• Establish a structured ITS Risk Framework aligned with the ITS Risk Management Policy and SOP (standard operating procedure).
• Enhance resilience by proactively identifying and mitigating operational risks.
• Prioritise risk factors directly tied to strategic goals such as service excellence, compliance, and innovation.
• Collaborate with the planning team and divisional roadmaps to ensure forward-thinking and coordination in risk management plans, mitigations, and budget forecasting.

The ITS Risk Framework was developed based on operational capabilities, services, and obligations to the broader university, using a category and sub-category method to address these areas. Multiple workshops and discovery sessions were conducted with subject matter experts, key stakeholders, and those responsible for managing risks in their respective areas. An external partner was engaged to assist with coordination and support, particularly during the assessment and rationalization of data. This partner also contributed to developing a minimal viable product (MVP) risk register, allowing for an agile approach to both the design and implementation phases of the framework, as well as enabling ongoing improvements.

The team subsequently created the initial structure for risk factors, risk appetite, and impact statements, organized around key thresholds and service levels in ITS—such as obsolescence, operational disruptions, and regulatory non-compliance.

• Through thematic analysis, a comprehensive and aggregated perspective on risks was achieved, which included refined definitions, tolerance levels, and strategic impacts. These elements were incorporated into reporting tools, including dashboards in PowerBI, providing real-time insights for active risk management. This approach has supported the transition toward a semi-automated process for identifying, assessing, and managing operational risks within ITS.
• Challenges involved addressing the extensive range of areas and the complexities related to both the infrastructure and the development and delivery of services. Interpreting large amounts of information and technology data, and forming a quantified understanding of their effects on services and the University, required significant effort. Additionally, optimizing available tools and resources was necessary to minimize administrative work and enhance the efficiency of framework development.

These were resolved by:

• Involving senior management across functions.
• Updating classification models and identification processes.
• Assigning specific Risk & Governance roles.
• Providing a clear operational framework.
• Applying Agile and Continuous Improvement methods to build capabilities.
• Using a multi-dimensional model for risk categorization, integrating structured categories, risk factors, and impact distribution.

• University goals embedded in the ITS Framework enables divisions to plan for risks against specific goals such as service excellence.
• Key risk-related deliverables are included in divisional delivery plans, making accountability and action clear.
• Financial forecasting is informed by the divisional roadmaps & plans
• Strengthening financial planning and allowing for more accurate budgeting and informed investment related to preventative measures.
• Cross-functional collaboration and governance structures support a shared risk culture.

Key learnings:

• Risk must be co-owned by IT and the wider University to be effective.
• Clear (pragmatic) governance and communication is essential for cultural change.
• Embedding risk into strategic goals fosters accountability and innovation.

The framework was developed with inclusivity in mind, ensuring that risk practices supported diverse teams and collaboration. Developing communities of practice and risk working groups has ensured we get a diverse and inclusive engagement with our colleagues and wider stakeholders.

"The ITS Risk Framework isn’t just about managing threats to our University—it’s about enabling excellence. By aligning risk with our strategic goals, we’ve built a foundation for secure, resilient, and innovative services to support and enable the ITS teams to manage risks." - Jenna Covell, Associate Director Governance, Risk, Compliance & Administration.

The ITS Risk Management Framework helps to bring service excellence to the university. It can help reduce incidents, improve compliance activities, and foster a culture of shared accountability. 

Future plans include expanding on communities of practice aimed at supporting and enabling other directorates with risk management. These communities will facilitate the sharing of knowledge and experience, fostering a culture of shared risk responsibilities and enhancing collaborative efforts across the university.

For further information, please contact:

• Jenna Covell, Associate Director Governance, Risk, Compliance & Administration.