Funder by the Department of Human Services Auspiced by Our Community

Help Sheet

Putting in place a risk management strategy

If nothing else, the controversy surrounding public liability insurance over the past few years has at least served to educate the public about an issue of major concern for community groups across the country - risk and the need to manage it.

One of the reasons that the cost of public liability insurance has increased for community groups is due to the perception - rightly or wrongly - that community groups of all types are "high risk". This is despite the fact that most have never had a claim against them.

Even so, it is important that groups identify and deal with the risks that they do face - and all community groups are exposed to a number of risks simply by virtue of the nature of the activities that they undertake.

It is also important that groups do everything in their power to ensure that people and property closely related to their group are properly protected. The fact that many of the people we are talking about are volunteers who give freely of their time makes this even more of a priority.

What is risk management?

Many community groups and not-for-profit organisations have ways in which they currently manage risk: a sign warning people to watch the step, a requirement that there always at least two signatories to a cheque, having a clear policy about what the group or organisation will do if someone gets very angry, having a policy in regards to people who are inebriated on the premises, or backing up the computers once a week to protect records. All are examples of risk management.

Standards Australia describes risk management as actions that prevent "the chance of something happening that will have an impact on our objectives". So the sign draws people's attention to possible danger, two signatories on a cheque guards against one person using funds without authority, and the computer back-up protects your records should a virus or surge strike.

Risk management is the process of thinking systematically about all the possible risks, problems or disasters before they happen and setting up procedures that will avoid the risk, or minimise its impact, or cope with its impact. It is also about making a realistic evaluation of the true level of risk. The chance of a tidal wave taking out your annual beach picnic is fairly slim. The chance of your group's bus being involved in a road accident or a volunteer falling on the wet floor and seriously injuring themselves are a bit more pressing.

Risk management begins with three basic questions:

  1. What can go wrong?
  2. What will we do to prevent it?
  3. What will we do if it happens?

Not every risk can be prevented. Football clubs, no matter how good their medical and support team, can not stop all injuries. Organisations can not always predict how people will react and in some cases the very activity the community organisation was set up to do is risky.

For consumer groups in the area of mental health there are obvious dilemmas as the fundamental reason many groups exist is to provide a safe and protective haven for people whose perception of the world and their life within it is different from other people. In many ways 'madness' can be seen as the ultimate in creativity; on the other hand, is that super-creative perception can potentially be a risk to others.

Consumer groups have to continually make clear and careful decisions which balance the needs of the people they exist for and the expectations of the law. The potential for consumer groups to default to behaving in the same patronising and unacceptable ways with other consumers and protecting 'themselves' (those in the inner sanctum) from the very people there group is established to serve - using risk management as an excuse - is very high.

This issue needs to be dealt with early and sincerely.

Why should we bother with risk management?

Apart from the obvious answer of wanting to protect your own members, friends, volunteers and consumers from injury or death, there are quite valid reasons why we should all look at developing a risk management process.

Protect your organisation from legal liability

Some community groups believe that by incorporating they can no longer be sued. This is not the case. The effect of incorporation is to limit liability. However, directors and employees of corporations and members and officers of incorporated associations do have a risk of incurring liability if a personal breach of duty by them causes personal injury or damage to property. They can be liable if they directly caused the loss or damage or if they authorised and directed the actions which caused the event giving rise to liability.

Small organisations which take the form of a partnership are more directly exposed to potential liability. Each partner has unlimited liability in respect of any liabilities incurred by the partnership. There is a similar risk for members and officers of unincorporated community groups.

Lower insurance premiums

Insurers are increasingly focusing on providing cover to organisations that can prove that they do not present a "high risk". If you can provide evidence that you are effectively implementing safe practices and have moved to deal with major risks, insurers will be more likely to provide cover and to do so at a more reasonable cost.

Improved perception of your organisation

By implementing risk management principles you are showing your members and the wider community that you place value on everyone's participation and involvement. This enhances your organisation's capacity to present a professional image, it enables you to promote and market yourself as an organisation that has strong standards of behaviour and assists your organisation to structure itself to run effectively and efficiently.

You can use the implementation of your risk management process to market these benefits to potential members and volunteers alike.

Better information for decision-making

The process that is undertaken for identifying, assessing and evaluating risks will highlight requirements that your organisation should review and prioritise. By stepping through the process and continually reviewing these decisions over time you will enhance the capacity for Boards and Committees of Management to make decisions based on facts rather then speculation.

Better asset management and maintenance

Setting up a risk management register will help you list all the physical assets owned by your organisation. It also encourages staff to report it when the asset first poses a danger.

The process

Step One: Raise the subject at your next Committee of Management meeting

Don't scare people off by using elaborate models and charts - simply explain why you need to begin to look at the process. Get the support of the Committee.

Step Two: Display a Risk Register and request that items be recorded

A Risk Register lists potential hazards that have identified, how serious the problem is and how it can be fixed, who is responsible for fixing it and by when. It should also be used for recording when and who has fixed the problem. (An example of a Risk Register is provided here.)

The aim of the register is to proactively, but without a major imposition on time and effort, begin to raise the profile of what risks exist within your group.

Members, staff and volunteers are requested to add items that they feel could be a problem (e.g. the fraying electrical cord to the jug or urn, the slippery tiles at the entrance, the jagged wire on the fence etc). This is the first step along a detailed process.

Step Three: Communicate what you are doing and why

Let everyone know that you are taking this step to better ensure everyone's safety and that you need their help in adding items to the register.

Let your organisation know that the topic is important and a process is being developed to better manage risk. Be prepared for the knockers. They may well be the same ones who complain once you get a claim that you didn't act quickly enough. Everyone has to start somewhere.

What to do when the risk might come from the consumers themselves

This is a very difficult issue for some mental health consumer groups and not-for-profit consumer-run organisations.

The very nature of our experiences as consumers means that some of us will experience times in our lives when we are 'not ourselves'. As much as we might resist naming ourselves as people who bring greater risk than some other groups of service consumers, most of us relate to - or perhaps have been on the receiving end of - a situation where a consumer is very distressed and perhaps not as predictable as usual.

Legally, as mental health consumer groups and organisations, it is no longer OK to bury our heads in the sand. Rather we must look at some positive ways this issue can be dealt with.


This helps legally but, if done badly, can do much damage to groups and organisations which strive to be different from the mental health services and non-government organisations that some consumers have found oppressive.

Many people who have survived mental health service systems either cringe or get angry when rules are imposed.

If there are rules for consumers using a consumer run organisation there should also be rules for all staff - whether they be paid consumers or volunteers.

All rules should come from the grassroots up and not be imposed from the top down. However, it is also essential that people check that they are not being tougher on themselves because they are offered the chance to be decision makers. This is a common thread when people from disenfranchised groups start to claw back some power over their own lives.

The rules should be consistently enforced so the 'behaviour' they enforce needs to be realistic.

Advance Directives

Rules and safe conditions for mental health consumers, and paid and voluntary staff (many of whom will be consumers), work best when everyone is given the opportunity to tell the organisation what they need to happen if they do get distressed, angry, desperate or 'ill' whilst they are on the premises, or, for staff and volunteers, working for the group or organisation anywhere.

An Advance Directive enables each employee, volunteer, group member or regular service user to document their own needs at times of strife in a way that enables the organisation to best provide what is needed to both make sure the distressed person is safe and also ensure that the rest of the group or others in the organisation are safe as well.

An initiative of Department of Human Services, Developed & Managed by