22. Compliance and Risk Management
Principles of good governance require the Board to establish a comprehensive system of risk management, risk oversight, compliance, and internal control. A Risk Management Policy essentially formalises and communicates the school’s approach to the management of risk. This policy should set the risk tolerance for the school, approve the risk management framework, and monitor its effectiveness. The Risk Management Policy should also identify the specific roles and responsibilities of the Board, individual Board Members, the Chair, the Principal, and other management staff in order to clarify and formalise accountabilities.
It is important to be aware that risk itself is not so much the problem it is the way in which it is managed that is important. Without any risks we are unlikely to make progress in any type of business or organisational venture. Boards must have a keen understanding of risk and this involves understanding the School’s business, its operational activities, the expectations of the community and stakeholders, and the implications of all decisions.
Major areas of risk include:
- meeting statutory and regulatory obligations
- meeting State and Australian contractual obligations for funding
- operational and strategic risks
- service quality risks
- risks related to physical buildings and equipment, IT systems and business systems
- human resource risk (including occupational health and safety, professionalism and ethics, breaches of copyright, and poor management of human capital)
- financial reporting risk and financial loss
- loss of credibility and reputation with stakeholders
- risk from disaster (e.g. fire, storm or other threat)
- specific duties of care owed to students and staff
- outdoor education.
Independent Schools Victoria facilitates an extensive risk management program in partnership with Willis Australia. For detailed risk management advice and support, Schools can contact Independent Schools Victoria .
It is the Board’s responsibility to identify major areas of risk and to provide policies and procedures on how they are to be managed. The Board should review material risk incidents and ensure that appropriate actions are taken. In addition, risk management should be a standing agenda item at Board Meetings.
On a regular basis, a report should come from the Principal to the Board, signing off that appropriate steps have been taken to comply with risk management policies. This report should include all material risk incidents, the actions that were taken and the outcome or ramifications. Any critical incidents should be reported to the Chair as soon as circumstances permit. The Board can then make appropriate amendments to the plan on an ongoing basis. Principals must therefore be prepared to voice their opinions and estimate risk and factors that might influence the degree of risk. Cooperation and good governance relies on a relationship of trust and respect between the Board and the Principal.