fulcher

Simone Fulcher is the Campus Manager at Global Leadership Institute responsible for managing the day-to-day operations for the campus. Simone has previously worked in the education sector for over 5 years where she has enjoyed helping young minds realise their potential. Simone also has a history of volunteer work assisting various communities in improving their quality of life in places such as New South Wales, Guam, and Palau. Simone still enjoys volunteering, currently organising events for young adults in Southeast Queensland and helping them form connections their fields of interest.

Close

Professor Grant Pitman

Professor Grant Pitman is the president of the Global Leadership Institute. He has held senior leadership roles in government such as Chief Superintendent of Police and Director of Strategic Planning ICT in the Queensland Police Service;

  • Varied list of contributions to law enforcement, including disaster management, auditing and finance, organizational reform, education and human resources, and policy development
  • National, state, and regional levels of professional service, including the Ipswich Economic Forum, the Brisbane Airport Emergency Planning Committee, the National Emergency Communications Working Group, the National Police Drug and Alcohol Task Force, and the Police Education Advisory Council.

He has a Ph.D. and Master of Administration from Griffith University. He is a well-versed researcher and has published numerous articles and journals.

Close

Professor Kevin Tickle

Professor Kevin Tickle has extensive experience in Executive Management roles in the tertiary education sector, both public and private, over the last two decades and has been a consultant to Higher Education providers in Australia and overseas. His primary areas of interest are Leadership, Management, Information Technology, Mathematics and Statistics with expertise in the areas of probability modelling; decision support, and data analytics. He is currently a Fellow of the Australian Institute of Management, a member of the Institution of Engineers, Australia, the Australian Computer Society and an Emeritus Professor at CQUniversity.

Close

Mr Des Lacy OAM

Des serves as Secretary/Treasurer of the Asia Pacific Chapter of FBI National Academy Associates, after completing 40 years in the Queensland Police Service. During his distinguished career, Des was District Officer (A/Chief Superintendent) in Charge of the Gold Coast Police District, Police Commander for the Gold Coast Indy, Super V8s, Gold Coast Marathon, and Schoolies, as well as National Rugby League and Australian Foot League events in Brisbane and the Gold Coast. Des oversaw development and implementation of the Integrated Justice Information Systems, Integrated Traffic Policing Program, and Integrated Tasking and Analysis System. He served as Director of the Strategic Services Branch and Information and Communications Technology Command, as well as Chair of the District Disaster Management Group and Security Operations Coordinator for the 2018 Commonwealth Games. 

Des has been a member of Rotary International for 30 years, representing Rotary International in the United States and the Middle East. For his work in the Gold Coast Community Des was awarded Citizen of the Year at the 2013 Gold Coast Australia Day celebrations. Des also was one of the founding Directors for the Oxenford and Coomera Community Youth Centre that provides much needed social services to the Northern Gold Coast Community. For the past 15 years, he has also been the Chair of this not-for-profit establishment. It. For his work promoting International Law Enforcement Des was awarded the Order of Australia Medal in 2017.

Qualifications

Graduate Diploma of Management

Graduate Certificate Business Management 

Bachelor of Business

Close

Katherine Weissel

Katherine is a security and risk specialist with 25 years’ experience in an Australian Police Force, leading teams and responding to emergency events, complex investigations, and counterterrorism.  She has led and managed several major crime, counterterrorism and public safety operations and investigations, and coordinated teams within police operations centres and major incident rooms.  She has delivered training across multiple Australian jurisdictions in emergency response, counterterrorism, and investigations; and specialised in cyber operations in the counterterrorism environment for a number of years.  She has also been deployed to international jurisdictions supporting complex war crimes investigations and prosecutions.  Since moving into the private sector, Katherine has provided consulting and training services in the areas of security and risk, organisational governance & investigations, and cybersecurity.  Katherine is a sessional tutor in tertiary education in criminal justice studies specialising in counterterrorism, global law, crime and justice, and cybercrime.  She has presented to state and national security, cybersecurity and governmental conferences on contemporary physical & cyber threats and risk management.  Katherine has also been involved in research teams examining government responses to terrorism and extremism, and cybersecurity policy.

Close

Dr Shantanu Banerjee

Dr Shantanu Banerjee is senior lecturer at Leaders Institute. With extensive experience in management, leadership, and administration across a range of contexts in India and Australia, Dr Banerjee is also currently an Industry Fellow at the University of Queensland Business School. His research focuses on socio-cultural-political contexts, particularly in the field of agribusiness and international business. His research has highlighted variations in the theme of international competitiveness by emphasising non-economic and non-market variables and on how multinational enterprises subsidiaries can pursue legitimacy pursuing non-market strategies. 

Dr Banerjee has presented his research work at esteemed international conferences such as ANZIBA and EIA and has published in scholarly journals including International Business Review and Management International Review. He graduated from the Institute of Foreign Trade, New Delhi (India) and the University of Queensland Business School. He has been an academic staff member at the University of Queensland and Queensland University of Technology, lecturing in undergraduate and postgraduate programs. Dr Banerjee has over 15 years of extensive and varied experience as an International Business Manager dealing and negotiating with overseas clients based in the United States of America, China, Japan, Canada, Switzerland, and Germany. He is currently employed with a Federal agency of the Australian Treasury. 

Qualifications

Doctor of Philosophy, University of Queensland, 2012

Master of Research, Queensland University of Technology, 2005

Master of Business, Queensland University of Technology, 2003

Postgraduate Diploma in International Trade, Indian Institute of Foreign Trade, 1986

Bachelor of Mechanical Engineering

Indian Institute of Foreign Trade, 1985

 

Communities of Practice

  • Editorial Board, Academy of International Business
  • Editorial Board, European Academy of Management
  • Editorial Board, Leadership & Management Studies in Sub-Sahara Africa Conference
  • Editorial Board, International Journal of Entrepreneurship and Small Business
Close

Associate Professor Ben Arachi

BIOGRAPHY

Associate Professor Ben Arachi has four decades (1977-2023) of experience in higher education leadership and teaching. During his 15 years as Unit Coordinator at Central Queensland University, he received two Excellence in Teaching Awards and was nominated for the Vice-Chancellor’s Award for Outstanding Contributions to Learning and Teaching and the Australian Awards for University Teaching. His online learning study was published in Economics for Today (Cengage 2022).

Previously, Associate Professor Arachi  served as Vice Principal, Head of the Department of Extension and Research, and Editor-in-Chief of the academic journal at Arul Anandar College, India (1992-1997). He was then Research Coordinator and Course Coordinator (1999-2008), as well as Chair of the Division of Economics (2000-2005) at HELP University, Malaysia. This included senior involvement in the application to become a University College and then a full University.

Associate Professor Arachi also has over 20 years of experience as a higher degree research supervisor, moderator, and examiner for doctoral degrees. In his five years as a Coordinator of All India Christian Higher Education, he organised numerous state-level seminars and workshops for academics in higher education in India. He has published four monographs, many research papers and articles while editing the Research AAC Journal of Economics. He has reviewed many higher education textbooks.

QUALIFICATIONS

  • Doctor of Philosophy, Madursi Kamaraj University, India, 1989

  • Master of Arts, University of Madras, 1975 (Gold Medalist)

  • Bachelor of Arts, Madursi Kamaraj University, India, 1973 (University Rank and Merit Scholarship)

  • Diploma in Applied Economics, Madursi Kamaraj University, India, 1980

ACADEMIC LEADERSHIP

  • Member, Academic Board, 2023-current

  • Chair, Examiners Committe, 2023-current

  • Member, Course Advisory Committee, 2022-current

AWARDS

  • Central Queensland University Student Voice Commendation. The 2021 program includes unit evaluation data from term 3, 2020 and terms 1 and 2, 2021.

  • Central Queensland University  Student Voice Commendation. The 2020 program includes unit evaluation data from term 3, 2019 and terms 1 and 2, 2020.

  • Central Queensland University Central Queensland University Platinum certificate Top rated Unit in Term 2, 2019

  • Central Queensland University Gold certificate Highly rated Unit in Term 2,2019 (ACCT20070)

  • Gold certificate Highly rated Unit in Term 2,2019 from CQU(ECON11026)

  • Charles Sturt University Excellence in Teaching Award (ECO511)

Close

Dr Bandula Nambukara-Gamage

Dr Bandula Nambukara-Gamage is a Senior Lecturer of Accounting and Finance at James Cook University, Brisbane campus. He currently teaches Bachelor of Commerce, Bachelor of Accounting, Master of Professional Accounting, and Master of Business Administration students based on the Brisbane campus. Dr Nambukara-Gamage has previously lectured at Central Queensland University, Federation University, and Charles Darwin University.

QUALIFICATIONS

Doctor of Philosophy, University of New England, 2013

Master of Commerce

Licentiate Certificate (recognised by the Institute of Chartered Accountants of Australia)

Bachelor of Business Administration (Honours)

Close

Professor Rod St Hill

Professor Rodney St Hill is the former President of Leaders Institute (2018-2020) and serves as Senior Pastor (2016-current) at IgniteLife Church Gold Coast, where he heads IgniteLife Business, an outreach to Christians in business. He is a leader in the global Business As Mission movement. He also consults on governance and executive management in higher education and business, with a particular special interest in Christian education institutions and businesses.

Previously, Professor St Hill was a long-term senior leader and Vice President Academic of Christian Heritage College, Brisbane. With the input of his colleagues and many others in his network, he developed business curriculum that embeds the ‘5 P missional business’ model – a model of production, people, planet, and profit. He was also Dean of Students, among other roles, at University of Southern Queensland (1993-2009).

QUALIFICATIONS

Doctor of Philosophy, University of Cantebury, 1989

Bachelor of Commerce (Hons 1), University of Newcastle, 1979

EXTERNAL EXPERT REVIEWER

External Member, various course assessment panels in business, management and leadership at Alphacrucis College, Australian College of Divinity, and Avondale University College, 2014 to 2020

Member: Australian Institute of Company Directors

COMMUNITIES OF PRACTICE

Member: Economic Society of Australia

External Expert, Tertiary Education Quality and Standards Agency (TEQSA), 2019-current

Close

Risk Management Policy

PURPOSE

This policy provides information and guidance on Global Leadership Institute (GLI)’s approach to risk management. This policy covers the two major types of risk, namely operational risks and financial risks. GLI recognises the need for risk management to feature as a consideration in strategic and operational planning, day to day management and decision making at all levels of the Institute.

DEFINITIONS

Risk: effect (positive or negative) of uncertainty on objectives. Risk is considered with reference to possible consequences and likelihood of occurrence.

Risk Management: tool used to support the achievement of strategic and operational goals of the company. The risk management framework provides a standardised approach to assessing risk at any level of the organisation. Risk management:

  • creates and protects value by contributing to the achievement of objectives and improved performance;
  • is an integral part of organisational processes, from strategic planning to project management and day to day activities;
  • forms part of the decision-making process, allowing informed choices between alternative courses of action with different risk profiles;
  • explicitly addresses “uncertainty”;
  • is systematic, structured, timely;
  • is based on the best available information, and acknowledges limitations of data;
  • recognises the impact of human, cultural and environmental factors on objectives;
  • includes perspectives of all stakeholders, not just management;
  • is dynamic and responsive to change and continues to take account of new or emerging risks; and
  • is continually improving as the organisation grows.

Action Owner: person responsible for implementing the future treatments.

Causes: origin of the risk and/or the mechanisms that fail.

Consequence Rating is the extent to which the risk will affect the Institute/Unit if it occurs.

Existing Treatments: existing treatments that may include procedural or administrative policies or physical barriers.

Future Treatments: specific treatments that will further prevent and/or mitigate the risk event.

Impacts: consequences or outcome that the Institute can expect if the risk eventuates.

Likelihood Rating: chance that the risk will occur.

Resolution/ Review Date: date the treatments will be resolved or reviewed.

Risk Event: brief description of an event that impacts on the achievement of the Institute’s objectives.

Risk Owner: person with responsibility for ensuring that the risk is effectively managed.

Risk Rating: product of the consequence and likelihood that defines the magnitude of the risk.

Risk Register: summarises all the assessed risks within the Institute.

All Accounting definitions: within this document are in accordance with Australian Accounting Standards.

Fraud: Dishonest activity causing actual or potential loss to any person or entity including theft of money or the property of other employees or people external to the Institute and where deception is used immediately before or immediately following the activity. The deliberate falsification, destruction, concealment or use of falsified documentation intended for use for a normal purpose or the improper use of information or a position for personal benefits.

A critical incident: situation or traumatic event which causes or presents a significant risk to students and staff of the Institute outside the normal range of experience of the people affected. Critical incidents encompasses situations such as bodily harm, property damage, legal involvement, media activity, pandemics, natural disasters, war or acts of terrorism or other unusual activity that falls outside the scope of activity undertaken by Governing Board.

Business Continuity Management (BCM): whole of organisation process for managing the Institute’s operations to ensure that critical functions can, in the event of a material disruption arising from internal or external events, be maintained or restored in a timely fashion with minimal impact to staff, students and the general community.

Business Continuity Plans (BCP): collate the instructions / actions that underpin the business continuity management strategy for the Institute’s critical functions.  They are used to manage incidents.  The BCP details continuity / interim actions to be immediately implemented to achieve the highest level of operational performance with the resources available and taking into account the specifics of the interruption situation.

Business Impact Analysis: series of analyses to determine function criticality and to gather information about critical functions, their dependencies and resource requirements.

PRINCIPLES

GLI principles for risk management include:

  • acknowledging that as a part of the Institute’s good governance and corporate management processes, risk must first and foremost be managed at the corporate level;
  • managing and minimising risk by identifying, analysing, evaluating and treating exposure that may impact on the Institute achieving its objectives;
  • training and knowledge development in the area of risk management;
  • monitoring and reviewing the performance and the progress being made in developing an appropriate culture and implementation of risk management strategies;
  • ensuring that risk management is an integral part of the decision-making process at all levels of the Institute;
  • fostering an environment where staff assume responsibility for identification, implementation of control strategies and management of risk;
  • implementing risk management across all aspects of the Institute in accordance with best practice;
  • ensuring that appropriate monitoring, review and reporting processes are in place for risk management;
  • affirming that risk management is the responsibility of all staff, including identifying, assessing and monitoring by staff on an ongoing basis;
  • incorporating risk management into the strategic and operational planning and quality processes at all levels within the Institute.

The GLI Risk Management Plan details the process for the identification, analysis, treatment, monitoring and reporting of risks. This includes strategic, operational and project-based risk and the development of the Institute’s Risk Register.

Risks will be identified, analysed, treated, monitored and reported on an ongoing basis at nominated levels within the Institute in accordance with organisational responsibilities.

GLI’s risk management principles require its Risk Management Framework to:

  • align with GLI’s vision and mission;
  • have clear accountability, ownership and governance;
  • be embedded within its operations, processes and systems;
  • be systematic, transparent and consistently applied;
  • include effective consultation and communication across the Institute;
  • consider the context in terms of both the internal and external environments;
  • be integral to evidence-based decision-making at all levels of the Institute; and
  • facilitate continual improvement

ROLES AND RESPONSIBILITY

  • Governing Board is responsible to ensure that the Risk Management Policy is formulated, implemented and regularly updated.
  • Department managers must report directly to the President on hazards within their areas of responsibility so that plans can be made to alleviate potential risks.
  • The President is responsible for making a full disclosure to Governing Board of risks, as they arise.
  • The risk management policy is the responsibility of Governing Board.
  • The Institute’s Risk Management Committee is responsible for reviewing the risk management practices of the Institute and assessing the effectiveness of the risk management framework.
  • The Executive Management Team will coordinate, facilitate and periodically review the Institute’s Risk Management Plan;
  • Managers will ensure that staff within their areas understand their responsibilities and assist in fostering a risk-aware culture. Training and assistance will be provided as required, to relevant staff to assist with risk management.
  • Staff are responsible for adhering to the Institute’s Risk Management Policy, Risk Management Plan and other related documentation.
  • All staff and students have a role in the management of risk within their area of influence.

RISK MANAGEMENT FRAMEWORK

GLI basis its Risk Management Framework on Standards Australian and Standards New Zealand: 

  CONSEQUENCES
LIKELIHOOD Insignificant Minor Moderate Major Severe
Almost Certain Moderate Moderate High Very High Very High
Likely Moderate Moderate High High Very High
Possible Low Moderate Moderate High Very High
Unlikely Low Low Moderate Moderate High
Rare Low Low Low Moderate High

 

KEY:

Very High Potentially devastating consequences – Immediate action required
High Potentially damaging – Action required
Moderate Implement monitoring or response procedures
Low Treat with routine procedures

RISK MANAGEMENT PLAN

The Risk Management Plan assesses the operational risk that may occur due to the breakdown of internal controls and corporate governance. Other risks include major failure of information technology systems or events such as fires and other natural disasters, as well as financial risk that may occur due to factors such as decreased enrolments that could reduce the revenues needed to carry on daily operations.

The Risk Management Plan includes:

  • Comprehensive policies approved by Governing Board;
  • Processes in place to implement necessary policies;
  • Code of Conduct for staff and students;
  • Responsibilities and levels of authority required in relation to various types of activities and exposures are clearly defined;
  • Proper and adequate delegation of duties;
  • Adequate procedures for recording, monitoring and reporting the complaints received from the students and ensuring that this is done in a systematic manner;
  • Adequate screening processes are in place for recruiting staff with the necessary experience and professional capabilities;
  • Staff training programs are organised to provide adequate training;
  • Adequate policies and controls are in place to ensure that all transactions are documented and properly executed, confirmed and maintained;
  • Adequate controls are in place over the accounting and record keeping processes.

Risk Management Model

The Institute’s Risk Management Model integrates the Risk Management Principles and Risk Management Process. The Risk Management will be implemented through the following key processes:

  • establish context;
  • identify;
  • analyse;
  • evaluate;
  • treat;
  • communicate and consult
  • monitor and review.

Establish Context

Establish the external, internal and risk management context in which the risk process will take place.

Identify

Identify where, when, why and how events could prevent, delay or degrade the achievement of the Institute’s strategic goals and objectives. Staff will need to outline the:

  • Risk Event – brief description of the risk; and
  • Risk Owner – person responsible for the risk and ensures that the risk is effectively managed

The Risk Owner will usually be a member of the Executive Management.  When identifying risks, staff are encouraged to focus on the high-level risks that impact upon the relevant organisational unit (Unit) and/or the Institute.

Analyse

Identify and evaluate the causes, impacts and existing treatments, and assess the consequence and likelihood of the risk and determine the risk rating controls. This analysis should consider the range of potential consequences and how these could occur. Staff will need to outline the:

  • Causes – origin of the risk and/or mechanisms that might fail
  • Impacts – consequences or outcomes that the Unit and/or Institute can expect if the risk eventuates
  • Existing Treatments – existing treatments that are in place, which may include procedural or administrative policies or physical barriers
  • Likelihood Rating – chance that the risk event will occur
  • Consequence Rating – extent to which the risk will affect the Unit and/or the Institute if it occurs; and
  • Risk Rating – product of the consequence rating and likelihood rating, which defines the magnitude of the risk

The Institute’s Risk Rating Plan is used to determine the risk rating for identified risks with existing treatments. Staff will need to consider the likelihood of the risk occurring (ranging from ‘Rare’ to ‘Almost Certain’) and the consequence if the risk is realised (ranging from ‘Insignificant’ to ‘Severe’).

Evaluate

Compare estimated levels of risk against the pre-established criteria and consider the balance between potential benefits and potential adverse outcomes. This enables decisions to be made about the treatment required and about priorities.

Treat

Implement both existing and future treatments in order to prevent and/or mitigate the risk. Staff will need to outline the:

  • Future Treatments – specific treatments that will further prevent and/or mitigate the risk event
  • Action Owner – person responsible for implementing the future treatments; and
  • Resolution/ Review Date – the date the treatments will be resolved or reviewed

Staff should outline all the future treatments that will be implemented, either in the short- term or long-term, to prevent and/or mitigate the risk event. The risk treatments should be appropriate for and indicative of the risk rating.

The Action Owner, in consultation with the Risk Owner, is responsible for ensuring that the risk treatments are implemented in accordance with the resolution/review date. Following the continuation of existing treatments and implementation of future treatments, the risk should be reduced or minimised.

Once a future treatment has been implemented, it will become part of usual business practice and be considered an existing treatment.

Communicate and Consult

Provide regular reports and updates to assure Governing Board, Risk Management Committee and key stakeholders that risks are being appropriately managed and treated.

The frequency and method of reporting may vary and would reflect the significance of the risk and whether the risk is managed at a Unit level or is listed on the Institute Risk Register. Reporting on risks identified in the Risk Register will occur each quarter to Risk Management Committee and Governing Board.

The President and Executive Management Team will be responsible for determining whether any of the risks identified by Units pose a significant risk to the Institute and should be included on the Institute Risk Register. A communication plan for both internal and external stakeholders will be developed to address issues relating to both the risks and the process to manage them.

Monitor and Review

The strategies used to manage risk must be regularly monitored and evaluated. Ongoing reviews are essential to ensure the effectiveness and appropriateness of the Institute’s Risk Management.

The Risk Owner, in consultation with relevant staff, will need to review the:

  • Risk event, causes and impacts
  • Risk rating to ensure it is appropriate; and
  • Existing and future treatments (including the resolution/review dates) to determine whether further treatments are required

The strategies used to manage risk must be regularly monitored and evaluated. Ongoing reviews are essential to ensure that the management plan remains relevant.  A review of the risk management plan will:

  • Monitor existing risks
  • Identify new risks
  • Identify any potential hazards
  • Evaluate the effectiveness of current risk treatment or its management strategies.

The risk management plans can be reviewed by the following methods:

  • Observations
  • Physical inspections
  • Incident reports
  • Questionnaires
  • Interviews with stakeholders
  • Regular review of risk treatment procedures, and
  • Repeat of the risk management process.

Risk management processes should be recorded appropriately. Assumptions, methods, data sources, analyses, results and reasons for decisions should all be recorded

Business Continuity Planning

Business continuity planning is necessary to consider the legal responsibility of the Institute, the possibility of financial loss and the impact of an event which may interrupt the operations of the Institute and the provision of higher education.

Management has a legal responsibility to protect its corporate resources and information. Any interruption to the normal operations of the Institute can be damaging to the Institute’s reputation and future relationships with students and other stakeholders, including regulators.

A Critical Incident is a situation or traumatic event which causes or presents a significant risk to students and staff of the Institute such as bodily harm, property damage, legal involvement, media activity, pandemics, natural disasters, war or acts of terrorism or other unusual activity that falls outside the scope of activity undertaken by Governing Board. The Institute’s Critical Incident Management Policy (CIMP) covers the management of critical incidents.

The Business Continuity Plan (BCP) complements the Institute’s procedures guiding safe practices for staff, regular maintenance of buildings and facilities and evacuation procedures in case of emergency. It includes Information Technology (IT) continuity planning; financial contingencies; academic continuity planning and succession planning. The BCP will identify and assess risks which could give rise to disruptions to critical services.

Financial contingencies

The owners have pledged adequate financial resources in the start-up phase of the Institute’s operations. The Strategic Plan requires the Institute to maintain substantial cash and investments of at least 10% of annual operating revenue to ensure long term financial sustainability and ready availability of funds to meet contingencies. The Institute recognises there may be calls upon these contingency funds to ensure business continuity. These contingency arrangements are separate from Course Assurance and Tuition Assurance arrangements the Institute have in place.

Governing Board monitors all financial matters of the Institute and receives advice on financial risk from the Finance and Budget Committee. The Institute mitigates financial risk through:

  • careful monitoring of financial activities through regular reporting processes to Governing Board
  • financial delegations through the Institute’s Delegations Register; and
  • through relevant financial, risk and fraud policies and procedures.

IT continuity planning

The Institute’s IT continuity plans are part an aspect of the Business Continuity Plan. This plan includes the backup procedures for all the Institute information systems including data, student management system, accounting management system and email system, access to backup servers and the ability to mitigate server failure through multiple servers. A detailed service level agreement, including disaster recovery and backup arrangements, will be executed with the outsourced IT provider prior to the implementation of the organisational IT systems.

Academic continuity planning

The Institute’s academic continuity planning is about providing a quality student experience for all students enrolled with the Institute.

The following are possible events that could affect the academic continuity of students:

  1. Disruptions to teaching continuity
  2. A course of study is discontinued by the Institute
  3. A course of study is not offered due to revocation or non-renewal of accreditation by the regulator
  4. The Institute ceases to operate as a higher education provider due to revocation of registration or non-renewal of registration by the regulator

  1. Disruptions to teaching continuity

Disruptions to teaching can be due to a planned event e.g. study or conference leave, annual leave or planned sick leave of the academic staff; or an unplanned event – e.g. death, sudden illness, injury or bereavement, unexpected resignation or dismissal, or a critical incident. The disruption can be either short- or long-term.

The Institute does not consider planned instances where teaching continuity is affected as posing a risk to students’ learning needs as these are addressed in the relevant policies, procedures and administrative arrangements.

If the disruption due to an unplanned event is short term in nature, then arrangements could include:

  • alternative learning support
  • rescheduling of classes (mutually agreed time for the relevant staff and students), or
  • the academic staff member ensures that the learning outcomes of the unit are met through a variety of possible means, according to the professional judgment of the academic staff member concerned

If the disruption due to an unplanned event is long term (more than a week) in nature due to academic staff unavailability or a critical incident which renders facilities unavailable, then arrangements could include:

  • existing staff able to cover part or full period of disruption
  • engaging suitably qualified and experienced staff to provide teaching continuity
  • use of alternate sites in the event of critical incident

  1. A course of study is discontinued by the Institute

In the event of a course of study being discontinued by the Institute, the Discontinuation and Teach-out Policy and Procedures will be followed.

  1. A course of study not offered due to revocation or non-renewal of accreditation by the regulator; or
  2. The Institute ceases to operate as a higher education provider due to revocation of registration or non-renewal of registration by the regulator

Should the Institute cease to operate or cease to offer a course of study in which domestic students are enrolled, the Institute has contingency plans in place.

The Institute’s overseas students and domestic students covered by FEE-HELP will be protected by the Tuition Protection Service (TPS) which is established under the Education Services for Overseas Students Act 2001 (Cth). The TPS ensures that overseas students are able to complete their studies in another course or with another higher education provider or to receive a refund of their unspent tuition fees.

Succession planning

The Institute is cognisant of the risk of loss of key staff and the need for it to be mitigated through succession planning. The HR Manager will work with Risk Management Committee and Academic Board to develop a succession plan for Governing Board’s consideration and approval.

Risk Management Plan Review

The Risk Management Plan will be reviewed every three years.

Scope

Whole Institute

Key Stakeholder

All staff and students

Close

Amazing Opportunities

for everyone

Apply Now