Risk Assessments: What you need to know
Risk assessments are a hot topic at the moment, particularly in the NDIS, as auditors focus in on how providers are managing their risks. And their findings indicate there is quite a lot of room for improvement!
So why are risk assessments so important? Because it’s the law? Because the Standards or Quality Indicators say so? We all know that is partly the reason but mostly it is because doing a thorough and detailed risk assessment allows you to see areas of your business that may be exposed or could cause harm to others. This provides you with an opportunity to consider ways to reduce possible impacts if those situations were to happen; which can save you thousands of dollars, plenty of time, and may even prevent you losing your entire business. Not to mention preventing a lot of pain and anguish from injuries or illness that could have been avoided.
Over the last few years, I have observed many providers taking the time to understand and work with their clients to assess possible risks for them (as well as their home environment and in community settings). This has included documenting the risks and periodically reviewing them with their staff members, the client, and other stakeholders actively involved. And rightly so – client safety is fundamental to delivering any type of supports. It has also been refreshing to see that completing client risk assessments is becoming ‘the way we do things’, as opposed to ‘don’t forget to do that risk assessment thing!’
But what about other risks? How are you managing risks to your staff? And what about your organisation? When auditors are looking at how providers are managing risks, they are looking at 3 key areas:
As a provider, you have a responsibility to identify, assess and manage all of the above risk types.
Risk Assessments should include identifying what the potential risks might be, the current controls you have in place to prevent or minimise those risks, and what other actions you can put in place to further reduce the possible outcomes. Any follow-up actions should be allocated to a responsible person in the organisation (who has the appropriate authority to do so), to ensure the action is completed.
Here are my top 4 tips for completing risk assessments:
- Include your staff members, clients (where possible) and other stakeholders when conducting risk assessments. Not only is this part of health and safety law (employers must consult with employees), but it helps to create engagement and ownership over risk management processes. Getting everyone on-board with safety allows a team approach, not leaving responsibility to only a few individuals.
- Have a consistent approach to assessing risks. By using a risk matrix that is applied across the organisation, it allows management to prioritise what needs to be done and how quickly based on how high (or low) the risk scores are. There are several methods you can use, although a common way is to follow the AS ISO 31000:2018 Standards and I would recommend this.
- Make risk assessments a part of your processes and the usual way you do things. Just as client risk assessments have become an expected part of intake procedures, make organisational and staff risk assessments standard procedure. This could be as simple as allocating time as part of staff meetings and management meetings to discuss and review risk assessments or any concerns that have been raised in relation to risk (and documenting the outcomes).
- Don’t forget to review risk assessments when things change. It’s easy to think your risk assessments are complete once they are done, but they should be living documents and updated when things happen.
Now what about Dignity of Risk?
Becoming a more focussed topic within the community sector, respecting a client’s right to take risks falls within your risk assessment processes too. It is important for organisations and staff delivering services to understand the concepts of dignity of risk… but I’ll save that for another article 😊