Category: Risk Solutions

Categories
Risk Solutions

How do Boards get a glimpse of operational risk

Determined African businessman expressing opinions to junior and senior colleagues on management team in conference room.

Six key approaches for Boards get a glimpse of operational risk

A Board’s key functions are to provide supervisory guidance for company strategy, manage enterprise risks, hire, manage and fire (if required) the CEO and ensure financial solvency and legislative compliance of an organisation.

For some Board members, it can be hard to find the right balance between providing guidance and getting too involved in day-to-day management.  Particularly for volunteer boards. So how can Boards get a glimpse of operational risk?

Whether your organisation is an aged care provider, a disability services organisation, childcare centre or not-for-profit, these approaches can help you get a glimpse into operational risk.

Receiving consumer feedback

Meeting with and hearing from both staff, clients and their families provide an insight into operations and the broader context in which operational risks exist.  This could be achieved in a number of ways:

  • client & family surveys
  • staff surveys
  • attending organisational functions or events eg. End of year Christmas party
  • participating periodically in client and family engagement committees
  • visit services
Awareness of critical incidents

Critical incidents can be another indicator of how well operational risks are managed.

De-identified scenarios and their outcomes need to be routinely presented to Board, or via relevant quality or safety sub-committees.  These incidents give a glimpse into the organisational systems and practices in which operational risks occur.

Hearing from senior managers about operational risk in their respective areas

As part of your regular Board agenda, include reports from senior managers on a rotating basis about their respective functional areas.  Actively seek information on their top 3 issues and operational risks.  Having senior managers present rather than just submit a report gives Board members the opportunity to ask questions directly of stream leaders.

Asking about company frameworks and policies

Frameworks, policies and procedures outline the organisation’s approach to managing operations.  Board members should seek information on company frameworks:

  • When were the frameworks, policies and procedures last updated?
  • What gaps are there in implementation?
  • What is the plan to address these gaps and by when?
  • What continuous improvement efforts are being considered and how are they governed?
Tip:  Frameworks, policies and procedures for both service delivery and back of house are equally important.

Some examples are listed below:

Service delivery frameworks
  • New client intake and assessment procedures
  • Clinical/Care Governance Framework and clinical/care specific procedures (eg. Medication management, falls prevention, wound management and preventing pressure injuries)
  • Quality and Safety Framework
Corporate frameworks
  • Financial management practices; payroll, procurement, contract management (and fraud prevention)
  • IT & cybersecurity
  • Emergency management and business continuity
  • Human resources related procedures, including Work Health and Safety
Training and on-boarding to help Board members interpret performance data

Skill mix on a board often includes a breadth of board member experience; perhaps a doctor or nurse, an accountant, a lawyer, etc.   It is important that Board members understand both the sector challenges and the day-to-day issues that arise in order to ask good questions about operations.

Performance dashboards are not useful if Board members are not able to interpret and conceptualise data with informed curiosity about performance.

Investing in internal audit

Internal audit is an independent third party, initiated by the Board or Management, who audits your business practices.  Internal audit provides an external perspective on the functioning and compliance of key areas of risk within an organisation. (Such as those in the table above).

Internal audit reports provide recommendations for improvements to your company practice and may make you aware of issues previously unknown to you.

 

Written by:

Stephen Ratcliffe, Senior Risk Consultant – ERM

Categories
Risk Solutions

Strengthening Your Risk Framework

Red RISK cube blocks stop falling blocks on table. fall Business, planning, Management, Solution, Insurance and strategy Concepts

Australia’s care sectors (aged care, child care, disability services) are all in the midst of major change.  Royal Commissions, system-wide reforms and significant abuse findings have led to legislative changes and greater responsibility and accountability for Boards & Directors of care services.  All these changes create uncertainty, and uncertainty can give rise to strategic risk.

For the care sector, keeping vulnerable people safe, managing significant workforce and financial risks and remaining insurable are key concerns for Boards and Directors.  But how can organisations strengthen their Enterprise Risk Framework to add value and create confidence rather than be a list of ‘stuff’ to be managed?

For the last five years Ansvar’s Risk Solutions team has provided complimentary risk consultancy services for its clients.  Ansvar has identified four key themes to help grow the risk maturity of care organisations: Risk Governance, Risk Processes, Risk Resources and Effective Implementation of risk frameworks. Self-reflection questions are provided for each theme.

 

1) Risk Governance

This refers to the risk structures in the organisation, accountabilities and delegations with respect to risk and the design and implementation of an Enterprise Risk Management Framework.

Consider:
  • Is risk management aligned with uncertainties to achieving business strategy?
  • Do you have the right skill mix on your Board to govern risks to complex care and safeguarding to prevent abuse?
  • Do the structures in your organisation enable information flow to the Board and support informed decision making?
  • Has the organisation set a risk appetite for higher-risk decisions such as significant projects, major expenditure or acquisition/sale of assets?
  • Does the Board review its Enterprise Risk Management Framework and have a plan for its continuous improvement?

 

2) Risk Processes

A Risk Management Framework is brought to life through risk procedures.  A risk procedure should define how the organisation identifies, assesses and treats risk. As well as how the outcomes of risk assessments should be recorded, reported, monitored and communicated.  It should include reflection on incident management records to provides intelligence about the efficacy of risk controls

Consider:
  • Do you have clear processes to help staff understand how to assess a risk?
  • Do your risk assessments consider the effectiveness of current controls?
  • Does your risk reporting link to measurable data to strengthen the confidence in your risk management activities?
  • Does your risk register direct Board attention to the risks that matter most to help prioritise allocation of finite resources?

 

3) Risk Resources

This refers to an organisation’s staffing resources to manage risk, training and capability within the organisation and at Board level and IT systems or practices to support risk reporting and monitoring

Consider:
  • Do you have adequate resources and capabilities within the organisation to ensure the Risk Management Framework operates effectively?
  • Does Board orientation include information about strategy, enterprise risk management, care governance and the roles and responsibilities of Directors?
  • Where capability gaps may exist, do you support training to build the skills and competence required to manage risk?
  • Do you have organisation-wide risk management information systems that are integrated and support risk data aggregation and transparent reporting?

 

Effective Implementation

Frameworks and procedures are just a piece of paper if not implemented.  Often failures in risk management are as a result of poorly implemented frameworks or committees not undertaking their full scope of duties per their Terms of Reference.

Consider:
  • Have you completed a gap analysis of your Risk Management Framework and Audit and Risk Committee terms of reference to see if all the described duties and practices are actually in place?
  • Is there a staged plan to implement any outstanding actions? Is it reviewed regularly at Board?

 

Written by:

Stephen Ratcliffe, Senior Risk Consultant – ERM

 

Categories
Risk Solutions

Six key approaches for Boards to get a glimpse of operational risk

Determined African businessman expressing opinions to junior and senior colleagues on management team in conference room.

A Board’s key functions are to provide supervisory guidance for company strategy, manage enterprise risks, hire, manage and fire (if required) the CEO and ensure financial solvency and legislative compliance of an organisation.

For some Board members, it can be hard to find the right balance between providing guidance and getting too involved in day-to-day management. Particularly for volunteer boards. So how can Boards get a glimpse of operational risk?

Here are six approaches you can take to create confidence that you’re receiving all the information you need to make good, defensible decisions as a Board member:

 

Receiving consumer feedback

Meeting with and hearing from both staff, residents and their families provide insight into operations and the broader context in which operational risks exist. This could be achieved in a number of ways:

  • resident & family surveys
  • staff surveys
  • attending a facility function or event eg. Resident Christmas party
  • participating periodically in resident engagement committees
  • visit aged care sites

 

Awareness of critical incidents

Critical incidents can be another indicator of how well operational risks are managed. De-identified scenarios and their outcomes need to be routinely presented to Board, or via relevant quality or safety sub-committees. These incidents give a glimpse into the organisational systems and practices in which operational risks occur.

Hearing from senior managers about operational risk in their respective areas

As part of your regular Board agenda, include reports from senior managers on a rotating basis about their respective functional areas. Actively seek information on their top 3 issues and operational risks. Having senior managers present rather than just submit a report gives Board members the opportunity to ask questions directly of stream leaders.

 

Asking about company frameworks and policies

Frameworks, policies and procedures outline the organisation’s approach to managing operations.  Board members should seek information on company frameworks:

  • When were the frameworks, policies and procedures last updated?
  • What gaps are there in implementation?
  • What is the plan to address these gaps and by when?
  • What continuous improvement efforts are being considered and how are they governed?

 

Tip:  Frameworks, policies and procedures for both service delivery and back-of-house are equally important.  

Some examples are listed below:

Service delivery frameworks:
– New client intake and assessment procedures
– Clinical/Care Governance Framework and clinical/care specific procedures (eg. Medication management, falls prevention, wound management and preventing pressure injuries)
– Quality and Safety Framework

Corporate frameworks:
– Financial management practices; payroll, procurement, contract management (and fraud prevention)
– IT & cybersecurity, emergency management and business continuity
– Human resources-related procedures, including Work Health and Safety

 

Training and onboarding to help Board members interpret performance data

Skill mix on a good aged care board often includes a breadth of board member experience; perhaps a doctor or nurse, an accountant, a lawyer, etc. It is important that Board members understand both the sector challenges and the day-to-day issues that arise in aged care in order to ask good questions about operations.

Performance dashboards are not useful if Board members are not able to interpret and conceptualise data with informed curiosity about performance.

 

Investing in internal audit

Internal audit is an independent third party, initiated by the Board or Management, who audits your business practices. Internal audit provides an external perspective on the functioning and compliance of key areas of risk within an organisation. (Such as those in the table above).

Internal audit reports provide recommendations for improvements to your company practice and may make you aware of issues previously unknown to you.

 

The Risk Solutions team from Ansvar will be in attendance at the ACCPA 2023 National Conference 25-27 October at the Adelaide Convention Centre. Be sure to stop by booth #107 to speak to the team.

 

Source: Guest Post: Six Key Approaches for Boards – Inside Aging

 

Written by:

Stephen Ratcliffe, Senior Risk Consultant – ERM

Categories
Risk Solutions

Strengthening your Risk Framework

Red RISK cube blocks stop falling blocks on table. fall Business, planning, Management, Solution, Insurance and strategy Concepts

Australia’s aged care sector is in the midst of a seismic shift. System-wide reforms, changed funding models and significant changes in legislative requirements for aged care providers and directors – all of which create uncertainty. Uncertainty can give rise to risk.

For the sector, keeping vulnerable people safe, managing significant workforce and financial risks and remaining insurable are key concerns for Boards and Directors. But how can organisations strengthen their Enterprise Risk Framework to add value and create confidence rather than be a list of ‘stuff’ to be managed?

For the last five years Ansvar’s Risk Solutions team has provided complimentary risk consultancy services for its clients. Working with aged care providers, Ansvar has identified four key themes to help grow the risk maturity of care organisations: Risk Governance, Risk Processes, Risk Resources and Effective Implementation. Self-reflection questions are provided for each theme.

 

1. Risk Governance

This refers to the risk structures in the organisation, accountabilities and delegations with respect to risk and the design and implementation of an Enterprise Risk Management Framework.

Consider:

    • Is risk management aligned with uncertainties to achieving business strategy?
    • Do you have the right skill mix on your Board to govern risks to complex care and safeguarding to prevent abuse?
    • Do the structures in your organisation enable information flow to the Board and support informed decision-making?
    • Has the organisation set a risk appetite for higher-risk decisions such as significant projects, major expenditures or acquisition/sale of assets?
    • Does the Board review its Enterprise Risk Management Framework and have a plan for its continuous improvement?

 

2. Risk Processes

A Risk Management Framework is brought to life through risk procedures. A risk procedure should define how the organisation identifies, assesses and treats risk. As well as how the outcomes of risk assessments should be recorded, reported, monitored and communicated. It should include reflection on incident management records to provide intelligence about the efficacy of risk controls.

Consider:

    • Do you have clear processes to help staff understand how to assess risk?
    • Do your risk assessments consider the effectiveness of current controls?
    • Does your risk reporting link to measurable data to strengthen the confidence in your risk management activities?
    • Does your risk register direct Board attention to the risks that matter most to help prioritise the allocation of finite resources?

3. Risk Resources

This refers to an organisation’s staffing resources to manage risk, training and capability within the organisation and at the Board level and IT systems or practices to support risk reporting and monitoring.

Consider:

    • Do you have adequate resources and capabilities within the organisation to ensure the Risk Management Framework operates effectively?
    • Does Board orientation include information about strategy, enterprise risk management, care governance and the roles and responsibilities of Directors?
    • Where capability gaps may exist, do you support training to build the skills and competence required to manage risk?
    • Do you have organisation-wide risk management information systems that are integrated and support risk data aggregation and transparent reporting?

 

Effective Implementation

Frameworks and procedures are just a piece of paper if not implemented.  Often failures in risk management that we see in the sector are a result of a failure to implement risk frameworks or committees not undertaking their full scope of duties per their Terms of Reference.

Consider:

  • Have you completed a gap analysis of your Risk Management Framework and Audit and Risk Committee terms of reference to see if all the described duties and practices are actually in place?
  • Is there a staged plan to implement any outstanding actions?  Is it reviewed regularly by the Board?

 

The Risk Solutions team from Ansvar will be in attendance at the ACCPA 2023 National Conference 25-27 October at the Adelaide Convention Centre. Be sure to stop by booth #107 to speak to the team.

 

Source: Guest Post: Strengthening your Risk Framework – Inside Aging

 

Written by:

Stephen Ratcliffe, Senior Risk Consultant – ERM

Categories
Risk Solutions

Are you templating or tailoring your organisational frameworks, policies and procedures?

questionnaire with checkboxes, filling survey form online, answer questions of test

In this guest post, Stephen Ratcliffe, Senior Risk Consultant at Ansvar Insurance, discusses the impact of the Royal Commission on the care sector, and the emergence of third-party companies to assist with compliance.

He looks at the challenges faced in the implementation of policies and the important role of management in developing implementation plans, conducting a gap analysis and regularly engaging with third-party providers to ensure the advice aligns with actual practises, as failure poses substantial risks and liabilities for organisations and leadership.

A series of Royal Commissions, both past and present are bringing significant shifts in the legislative and operational landscapes of care sector organisations – but not everyone is ready for these shifts.

It’s not surprising then that numerous third-party companies have stepped in to assist organisations in meeting the growing burdens of compliance. Ansvar’s observation has been that clients taking up these services are either new businesses or organisations that have fallen behind in maintaining their policies and procedures with contemporary practices.

At face value, third-party support can be a lifeline for organisations, especially if they’ve had staffing vacancies in roles that would usually have responsibility for developing or updating procedures, or establishing organisational frameworks. Perhaps they don’t have the specific expertise to develop frameworks and procedures in-house. Tools and templates are a valuable support for organisations to guide them in the right direction.

Often third-party documents are compliance-based and seek to address sector standards for the purposes of achieving accreditation or referring back to Australian and International Standards to provide a theoretical basis for organisational frameworks. It is worth noting though that compliance sets the minimum standard required in order to operate, it should not be interpreted as evidence of operational excellence.

Where Ansvar is starting to see issues with third-party developed documents is the vast differences in how organisations choose to tailor (or not) these templated policies and frameworks to their organisation.

Our consulting experience with clients suggests very few of the clients with third-party procedures have been able to demonstrate that they actually follow the procedures and policies as they are documented. Sometimes we see policies and procedures are viewed as just a document on the shelf and do not reflect actual practices at all. This creates significant liability risk for organisations.

So much so that the use of third-party templates is beginning to raise red flags rather than provide comfort that policies and procedures are in place. This is not because of the quality of the templates, but rather a significant failure of organisations to bring these templated procedures and frameworks to life.

It is the duty of management teams to ensure that policies, procedures and frameworks are being enacted and the role of boards to hold management to account for doing this.

Here are our 3 top tips when using third-party policy and framework templates:

 

1. Conduct gap analyses against critical organisational frameworks

    • Are the policies and procedures detailed enough?
    • Do they reflect actual practice in the organisation? How do you know?
    • Do the committee structures and reporting requirements in the frameworks occur
      as described?

Assess your practice against your policies and frameworks for these high-priority areas:

    • Governance documents (Board Charter, Delegations of Authority, Board-Sub Committee Terms of Reference.
    • Enterprise Risk Management Framework – including methods used to identify risk and the practical steps used to assess risk and develop risk controls.
    • Financial management plans and critical controls – including fraud prevention, procurement, and contract management.
    • Quality and Improvement Framework.
    • Work Health and Safety policies and procedures, including Return to Work.
    • Clinical Governance Frameworks.
    • Safeguarding to prevent abuse – policies, procedures, related training, recruitment practices, and Code of Conduct.

2. Develop Implementation plans for critical organisational frameworks

    • Do you have clearly defined plans to establish the priorities for policy and procedure?
    • Implementation and focus the organisation on what matters most?
    • Are you reporting periodically to the Board on the progress of implementation plans?
    • Is management held to account to ensure delivery?

3. Engage regularly with your third-party provider

    • Do you ensure your policies and procedures are regularly updated (by you) and reflect current practices at your organisation?
    • Do you ensure that you have the capacity to make edits or modifications to your policies and procedures independently when you need to? (as opposed to relying on the provider to make changes or edits)
Key point summary
    • Third-party providers can offer vital support to organisations with templated policies,
    • procedures and frameworks.
    • Policies and procedures are only useful when they are effectively implemented.
    • Organisations are responsible for ensuring that policies and procedures accurately reflect practice.
    • Failure to implement critical organisational frameworks can give rise to risk for organisations, and individual liability for executives and board directors.

 

The Risk Solutions team from Ansvar will be in attendance at the ACCPA 2023 National Conference 25-27 October at the Adelaide Convention Centre. Be sure to stop by booth #107 to speak to the team.

 

 

Source: Are you templating or tailoring your organisational frameworks, policies and procedures? – Inside Ageing

 

Written by:

Stephen Ratcliffe, Senior Risk Consultant – ERM

Categories
Risk Solutions

Common gaps in risk management frameworks

To be successful in business means to have a purposeful and confident attitude to the future – whether that be to continue to serve vulnerable people, to remain insurable and to be resilient. But this doesn’t just happen automatically.

The key is to take a consistent and effective way to managing risk across the whole business – that’s what is known as Enterprise Risk Management (ERM).

Over the last 18 months, Ansvar has conducted Risk Health Checks and deeper dive Risk Maturity Quality Reviews for our clients across Australia. These equip boards, CEOs and senior managers with information on the effectiveness and capability of their risk frameworks, the suitability of their current approach, and opportunities for improvement.

Regardless of the type of sector you’re in, our reviews routinely found that audits against governance standards under the respective legislative frameworks were not picking up key gaps in enterprise risk management.  Relying upon being accredited can create a false sense of security and may place clients at governance and insurability risk if relied upon for assurance.

Through our work with clients, we have identified six common gaps in risk management frameworks. By focusing on these areas of concern, clients can make a significant difference to their operational performance.

 

Gap 1:  Risk frameworks not aligned to strategy

At its heart, ERM is about helping you achieve your objectives. Your framework should be assisting you to identify key risks to your strategy and the actions required to manage them. By managing these risks, you are more likely to improve performance, reduce harms and focus on what really matters to the community you serve.

 

Gap 2: Risk register is full of issues rather than emerging risks and opportunities

Too often we encounter risk registers that are in fact a list of issues or known problems. Addressing current business problems is still necessary but you might miss emerging risks or opportunities coming over the horizon. Nobody likes being caught off-guard and unprepared. Does your risk register help you make decisions about the future? It should.

 

Gap 3: Risks controls not adequately analysed 

Risk is dynamic and can change over time. It is important to periodically assess how well your risk controls work and to identify the ‘key controls’ (the ones that make the most difference) as these require higher priority focus. As people, processes and systems change, some controls may no longer be effective. For example, in home-based services, using a traditional system you may not know if a staff member attended their job until you receive a complaint, but by incorporating real-time software into your systems, you can be notified immediately if a staff member doesn’t sign in.

 

Gap 4: Overlooking the big risks

There are five big risks that should be on the radar of all clients:

  • workforce (access to, attraction, retention, capability)
  • governance (including care governance, where relevant)
  • safeguarding to prevent abuse
  • changing consumer-focused models of care
  • financial sustainability

 

Gap 5:  Lack of clarity with board structures and roles in ERM

Having a clear structure to govern the risk framework and having the appropriate capabilities and level of curiosity to monitor risks are critical facets of a successful business. Board committee and sub-committee charters are often too vague when it comes to clear roles and accountabilities with risk management and too focused on leaving it to ‘the Audit and Risk Committee’.

 

Gap 6:  Risk culture is left off the agenda

Humans manage risk, yet so much of the risk consideration focuses on processes, spreadsheets and heat maps. The risk framework must support a positive risk culture, whereby awareness, attitudes and accountabilities regarding risk management are aligned. When is the last time you assessed your organisation’s culture for its influence on ERM?

 

 

Written by:

Stephen Ratcliffe, Senior Risk Consultant – ERM

Categories
Risk Solutions

A Case Study: Third party risk using labour hire companies

Close up of handshake in the office

Case based scenarios for Boards and Executives:

Could this happen to your organisation?

 

A Case Study:  Third party risk using labour hire companies

A disability services organisation (DSO) was supporting a participant with autism, including a history of violent behaviour with known triggers. The participant resides in a property which is designed to manage participants with potential violent behaviours. There is a safe room with a duress alarms setup at the property. The participant had a detailed care plan for care workers to prevent triggering the participant’s behaviour.

Casual workers were sent to the care home from a labour hire company.  The DSO was responsible for training and staff allocation to homes under the labour hire agreement.  Procedures were not followed, resulting in an escalation of the participant’s behaviour and a serious physical assault of a care worker, who was unable to reach the safe room.

 

Critical considerations:

  • Do your high risk clients have detailed care plans designed to manage the participant’s specific medical or behavioural requirements?
  • How do you ensure that the care plan is followed and understood?
  • Has the physical environment been assessed as suitable for that client, based on their requirements?
  • Are your emergency/duress alarms easily locatable and regularly tested?
  • How do you ensure the appropriate staffing skill mix when allocating rosters to high-risk homes?
  • Have staff received site-specific orientation training for high risk homes?
  • How do you reinforce good practice?
  • Are there clear procedures on how to respond if a client’s behaviours or medical condition deteriorates?
  • What are the supervision arrangements of contractors?
  • Does your labour hire agreement define responsibilities for all of the above?

 

Note.  While this case study describes participant violence, these questions apply to other scenarios (eg. clients with high medical needs, clients putting things in their mouth and choking, inappropriate sexual behaviours towards other participants or staff).

 

This scenario is fictitious. The scenario may represent circumstances experienced by disability service organisations, participants or care workers. Any similarity to actual events or persons, is purely coincidental.

 

Written by:

Stephen Ratcliffe, Senior Risk Consultant – ERM

Categories
Risk Solutions

What the world needs now is ERM

Are current approaches to risk up to the task? A leading specialist provider of insurance and risk management solutions explains why organisations may be asking themselves the wrong questions

 

RISK IS CHANGING and old approaches are proving shaky, but a new model is ascending.

Enterprise risk management (ERM) is about taking a holistic organisation-wide approach to risk that focuses on strategy, decision-making and creating a positive culture. This ensures that an organisation’s risk management approach is fit for their purpose, taking into account their specific sector and risk environment.

It rejects focusing on one risk type or using an off-the-shelf solution and achieves a whole-of-enterprise approach to risk management by focusing on these key questions: What makes us vulnerable, and what should we know more about? How will this impact our plans, and do we need to recalibrate? What could go wrong, and how prepared are we?

Addressing these points allows organisations to navigate uncertainty, understand the impact of risks and comprehend how resilient they really are. It’s a dynamic, future-focused approach.

Ansvar Insurance Australia general manager for risk solutions Anthony Black says this approach takes the job of managing risk out of the hands of risk managers solely and gives it squarely to the directors. Directors must maintain a clear line of sight to the risks in their organisation and operating environment and be accountable for an effective risk management framework.

“Risk management is the accountability of boards,” says Black. “The ultimate accountability for the outcomes of risk management sits with directors.”

ERM also requires continuous improvement to support ongoing risk maturity, and constant assessment as to whether risk management is adequate.

The sea change quietly happening in risk management is something that’s been building for a number of years. This can be seen in the range of royal commissions over the last decade that drew back the curtain on everything from a lack of oversight to inappropriate risk cultures.

Risk management approaches have not generally kept pace with an increasingly complex world or been given the attention they require. They have focused on the known risks and existing risk control environment and not dealt with the big, complex risks.

Too often organisations put complex people risks in the too-hard basket, pushing responsibility for managing them to those who are least resourced, equipped or empowered to do so. Royal commissions and inquiries into aged care, disability and child sexual abuse have highlighted how harmful this ‘head in the sand’ approach can be to the most vulnerable in society.

“Communities expect organisations to manage risks well,” says Black.

For care, community and education organisations, this must also extend to addressing risks that create vulnerability and can result in harm.

“Are the human rights of the people accessing our services respected? Are they safe from preventable harm, physical and sexual abuse?” asks Diana Borgmeyer, Ansvar’s safeguarding risk practice lead.

Staying up to date with all the changes that affect risk is a Herculean task for organisations that want to protect their livelihood. Being well informed needs to start with an understanding that institutions are more fragile if systems don’t keep pace with a more complex environment.

Another side to the equation is the growing realisation that some risks just can’t be controlled as they once were.

“The times of risk management being all about risk control have passed,” says Black. This was amply illustrated by the pandemic, because organisations that had inadequate risk frameworks really suffered. “

Those that had better risk management frameworks were either able to withstand the shock of the pandemic or are actually thriving because they took advantage of the fact that their risk frameworks were sufficiently mature, so risks were already being managed effectively,” says Black.

 

Building resilience

Black says it’s important to realise that being impervious to everything on the event horizon is no longer possible.

“This is about not being bulletproof any more,” he says. “We can’t; we’re not. Things are going to happen. The climate is changing; the world is changing. Geopolitically, it’s different now.”

How organisations respond to events is more important than trying to thwart them.

“So aged care, disability, childcare, education – when something goes wrong, it harms vulnerable people first,” says Black. “Some of the off-the-shelf products are so general that they don’t speak to the specialist risk nature of the sectors we insure.”

General risk products are broadly based around financial risk management and their derivative approaches. ERM, on the other hand, helps boards to implement good governance across the whole of the organisation.

“We’re experiencing growth in markets and aged care, disability and childcare,” says Black.

When critical events like floods with devasting environmental impacts occur, the onion is peeled back on which organisations are still reliant on traditional risk management. For insurers, doing things the old way is rapidly becoming a risk in itself.

“Insurers have become much wiser to the fact that organisations without effective risk management frameworks may now not be a good-quality risk, and they’re looking for genuine commitment and evidence from boards to improve and embed their risk management frameworks,” says Black.

This makes insurability a risk, a concept that’s familiar to property owners in Northern Queensland but perhaps new to the average enterprise seeking to adjust to the post-pandemic economy.

“There’s no guarantees for a customer any more around getting insurance,” says Black. He points to the fact that there are certain lines of insurance related to physical and sexual abuse that are increasingly difficult to obtain. This is a trend that underpins the broker’s fundamental role.

“As a broker, you’ve got to help your client be insurable. That’s your responsibility to keep them insurable. Ansvar has led the way to help brokers make that happen with market-leading risk management solutions.”

With the traditional approach to risk management on its way to becoming obsolete, Black sees ERM as the answer to this conundrum.

 

A granular understanding

Because the ecosystem is more complex now, bespoke solutions are needed at different touchpoints. But to create a bespoke solution, a detailed, almost insider level of knowledge of an organisation is needed. This is where Ansvar excels.

“Our risk consultants are also experts from the sectors we insure, bringing a deeper understanding of contexts, governance and risks,” says Black.

A generalist parachuting into an organisation is rarely going come up with an appropriate solution.

“That specialist knowledge… let me tell you, that makes a huge difference, and it’s the most common source of compliments we receive.”

Many organisations have had the experience of bringing in outside consultants to tackle a problem, only to find that the solutions offered up were putting square pegs into round holes. Having within-discipline experts leading the process helps avoid such unproductive outcomes.

“There is nothing else like it on the market, and there is something for all Ansvar customers and the brokers we work with,” says Black.

As the backwash of a more connected and less predictable world sloshes ever higher onto Australian shores, educating organisations on the need to change and recalibrate is a key challenge.

“The customer has to recognise that they do need to improve their risk and that there is great value in doing so,” says Black.

“Historical success is not an indicator of future success, because the risk environment has changed so drastically.”

Exclusive Feature – December – Ansvar (insurancebusinessmag.com)

Categories
Risk Solutions

Risk management to stop sexual abuse at institutions

Psychotherapy session, woman talking to his psychologist in the studio
Psychotherapy session, woman talking to his psychologist in the studio

Tasmania is holding a commission of inquiry into child sexual abuse at its institutions. The hearings conclude in August and are the latest investigation in Australia of the sexual abuse of children, the aged or other vulnerable people. The last decade has seen three Commonwealth Royal Commissions, numerous parliamentary inquiries and increasing numbers of court cases.

“The findings have been explosive in terms of human rights violations,” said Hetty Johnston, founder of Bravehearts Foundation and a leading child protection advocate. “These are the reasons that Australian governments, state and federal, are responding so forcefully and rapidly with increased legislation, regulation and oversight,” she said in an Ansvar Insurance news release.

Johnston spent 12 months working with Ansvar Risk, part of Melbourne headquartered Ansvar Insurance, to develop their risk management solutions to prevent physical and sexual abuse. Safeguarding Risk Strategy was launched for brokers and clients in October last year.

“Our tools and resources continue to be developed to support the strategy and will continue to grow,” said Anthony Black, Ansvar’s general manager of Risk Solutions.

According to Ansvar’s website, safeguarding refers to the responsibilities, measures and activities undertaken to safeguard children and vulnerable adults from harm and abuse.

“It aims to build good governance and effective cultures to reduce the risk of sexual abuse,” said Black. Using aged care as an example, he said 50 incidents of sexual abuse in aged care are reported each week.

Black said boards running the care sector’s institutions have a legal obligation to ensure the safety of residents and clients and to have appropriate safeguarding strategies to prevent abuse from happening.

“In the absence of well-developed and embedded safeguarding frameworks, organisations face the risk of significant difficulty in obtaining insurance or becoming uninsurable,” he said.

The safeguarding product, said Black, was the result of research into “the nature, prevalence and best practice risk strategies to prevent sexual abuse.”

He said brokers offering this product to institutions must ensure these organizations “explicitly” understand the risk.

“Managing the risk and maintaining insurability relies on board and executive leadership to explicitly understand and address the problem of sexual abuse,” he said.

Black said the issue needs be on board meeting agendas and also any Quality and Safety Committee.

He said institutions need to have a safeguarding strategy and regularly assess and improve it. They also need to strengthen their entire risk management framework.

“Good governance relies on effective risk management and contemporary approaches,” said Black. “Traditional risk management won’t cut it. Schedule a risk maturity review as a governance priority,” he said.

The aged care sector specifically, he said, is facing a new era for governance. He said safeguarding can form part of this “important step change.”

“The biggest regulatory changes the sector has ever seen are coming, including a new Aged Care Act in 2023,” he said.

Black said boards are now under the spotlight. The new Act will bring heightened obligations with governance accountabilities and reporting, new prudential requirements and potential civil penalties for unacceptable standards of quality and safety.

Providers in the sector, he said, are now having to prioritise clinical and care governance just as they would financial governance. Boards are accountable for the standards of care and should have in place board structures to monitor and respond to care provision.

“For many organisations this will challenge old structures and processes. A clinical governance framework and a policy on preventing sexual abuse must be developed and embedded in the organisation,” he said.

Black said the massive turnovers, vacancies and exhausted staff are also a big risk across the aged care sector.

Johnston has further tips for any organization involved in the care sector with children or adults.

“Safeguarding is no longer a ‘nice to do’ – it is now a ‘mandatory must do’,” she said and encouraged organizations to embrace change, not fight it.

She said organizations should form a Safeguarding Committee from their most senior people to prioritise and drive implementation. Johnston also encouraged organizations to reach out for help.

“There is a plethora of help and tips available including risk, policy, procedure and governance. Change doesn’t have to be hard – it’s all about your attitude to change. Get excited,” she said.

Johnston will be on a panel of experts discussing safeguarding at Ansvar’s first major in person event since the start of the COVID-19 pandemic. The September event in Melbourne includes an education forum for brokers and clients and also a pandemic delayed 60th birthday celebration for the firm’s UK parent company, Benefact Group.

Source:
Risk management to stop sexual abuse at institutions | Insurance Business Australia (insurancebusinessmag.com)

 

Categories
Risk Solutions

Six common gaps in risk management frameworks

Australians want our aged care sector to thrive. A sustainable, effective, professional, well-run industry means older Australians benefit from quality care – something we may all need, someday.

To be successful in business means to have a purposeful and confident attitude to the future, in order to continue to serve the vulnerable, to remain insurable and to be resilient. But this doesn’t just happen automatically.

The key is to take a consistent and effective way to managing risk across the whole business – that’s what is known as Enterprise Risk Management (ERM).

Over the last 18 months, Ansvar has conducted Risk Health Checks and deeper dive Risk Maturity Quality Reviews for aged care providers across Australia. These equip boards, CEOs and senior managers with information on the effectiveness and capability of their risk frameworks, the suitability of their current approach, and opportunities for improvement.

Our reviews routinely find Standard 8 audit assessments are not picking up key gaps in enterprise risk management, which can place providers at governance and insurability risk if relied upon for assurance.

Through our work with aged care providers, we have identified six common gaps in risk management frameworks. By focusing on these areas of concern, providers can make a significant difference to their operational performance.

 

Gap 1:  Risk frameworks not aligned to strategy

At its heart, ERM is about helping you achieve your objectives. Your framework should be assisting you to identify key risks to your strategy and the actions required to manage them. By managing these risks, you are more likely to improve performance, reduce harms and focus on what really matters to the community you serve.

 

Gap 2: Risk register is full of issues rather than emerging risks and opportunities

Too often we encounter risk registers that are in fact a list of issues or known problems. Addressing current business problems is still necessary but you might miss emerging risks or opportunities coming over the horizon. Nobody likes being caught off-guard and unprepared. Does your risk register help you make decisions about the future? It should.

 

Gap 3: Risks controls not adequately analysed 

Risk is dynamic and can change over time. It is important to periodically assess how well your risk controls work and to identify the ‘key controls’ (the ones that make the most difference) as these require higher priority focus. As people, processes and systems change, some controls may no longer be effective. For example, in home care, using a traditional system you may not know if a staff member attended their job, until you receive a complaint, but by incorporating real-time software into your systems, you can be notified immediately if a staff member doesn’t sign in.

 

Gap 4: Overlooking the big risks

There are five big risks that should be on the radar of all aged care providers:

  • workforce
  • governance, including clinical governance
  • safeguarding from abuse
  • consumer-focused models of care
  • financial sustainability.

 

Gap 5:  Lack of clarity with board structures and roles in ERM

Having a clear structure to govern the risk framework and having the appropriate capabilities and level of curiosity to monitor risks are critical facets of a successful business. Board committee and sub-committee charters are often too vague when it comes to clear roles and accountabilities with risk management and too focused on leaving it to ‘the Audit and Risk Committee’.

 

Gap 6:  Risk culture is left off the agenda

Humans manage risk, yet so much of the risk consideration focuses on processes, spreadsheets and heat maps. The risk framework must support a positive risk culture, whereby awareness, attitudes and accountabilities regarding risk management are aligned. When is the last time you assessed your organisation’s culture for its influence on ERM?

 

 

Stephen Ratcliffe, Senior Enterprise Risk Management Consultant at Ansvar Insurance