Strengthening your Risk Framework
Australia’s aged care sector is in the midst of a seismic shift. System-wide reforms, changed funding models and significant changes in legislative requirements for aged care providers and directors – all of which create uncertainty. Uncertainty can give rise to risk.
For the sector, keeping vulnerable people safe, managing significant workforce and financial risks and remaining insurable are key concerns for Boards and Directors. But how can organisations strengthen their Enterprise Risk Framework to add value and create confidence rather than be a list of ‘stuff’ to be managed?
For the last five years Ansvar’s Risk Solutions team has provided complimentary risk consultancy services for its clients. Working with aged care providers, Ansvar has identified four key themes to help grow the risk maturity of care organisations: Risk Governance, Risk Processes, Risk Resources and Effective Implementation. Self-reflection questions are provided for each theme.
1. Risk Governance
This refers to the risk structures in the organisation, accountabilities and delegations with respect to risk and the design and implementation of an Enterprise Risk Management Framework.
- Is risk management aligned with uncertainties to achieving business strategy?
- Do you have the right skill mix on your Board to govern risks to complex care and safeguarding to prevent abuse?
- Do the structures in your organisation enable information flow to the Board and support informed decision-making?
- Has the organisation set a risk appetite for higher-risk decisions such as significant projects, major expenditures or acquisition/sale of assets?
- Does the Board review its Enterprise Risk Management Framework and have a plan for its continuous improvement?
2. Risk Processes
A Risk Management Framework is brought to life through risk procedures. A risk procedure should define how the organisation identifies, assesses and treats risk. As well as how the outcomes of risk assessments should be recorded, reported, monitored and communicated. It should include reflection on incident management records to provide intelligence about the efficacy of risk controls.
- Do you have clear processes to help staff understand how to assess risk?
- Do your risk assessments consider the effectiveness of current controls?
- Does your risk reporting link to measurable data to strengthen the confidence in your risk management activities?
- Does your risk register direct Board attention to the risks that matter most to help prioritise the allocation of finite resources?
3. Risk Resources
This refers to an organisation’s staffing resources to manage risk, training and capability within the organisation and at the Board level and IT systems or practices to support risk reporting and monitoring.
- Do you have adequate resources and capabilities within the organisation to ensure the Risk Management Framework operates effectively?
- Does Board orientation include information about strategy, enterprise risk management, care governance and the roles and responsibilities of Directors?
- Where capability gaps may exist, do you support training to build the skills and competence required to manage risk?
- Do you have organisation-wide risk management information systems that are integrated and support risk data aggregation and transparent reporting?
Frameworks and procedures are just a piece of paper if not implemented. Often failures in risk management that we see in the sector are a result of a failure to implement risk frameworks or committees not undertaking their full scope of duties per their Terms of Reference.
- Have you completed a gap analysis of your Risk Management Framework and Audit and Risk Committee terms of reference to see if all the described duties and practices are actually in place?
- Is there a staged plan to implement any outstanding actions? Is it reviewed regularly by the Board?
The Risk Solutions team from Ansvar will be in attendance at the ACCPA 2023 National Conference 25-27 October at the Adelaide Convention Centre. Be sure to stop by booth #107 to speak to the team.
Stephen Ratcliffe, Senior Risk Consultant – ERM