Unis need better risk management, infosec and to stop playing politics

By Stephen Easton

Friday June 5, 2015

New South Wales universities need to continue improving their risk management frameworks — and for three, the reputational risk of being seen to support one side of politics must be eliminated, according to the state’s auditor-general.

Grant Hehir
Grant Hehir

Risk management frameworks are still maturing in the 10 NSW universities according to a recent report from the office of Grant Hehir, who is soon to take over from Ian McPhee as national Auditor-General. The report sketches out what a good risk management framework looks like:

“In the university with the most mature risk management framework, risk awareness is evident at each business level. Executive management uses a top-down approach to communicate strategic risks. Risk owners, at the operational levels, conduct risk management workshops to identify key risks and promptly escalate issues to management.”

However the university at the other end of the spectrum has not developed the appropriate culture where risk management is integral to all daily operations and consistently applied across every part of the organisation, Hehir reports:

“Most universities have started to embed a risk awareness culture, but this is inconsistent across business units and enterprise risk management lacks depth in the faculties.”

Three of the ten universities have paid for staff to attend events hosted by political parties, which is considered a political donation under the relevant legislation. Most have policies prohibiting political donations; Hehir says they all should. The report explains:

“Management of the three universities that made the political donations advise that attendance at political party events is designed to maintain relationships and gain a thorough and broad understanding of major public policy commitments being proposed by major political parties.

“While the value of the donations identified in the survey was small in the context of the university’s operations, the use of university finances for political donations is considered inappropriate for public entities.

“Despite these donations being inappropriate use of public monies, universities or their controlled entities may not be precluded from making political donations or be in breach of election funding legislation.”

The report also reveals that all 10 universities spend more on “non-academic employee related expenses” than the federal Department of Education and Training recommends as “good practice” — 25.8% to 32.2% of total expenses, versus 18-20%.

The institutions are in fairly sound financial positions generally, Hehir reports, but sustainability pressures are emerging, with expenditure growth outpacing revenue growth in six. Debt levels are low, but increasing.

The audit also revealed ongoing issues with information security exposing the universities to “attacks, data integrity issues, fraud and identity theft” with Hehir noting in his online summary of the audit:

“It is disappointing that over a quarter of the issues raised by the Audit Office in 2013 were not addressed in 2014.”

The main area of concern is user access, including weak or non-existent processes of reviewing who has access, failure to terminate access quickly enough, password parameters for financial system access and poor management of privileged access.

The NSW auditor-general made nine recommendations in the report to improve financial sustainability, governance, and teaching and research.

 

About the author
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
roger dennis scott
roger dennis scott
5 years ago

The other side of a much bigger coin is the need for governments not to wave money in front of university researchers and curriculum designers to advance their ideological purposes. The current controversy which wracked UWA is the tip of a slightly grubby iceberg. This iceberg will only get bigger and grubbier if the deregulation proposals twice rejected by the Senate again see the light of day.

Premium

Now is the time to get Mandarin Premium

When public sector leadership is even more critical for Australia, and the business model for quality journalism is under severe threat, there has never been a more important time to join Mandarin Premium.

Get Premium Today