Rural Organisation for Social Advancement “ROSA”
Risk Management Policy
What is Risk?
It is common to think of Risk as what might go wrong in an organization, But a more precise definition is’ the effect of uncertainty on an organization’s objectives’, Potential risk come and go, or evolve’ as on organization’s internal dynamics change and as the external environment in which its operates changes. Keeping abreast of the risk that may affect your organization must be therefore be an ongoing activity.
What is risk management?
Risk management is aims firstly at anticipating Risk then its aims preventing them from happening or at minimizing their impact if they do happen.
1. Purpose
The purpose of this policy is to set out ROSA Organization’s policy on the
management of risk within the organization.
The key messages are:
1. Management of risk is the concern of everyone,
2. Management of risk is part of normal day to day work,
3. The process for managing risk is logical and systematic and should be
implemented on a routine basis and integrated with service delivery.
ROSA Organization will ensure that risk management:
- is an integral and ongoing part of its management process
- is as simple and straightforward as possible
- that structures and responsibilities are clearly defined.
In addition, ROSA Organization will:
- determine an appropriate method for addressing identified risks
- repeat the process of risk identification on an appropriate periodic basis.
- assess identified risks on an appropriate periodic basis
- provide for monitoring and reporting at various levels of management.
2. Scope
This policy applies to all ROSA Organization employees in any setting where supports
and/or services are provided.
3. Areas of Risk
In order to manage risk on an integrated basis i.e. inclusive of all risk whether to do
with the management or the process of service being provided, the following have been identified as risk areas to be addressed.
·4. Risk management policy
ROSA is committed to implement an organizational philosophy that
ensures risk management is an integral part of organizational objectives, plans and
management systems. Compliance with legislative requirements underpin the risk
management policy. The core function of risk management is to assist ROSA Organization to meet its objectives.
With the introduction of more individualized approaches to service provision by
ROSA Organization the expectation is that there will be a more positive approach
taken by staff around ‘risk’ and the opportunities that positive risk taking can bring to
people’s lives. The use of risk management methods to provide a consistent
approach to these issues.
The following factors are considered essential for the successful implementation of a
risk management strategy:
1. Board and management understanding and commitment to risk management.
2. Alignment to the organization’s objectives.
3. Implanted into day-to-day processes.
4. Management of risk is an integrated way incorporating clinical, non-clinical,
and financial risks.
5. Employees and management partnership in risk management processes with
clear communication channels.
6. Structured mechanisms in place to monitor and review the effectiveness of
risk management strategies, plans and processes.
7. All incidents are immediately reported, categorized by their consequences
and investigated to determine system failures, using an organizational
learning approach.
8. Systems of work are designed to reduce the likelihood of harm occurring.
9. Safe systems of work are in place to ensure the safety of clients, staff, and
the public.
5. Promoting a Risk Management Culture
ROSA Organization is committed to the protection and wellbeing of the people that it
supports, their families, and ROSA Organization staff as well as demonstrating
openness and transparency in all matters relating to management and legislative
compliance. To this end ROSA Organization is committed to promoting a culture of
Risk Management based on a practical application of best practice. ROSA Organization is committed to having in place the necessary structures, processes,
training, information systems and communication mechanisms to ensure that this is
achieved, along with, where necessary, financial and other resources.
ROSA Organization seeks the commitment of all staff in supporting this initiative. To
this end the ROSA Organization promotes an environment within which individuals/
groups are encouraged to identify hazards and risks, and report adverse events
promptly within the framework of a positive and supportive culture which seeks to
apportion blame fairly.
6. Risk Management – Organisation Structure in ROSA Organization.
The following organogram sets out where the Risk Management Function of the
ROSA Organization sits in the context of the overall ROSA Organization organization:
7. Board of Directors monitoring and management of the risk environment
The Board of Directors of ROSA Organization expects that a risk register be
maintained which will allow for the capture of risk information from the ‘bottom up’
within ROSA Organization. The risk register will be the primary tool for risk tracking,
containing the overall system of risks and the status of any risk mitigation actions.
The Board of Directors will monitor and review ROSA Organization’s risk
register, which will be prepared by the Executive, on a quarterly basis.
8. Risk Management process
The Risk Management Process outlines a standardized approach to the
identification, analysis, evaluation, treatment, communication and monitoring of risk.
All services will use this standardized approach and record the outcome in
Risk Registers. These Risk Registers will be collated at key organizational levels
allowing for risks to be managed at the most appropriate level in the organization i.e.
risks that fall outside the control of a line manager may be escalated to the appropriate level of management.
It is essential that action plans for the risks contained in the Risk Register are
identified and an action person assigned. These Risk registers must be under active
consideration and be the subject of regular review.
Definitions
Risk: can be defined as “the chance of something happening that will have an
impact on the achievement of organizational stated objectives” or the
“effect of uncertainty on objectives”
Note 1: An effect is a deviation from the expected – positive or negative
Note 2: Objectives can have different aspects (such as financial, health and
safety, and goals) and can apply at different levels (such as
strategic, organization-wide, project and process).
Note 3: Risks may be categorized as:
• Strategic risks: These concern the long-term strategic objectives of ROSA Organization These may be external or internal to the organization.
• Operational risks: These relate to the procedures, technologies and other
factors relating to the short to medium term objectives of ROSA Organization.
Risk management can be defined as coordinated activities to direct and control an
organization with regard to risk.
Integrated Risk management: A continuous, proactive and systematic process to
understand, manage and communicate risk from an organization-wide perspective. It
is about contributing to strategic decision making in the achievement of an
organization’s overall objectives.
Risk management Process: The systematic application of management policies,
procedures and practices to the activities of communicating, consulting, establishing
the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing
risk.
Risk Assessment: The overall process of risk identification, risk analysis and risk
evaluation.
Risk Register: A risk register is a database of risks that face an organization at any
one time. Always changing to reflect the dynamic nature of risks.
Hazard: Any process, substance or operation that has the potential to cause harm
Monitor: Continual checking, supervising, critically observing or determining the
status in order to identify change from the performance level required or expected.
Safety: The state of being safe, the condition of being protected against physical,
social, spiritual, financial, political, emotional, occupational, psychological or other
types or consequences of failure, damage, error, accidents, harm or any other event
which could be considered not desirable.
Quality: Doing the right thing consistently to ensure the best outcomes for staff,
satisfaction for all stakeholders, retention of staff and a good performance.
Existing Policy