005 Risk Management Policy

1.Purpose

The purpose of the Risk Management Policy is to provide guidance regarding the management of risk to support the achievement of Proactive Support’s corporate objectives, protect staff and business assets and ensure financial sustainability.

2.Scope

This policy applies to all Proactive Support functions and activities. It is underpinned by the 004 Risk Management Framework, forming part of Proactive Support’s governance framework. It applies to all management, staff, participants and their advocates.

3. Definitions

In this policy:

Staff means any person employed by Proactive Support, including managers and workers, regardless of pay, status or working hours

Participant means a client or potential client who is receiving supports or services from Proactive Support

Advocate is a person speaking or acting on the participant’s behalf, including associated family members, carers, nominees, independent advocates and significant others

4.Rights and Responsibilities

All Staff

All staff have the right to work in a risk-managed environment.

It is the responsibility of all staff to comply with the risk management policy and procedure, ensuring risks to participants and risks associated with the provision of supports are identified, analysed, prioritised and treated.

Management

The responsibility for risk governance at Proactive Support lies with the board (future) and management. It is to:

  • Provide policy oversight
  • Regularly review risk management activities
  • Drive culture of risk management
  • Continuously improve risk management policy, strategy and supporting framework
  • Ensure staff comply with the risk management policy and procedure
  • Foster a culture where risks can be identified and addressed

5. Risk Management Process

When undertaking a risk management process the following steps must be taken:

  1. Identify the risk
  2. Assess the risk: analyse and evaluate
  3. Control the risk (treat)
  4. Review and monitor the risk

Refer to the 018 Risk Management Procedure for details on how to perform each step in the process.

6. Proactive Support Risk Management

6.1 Risk Categories

The following risk categories are included in the risk register and in risk reporting:

  • Work health and safety
  • Incidents
  • Complaints
  • Financial
  • Reputation
  • Emergency and Disaster
  • Pandemic
  • Management of information
  • Governance and human resources
  • Participants and the provision of supports
  • Interagency and Queensland significant risks

6.2 Risk Register

The purpose of the Risk Register is to enable the collation and review of all known risks to Proactive Support. The types of risks to be included in the risk register are both strategic and operational.

Risks will be added to or removed from the register following identification from any staff member, participant or their advocate, following a risk assessment, or in some instances, without a risk assessment (for those situations where an assessment is not deemed necessary). The formula used to identify and analyse risks is: Risk = Likelihood x Consequence. For further detail refer to the 004 Risk Management Framework.

The Risk Register will be reviewed by Proactive Support management monthly and in a yearly audit.

6.3 Risk Reporting

The purpose of risk reporting is to provide awareness of key risks to Proactive Support and to improve accountability for the management of risk, and the timely completion of risk treatment plans.

Risk reports will be prepared by Proactive Support management yearly following a review of the Risk Register. This information will then be shared with all Proactive Support staff, and with participants and their advocates if relevant.

6.4 Performance

Risk Management performance indicators include:

  • One internal audit completed per year
  • The number of internal audit findings
  • The timeliness of remediating internal audit findings
  • The reduction of extreme risks identified in the Risk Register

7. Participants Visiting Staff Member’s Home

In general it is not advisable for a staff member to take a participant to their home as it can blur professional boundaries. However there are some instances where it may be appropriate.

The participant needs to be made aware of potential risks associated with visiting a worker's home, particularly concerning safety and security. These risks may include:

  • Breach of personal privacy
  • Exposure to environments that have not undergone risk assessment
  • Compromise of confidentiality

If the participant is under the age of 18, it is essential for the staff member to obtain consent from their advocate, and this consent should be documented in ShiftCare notes. If the advocate's consent cannot be obtained, the staff member must seek prior approval from the Proactive Support Director or Community Access Coordinator before proceeding with any actions. It is crucial for staff members to acknowledge their Duty of Care to ensure the participant’s safety and prevent any injuries while in their home.

It is the participant’s right to receive supports and services in a safe and competent manner.

8. Related Documentation

Proactive Support

004 Risk Management Framework

006 Work Health and Safety Policy

008 Incident Management Policy

015 Managing an Incident Procedure

020 Emergency and Disaster Management (including Pandemic) Policy

018 Risk Management Procedure

022 Continuous Improvement Plan

#108 Risk Assessment Procedure and Form

Registers: Risk, Chemicals & Hazardous Substances, Incident, Continuous Improvement, Feedback and Complaints, First Aid Kits and Expiry, Staff and Participant Registers.

External

AS/NZS ISO 31000:2009 – Risk management – Principles and guidelines (20 November 2009)

Public Administration Act 2004