Risk Solutions

How do Boards get a glimpse of operational risk

November 8, 2023

Six key approaches for Boards get a glimpse of operational risk

A Board’s key functions are to provide supervisory guidance for company strategy, manage enterprise risks, hire, manage and fire (if required) the CEO and ensure financial solvency and legislative compliance of an organisation.

For some Board members, it can be hard to find the right balance between providing guidance and getting too involved in day-to-day management.  Particularly for volunteer boards. So how can Boards get a glimpse of operational risk?

Whether your organisation is an aged care provider, a disability services organisation, childcare centre or not-for-profit, these approaches can help you get a glimpse into operational risk.

Receiving consumer feedback

Meeting with and hearing from both staff, clients and their families provide an insight into operations and the broader context in which operational risks exist.  This could be achieved in a number of ways:

  • client & family surveys
  • staff surveys
  • attending organisational functions or events eg. End of year Christmas party
  • participating periodically in client and family engagement committees
  • visit services
Awareness of critical incidents

Critical incidents can be another indicator of how well operational risks are managed.

De-identified scenarios and their outcomes need to be routinely presented to Board, or via relevant quality or safety sub-committees.  These incidents give a glimpse into the organisational systems and practices in which operational risks occur.

Hearing from senior managers about operational risk in their respective areas

As part of your regular Board agenda, include reports from senior managers on a rotating basis about their respective functional areas.  Actively seek information on their top 3 issues and operational risks.  Having senior managers present rather than just submit a report gives Board members the opportunity to ask questions directly of stream leaders.

Asking about company frameworks and policies

Frameworks, policies and procedures outline the organisation’s approach to managing operations.  Board members should seek information on company frameworks:

  • When were the frameworks, policies and procedures last updated?
  • What gaps are there in implementation?
  • What is the plan to address these gaps and by when?
  • What continuous improvement efforts are being considered and how are they governed?
Tip:  Frameworks, policies and procedures for both service delivery and back of house are equally important.

Some examples are listed below:

Service delivery frameworks
  • New client intake and assessment procedures
  • Clinical/Care Governance Framework and clinical/care specific procedures (eg. Medication management, falls prevention, wound management and preventing pressure injuries)
  • Quality and Safety Framework
Corporate frameworks
  • Financial management practices; payroll, procurement, contract management (and fraud prevention)
  • IT & cybersecurity
  • Emergency management and business continuity
  • Human resources related procedures, including Work Health and Safety
Training and on-boarding to help Board members interpret performance data

Skill mix on a board often includes a breadth of board member experience; perhaps a doctor or nurse, an accountant, a lawyer, etc.   It is important that Board members understand both the sector challenges and the day-to-day issues that arise in order to ask good questions about operations.

Performance dashboards are not useful if Board members are not able to interpret and conceptualise data with informed curiosity about performance.

Investing in internal audit

Internal audit is an independent third party, initiated by the Board or Management, who audits your business practices.  Internal audit provides an external perspective on the functioning and compliance of key areas of risk within an organisation. (Such as those in the table above).

Internal audit reports provide recommendations for improvements to your company practice and may make you aware of issues previously unknown to you.


Written by:

Stephen Ratcliffe, Senior Risk Consultant – ERM

Back to All News