(1) This Procedure outlines the approach for managing health and safety risks at The University of Queensland (UQ) and applies to all areas of UQ including controlled entities. (2) This Procedure supports UQ’s Health, Safety and Wellness Policy commitment to ensure health and safety risk management processes are in place, are proportionate, evidence informed, and align with the risk appetite statement (RAS) approved by the Senate. (3) UQ’s Health and Safety Risk Management requirements are at both the enterprise and operational level. Where more specific guidance is required for assessment of operational hazards, tasks or activities, refer to the Health and Safety Risk Assessment Procedure. (4) The objectives of this Procedure are to: (5) This Procedure aligns with the legislative requirements for work health and safety risk management, primarily the Work Health and Safety Act 2011 (the Act) and the Work Health and Safety Regulation 2011 (the Regulation) and How to Manage Work Health and Safety Risks - Code of Practice 2021. The Act requires that risks are eliminated, and if not reasonably practicable to do so, must be minimised as far as reasonably practicable. (6) In addition to the general workplace health and safety laws noted above, additional regulatory obligations may apply to activities conducted at UQ, which are covered in specific procedures (e.g., electrical safety, gene technology, biosecurity, radiation, and marine safety and health). (7) The Health and Safety Risk Management process involves the systematic application of UQ’s policies and procedures, including the practices of consulting, planning, identifying, assessing, evaluating, controlling, monitoring and reviewing health and safety risk. (8) This process is applied at both an enterprise and operational level. The enterprise level refers to the whole of the organisation, whereas the operational level refers to the day-to-day activities performed by Organisational Units. (9) UQ manages health and safety risk as an ongoing, continuously improving process. Qualitative techniques are used for the risk analysis to determine the level of risk and prioritise risk treatment according to risk evaluation criteria. (10) UQ’s Enterprise Risk Management Framework (ERMF) provides UQ’s overall framework, direction and oversight for the systematic, disciplined and consistent identification and assessment of risks (including opportunities) and for their effective and efficient management. (11) At the enterprise level, health and safety risk management is guided by the Senate approved health and safety Risk Appetite Statement (RAS). The RAS states that UQ’s overall attitude towards risk is that of a prudent risk taker. The tolerance and treatment of health and safety risks, as outlined in the RAS, is low or nil appetite. This means that in some cases, despite having a low or nil appetite for some risks, UQ may have to tolerate those risks at higher levels because: (12) Refer to the ERMF for more details. (13) UQ has a focus on the mitigation of risks and considers managing health and safety risk as an ongoing, continuously improving process. Qualitative techniques are used for risk analysis to determine the level of risk and prioritise risk treatment according to risk evaluation criteria. (14) The health and safety enterprise risk management procedure follows the process represented in the linked diagram: (15) The Health, Safety and Wellness Division (HSW Division) coordinates the development and review of the UQ enterprise-level Health and Safety Risk Register and undertakes a regular assessment of the top UQ health, safety and wellness risks. The UQ Risk Register and list of top health and safety risks is conducted through the review, assessment and understanding of the Faculty, Institute and Central Support Services (CSS) Divisions’ health and safety risks, as well as by reviewing incident data, national and/or state government priorities, information from across the higher education industry sector and findings from internal and external audits. The priority of risks will be determined by: (16) The final UQ top health and safety risks are determined in consultation with the Faculties, Institutes and CSS Divisions. (17) The HSW Division consolidates the Organisational Unit’s identified top risks to help inform the UQ Health and Safety Risk Register. The top UQ health and safety risks are determined: (18) In addition to the top risks, a ‘watch list’ is developed by the HSW Division which will be monitored for movement in risk levels. Items for the watch list are identified by risks with: (19) The Organisational Unit Health and Safety Risk Register is developed as a consolidation of information from local risk assessments in UQSafe and the Enterprise Health and Safety Risk Register. This risk register, when considering other components such as incident data and the MRL, can be used to inform the completion of the Organisational Unit’s top risks. The recorded MRLs of these risks can assist with the prioritisation of resources and should be discussed at the relevant HSW Committee and brought to the attention of the senior management of the Organisational Unit. Top risks should be incorporated into the Organisational Unit’s annual HSW Safety Management Plan for actioning to reduce the MRL of these risks. (20) Organisational Units are responsible for: (21) Local health and safety risk management is the day-to-day activity of identifying hazards/risks related to work activities, analysing the risks in terms of consequences and their likelihood, and evaluating the risks to prioritise action. This process is commonly referred to as “Risk Assessment”. (22) Organisational Units are responsible for the identification and appropriate management of their unit’s specific hazards and risks, including: (23) Health and safety risks must be assessed through the risk assessment process to ensure all existing and foreseeable risks are identified and mitigated to the lowest practical level. The risk assessments are to be recorded in UQSafe. (24) Health and safety risk identification is an ongoing activity and involves identifying and describing the health and safety risk factors associated with tasks and the environment in which these tasks are performed. Risk identification occurs at both the enterprise level and the operational level which together ensure a holistic approach to UQ’s health and safety risk management. (25) Risk assessments, and other identifying activities, at each level will include and consider: (26) Health and safety control measures are applied to all identified risk exposures. Control measures involve identifying and implementing ‘controls’ to eliminate or reduce the risk as low as reasonably practicable. Controls are either categorised as ‘existing controls’ which are already in place and inform the MRL or ‘proposed or additional controls’ which will be implemented to achieve the target risk level (TRL). The Hierarchy of Controls must be used for all actions to ensure more effective higher order controls are used in preference to less effective lower order controls (e.g., administration controls such as a sign, or personal protective equipment requirement). Multiple controls can be used collectively to provide multi-layered risk control. Risk mitigation strategies should be proportionate to the risk being controlled, must be robust, and be determined in consultation with those exposed to the risk. (27) Communication and consultation efforts apply to both enterprise and operational health and safety risk management. The communication process will be open and transparent and engage all relevant stakeholders (e.g., those working with the hazards and those that are accountable and/or responsible for implementation and managing the controls). The communication and consultation process will be both at the local level and the organisation level. (28) At the organisational level, consultation involves the HSW Division being aware of the legal, regulatory and compliance environment as well as the sector risks, both current and future, and discussing these with UQ stakeholders. At the local operational level, the HSW Division can facilitate consultation with relevant stakeholders to discuss the operational and enterprise risk registers process. (29) The role of the SRAC is to exercise oversight of UQ’s governance, risk and compliance frameworks, including health and safety. The SRAC's responsibilities in relation to health and safety risk include: (30) The role of VCRCC is to exercise management oversight and provide assurance to the Vice-Chancellor and President and to the SRAC that UQ’s governance, risk management and compliance controls and culture are adequate and effective. This includes oversight of UQ’s Health, Safety and Wellness framework, including the management of health and safety risks and assurance programs. (31) Members of UQ Senior Management if participating in decision making that affect the whole of, or a substantial part of UQ, may be an officer under the Act. As officers, there is a requirement under the Act to apply adequate due diligence, which includes being responsible for: (32) Enterprise Risk is responsible for ensuring the ERMF is implemented across UQ and effective oversight is maintained. ER is also responsible for providing UQ’s Top Risks based on MRL and their management and reporting of these to VCRCC and SRAC. (33) UQ’s top health and safety risks are considered when ER compiles UQ’s Top Risks. In addition, ER includes the HSW Division in any development or changes to the ERMF during the consultation process to ensure continuous alignment of the ERMF with health and safety risk management processes. (34) The HSW Division is responsible for: (35) HSW Managers and WHSCs have specific health and safety risk management responsibilities including: (36) Heads of Organisational Units will monitor and review their operational activities, risks and controls to ensure effective and efficient health and safety risk management and compliance. Local risk registers (e.g., Faculty and Institute risk registers) will be reviewed at least annually at the local health and safety committee meeting. HSW Managers and committees will review risks on a regular basis to inform potential changes to risk registers ensuring that risks are continually managed effectively and efficiently. (37) Each year, a Level one audit program (refer to Health, Safety and Wellness Audit Procedure) is undertaken by local health and safety team members as part of the local assurance program to audit the effectiveness of a sample of operational controls and risk management practices. (38) HSW Division will provide objective assurance over UQ’s internal controls and health and safety risk management practices via implementation of the annual HSW audit plan and regular performance reporting. Consultation will occur with USET and VCRCC to ensure that health and safety risks are adequately reviewed and monitored on a timely basis within their areas of responsibility. (39) The following reports on health and safety risks and controls will be produced: (40) Local risk assessments are completed in UQSafe. (41) The following templates are available from the HSW Division:Health and Safety Risk Management Procedure
Section 1 - Purpose and Scope
Context
Section 2 - Process and Key Controls
Section 3 - Key Requirements
Enterprise Risk Management Framework (ERMF) Alignment
Enterprise Health and Safety Risk Management
Enterprise Health and Safety Risk Registers
Enterprise Health and Safety Top Risks and Watch List
Organisational Unit Health and Safety Risk Registers
Local Health and Safety Risk Management
Health and Safety Risk Identification
Health and Safety Control Measures
Communication and Consultation
Section 4 - Roles, Responsibilities and Accountabilities
Senate Risk and Audit Committee (SRAC)
Vice-Chancellor's Risk and Compliance Committee (VCRCC)
UQ Officers
Enterprise Risk (ER)
Health, Safety and Wellness Division (HSW Division)
Health, Safety and Wellness Managers (HSW Managers) and Work Health and Safety Coordinators (WHSCs)
Top of PageSection 5 - Monitoring and Review
Operational Monitoring and Review
HSW Division Monitoring and Review
Section 6 - Recording and Reporting
Report Title
Report Content
Report Author
Report Recipient
Frequency
HSW Monthly
Overview of key HSW risks, emerging risks, high or extreme level identified risk assessments, compliance risks, workers’ compensation risks.
HSW Division
USET,
VCRCC,
SRACPrepared for each meeting
Forwarded monthly to USET members
Forwarded to each meeting of SRAC
Health and Safety Risk Register
Updated UQ HSW risk register, Top Health and Safety Risks (and Watch list) showing IRL, MRL and TRL.
HSW Division with input from Faculties/Institutes and CSS
USET, VCRCC and SRAC
Annually
HSW Annual Report
Overview of previous year’s performance - key HSW risks, emerging risks, high or extreme level identified risk assessments, compliance risks, workers compensation risks.
HSW Division
USET, VCRCC and SRAC
Annually
Presented at the first relevant VCRCC meeting each year
HSW Internal Audit Program
Proposed audit program for the following year based on risk levels, emerging risks and compliance issues.
HSW Division with input from Faculties/Institutes and CSS
USET and VCRCC
Last meeting of the calendar year.
Tools
Top of PageSection 7 - Appendix
Definitions
Term
Definition
Intangible Risk
A threat or opportunity that is by nature not quantifiable or cannot be quantified using typical risk management tools and analysis.
ISO 45001 Occupational Health and Safety
An International Standard that specifies requirements for implementing and maintaining an occupational health and safety management system to improve occupational health and safety, eliminate hazards and minimise HSW risks (including system deficiencies), take advantage of HSW opportunities, and address HSW management system nonconformities associated with its activities.
Risk Appetite Statement (RAS)
The amount of risk that an organisation is willing to take to meet its strategic objectives (this includes reference to both the organisation’s risk appetite as well as its risk tolerance).
Risk Levels
Inherent risk level (IRL) – the level of risk assuming there are no controls specifically designed and implemented to manage that particular risk.
Managed risk level (MRL) – the level of risk taking into consideration the total effectiveness of all the existing controls or risk treatments that act upon that risk.
Target risk level (TRL) – the desired (or accepted) level of risk considering the University’s risk appetite and tolerance levels to be achieved via implementation of proposed controls.
Risk Profile
The threats to which an Organisational Unit is exposed.
Risk Register
A document that contains the information about identified risks, results of the risk analysis and the risk response plans.
UQSafe
UQ’s risk management system that allows for risk assessments to be completed and approved online.
View current
This is the current version of the approved document. You can provide feedback on this document to the Enquiries Contact - refer to the Status and Details tab from the menu bar above.
See linked diagram: Health and Safety Risk Management Flow Diagram