Chief Operating Officer Portfolio

IT Policy, Risk and Assurance Committee

  1. Home
  2. Operational areas
  3. Information Technology
  4. IT Governance

The IT Policy, Risk and Assurance Committee (IT PRAC) aims to support effective IT policy development (i.e. policies, procedures, standards) and implementation, while monitoring IT risk and compliance. 

Objectives

  • Provide a forum for UQ representatives to discuss and provide feedback on compliance with policies, procedures or external instruments (e.g. legislation).
  • Review policy documents with regards to UQ and IT quality standards, and requirements around monitoring, assurance, and implementation. 
  • Endorse IT policy documents to the CIO (and in some cases the Vice-Chancellor) for approval. 
  • Providing advice, guidance and endorsements on submissions that align with the Technology Master Plan and purpose of IT PRAC.
  • Review results from assurance and compliance assessments and provide recommendations where results indicate there are compliance issues, additional risks or inadequate processes or controls. 
  • Review IT policy implementation outcomes across UQ. 
  • Develop and endorse the IT top 10 risks and associated mitigation actions. 
  • Discuss IT risks above UQ’s appetite and recommend mitigation actions. 
  • Discuss open actions resulting from internal audits, external advisory, and external audits/accreditations, and recommend actions where actions continue to exceed their due date or cannot be completed. 

Membership

  • Chief Information Officer (Chair)
  • University Librarian
  • Chief Technology Officer, Research Computing Centre
  • Director, Governance and Risk
  • a Faculty Executive Manager
  • Deputy Director, Digital Learning
  • Director, Cyber Security
  • a Deputy Director (Operations) 
  • Director, IT Governance and Investment
  • IT Policy, Risk and Assurance Manager (Secretary)
  • additional staff may be asked to join periodically to provide specific expertise.

Meeting processes

  • meets every 2 months
  • certain meetings will have standard agenda items (e.g. determining annual IT top 10 risks)
  • attendance is defined as in-person, by phone, by video call
  • meetings can be held out of session for ad-hoc decisions and items for noting
  • members may delegate attendance to an equivalent peer (e.g. FEM from alternate faculty)
  • members must be in attendance to vote, with a minimum of 5 members in attendance.

Reporting

IT PRAC will receive the following reports:

  • reports from each sub-committee or working group that feeds into the committee as required but at a minimum, annually
  • quarterly cyber security risk dashboard
  • outstanding actions register reports
  • select reports relating to compliance with IT policy documents and federal or state legislation, regulations and policies 
  • select reports relating to IT risk management.

Agenda submissions

Email IT Governance and Investment regarding agenda submissions or committee enquiries.

Please use the IT PRAC Submission Coversheet (DOCX, 46.6 KB) when providing submissions to the committee. 

 

 

2024 meeting information

Agendas, documents and decisions from IT PRAC meetings are listed below. Note that certain items may only be available on request.

For meeting information from previous years, please email IT Governance.

Meeting dateSubmission due dateOutcomes and actions
27 February 202413 February 2024IT PRAC outcomes and actions (PDF, 127.2 KB) 
23 April 20245 April 2024IT PRAC outcomes and actions
12 June 202424 May 2024IT PRAC outcomes and actions (PDF, 130.8 KB)
7 August 202419 July 2024IT PRAC outcomes and actions (PDF, 102.5 KB)
8 October 202420 September 2024IT PRAC outcomes and actions

27 November 2024*

*This meeting will be held out-of-session

8 November 2024TBC