Preparing for the Possible, the Probable and the Inevitable…
Author: Carolyn Claridge
I wrote this article for the VETIG Newsletter Summer edition, 2016. Please visit www.vetig.com.au for more information on the Vocational Education and Training Industry Group and how to become a member of this not-for-profit organisation representing vocational training in Australia.
Whilst many of us would already be aware of the risk rating the National Regulator places on RTOs so as to determine the level of scrutiny required; do we actually give enough thought to the risks from our own RTO’s perspective?
Risk management is an integral component of good management. It’s about knowing and understanding what could cause harm to your business and preparing for it.
Risk management involves the identification, analysis and evaluation of any RTO’s risk of compliance with the Standards for Registered Training Organisations 2015 and the development of cost effective strategies to treat those risks.
Risk management is about asking:
- What could go wrong?
- What will we do to prevent it?
- What will we do if it happens?
There are various ways to identify the list of risks relevant to your VET activities. A good start is to review the data from your past – incidents, issues, corrective actions, self-assessment, external audits, complaints, academic appeals, feedback data, etc. This will provide a foundation for you to work from and you may already be starting to see particular trends in certain areas which will help you prioritise and focus your planning of activities later on.
A good way to classify your risks and provide focus for your actions is to go through the Standards for Registered Training Organisations 2015 as well as whatever other compliance obligations you may need to adhere with (for example, government contracts, other legislation) and list all your requirements/possible auditing points.
For example, clauses 7.1 and 7.2 of the Standards for Registered Training Organisations 2015 mandate training providers to ensure at all times that all executive officers and high managerial agents meet the Fit and Proper Person Requirements and that at all times the RTO meets the Financial Viability Risk Assessment Requirements.
It would be prudent to include a risk on your Risk Register along the lines of this requirement, noting the words ‘at all times’ when determining your actions and timeframes for monitoring your level of compliance.
It is also suggested to take a look through the standard AS/NZS ISO 31000:2009 Risk Management— Principles and Guidelines[1], which provides a guide for managing risk. This standard lays out the process for identifying, analysing, evaluating and treating identified risks and the ongoing monitoring of the risk management process to ensure any changes made are effective.
The most important tool in identifying, prioritising and gaining ownership of addressing your safety, financial, marketing, training, assessment, information technology and governance risks (these are just a few suggested categories) is of course, your people. Consulting with others you work with allows you to gain insight from their perspectives of what may be potential problems, how important they are to wider business success and how they can be addressed. Having people involved in this process is a great way for them to feel valued and more likely to contribute when you need things done.
There are apps out there to help you identify, manage and monitor your risks; as well as web-based risk assessment toolkits (some free whilst others cost a small fortune). It is definitely worth looking into what can help you reduce the pain of this exercise and even give help you find risks in areas you haven’t thought of yet.
A risk needn’t be a threat to your business, it is simply an issue that could arise and, if effectively managed, should not prevent you from reaching your goals.
The four key steps in risk management can all be captured in your risk register with columns (in a table or spreadsheet, for example) and headings to ensure each step is covered:
- identify the risks;
- evaluate the severity of each risk, if it should happen;
- apply possible solutions to either prevent those risks from occurring or to reduce their negative impact if they do occur; and
- monitor and analyse the effectiveness of your solutions.
| Don’t forget your Risk Register is a ‘living document’.
It needs to be reviewed and revised regularly so that it is always current and reflective of the internal and external environments you are working in. |
References:
[1] Standard available at http://infostore.saiglobal.com/store/Details.aspx?ProductID=1378670
