What happens next

Issues and concerns can arise from inadequate or failed internal processes or controls, people, systems or responses to external events or the unacceptable risk of a potential adverse financial, regulatory or reputational impact.

Actions are the steps to be taken to sort the issue.

Required actions

Actions may be required to:

remediate the immediate situation/issue
make it safe
identify any similar Issues which may have occurred in the past or elsewhere
address root cause, i.e., prevent a re-occurrence of a control breakdown or incident.

Responsibility

The responsibility for completing actions lies with the action owner and ultimately the relevant Executive Leadership Team (ELT) member associated with the relevant action. Where an issue is identified in one portfolio and actions to remediate reside in another, agreement on the actions, action owners, and due date must be sought between the two portfolios.

Action plan authors must ensure that any actions, action owners and action due dates are agreed with the relevant business unit prior to submitting the action plan to committees or the Risk and Compliance Unit for inclusion on the Enterprise Actions Register.

Resolution

Timely resolution of issues and actions is a requirement for all portfolios, as it reduces the time that the University is exposed to an identified risk. Those assigned an action are responsible for the closure of that action and within the agreed timeframe. The action owner must also ensure that the steps taken to complete the action have appropriately dealt with the issue.

Notification

Action owners must advise the Risk and Compliance Unit (email: riskandcompliance@csu.edu.au) when they have taken all steps considered necessary to complete an action.