Risk and Compliance
Creating a Healthy Risk Culture
to avoid the Swiss Cheese effect
There is no doubt that schools are facing unprecedented challenges in relation to the complexity of risk, compliance expectations and regulatory requirements. Reflecting on the last 5-10 years, without including COVID, a myriad of new issues have arisen not previously seen. Responding at an individual school level has often required a more sophisticated level of expertise which, for many, has lead to the addition of specialist resources overseeing risk and compliance and as a result, potentially greater corporate costs.
Like other areas of focus, a strategic approach is needed to navigate an appropriate approach too risk and compliance – neither overly restrictive or too laissez faire. Either extreme is unhealthy and will undoubtedly result in an impact on students and staff.
In healthcare, there is a saying that it only takes ‘three holes in the cheese’ to line up to result in a critical incident. Establishing appropriate structures, systems, processes, culture and skills is vital to reducing the likelihood of the ‘Swiss Cheese Effect’.
Beyond simply meeting risk and compliance obligations, I have seen the benefit over my career of organisations that work towards a strategic approach to achieving a Healthy Risk Culture.
What statements may indicate concerns about your school culture in relation to risk?
‘Nothing adverse has ever happened, so what is all the worry about’
‘Child safety is now well implemented….we don’t need so much focus on it’
‘Our policies are on the system and staff should know where to access them’
‘We met our audit requirements, so we are all set until the next audit’
‘Our senior team says that all that is needed is in place, so it must be ok’
‘We don’t speak up because our risk manager comes down hard on us’
What are the indicators of a Healthy Risk Culture?
All staff at all levels regard the management of risk as being everyone’s concern
Staff don’t walk past but rather act on issues of concern
All staff have the knowledge and skills to make decisions through a risk lens
Staff at all levels proactively report relevant incidents and ‘near misses’ and where we seek to review our actions as part of a continuous quality improvement agenda
Staff are clear on the actions they need to take (school policy into action) in relation to the management of risk
Risk and Compliance Managers regard their role as educative, advisory and facilitators of quality improvement – proactively engaging with staff to support them and to create a trusted partnership.
What as a Principal might you be asking about risk and compliance within your school?
How can I be sure that what my senior staff are telling me about protocols, structures and systems to control risk, are appropriate and are in place?
How can I be assured that policies and procedures are being followed by staff ‘on the floor of the house’?
Have we met all our duty of care responsibilities in relation to high risk activities – especially camps/excursions and sport? (including ‘transfers’)
How can we ensure staff are effectively trained and aware of risks relevant to their roles?
What else can I be doing proactively to advance a healthy risk culture?
How can I protect staff, particularly less experienced staff, against preventable incidents?
What might your Board be asking you about risk and compliance?
What are our key risks?
What have we in place to control/mitigate our key risks?
What evidence is there that staff ‘on the floor of the house’ are aware of and are enacting policies, in relation to key risks in their everyday work?
What might a QC or the Coroner ask?
Who has the ultimate accountability for managing risk in the school?
What is the process for identifying, monitoring and reporting risks?
What is the process for identifying, implementing and reviewing effectiveness of risk management?
What policies relevant to the control/mitigation of risk, are in place?
How often are policies reviewed and by whom?
How are staff made aware of the relevant policies?
What staff training is in place?
What evidence (documentation) have you that staff attend training and understand it?
What evidence have you that policy implementation is monitored on the ‘floor of the house’?
How are incidents reported/acted upon and those actions documented/communicated?
How are ‘near misses’ reported and acted upon/documented/communicated?
How is the information from the above, systemically reviewed to continually improve policy/procedure and hence improve safety and reduce risk?
Why should this be top of mind? Impact of all events involves personal trauma….
Student fatality on overseas school trip – legal action arising and reputational damage
Allegation of student injury during school sporting competition - potential for current/future legal action against school
Allegation of child abuse by sporting coach – legal action against school
School parent claims poor ground conditions as cause of injury to high performance (elite) athlete – potential for current/future legal action against school
Staff fatality at an independent school – legal action arising and reputational damage
What are the key frameworks to consider in developing a Healthy Risk Culture?
Governance structures and systems including Risk Registers (Corporate and Operational) - for identifying, reporting and monitoring risk at Board and Executive level
Whole school policy and procedures – development, review and implementation reflecting contemporary legal accountabilities
Staff training and awareness – documentation of attendance, review of effectiveness
Implementation –reporting of incidents and near misses; documentation of actions and analysis of systemic issues requiring action
Ongoing monitoring of practical compliance at ‘staff level’
Systemic reviews supporting continuous quality improvement
How could I assist you?
Advice on practical strategies in relation to risk and compliance to achieve a healthy risk culture – including at governance level, link between incident reporting and quality improvement actions, staff training and development, policy implementation and monitoring of implementation, accountability systems/processes to assist
Acting as a conduit between lawyers and school(s) re: policy development and specific risk and compliance advice – significant economies of scale and hence cost reduction if schools work as a collective
Advice on strategies for staff training and awareness – including online competency packages
Audits of staff knowledge to ascertain what is known and happening ‘on the floor of the house’
Interactive staff workshops, including the use of practical and school related scenario discussions to reinforce a strong risk culture
Annual audits to monitor policy implementation ‘on the ground’ – including interactive and educative workshops with key staff
Workshop discussions with senior leadership teams, including use of school related scenarios to increase knowledge/skills and promote a culture of decision making through a risk lens
My Experience
i) Independent School – General Experience
9 years’ experience in consulting in multiple assignments in more than 65 independent schools in 5 states’ of Australia and in Asia
Diverse areas of experience, including recruitment of Principals and senior leaders, structure and function reviews, staff performance reviews, risk and compliance audits, review of corporate functions, leadership development and executive coaching
9 years’ experience as a Board Director, including Deputy Chair and Chair of Governance of an independent school
ii) Independent School Risk and Compliance – Advice and Annual Auditing
5 years’ experience in assisting a sporting association involving 9 independent schools in raising the awareness of the need for enhanced and collective approach to policy development against key areas of risk identified by the insurer and conducting of annual school audits and provision of audit reports.
5 years’ in regular consultation with high profile law firm on behalf of schools and school co-curricular associations
iii) Risk and Compliance in Telecommunications and Health
4 years’ experience in regulatory management at Optus, ensuring compliance with consumer legislation and experience acting as a conduit between legal counsel and business units
6 years’ experience in Executive roles in health, including implementation of mandated national standards and regulatory requirements
Rosie Rowe
Principal Consultant
M: 0439 194 954
E: rosie@rosieroweconsulting.com.au