Purpose

This policy has been developed to ensure risks are identified proactively and procedures are in place to effectively manage those risks.

​

Scope

The policies and procedures in this document apply to Board members, staff, volunteers, contractors, partners and affiliates under the direction of Binar.

​

Policy Statement

Binar recognises that the health and safety of the people it works with is a priority and commits to providing a healthy and safe working environment.

Binar commits to minimising the risk that any particular program poses to our organisation, employees, volunteers, program participants, the general public, or the natural environment, so that the risk is as low as reasonably possible, and to mitigate the impact should such a risk event occur.

​​

Definitions

Control is an action or intervention that reduces the risk though working to prevent a risk event from happening or mitigate its impact should it happen.

Likelihood means the chance of risk event happening. 
 

Impact means the consequential outcome of a risk event.
 

Risk means the likelihood of an event happening that will have an impact upon our organisation, employees, volunteers, programme participants, or the general public. It includes but is not limited to categories such as: strategic, financial, operational and organisational risk.
 

Risk Assessment means the overall process of risk identification, risk analysis and risk evaluation.
 

Risk Management means the actions to be undertaken to reduce and control risk.
 

Risk Register is a document summarising the outcomes of the risk assessment and risk management process.

​

Roles and Responsibilities

​

Board Members

• ​Ensuring Binar complies with all applicable laws and regulations.

• Establishing a system for managing risk within the organisation. 

• Monitoring compliance with this policy.

• Reviewing this policy annually to ensure it is operating effectively and updating it when necessary.

• Ensuring there are appropriate insurance policies in place.

• Assisting the CEO and Program Coordinators to manage any emergency.

• Managing strategic and extreme risks.

 

Chief Executive Officer (CEO)

• Implementing this policy as it relates to organisational risks.

• Implementing systems to protect people, assets and the environment from planned and unplanned risk events.

• Training employees, volunteers and contractors in the management of risk.

• Understanding the hazards and risks associated with Binar’s organisation.

• Conducting regular risk assessments and discussing risk controls, with input from staff and volunteers.

• Managing high risks.

• Managing any emergency.

​

Business Manager

• Implementing this policy as it relates to business or financial risks.

• Implementing systems to protect business and financial assets from planned and unplanned risk events.

• Understanding the hazards and risks associated with Binar’s business and financial activities.

• Conducting regular risk assessments and discussing risk controls, with input from staff and volunteers.

• Managing low to medium business or financial risks.

 

Program Coordinators

• Implementing this policy as it relates to operational risks.

• Understanding the hazards and risks associated with Binar’s operations.

• Conducting regular operational risk assessments and discussing risk controls with the CEO, with input from staff and volunteers.

• Managing risk management records.

• Managing low to medium operational risks.

 

Employees, Volunteers and Contractors

• Following the requirements of this policy.

• Contributing to risk assessment and risk management activities as requested.

• Reporting any hazards or health and safety problems immediately, so risks can be managed before an incident occurs.

​

​

PROCEDURES​

​

Risk management involves four steps:

1. ​Identify the risk – identifying what could cause harm.

2. Analyse the risk – understanding the likelihood of a risk event happening and the potential impact. 

3. Identify risk controls –  identifying the most effective control measures that are reasonably practicable in the circumstances.

4. Manage the risk - reviewing control measures to ensure they are implemented and working as planned.

 

The following procedures should be read in conjunction with the Guidance notes provided in the Risk Register.

 

Identify the Risk

Identifying risk involves finding all the risk events that could potentially cause harm to people, property, the environment, or the organisation, plus the trigger or underlying cause.

Risks to people generally arise from the: 

• Physical environment.  

• Equipment, materials and substances used. 

• Tasks and how they are performed.

 

Some risks are not always obvious, e.g., some risks can affect health over a long time, or may result in stress (such as bullying), or lingering fatigue (such as repeated late-night activities). 
 

Encourage employees, volunteers and contractors to identify potential risk events, their triggers or underlying causes, through:

• Inspecting the environment.

• Consulting employees, volunteers, contractors, program partners, parents or program participants.

• Reviewing records or asking about past incidents.
   

The responsible party (Board, CEO, Business Manager or Program Coordinator) should check to see if these risks have already been identified in the Risk Register, and if not, add them to the register.

When adding a new risk, describe the potential outcome: there may be multiple possible outcomes for each risk event - describe the worst possible one because managing this means that less severe outcomes will also likely be managed too.

 

Analyse the Risk

A risk assessment involves considering what could happen (the impact) if a person (or the natural environment) is exposed to a hazard and the likelihood of it happening.

The responsible party (Board, CEO, Business Manager or Program Coordinator) should work with employees, volunteers and contractors to make an initial risk rating BEFORE any controls are implemented, i.e., the risk of doing nothing.
 

The initial risk rating (or risk level) should consider the likelihood of a risk event happening and its potential impact upon the organisation, its employees, volunteers, programme participants, the general public, or the natural environment.

​

The potential risk levels are shown in the matrix below: this initial risk rating should be recorded in the Risk Register alongside the relevant risk.

​

​

​

​

​

​

​

​

​

Identify Risk Controls

Controlling risk involves: 

• Eliminating them so far as is reasonably practicable;

• Or if that is not possible, minimising the risks so far as is reasonably practicable.
   

The responsible party (Board, CEO, Business Manager or Program Coordinator) should work with employees, volunteers, contractors, partners and affiliates to describe controls (current, existing, or additional) that could be put in place to:

• Prevent the risk event from happening (reduce the likelihood); and

• Decrease the impact of the risk event (reduce the impact).

​

These controls may include policies, procedures, practices, training, etc. and should be recorded in the Risk Register alongside the relevant risk.

Determine a residual risk rating (or risk level) that takes into consideration these controls: this rating should be recorded in the Risk Register alongside the relevant risk.

Extreme level residual risks should be reported to the Board.

​

Manage the Risk

The identified controls to prevent or mitigate risks need to be actioned, monitored and reviewed regularly to make sure they are put in place and will work as planned: actions should be recorded in the Risk Register alongside the relevant risk.

The following people have the responsibility for monitoring and managing risks:

• Low to medium risks – Program Coordinator or Business Manager

• High risks – Chief Executive Officer

• Extreme risks – Board

 

These responsible parties should regularly review the status of actions in the Risk Register and identify any new risks that may have become evident, for example, when:

 

• A significant change occurs to a program location, workplace, processes or systems;

• It becomes evident that a risk control is not adequately controlling the risk;.​

• A first aid case or health incident occurs;

• A complaint or grievance is raised; or 

• A notifiable incident occurs, including in relation to Safeguarding Children.

​​

Record Keeping

Keeping records of the risk management process demonstrates compliance with the applicable laws and regulations. It also helps when undertaking subsequent risk assessments.

Binar will document all risk management activities in the Risk Register and any risk incidents using the Incident Reporting Form or Safeguarding Incident Reporting Form, as applicable. The Business Manager will ensure that risk management records are retained in accordance with the Records Management Policy.