Risk assessment – Frequently Asked Questions (FAQs)

TEQSA’s risk assessments of registered higher education providers are a key component of TEQSA’s risk-based approach to assuring higher education standards. TEQSA’s Risk Assessment Framework outlines the key steps and components of the risk assessment process, and provides detailed supporting information on the risk indicators used.

For the 2022 risk assessment cycle, TEQSA undertook a modified approach. TEQSA provided a risk assessment report focused on financial position only which included an assessment of financial viability and financial sustainability. This approach was taken because of the delayed implementation of Tertiary Collection of Student Information (TCSI), and consequent delayed availability of staff and student data.

For the 2023 Risk Assessment cycle we:

• will include 2021 and 2022 student and staff data, and 2022 audited financial data
• expect to send providers their provisional risk reports for the 2023 risk assessment cycle by mid-June 2024. This is a change from the planned timeframe of mid-May 2024, as more time has been required to analyse the higher volume of student and staff data. Providers will have an opportunity to comment on the provisional report before a final risk assessment report is completed.

The standard ‘low’, ‘moderate’ and ‘high’ risk ratings have been applied to each indicator. There may be instances where a rating is ‘suspended’ or a No Confidence in Data (NCID) rating is applied. For example, a rating may be suspended if a provider is new and does not have enough data to form a view on an indicator, while NCID may be applied if the data is missing, or the data received from the Department of Education is inconsistent.

For providers that receive a high Overall Risk to Students or Overall Risk to Financial Position, we ask that you carefully review the risk indicators associated with the risks identified.

We expect providers would have already identified risks to their education operations, as required by Higher Education Standards Framework (Threshold Standards) 2021 (6.2.1e) and would have plans in place to mitigate these risks. We may contact you to discuss your risk assessment and seek information on actions your governing body has taken and further steps in response to the identified risks.

Providers registered on or after 1 January 2021 are not in scope for 2023 risk assessment – noting that 3 years of financial data is required to assess financial sustainability and at least 2 years of student is required for student indicators.

Given the potential sensitivity of risk assessments and associated documents, provider risk assessments are treated confidentially by TEQSA. Risk assessments and associated documents relating to individual providers are not publicly released by TEQSA or shared with other providers. 

The risk thresholds used to inform ratings are not published. Risk thresholds are considered in the context of other information and are not the sole determinant of risk ratings. Professional judgement is used with regard to the specificities of each indicator, in determining the levels which may represent potential risk. 

It is important to note that the sector benchmarks which appear in the risk assessment are not the risk thresholds and are not framed around the thresholds. They are median values of each indicator by provider category.

You do not need to provide a response to TEQSA. However, if you have additional context you believe should be considered, you should provide this information within one month of receiving the provisional report. Responses received after the due date will be considered in the next risk cycle.

TEQSA uses data providers have submitted to the Department of Education and validated as accurate. Providers are required to ensure they submit correct data and validate that data well before the submission due date. Data submitted or updated after the submission due date may not be captured in the report for this cycle.

TEQSA considers a range of factors to inform our risk-based approach to regulatory activities, such as pre submission scoping for renewal of registration or course accreditation and thematic assessments. This includes findings of the annual risk assessment, where we consider the findings are relevant to the assessment and indicate material risks to compliance. Other factors include our knowledge of the provider (regulatory history) and monitoring activities (for example reports from other government agencies or professional accreditation bodies).

The 2023 risk assessment is based on staff, student and audited financial data from 2022. This is the most up to date data that we access from data reported by providers.

TEQSA works closely with the Department of Education to access data for providers that already report data to existing collections. These collections include:

• HELP IT System (HITS) – financial data for higher education providers
• Department of Education – financial data for Table A and B providers
• Tertiary Collection of Student Information (TCSI) – staff and student data

In addition, TEQSA considers a provider’s regulatory history when applying ratings. For example, information provided through material change notifications, regulatory decisions such as shortened periods of registration, and compliance concerns known to providers.

From 2022, TEQSA required providers to report against the revised PIR collection utilising the new Tertiary Collection of Student Information (TCSI) (pronounced as 'taxi'). For information about transitioning to TCSI, including TCSI FAQs, a range of support materials and information about webinars, please visit TCSI Support.

We strongly encourage providers to prioritise the onboarding process, so that you can submit, check and validate the required data within the deadline.