Risk Management Policy
| Policy area | Risk Management |
| Document type | Policy |
| Applicable to | Beyondlimits Care & Support Services |
| Version | 001 |
| Date approved | 19/08/2024 |
| Approved by | Managing Director |
| Next review date | Every 12 Months |
| Related policies | Incident Management Policy Emergency and Disaster Management Policy Client Feedback and Complaints Management Policy Governance Policy Safeguarding Against Violence, Abuse, Neglect, Exploitation and Discrimination Policy Duty of Care Policy Client Health and Wellbeing Policy Medication Management Policy Mealtime Management Policy Privacy Policy Information Management Policy Conflict of Interest Policy Client Living Alone and Receiving Personal Care from a Sole Worker Policy Transition of Care Between Different Environments Policy Continuous Improvement and Quality Management Policy Consent Policy Manual Handling Policy Work Health and Safety Policy Human Resources Management Policy |
| Authority | ISO 31000:2019 – International Standard for Risk Management NDIS Act 2013 NDIS Practice Standards and Quality Indicators NDIS Code of Conduct Aged Care Act 1997 Aged Care Quality and Safety Standards Aged Care Code of Conduct |
PURPOSE
The purpose of this policy is to explain our organisation’s commitment and approach to risk management
SCOPE
This policy applies to all our workers (employees, contractors and volunteers).
DEFINITIONS
| Term | Definition |
|---|---|
| Hazard | Anything with the potential to cause harm or injury (including illness and disease). Note: This differs from the definition of ‘risk’ which is the likelihood of a hazard causing harm or injury. |
| Hierarchy of Controls | The generally recognised order of steps from most effective to least effective risk management techniques: 1. Elimination (remove the risk) 2. Substitution (replace the hazard) 3. Engineering controls (isolate people from the hazard) 4. Administrative controls (change the way people work) 5. Personal Protective Equipment (PPE) (Protect workers). |
| Risk | The international standard for risk (ISO 31000:2018) defines risk as ‘the effect of uncertainty on objectives’. |
CONTEXT
Our organisation is committed to implementing and maintaining a robust and effective risk management framework that:
- is proportionate to the size and scale of our organisation and the scope and complexity of supports provided;
- demonstrates best practice (ISO 31000:2018) risk management framework and processes;
- ensures the health, safety and wellbeing of clients, workers and visitors;
- supports effective decision-making that is guided by our mission and vision; and
- embeds a ‘risk aware’ culture, where planning, quality and risk are integrated in all business operations and functions.
POLICY STATEMENT
#1
Identify, Assess, Manage, Monitor, Review and Communicate Risk
- We will maintain processes to identify, assess, manage, monitor and regularly review risks to clients, workers and the organisation.
- We will put strategies in place and undertake actions to prevent, control, minimise or eliminate identified risks.
- We will conduct risk assessments using a risk matrix (see Schedule 1).
- We will maintain a risk register to detail identified risks, apply risk ratings and identify corrective actions and review dates.
- We will manage risks in accordance with the Hierarchy of Controls (see Definitions).
- We will maintain processes to manage high-impact and high-frequency risks associated with service delivery.
- We will communicate and consult with all relevant stakeholders about risks.
#2
Compliance
- We will comply with all applicable federal and state/territory legislation, regulations, standards, principles, funding agreements and organisational policies and procedures.
#3
Governance
- We will maintain an effective governance structure, with clearly defined delegations of authority, position descriptions and role accountabilities.
- We will maintain formalised management plans (risk management plan, strategic plan, business continuity plan, emergency and disaster management plan, COVID- 19 safe plan).
- We will maintain compliant and up to date policies, procedures and work instructions.
- We will conduct internal audits and board/management meetings as required.
#4
Human Resource Management
- We will maintain effective human resource management processes (including worker screening, training and development, performance management, worker supervision and worker grievances, disciplinary actions and terminations).
- We will keep an up to date register of worker qualifications and competencies.
#5
Information and Record-keeping
- We will maintain effective financial management processes (pricing and payments, cash flow analysis).
- We will maintain effective information management processes (records management, document control, technology and communication).
- We will maintain current insurances and registrations and keep details in a register.
#6
Complaints and Incident Management
- We will encourage and document client feedback and complaints and document details, actions and review timelines in a complaints register.
- We will maintain an incident management system, including for reportable incidents, and document details, actions and review timelines in an incident register.
- We will complete all required internal and external incident reporting in accordance with required timelines and formats.
#7
Continuous Improvement and Quality Management
- We will actively engage with clients and other stakeholders, and use their input and feedback in relation to risk assessment and management for continuous improvement and quality management.
- We will maintain a continuous improvement/quality management/assurance register to identify improvement items, actions and review timelines.
- We will regularly review and improve the effectiveness of our risk management system.
SUPPORTING DOCUMENTS
Related procedures and forms include:
- Risk Management Procedure
- Emergency and Disaster Management Procedure
- Covid-19 Response Procedure
- Delegation of Authority Procedure
- Management of Data Breach Procedure
- Safeguarding Against Violence, Abuse, Neglect, Exploitation and Discrimination Procedure
- Client Feedback and Complaints Management Procedure
- Client Living Alone and Receiving Personal Care from a Sole Worker Procedure
- Transition of Care Between Different Environments Procedure
- Waste Management Procedure
- Incident Management Procedure
- Reportable Incident Management Procedure
- Continuous Improvement and Quality Management Procedure
- Manual Handling Procedure
- Board Meeting Agenda and Minutes
- Emergency Plan
- Emergency Plan – Waste
- Contingency Emergency and Disaster Plan
- Complaints and Feedback Procedure
- Complaint and Feedback Form
- Anonymous Complaint and Feedback Form
- Quality Audit Schedule
- Internal Audit Schedule (module specific)
- Internal Audit - NDIS Policy Review Form
- Hazard Report Form
- Risk Assessment Form
- Risk Indemnity Form
- Risk Management Plan Register
- Continuous Improvement Plan Register
- Personal Emergency Preparation Plan
- Position Descriptions
- Capital maintenance and equipment budgets and plans
- Current registrations and insurances
RESPONSIBILITIES
Managing Director is responsible for:
- maintaining this policy, its related procedures and associated documents;
- ensuring the policy is effectively implemented across the service;
- monitoring workers compliance with the requirements of this policy; and
- ensuring training and information is provided to workers to carry out this policy.
All workers are responsible for complying with the requirements of this policy.
COMPLIANCE
Deliberate breaches of this policy will be dealt with under our misconduct provisions, as stated in the Code of Conduct Agreement.
Download
