How I learned to stop worrying and love the risk

1. How I learned to stop worrying and love the risk Trent Dean

2. PPB Survey (2010) of Not for Profit organisations in Australia and New Zealand: • Almost half did not have, or did not know if they had, a risk management plan • 61% of respondents stated that risk to their organisation had increased over the past five years • Over one third of Not-For-Profit boards were not held accountable for managing risk in their respective organisations • Almost half of respondents believe that budgetary constraints was the main barrier to adequate risk management support

4. The Ultimate • Risk Management Consultant • Con

9. Managing risk is a good thing... • Moves us away from avoidance or transference • It forces creativity • The only way to achieve innovation and growth

10. The most important things... Risk Management Framework - Fully integrated and informed Leadership - Prepared to take calculated risks 0

11. The Risk Averse The Optimistic Gamblers

12. The Innovators

14. Where to begin? • Design a RM framework that fits your organisation • Identify your strategic risks • Identify risk owners • Do something... anything • Monitor, Rinse and Repeat

15. What is Risk? “Effect of uncertainty on objectives” ISO 31000:2009 Risk Management Objectives can have very different aspects

16. Major risks can impact on a range of areas including, but not limited to: • Client Safety • Staff Safety • Business continuity • Organisational Reputation • Financial Sustainability • Employee Relations

21. Risk Assessments Risk Statement Contributing Factors Consequences Controls Control effectiveness Risk Analysis Action Required Risk Ownership

22. What should the Board know about? • Key strategic / operational risks • Presentations by individual risk owners • Key issues / incidents / compliance breaches • Crisis / Disaster Management • OH&S • Fraud and Corruption • Internal Audit reports • External Audit reports

23. Say what? • What are the risks, both strategic and operational? • How effective are the controls, and how do you know they are working? • What are you doing about the risks? • How are the risks trending? • What are the known or possible risks ahead of us?

24. Board Report – Risk Heat Map

25. Risk 2 (SR-AC): Poor integration and support of client focused care Risk Owner: A. Staff Accountable Executive: B. Cool Risk Category Poor integration and support of client focused care Client Focus Definition of Risk • Poor awareness of integration of services (both care and support) • Constraints by regulatory and compliance obligations • Limited creativity with application of compliance and regulatory obligations • Lack of support or resistance for client focused care • Client not viewed as central to all tasks and functions • Lack of awareness of services and functions that input or interface with client care delivery • Poor history and culture – task focused and output driven at both industry and occupational level Contributing Factors / Issues • Existing Controls • Training on customer focused awareness • CMS focused on client outcomes • Appointed project manager for the client focused care project • Appointed GM for shared services and integration • Appointed regional volunteer coordinators • Gaps and planned response • Client focused education at every level of organisation • Review of all functions that interface / input into client outcomes • Churches of Christ Care Strategic Plan/ actions from the Strategic Plan • Gap assessment of CMS / Care Governance • Action learning approach to learning • Client satisfaction survey • Key Risk Indicators • Number of volunteers • Compliance with standards and licensing • Client satisfaction surveys • Predetermined and measured outcomes of care • Culture survey results • Gap assessment of CMS/Care Governance is almost complete • Actively recruiting 5 regional volunteer coordinators Comments / Updates Control effectiveness / scope for control improvement Current Risk Rating

26. Key Risk Indicators

27. An integrated approach Identify and Assess Risk Internal Audit Risk Management Quality Improvement Monitor and Review Controls Design and Implement Controls

28. Churches of Christ in Queensland • A group of mainstream Christian churches which has been an active part of the Queensland community for over 100 years. • We are a significant presence within Queensland with over 200 services in more than 100 communities, touching tens of thousands of lives each year.

29. Churches of Christ Care • Established in 1930; operates 137 services with the support of more than 2,800 staff and over 700 volunteers. • The care services are active in the areas of early childhood services, child protection, social and affordable housing, retirement living, community aged care, and residential aged care.

30. Assurance Services Group Manager - Quality Risk and Compliance Advisor Quality Officer Quality Advisor Internal Audit Coordinator Director Internal Auditor Internal Auditor Health, Safety and Rehabilitation Consultant Health, Safety and Rehabilitation Consultant Health, Safety and Rehabilitation Consultant Health, Safety and Rehabilitation Specialist Health, Safety and Rehabilitation Consultant

31. What we do... • Risk Management Framework • Fraud Risk Management • Sentinel Event Management • Root Cause Analysis • Crisis / Disaster Management • ChildSafe Program • Legislative Compliance • Quality Management (Continuous Improvement) Framework • Controlled Documents • Archiving / Records Management • Internal Audit • Self Audits • Compliance Reviews • Due Diligence • Forensic Investigations • Workplace Health and Safety • Worker Rehabilitation

32. A Call to Action Ask yourself... • Do I know my organisation’s strategic risks, and are they meaningful to me? • Is ‘risk management’ only raised as part of a dedicated risk meeting, or is it part of every Board conversation? • What is the risk appetite and tolerance of the Board, the organisation, and me?