Risk Management Procedure

Governance > Risk Management > Risk Management Procedure

Authorised by Chief Executive Officer

Revised Date: 8 July 2022

 

This procedure explains how Kyeema Support Services will implement documented risk management processes to identify, mitigate and manage risks to participants, workers and the provider

 

This procedure supports Kyeema Support Services to apply Standard 2: Governance and Operational Management - Risk Management

 

Scope

This policy applies to all Kyeema workers.

 

Definitions

Risk management Coordinated activities to direct and control an organisation regarding risk

Risk Combination of the probability of occurrence of harm and the severity of that harm.

Risk control Actions implementing risk decisions.

Controls linked to risk Controls are policies, procedures, systems, etc, which may or may not be implemented to provide reasonable assurance that the risks are mitigated and/or reduced to a level acceptable.

 

Introduction

Kyeema Support Services risk management:

      Risks to the organisation, including risks to participants, financial and work health and safety risks, and risks associated with provision of supports are to be identified, analysed, prioritised and treated.

      A documentation system must be in place that effectively manages identified risk and is relevant and proportionate to the size and scale of the provider and the scope and complexity of supports provided.

      Support delivery is linked to a risk management system which includes:

-     Incident Management

-     Complaints Management

-     Work Health and Safety

-     Human Resource Management

-     Financial Management

-     Governance and operational management

-     Emergency and Disaster Management

-     Bus safety in compliance with the Bus Safety Act

-     Other vehicles’ safety

 

 

What is Risk Management?

In the Australian and New Zealand ISO 31000:2018 the risk management process has 11 principles.

 

1.   Creates and protects value
Good risk management contributes to the achievement of an agency’s objectives through the continuous review of its processes and systems.

 

2.   Be an integral part of organisational processes
Risk management needs to be integrated with an agency’s governance framework and become a part of its planning processes, at both the operational and strategic level.

 

3.   Be part of decision making
The process of risk management assists decision makers to make informed choices, identify priorities and select the most appropriate action.

 

4.   Explicitly address uncertainty
By identifying potential risks, agencies can implement controls and treatments to maximise the chance of gain while minimising the chance of loss.

 

5.   Be systematic, structured and timely
The process of risk management should be consistent across an agency to ensure efficiency, consistency and the reliability of results.

 

6.   Based on the best available information
To effectively manage risk it is important to understand and consider all available information relevant to an activity and to be aware that there may be limitations on that information. It is then important to understand how all this information informs the risk management process.

 

7.   Be tailored
An agency’s risk management framework needs to include its risk profile, as well as take into consideration its internal and external operating environment. In the disability sector, this includes a requirement to be prepared to support participants in Emergencies and Disasters.

 

8.   Take into account human and cultural factors
Risk management needs to recognise the contribution that people and culture have on achieving an agency’s objectives.

 

9.   Be transparent and inclusive
Engaging stakeholders, both internal and external, throughout the risk management process recognises that communication and consultation is key to identifying, analysing and monitoring risk.

 

10.  Be dynamic, interactive and responsive to change
The process of managing risk needs to be flexible. The challenging environment we operate in requires agencies to consider the context for managing risk as well as continuing to identify new risks that emerge, and make allowances for those risks that no longer exist.

 

11.  Facilitate the continual improvement of organisation
Agencies with a mature risk management culture are those that have invested resources over time and are able to demonstrate the continual achievement of their objectives. 

 

Establishing a context for risk management within Kyeema

This includes:

      clarifying the vision, mission and goals of Kyeema

      identifying the wider environment within which Kyeema operates

      setting the scope and objectives for the risk management process

      identifying how risks will be measured

      identifying what will be involved in the risk assessment process

 

Communicating risk management to all stakeholders of Kyeema

Good communication and consultation is essential for risk management and attempts to:

      improve people's understanding of risks and the risk management processes

      ensure all relevant stakeholders are heard

      ensure that everyone is clear on their roles and responsibilities

 

Identifying risks within Kyeema

The aim is to develop a comprehensive list of the sources of risks and their consequences. There is no one right way to do this. Some strategies are:

      reviewing risks at staff, team leader and management meetings

      reviewing risks with stakeholders with relevant knowledge and experience

      systematic analysis, e.g. flow charting systems and processes

      development of 'what if' scenarios

 

Analysing risks within Kyeema

Some of the key questions in analysing the risks are:

      what is the likelihood of the risk?

      what is the consequence?

      what is the level of risk (combination of likelihood and consequence)?

      what factors affect the likelihood or consequences?

      what is the level of uncertainty?

 

Similar questions can be asked in relation to opportunities (i.e. risks with positive consequences):

      what is the likelihood of the opportunity?

      what is the consequence?

      what is the level of opportunity/risk (combination of likelihood and consequence)?

 

Evaluating risks within Kyeema

Some of the key questions in risk evaluation are:

      what are acceptable levels of risk?

      what are intolerable levels of risk?

      does the risk need treatment?

      what are the priorities for treatment of risks?

      What risks are participants choosing to live with?

 

Treating risks within Kyeema

To effectively treat risks one needs to understand how risks arise. Some of the ways that risks are treated are:

      contingency planning (i.e. plan in advance for an event that may happen so as to minimise any negative effects should it happen)

      sharing the risk e.g. when entering into contracts with other service providers specifying they share the risk, use of waivers

      transfer the risk, e.g. through insurance

      avoiding the risk, e.g. no longer undertake the activity

      financing the risk e.g. setting funds aside to pay for the consequences

      reducing the risk, e.g. through changing work practices

 

In treating risks there will be trade-offs between costs and benefits. One will have to make a judgment that the cost of reducing the risk is worth the benefit of the reduced risk. In the disability sector we must also take into account participant choice to accept risk, using the principles of the dignity of risk.

Key question: What is acceptable risk?

 

Monitoring and reviewing risks within Kyeema

Risk management is an ongoing process:

      the risk management process is monitored via

-     Finance, Audit Risk Board Committee

-     Occupational Health & Safety Meetings

-     Bus Management Information System

-     Emergency Planning Committee

-     Staff, team leader and management meetings, including any staff “tool box” meetings prior to activities

-     Such procedures as Excursion Planning, Support Planning for individuals and home assessments

      the effects of risk treatments need to be monitored and reviewed to ensure they are adequate and effective

 

Communication and consultation takes place throughout the risk management process with all identified stakeholders so that all parties understand the basis on which decisions are made.

 

Responsibilities

Operational managers are responsible for signing the risk assessments once completed and ensuring communication and implementation of controls.

 

Record keeping

Hard copy of risk assessment forms filed in supports manager office. Electronic versions in either individual participant files or other appropriate places.

 

•   Home Risk Assessment Form CCF-19

•   High Risk Activity Assessment CCF-86

 

Organisational Risk Register k-drive\risk management-organisation\organisational risk register

 

Bus Safety

Compliance with the Bus Safety Act (2009) Vic entails multiple risk management and mitigation activities. These are found in the Bus Management Information System and related documents as found via the links below.

 

Risk regarding all vehicles and the transportation of participants is found in the Participant Transportation Procedure.

 

Training

Workers to be trained in risk management, how to use the risk management matrix and forms relevant to Kyeema.

 

Review and Evaluation

Risk controls implemented and reviewed.

 

Related Policies, Procedures and Documents

Australian Standard AS ISO 31000:2018 Risk Management – Guidelines

Risk Assessment Register SF-14

Risk Analysis and Hazard Identification Procedure

Risk Analysis Matrix SF-08

Home Risk Assessment Form CCF-19

High Risk Activity Assessment CCF-86

Excursion/Activity Checklist CCF-52

Organisational Risk Register: K:\Risk Management - Organisation\Organisational Risk Register

Kyeema List of Risk Assessed Roles HRF-61

Emergency Response Plan SF-62

Business Continuity Plan – General CF-01

Business Continuity Plan – COVID CF-02

Bus Safety Act 2009

Participant Transportation Procedure

Essential Safety Measures Policy and Procedure