Information & Resources

RISK MANAGEMENT


INTRODUCTION
FREQUENTLY ASKED QUESTIONS
FURTHER INFORMATION
CONTACT VOLUNTEERING QUEENSLAND

INTRODUCTION

What is Risk Management?

Risk management is the process of managing your organisation’s exposure to any risks that could harm the organisation or an individual associated with the organisation. It does this by identifying risks and putting in place procedures that will prevent them or reduce their likelihood of occurring.

Risk Management, as defined in the Australian and New Zealand Standard AS/NZS 43600:1995, is: The systematic application of management policies, procedures and practices to the tasks of identifying, analysing, assessing, treating and monitoring risk. Simply put, risk management means being aware of potential hazards, and taking steps to remove or minimise them.

Risk Management Planning

It is a framework or set of processes for organisations that assists them with making choices in respect to the customers they serve, the procedures and policies they adopt and the overall way in which they conduct their programs. Risk management is an integral part of good management. To be most effective, risk management needs to be part of an organisation's culture whether non-profit or corporate. When it is integrated into an organisation's philosophy, service delivery and planning activities, it becomes the business of everyone within the organisation.

  • According to the Non profit Risk Management Centre risk management is not a one-off activity, rather it is an ongoing process of assessing potential deviation for events and finding a way to decrease its likelihood and to minimise the effect of loss or an unforseen event that could not be prevented. ("No Surprises", 2001). Risk management is an approach to problem solving that has as its goal improved performance by acknowledging and controlling risks.
  • Risk management is about protecting and conserving an organisation's resources and providing goods and services sensibly.
  • It is not about avoiding risk; the only way to avoid risk altogether is by not operating a program or an organisation, and
  • A risk management plan is just as important in a small organisation as it is in a large one; however it is often the smaller organisations that face the greatest challenge in implementing risk management due to scarce resources both in terms of personnel and funds.
In 2003, Volunteering Australia Inc (‘VA’) published a document entitled ‘Running the Risk?’
The document was developed by and with the advice of various risk management experts, and it is primarily a management tool for community organisations engaging volunteers to do work. It is a practical tool to assist volunteer involving organisations identify their risks and implement effective strategies for managing those risks.

The publication outlines why it is important to manage risk and provides a simple 4-step guide to identifying and treating risks. In addition, some case studies have been included which highlight the importance of managing risk and provide examples of how some organisations have dealt with their own risks.

For detailed explanations of risk management go to the Frequently Asked Questions section.

Top of page

FREQUENTLY ASKED QUESTIONS

Risk Management Planning

Does my organization need a risk management plan?
There are a number of reasons why having a risk management plan is essential. Any organization that is serious about reducing its risks (and maximizing potential opportunities) should ensure that it has a plan and that the plan is signed off by the management committee and reviewed at least annually. In certain circumstances it may be unlawful not to have a plan. For example an organization that works primarily with children or young people is required by law to have risk management strategies to ensure child-safe work environments. Penalties apply for organizations that do not have these strategies Also, with recent changes to Workplace Health & Safety legislation an annual risk assessment is required.

Apart from compliance requirements, we all live in an ever changing environment; new organizational ventures or activities may be undertaken, staff turnover, altered policies, procedures and work practices, changing policy direction by governments, litigation trends in our community, increasing expectations by volunteers, clients and funding providers, all impact on our need to plan for, and frequently review our risks.

Also, your insurer may require you to provide evidence of a risk management plan and if you can demonstrate its effectiveness, might lead to less costly insurance premiums. Suncorp offer a free risk management planning tool called 'My Risk Evaluator' in addition to a 10% discount off the annual premium with a premium cap for two years (under certain conditions) for customers who use an AS/NZS 4360:2004 compliant risk management product – for their Public and Products Liability policy.

Most importantly, a well structured risk management plan, together with effective policies, procedures and practices, might demonstrate a Duty of Care to the organization’s workers and clients. This in turn may limit the possibility of injury or damage being caused to people and property as well as potential claims against the organisation and individuals associated with the organisation.

It is far better to have a plan and action its strategies than to invite the prospects of litigation or prosecution and potential adverse publicity for your organisation.

We are fully insured, why do we need risk management?
Insurance is not a preventative, it rather responds after an incident has occurred. Insurance is only one way to manage the risks facing an organisation. It is not the best way of managing a risk because:

  • it may cost much more than controlling risk,
  • it does not achieve the preferred outcome (preventing harm), it only compensates after the event/injury,
  • it may not cover all risks and may be capped to a ceiling, and
  • it depends on the insurance company to pay the compensation at the time of the claim.

Do we still need a risk management plan if volunteers in our state are protected by volunteer protection legislation?
Following the International Year of Volunteers (IYV) 2001, most State Governments in Australia have passed laws to protect volunteers. The Queensland Civil Liability Act 2003 contains Volunteer Protection Legislation
In Queensland, the legislation protects volunteers and committee members under certain circumstances. (It may not apply, for example, if the volunteer was involved in a motor vehicle accident, was affected by alcohol or certain other drugs, or was acting outside the scope of the activities authorised by the community organisation or contrary to its instructions.) Again this legislation does not prevent an accident from happening rather it necessitates the need to have a risk management plan that details the roles and responsibilities of the volunteer staff, with job descriptions, policies and procedures to ensure volunteers are protected under the legislation. Therefore a risk management plan is essential for the legislation to be effective. The best information about the Queensland Volunteer Protection legislation can be found on the QUT Centre for Philanthropy & Non-profit Studies website.

Why do volunteers need to be part of our risk management plan?
A not-for-profit organisation is responsible for the actions of its volunteers and paid staff. Inappropriate volunteer behaviour can seriously harm and prevent a not-for-profit organisation from achieving its mission. Volunteers, like employees, are a valuable resource to an organisation and should be part of any risk management system. Including volunteers in your risk management planning will help protect both your organisation and your volunteers.

Will imposing risk management plans and expectations on volunteers make it harder to recruit and train volunteers?
Volunteers want to enhance the resources of a not-for-profit organisation, not deplete them. They support the organisation’s services and help achieve its mission. Volunteers want to be part of a well-managed organisation that considers their needs and rights, and gives them proper leadership, orientation, training and support that enables them to maximise their contribution. Appropriate risk management plans which are clearly communicated will reassure volunteers and give them confidence about working for the organisation in a productive manner.

Who is responsible?
The legal and ethical responsibility for risks is carried by the management committee, who will ultimately be held accountable. However, staff members can also be responsible under some conditions. In this case it should be described in the CEO or manager job contracts with the organisation or in some cases the CEOs areas of responsibility which are delegated by the management committee and are described in the organisation’s constitution. An organisational culture that encourages a commitment by all staff (including volunteers) to risk management is also desirable.

What does ‘Duty of Care’ mean?
The duty of care is the duty to take all reasonable care to prevent harm to others (that is those to whom the duty is owed). The duty of care may also be phrased in a negative sense – it is a duty not to place others at unreasonable risk of harm. The duty of care is not absolute. The law does not require perfection (although in the cases of injured children the standard is very high and close to perfection).
The question that should be asked in determining whether the duty has been or will be discharged is: “What would a reasonable person do/have done in all the circumstances?”
An organization must look at the foreseeable risks and the likelihood of harm in what they are planning to do and what is the usual practice to address these risks in the circumstances.
An organization cannot delegate its duty of care. It must also consider situations in which its workers might act carelessly. That is, to take into account the possibility that workers might not fully understand or follow safe working policies and procedures and to ensure that safe working systems, which include training and supervision are devised.

To whom do we owe a ‘Duty of Care’?
An individual or an organization owes a duty of care to all persons or class of persons, whom the individual or organization can reasonably foresee may be likely to suffer loss or damage as a consequence of the individual or the organization’s conduct.
Primarily a volunteer organization will owe a duty of care to people such as its clients, those people who enter its premises, people who ‘consume’ its products or are involved in its activities or services, its volunteers and any employees, and those that rely on its published information.

What are some common mistakes in risk management plans?

  • They are formally prepared, but never implemented or regularly revised.
  • They cover the risks that are easy to treat and leave the difficult risks untreated.
  • They rely too heavily on insurance as a strategy.
  • They assume the organisation’s insurance covers risks that it does not.
  • The risk management plan is not amended when insurance policies alter or new activities begin.

Wouldn’t it be easier just to copy another organisation’s risk management plan?
Not-for-profit organisations are diverse, even within the same sector. A risk management plan will be quite different even for similar organisations because of variables such as size, organisational culture, property ownership and leadership. You are far more likely to identify all of the risks relating to your organisation by working through the process of planning your own risk management strategy, than by just blindly copying another organisation’s work. An understanding of what risk management means and an ownership of the strategy to protect and enhance the mission of your organisation are essential

Where can I find risk management ‘tools’?
There are numerous sources of risk management planning tools. For example:

How can a check on a person’s criminal history (Police Certificate) be obtained?
In Queensland, a Police Certificate can be obtained by contacting your local police station or the Police Information Centre on 07 33646854 (within Australia). There are two types of Police Certificates that provide a search of a person’s criminal history records held by police services Australia-wide.

  • Certificate based on an Australia-wide check of name only: $38.20
  • Certificate based on an Australia-wide check of name and fingerprints: $135.10

    In some cases, volunteers and paid employees may be granted an exemption to these fees, except for a computer access fee of $5.00. This exemption is at the discretion of the Queensland Police Service.

What is the difference between risk management and legal compliance?

Volunteering Australia’s Running the Risk publication states: In working out what risks it faces, your organisation will probably identify the risk of incurring a penalty for breaking a law (for example, a fine for not filing its annual audited financial report with a government agency). This type of risk should be dealt with by a legal compliance plan rather than a risk management plan. This is because the law requires us to comply actively with (obey) legislative provisions, regardless of cost. Risk management – making a plan about how your organisation will manage the risk of failing to comply and being discovered in non-compliance, and/or how you will fund the fine – isn’t an option.

Compliance with Legislation

What legislation do I need to know about?
A number of pieces of legislation impact on non-profit organizations. The legislation should be taken into account when developing organizational policies, procedures, strategies and actions to ensure compliance and safety. Some examples of legislation are:

QUEENSLAND
Associations Incorporation Act
Workplace Health and Safety Act
Civil Liability Act
Commission for Children and Young People and Child Guardian Act
Worker Cover Queensland Act
Food Production (Safety) Act 2000
Liquor Licensing Act
Gaming Machine Regulatory Act
Queensland Anti-Discrimination Act 1991

COMMONWEALTH
Anti-Discrimination Act
Sex Discrimination Act
Racial Discrimination Act
Disability Discrimination Act
Privacy Act
The Spam Act
Industrial Relations Act
Income Tax Assessment Act
Goods and Services Tax Act
Pay as You Go Act
Fringe Benefits Tax Act

Working with Children

What is the Working with Children Check - or Blue Card?
In Queensland, the Working with Children Check is a detailed check of a person’s criminal/disciplinary history, if any, including charges or convictions. The Check includes a search of relevant police information held by the Queensland Police Service and other Police Services in Australia for any charges or convictions.

Blue Card Application Forms can be found here.

Blue Cards for Volunteer Parents
The Commission for Children and Young People and Child Guardian Information Sheet which sets out the Key areas of child-related employment where a parent may be exempt from the need to obtain a blue card.

How will I know if my organization is affected by the Child Protection Regulations and whether my paid staff and volunteers need a Blue Card?
Paid employees and volunteers who work with children or young people under 18 years of age must undergo screening - the Working with Children Check. New rules introduced 17/1/05 (and recent changes to the regulations) require volunteers, in certain types of organizations, where activities are directed mainly at children, to have a card regardless, in some circumstances, of how often they come into contact with children or young people. For example, if your type of organization is shown on the Commission’s Information Sheet as a category of employment in which its staff are required to have Blue Cards, and you engage a person under the age of 18 as a volunteer or for student work experience or while under a community work experience court order, then all staff who work in the organization and have contact with that young person, may need to have a Blue Card.

If I employ a worker who produces a Blue Card, how will I know if it is current?
You should satisfy yourself that the worker’s identity is valid and lodge an Authorisation to confirm a valid blue card with the Commission for Children and Young People and Child Guardian. The Commission will confirm the status of the Blue Card and notify you should there by any change to the status in the future.

Who has to pay for a Blue Card?
Paid employees must pay $40.
Volunteers do not have to pay a fee.

Where can I find details about risk management strategies and training for working with children or young people?
View the Commission for Children and Young People and Child Guardian’s website.

Top of page

FURTHER INFORMATION

RISK MANAGEMENT PLANNING WEB SITES
www.riskmanagement.qld.gov.au/
www.volunteeringaustralia.org/ManagingRisk_000.htm
Running the Risk
www.myriskevaluator.com.au/
www.ourcommunity.com.au/insurance
sites.ourbrisbane.com/community/comres/risk_management
www.dir.qld.gov.au/subject/index.htm
nonprofitrisk.org
www.ozco.gov.au (for Arts organisations - enter ‘risk management’ in the Site Search at top of screen)

QUT RESOURCES
‘Developing Your Organisation – A primer for Queensland Community Organisations’
olt.qut.edu.au/bus/DYO/index.cfm?fa=displayPage&rNum=1746801

cpns.bus.qut.edu.au/publications/index.jsp (various publications by Professor Myles McGregor-Lowndes et al)

VOLUNTEER RIGHTS
www.volunteeringaustralia.org/sheets/vol_checklist.html

RISK MANAGEMENT POLICY - SAMPLE
sites.ourbrisbane.com/community/comres/risk_management/establish_your_organisations_framework_for_risk

RISK MANAGEMENT STANDARDS
www.riskmanagement.com.au/

PUBLICATIONS & RESOURCES – listed on Volunteering Queensland’s web site: Go to: http://www.volqld.org.au/information_resources/publications_library.shtml

WORKING WITH CHILDREN CHECK (BLUE CARD)
Commissioner for Children and Young People and Child Guardian
Ph: 1800 113 611
www.bluecard.qld.gov.au
www.childcomm.qld.gov.au
www.childcomm.qld.gov.au/about/educationandtraining.html
www.childcomm.qld.gov.au/employment/bluecard/general_info.html

POLICE CERTIFICATES (SEARCH OF A PERSON’S CRIMINAL HISTORY)
www.police.qld.gov.au/pr/services/records/polcert.shtml

QUEENSLAND LEGISLATION
www.legislation.qld.gov.au/Legislation.htm
www.goprint.qld.gov.au/web/web/index.asp - for catalogued Acts & prices

COMMONWEALTH LEGISLATION
scale.law.gov.au/html/comact/browse/TOC.htm

CIVIL LIABILITY ACT 2003 (Qld)
www.legislation.qld.gov.au/Legislation.htm choose ‘C’ and go to pages 21-24
cpns.bus.qut.edu.au/whoweare/whatsnew.jsp#factsheets
sites.ourbrisbane.com/community/comres/volunteer_protection /
www.goprint.qld.gov.au/web/web/index.asp - for catalogued Acts & prices

COMMUNITY LEGAL CENTRES
www.naclc.org.au

VOLUNTEER RECRUITMENT/SCREENING
Go to: www.volunteeringaustralia.org/vol_orgs.html for information on:
• Screening and the volunteer recruitment process
• Police Checks
• 100 point identification check
• Volunteer rights
• Visas for volunteers from overseas

CONTACT VOLUNTEERING QUEENSLAND

Contact
Perry Hembury
Manager - Finance & Executive Services, Volunteering Queensland on:
Phone: 07 3002 7600
Fax: 07 3229 2392
E-mail: admin@volqld.org.au

Top of page