Go to top of page

Risk assessment – Frequently Asked Questions (FAQs)

TEQSA’s Risk Assessment Framework

TEQSA’s risk assessments of registered higher education providers are a key component of TEQSA’s risk-based approach to assuring higher education standards. TEQSA’s Risk Assessment Framework outlines the key steps and components of the risk assessment process, and provides detailed supporting information on the risk indicators used. 

What are the changes to 2021 Risk Assessment?

The content of the 2021 risk assessment report has been streamlined. Key changes include:

  • removing provider background and commentary
  • replacing the regulatory history and CRICOS information with links to the National Register and PRISMS, and omitting the history of material change notifications
  • classifying student EFTSL data as domestic or international (formerly onshore domestic, onshore international and offshore), to avoid confusion
  • removal of gender from the student load data breakdown.

Note that regulatory decisions are published on the National Register. CRICOS registration information can be found through PRISMS logon.

As with the 2020 risk assessments, the metrics for completions and graduate destination have been omitted for the 2021 risk assessment report (based on previous feedback from the sector).

The 2020 Overall Risk ratings compared to the 2021 Overall Risk ratings

In the 2020 risk assessment, the overall risk to financial position (ORFP) was based on a bespoke data collection, with a specific focus on financial viability due to the likely impact of COVID-19 on provider revenue. TEQSA incorporated financial data from each provider for the first half of 2020 and this was published as the 2020 ORFP in the 2020 risk assessment.

The 2021 risk assessment uses only audited data for the ORFP. Consequently the 2019 ORFP published in the 2020 risk assessment aligns with the 2019 ORFP published in the 2021 risk assessment. 

Ratings explained

The standard ‘low’, ‘moderate’ and ‘high’ risk ratings have been applied to each indicator. There may be instances where a rating is suspended or a No Confidence in Data (NCID) rating is applied. For example, a rating may be suspended if a provider is new and does not have enough data to form a view on an indicator, while NCID may be applied if the data is missing or the data received from DESE does not align with the data showing on HEIMS Online. 

What can I expect if my Overall Risk Rating is rated high? 

For providers that receive a high Overall Risk to Students or Overall Risk to Financial Position, we ask that you carefully review the risk indicators associated with the risks identified. 

We expect providers would have already identified risks to their education operations, as required by Higher Education Standards Framework (Threshold Standards) 2021 (6.2.1e) and would have plans in place to mitigate these risks. We may contact you to discuss your risk assessment and seek information on actions your governing body has taken and further steps in response to the identified risks.

What if I didn’t get a risk assessment?

Providers registered on or after 1 January 2018 are not in scope for 2021 risk assessment – noting that 3 years of financial data is required to assess financial sustainability and at least 2 years of student is required for student indicators.

Will my risk assessment be made public?

Given the potential sensitivity of risk assessments and associated documents, provider risk assessments are treated confidentially by TEQSA. Risk assessments and associated documents relating to individual providers are not publicly released by TEQSA or shared with other providers. 

Will the risk thresholds be published?

The risk thresholds used to inform ratings are not published. Risk thresholds are considered in the context of other information and are not the sole determinant of risk ratings. Professional judgement is used with regard to the specificities of each indicator, in determining the levels which may represent potential risk. 

It is important to note that the sector benchmarks which appear in the risk assessment are not the risk thresholds and are not framed around the thresholds. They are median values of each indicator by provider category. 

Do I need to respond to the risk assessment report?

You do not need to provide a response to TEQSA for your risk assessment report. This year we have provided a single risk assessment report, rather than providing a provisional report and then a final risk assessment report. 

Where you have material issues with the data included in the risk assessment, you may raise these issues with us. If validated, we will issue an updated report. 

We have already taken into account relevant regulatory context and history. Further adjustments to the risk assessment report based on context are unlikely to be made.  

Responses are due by 22 April 2022. Any responses received after this date will be considered in the next risk cycle. 

What should I do if the data in the risk assessment is incorrect?

All providers, other than Australian Universities, were asked in mid-2021 to quality assure their 2020 financial and staff and student data submission. However, where you consider there are material data issues, please contact TEQSA via risk [at] teqsa.gov.au to discuss the best way forward to provide corrected data.

How does TEQSA use risk assessments for its regulatory activities?

TEQSA considers a range of factors to inform our risk-based approach to regulatory activities, such as pre submission scoping for renewal of registration or course accreditation and thematic assessments. This includes findings of the annual risk assessment, where we consider the findings are relevant to the assessment and indicate material risks to compliance. Other factors include our knowledge of the provider (regulatory history) and monitoring activities (for example reports from other government agencies or professional accreditation bodies). 

What data has been used to conduct this risk assessment?

The 2021 risk assessment year is based on staff, student and audited data from 2020. This is the most up-to-date data that we access from data reported by providers. 

TEQSA works closely with the DESE to access data for providers that already report data to existing collections. These collections include:

  • HELP IT System (HITS) – financial data for higher education providers
  • DESE TM1 system – financial data for Table A and B providers
  • The Higher Education Client Assistance Tool (HEPCAT) – staff and student data
  • Higher Education Information Management System (HEIMS) – staff and student data
  • Tertiary Collection of Student Information (TCSI) – staff and student data
  • Provider Information Request (PIR) – graduate survey data
  • The Quality Indicators for Learning and Teaching (QILT) – graduate survey data

In addition, TEQSA considers a provider’s regulatory history when applying ratings. For example, information provided through material change notifications, regulatory decisions such as shortened periods of registration, and compliance concerns known to providers.

What happens if I didn’t submit Graduate Survey Data through the Provider Information Request (PIR)?

TEQSA collects graduate survey data for providers who are not QILT participants through the Provider Information Request (PIR). Where a provider has not submitted the graduate survey data for 2020, we have suspended the rating for the Graduate Satisfaction indicator (S4).

What attrition rate is used for the risk assessment? 

There are two types of attrition rates: normal and adjusted. These are defined at HEIMSHELP

TEQSA uses the normal attrition rate as this applies to all registered providers and all students. Where available, the adjusted attrition rate is considered when determining a rating for the attrition rate risk indicator (S2. Attrition Rate). 

Why isn’t adjusted attrition used for my organisation? 

TEQSA uses the normal attrition rate as this applies to all registered providers and all students. 

What is the definition of a Senior Academic Leader?

For providers that are subject to the Education Services (Post-Secondary Education) Award 2010, academic staff formally employed at Level C but undertake academic leadership roles beyond that of a typical Level C should be coded as 160–Academic Staff (Senior Level). 

Staff coded as 160–Academic Staff (Senior Level) should have a formal requirement to contribute leadership in one or more of the following areas: curriculum and assessment; pedagogy; staff management; and professional development, research, and/or scholarship.

Why is the EFTSL in the Student Load indicator different to the EFTSL used in the Student to Staff Ratio (SSR) indicator?

The student load indicator (S1. Student Load) is based on the total student load at the provider, whereas the SSR indicator (S6. Staff to student ratio) is based on the onshore coursework student load only.

The SSR indicator is the ratio of the total onshore coursework student load (EFTSL) to total onshore teaching only (TO) and teaching and research (T&R) staff full-time equivalent (FTE) employed by the provider, including casuals.

How do I submit data for the Provider Information Request (PIR)?

From 2022, TEQSA requires you to report against the revised PIR collection utilising the new Tertiary Collection of Student Information (TCSI) (pronounced as 'taxi'). For information about transitioning to TCSI, including TCSI FAQs, a range of support materials and information about webinars, please visit TCSI Support

We strongly encourage providers to prioritise the onboarding process, so that you can submit, check and validate the required data within the deadline.

The 2022 risk assessment cycle 

Last year we advised our intention to review our approach to the annual risk assessment cycle, in consultation with the sector. We anticipate this review will commence later in 2022, and as a result, expect that the 2022 risk assessment will be similar to the 2021 cycle.