The effective management of risk across Curtin relies on a sound risk aware culture, which is demonstrated by the following expected behaviours:
- Tone from the top
- Continuous disclosure
- Prudent decision making
- Single line accountability
Further detail is available in the Risk Management Policy and Risk Management Procedures.
Accordion
Curtin’s Risk Management Framework is aligned to its vision and strategic objectives.
Analysis of Curtin’s vision, mission, values, internal/external environments, stakeholders, planning/reporting/management processes, roles/responsibilities and governance structures all help shape the Risk Management Framework.
The Framework consists of the:
Strategic risks are risks that can significantly adversely impact the achievement of strategic objectives. They include material business operating risks where the significant nature of these risks means that stakeholders and regulators would expect Executive Management and Council to be actively monitoring them.
At present Curtin has 12 strategic risks, these are monitored on an ongoing basis. High risks are reviewed quarterly and a full update occurs at least twice a year. Each strategic risk is owned by an Executive Manager who monitors and reviews the strategic risk, with ongoing disclosure regarding any matters that increase the risk profile where it approaches or exceeds Curtin’s risk appetite. Strategic risk considerations are used to inform strategy, audit, governance and operational risk.
The Strategic Risk Presentation provides an overview of strategic risk management, how it aligns with strategic planning and the methodology and process used at Curtin. It also includes Curtin’s current strategic risks and heat map.
Operational Risk Management (ORM) refers to the management of risks associated with the day to day operations of a business area. It focuses on core functions, its outcomes and dependencies.
Operational Risk Management Pack
This document consists of the following three parts. Once you have saved and re-opened the pdf file, please click on the “Bookmark” icon in Adobe Acrobat, to navigate through the document:
Operational Risk Management Pack
Part A – Overview of Risk Management
This section provides an overview of operational risk management, including the methodology and process used at Curtin.
Part B – Risk Reference Tables
These tables are used during the risk assessment in relation to rating the controls and risks (including risk appetite/tolerance), as well as provides guidance on risk decisions, reporting, monitoring and reviewing.
Part C – Sample Operational Risk Register
This sample document shows what a completed risk register could look like. The sample includes the mandatory risks (first core function) applicable to all business areas, as well two examples of specific core function (key service) related risks.
Business Area – Risk Context Table
This MS Word document is used in capturing a business area’s core functions (key services), outcomes / dependencies and risk owners. It is the starting point of the operational risk assessment:
Business Area – Risk Context Table
Operational Risk Register
This MS Excel document contains risk information based on your operations and management practices. It covers all three phases of the operational risk process:
Upon saving, renaming and opening the file, if prompted, please click on “Enable Editing”, “Enable Content” and “Yes” (for ‘Do you want to make this file a Trusted Document?’).
Risk Register Guide (Completing & Reviewing)
This guide will help take you through the risk process and risk register:
Risk Register Guide (Completing & Reviewing)
Please follow any instructions in the risk register.
Project Risk Management refers to the management of risks associated with a program and/or project.
The Project Portfolio Management Unit (PPMU), as part of the Office of Strategy & Planning, offers guidance, tools and templates on strategic project management and governance.
PPMU Link: https://planning.curtin.edu.au/project/
Project Risk Framework and Template
The Project Risk Framework and Template gives a holistic view of how project risk management (for Strategic or Medium/Large Operational projects) is implemented at Curtin. It also describes the structured steps involved in the risk management process, as per the International Standards for Risk Management (ISO 31000:2018).
Project Risk Register
The Small Projects / Initiatives Risk Assessment Template gives a holistic view of how project risk management (for Small projects or Initiatives) is implemented at Curtin. It also describes the structured steps involved for the risk assessment.
Curtin values contract management as a critical contributor to organisational performance. It ensures that Curtin:
- Obtains the best possible commercial outcome from its contracts.
- Meets internal and external obligations and reporting responsibilities efficiently.
- Manages risk arising from contracts.
The purpose of the Contract Framework is to ensure Faculties and Business Units implement effective processes for contracting that suit the nature of the contract and level of risk it poses to Curtin.
Please see the Contract Framework for Curtin on the Legal Services Resources page here: https://staffportal.curtin.edu.au/services/legal-services/resources-and-faqs/
You may also find a simple Contract Risk Assessment, with a worked example, and advice around Insurance Limits here: Simple Contract Risk Assessment and Insurance Limits
There is also a Risk Evaluation Tool in the following which may be of use: Operational Risk Management Pack
For any further detailed advice around your Contract, or the terms of your Contract, please contact Curtin Legal Services via email: legalservices@curtin.edu.au
Contract FAQ's
- Insurance is only one way of transferring the risk when entering into a contract or project. There are a number of other actions you can take, and obligations you can put into a contract, to assist mitigation of the risks that arise, and to ensure the best possible outcomes for Curtin and your business.
- Business continuity includes all activities that counteract interruptions to business activities and protect critical business processes from the effect of interruptions or failures of systems or disasters, and which ensure their timely resumption.
- Business continuity also includes business continuity risk assessment, developing and implementing plans to address continuity management, and testing and maintenance of business continuity plans.
- Disaster recovery includes all activities related to ensuring the availability of systems and services including the restoration of systems and services following an event which disrupts their delivery or the continued operation of systems and services despite the loss of operational equipment.
- This is particularly relevant in international collaborations and other major contracts where the contractor’s activities are critical to the delivery of Curtin’s business.
- There is a real risk that a significant partner without a mature BCP may not be financially able to weather an interruption in operations while, for example, in the case of an international collaboration, premises are repaired or rebuilt following a loss. A lag in service delivery has the potential to expose Curtin to unfulfilled contractual obligations and subsequent reputational damage.
- Where possible and appropriate, a significant contractor should be required to take out business interruption insurance to protect revenue whilst they are unable to operate. In concert with insurance protection, or where cover is not available, significant partners should be requested to provide BCP plans to outline their organisation’s preparedness to be able to continue its obligations in a number of loss scenarios.
- Such agreements should also include an obligation to notify Curtin at the time of a critical incident which will impact on Curtin’s business, or if there is an obligation on Curtin to notify a regulator of certain events, and to regularly test and update their Disaster Recovery Plans.
Note: Seek advice from Curtin Legal if unsure what applies to your situation, or if you wish to vary template.
Business Interruption Insurance covers loss of income that a business suffers after disasters, while its facility is being rebuilt, including the profits that would have been earned. It is designed to put a business in the same financial position it would have been in if no loss had occurred.
- Insurance is only one way of transferring the risk when entering into a contract or project. There are a number of other actions you can take, and obligations you can put into a contract, to assist mitigation of the risks that arise, and to ensure the best possible outcomes for Curtin and your business.
- Prior to making representations with a Lessor/Licensor to lease/licence third party premises, please ensure that you make contact with the Commercial Leasing team in Properties, Facilities & Development. Lisa Spiers, Director Commercial, is responsible for commercial leasing at Curtin and/or please email propertyportfolio@curtin.edu.au
- Liability:
- As a minimum requirement, ensure that there are provisions which:
- Allow for mutual indemnification between the Lessee and Licensee.
- Exclude third party consequential losses where Curtin is not negligent. If we are unable to negotiate this clause, the Risk Owner will need to undertake appropriate Contract Risk Assessment, and the person with appropriate delegation will need to make a commercial decision to wear this risk within their budget. Alternatively, Risk & Assurance may be able to source additional Occupiers Liability Insurance, which covers indirect liabilities.
- Ensure that the Lessor will effect and maintain insurance for the building and Lessor’s assets, fixtures and fittings.
- As a minimum requirement, ensure that there are provisions which:
- Some activities are low risk, while others are high/extreme, and it may not be obvious up front which category an activity falls into. Understanding the risks and the likely or possible consequences of an activity will provide critical information. A risk assessment conducted by the business prior to commencing the applicable procurement and/or contractual process will:
- Support an appropriate decision-making process which accurately defines the requirements, identifies the risks, focuses resources on key areas and ensures the proposed solution is the best outcome
- Ensure the procurement process used best suits the circumstances
- Enable the agreement to satisfactorily address Curtin’s requirements
- Inform the determination of the types of insurance, insurance, warranty and indemnity clauses required
- Ensure Curtin is not exposed to unnecessary risks or liabilities
- The form the risk assessment will take will vary depending on the nature of the risks. For a small value, low risk contract, a simple assessment will be sufficient, with a more formal assessment required for larger contracts and projects, and international contracts, where documented risk assessments should form part of the decision-making process. Tools to assist with risk assessments for contracts and projects are available on the Strategic Procurement and Risk & Assurance websites.
- Strategic Procurement staff are able to assist if you have any queries regarding the templates or the process for risk assessments.
Contract Works insurance covers material damage and public liability coverage to the principal and their contractors and sub-contractors involving minor construction work.
Corporate Travel Insurance covers cancellation, baggage, medical and associated expenses (plus others) in respect of international and domestic Curtin approved travel for less than 180 days in duration. Note that medical expenses incurred domestically are typically covered under Workers Compensation and not Travel Insurance.
A Cross Liability Clause means that one insured party can sue another insured party when both parties are under the same policy. Cross-liability clauses are typically standard in a commercial general liability policy. However, some policies may exclude certain situations – one company director suing another, for example, or lawsuits brought by a company against its directors.
Cyber Risk Insurance (sometimes referred to as Cyber Liability insurance) covers potential losses and liabilities of the insured and third parties arising from the use of e-commerce, internet or network related activities (covering both content and technical risks including breach of privacy, infringement of intellectual property, virus transmission, or any other serious trouble that may be passed from first to third parties via the Web).
- Depending on the nature of the contract, Curtin may require a contractor to notify or provide it with information in the event of a breach of an obligation or the occurrence of an event. This may be, for example, so that Curtin can implement alternative business delivery strategies, or discharge disclosure obligations it has to notify a regulatory in the event of a particular event.
- This may apply in the case of, for example, outsourcing contracts, where the provider is undertaking a core business function
- The obligation is effectively a disclosure requirement. It should be tailored to fit the particular obligations for which notice is required in the contract.
- In including a clause of this, it is also important to consider the mechanism for monitoring compliance against this requirement. Depending on the nature of the contract, it may be appropriate to include a right to access and audit clause in the contract.
- Dispute resolution clauses outline a mechanism to settle disputes under a contract, and may include provision for:
- Negotiation (informal process)
- Mediation (formal process with a mediator whose role is to assist and clarify issues)
- Facilitation (effectively, multi-party mediation)
- Conciliation (where the conciliator can advise the parties on their rights and obligations, suggest a reasonable outcome, have separate discussions with each party and communicate offers between them), or
- Arbitration (formal, court-like process where an independent person has the right to make a binding determination).
- The options will vary depending on the nature of the contract and the disputes that may arise under it, with the less formal processes generally being used in the lower risk contracts.
- This will establish a process which is cost effective, flexible, speedy, confidential and practical, with the aim of assisting the parties to maintain a relationship.
- If no dispute resolution process is referred to in the agreement, it is generally assumed that the parties intend to resolve any disputes by litigation.
A due diligence assessment involves careful investigation of the economic, legal, fiscal and financial circumstances of a business or individual. This covers aspects such as sales figures, shareholder structure and possible links with forms of economic crime such as corruption and tax evasion.
Employment Practices Liability Insurance helps employers minimise the risk and potential cost of claims taken against them by employees relating to things such as alleged discrimination, unfair dismissal and sexual or workplace harassment.
Expatriate Medical Insurance is a quasi-Workers Compensation cover, designed to provide medical expenses and ancillary expenses cover, to employees that Curtin appoint overseas (including their families). Note that this does not apply to short term travel under 180 days in duration as that would be classified as Curtin approved travel and coverable under Corporate Travel Insurance.
- The force majeure clause in a contract excuses a party for not performing its contractual obligations when this occurs as a result of unforeseen events beyond its control, including natural disasters such as floods, earthquakes and other “acts of God,” and uncontrollable events such as war or terrorist attack.
- Force majeure clauses are meant to excuse a party provided the failure to perform could not be avoided by the exercise of due diligence and care. However, it does not cover failures resulting from a party’s financial condition or negligence.
- This clause should be considered in large, lengthy, high risk contracts, but should be restricted to cover things that are clearly beyond the control of the party.
- This governs which laws apply to a contract, including compliance and insurance requirements, and litigation processes.
- All contracts should contain a governing jurisdiction clause.
- The starting position is that the contract is subject to WA law (if the contract is entered into in WA that is the default position).
- There are a number of issues relating to compliance and enforceability that may arise if the contract is subject to law other than WA law, and an assessment needs to be undertaken of the impact and risks, and the potential costs and benefits to Curtin of these arrangements.
- If it is not possible to negotiate in inter-state or international contracts, then the contract should be subject to the law of another Australian State.
- If it is not possible to negotiate an Australian jurisdiction clause, then the business MUST seek legal advice about whether it is acceptable to have an international jurisdiction. This will depend on a range of factors including the nature of the contract, the likelihood of litigation, the size of the contracting party (and the associated difficulty with negotiating alternative clauses).
- Curtin’s insurance may not operate if the agreement is subject to the law of another country, and that may or may not be acceptable depending on risk issues.
Hirer’s Liability Insurance provides protection to organisations which hire space to other groups who may not have their own insurance. It covers the hirer against accidental damage to contractor property and compensation for accidental injury to third parties.
- The Incoterms rules (International Commercial terms) is a set of uniform “language” generally accepted in international commercial transactions and used to deal with different situations involving the movement of goods. They are intended to reduce or remove altogether uncertainties arising from different interpretation of the rules in different countries.
- The trade terms relate to common sales practices, and are intended to describe the tasks, costs and risks associated with the transportation and delivery of goods.
An Indemnity Clause is where the party that gives the indemnity is agreeing to be responsible for the loss suffered by the party receiving the indemnity, in the event that any action is taken against the receiving party, to the extent described in the indemnity.
Inpatriate Medical Insurance is essentially private health cover (with broader coverage limits and terms), which meets Visa requirements, for foreign employees who Curtin engage to work in Australia. Typically these employees are not covered under Medicare. This cover is only provided as part of recruitment negotiations via People and Culture and a specific notation is included in the employees Contract of Service.
- Unimutual is Curtin’s primary insurer, supported by a number of other insurance policies from other sources.
- Under Curtin’s insurance policies with Unimutual, Curtin may not be insured in certain situations, if Curtin contracts contrary to Unimutual’s requirements. Principally we cannot waive Unimutual’s rights of subrogation i.e. if we accept a Contract with a waiver of subrogation provision, this prevents Unimutual (who steps into the shoes of Curtin as insured after it pays a loss) from suing the other party to the contract, which likely caused the loss. A Hold Harmless Clause is effectively the same thing, it warrants that Curtin cannot and will not sue or hold responsible, the other party to the contract regardless of negligence.
- Unimutual define Contractual Liability as “Assumed Liability”, and there is a specific Assumed Liability Exclusion, which is only triggered if Curtin assumes liability that would be:
- Greater than that at law
- The exclusion does not apply to:
- Any liability assumed for loss, damage or liability caused by students or employees;
- Incidental contracts.
- Incidental Contracts are defined as:
- Rental, lease or hire agreements.
- A contract for supply of electricity, gas water, sewerage etc.
- A railway authority for loading and unloading of products or operation of a railway siding.
- Curtin Legal Services will continue to assist you with any negotiations around non-standard terms and conditions within a Contract, and there will still be a need to understand your risk exposures, with respect to any Contract that you are entering into on Curtin’s behalf.
- Ultimately, a person/entity should not enter into a Contract or accept a risk, which they would not be happy to do in the absence of Insurance, also a person/entity should not take on a risk just because they can pass a loss onto an Insurer. They are also limited to accept financial risks per the delegations register.
- There may be other cases where it is appropriate to contact the insurer, to determine the insurance requirements for a specific activity/project, or to confirm the insurance required under the contract, the insurer should only be contacted through Risk Management.
A Limitation of Liability reduces the amount that can be claimed from the contractor or third party in the event of an incident. This includes where a “cap,” or limit, is placed on the contractor’s/third party’s liability, or there is a provision which excludes “consequential” or “indirect” loss.
Marine Cargo (also known as Marine Transit) Insurance covers incidental movements of property around the world (domestic and international) via land, sea or air.
Medical Malpractice Insurance provides civil liability cover, including defence costs, for claims arising out of acts, errors or omissions that are made in providing healthcare i.e. treatment based.
Motor Vehicle Insurance covers physical damage and/or bodily injury, and any liability resulting from a vehicle’s involvement in traffic accidents or incidents.
- Parties to a contract may request that they be named or noted on an insurance policy of the other party. It is another mechanism for managing the risk of a contract.
- Naming on a policy is very common in the event of, for example, construction-type contracts, where a contractor is undertaking significant construction work on a building owned by the other party. In those cases, the building owner will often seek to be named on the policy of the contractor.
- Depending on the nature of its interest in the contract, Curtin should consider requesting that it be named on the policy of the contracting party if:
- the contract is high risk, high value or long term, and
- the financial viability of the contracting party is not considered very strong
- Naming should also be considered when you are outsourcing a core business function.
- It is not appropriate to be named on a professional indemnity policy that is covering a contractor who is advising Curtin, as Curtin would not be able to obtain the benefit of the contractor’s policy if it was named on it.
- Naming on an insurance policy provides an additional level of protection to the named party, as they become a co- insured with the contracting party, with all of the insured’s rights and obligations, and have direct access to the insurer in the event of an incident.
- If you are seeking to be named on a policy, it is important that you review the terms of the policy first, as Curtin will be bound by those terms. There are also a number of other implications if a party is to be named on the policy of another, including the need for a cross-liability clause.
- Noting a party on an insurance policy carries no legal status, and is generally of no benefit to a party except in particular, limited circumstances.
A Non-Imputation Clause is considered where a policy of insurance will cover multiple insureds. Non-imputation clauses operate so that the knowledge of one insured cannot be imputed i.e. attributed to another.
Principal Controlled Contract Works Insurance (Project Specific) is a separate policy covering principals, contractors and sub-contractors in construction work contracts from site preparation to the point of transfer of the work to the operational insurance. Covers all items being built and all materials to be incorporated into the works.
Product Liability covers injury, damage or death caused to a third party by the failure of a product that is manufactured, supplied, repaired, serviced or sold (including design, manufacturing or instructional defects).
Professional Liability, also known as Professional Indemnity, covers the legal liability of advice-based businesses (contracts involving “brain work” rather than “physical work”) for any claim for property damage, economic loss, and death and injury made against them in the course of their business arising from their rending or failing to render professional advice.
This is a “claims made” policy, which provides cover for claims made during the currency of the policy, even if the incident occurred prior to the policy. Therefore, a contract requiring this should include an ongoing obligation to have this insurance for a period post the end of the contract (6 years in accordance with the statute of limitations).
Property Insurance covers physical loss of or damage to all real and personal property owned by or in the care, custody or control of the insured, including business interruption arising from the damage.
Public Liability covers Curtin, including its staff, students and volunteers, against damages and legal costs incurred as the result of negligence, which creates a legal liability to third parties for bodily injury or death and/or loss of damage to property arising from University activities. Third parties include any individual (including students, but excluding staff members, in the course of their employment), or corporations or entities of every description.
Student Personal Accident Insurance covers Curtin Students whilst they are officially engaged in approved Fieldwork, including participation in the Inter-Varsity or University National Games, for injuries sustained whilst involved in these activities.
- A termination clause is the provision in the contract which outlines the circumstances in which a contract can be terminated prior to it being completed. It provides an “exit strategy” from the contract for both you and the contracting party.
- The clause should outline the circumstances in which a termination can be effected, and how the contract should be terminated (including notice provisions).
- The clause must be clear, otherwise a party may be in breach of contract if they wrongly invoke it.
- Consider the circumstances of your contract. This will inform the drafting, including whether the contract is able to be, for example, “terminated at will”, without any reason, or only for a material breach? If for a breach, does an initial attempt have to be made to rectify the breach first, and how much notice is required.
Volunteer Personal Accident Insurance covers Voluntary Workers of the University whilst they are engaged in authorised activities. Cover under this policy may only be provided where a person volunteers his/her services to the University, acts under the direction and supervision of the University in the course of duties allocated to them, or is duly certified by the School/Department/Area as being a bona fide volunteer with no compensation provided for their services.
Workers Compensation Insurance, also commonly called Employers Indemnity Insurance, is a statutory requirement for any “employer” in Western Australia and in all States/Territories of Australia. Workers’ compensation insurance protects your business from financial costs when a worker sustains a work-related injury or disease. It also protects injured workers by providing weekly payments to cover loss of earning capacity, payment of reasonable medical and rehabilitation expenses, and other entitlements.