Generic Risk MGT and Controls Model

Risk Management and Controls Model for Service Providers
Self-Assessment Tool

Version 1 Last updated: 27/04/2010 Page 1 of 102

RISK MANAGEMENT AND CONTROLS MODEL
SELF-ASSESSMENT TOOL

2010


CONTENTS

CONTENTS...........................................................................................................................................................................2
INTRODUCTION...................................................................................................................................................................3
Risk Management and Controls Model .............................................................................................................................................................. 3
SELF ASSESSMENT: QUICK VERSION...........................................................................................................................5
STEP 1: HOW TO USE THIS RISK MANAGEMENT AND CONTROLS MODEL.................................................................8
Self-Assessment Detailed Sheets: Calculation Method..................................................................................................................................... 8
STEP 2: SELF-ASSESSMENT............................................................................................................................................11
Key Element Table ........................................................................................................................................................................................... 11
STEP 3: RISK IMPROVEMENT PLAN................................................................................................................................14
Gaps ................................................................................................................................................................................................................. 14
Risks................................................................................................................................................................................................................. 14
Risk Improvement Plan .................................................................................................................................................................................... 17
Abbreviations.................................................................................................................................................................................................... 18
Definitions......................................................................................................................................................................................................... 19
LEADERSHIP......................................................................................................................................................................20
STRATEGY & PLANNING...................................................................................................................................................28
FINANCIAL MANAGEMENT ...............................................................................................................................................39
INNOVATION, QUALITY & IMPROVEMENT......................................................................................................................54
PEOPLE..............................................................................................................................................................................71
CLIENT & MARKET FOCUS...............................................................................................................................................90


INTRODUCTION
Service Providers delivering client services (e.g. aged care services, disability services, health services, etc) are responding to this increasingly
competitive environment by focusing on the customer, improving the quality of services, responding to individual needs and developing more
sophisticated governance and management practices. The latter will assist them to respond to demands for new and more flexible services.
Effective risk management is an important part of this strategic response and will contribute to long-term sustainability.

The ability to identify, assess and respond strategically to risk strengthens the capacity of Service Providers to deliver quality services to
Victorians.
Risk Management and Controls Model
The Risk Management and Controls Model is a practical self-assessment tool for managing risk and provides a systematic framework to
support developing the right risk management and governance/ control strategies. The Australian Business Excellent Framework informs the
Model.

The Model facilitates risk assessment, analysis and treatment across small, medium and large Service Providers. It is based on a maturity
model concept where Basic Good and Best relate to organisational capability and complexity across the following six elements:
1) Leadership
2) Strategy and planning
3) Financial management
4) Innovation, quality and improvement
5) People
6) Client and market focus

Service Providers are advised to consider risks and controls (treatment plans) in each of the six elements. An organisation will decide on the
level of risk management activity to undertake based on their organisational and governance requirements and resources.

Designed as a practical but simple self-assessment tool, the Model guides organisations through a computation process to identify gaps in their
risk management activity. The Model is an internal tool, allowing individual judgements to be made regarding levels of control that best reflect
their organisation, given their respective external and internal context and operating environment.


The Model is based on the understanding that risk management is a journey, and that organisations of differing size and complexity require
different levels of maturity in their risk management framework. The Basic, Good and Best levels are described in the table below.

The descriptors contained within each level (e.g. Basic, Good and Best) will assist organisations to understand how to progress from Basic
to Good or Good to Best, if it is what the organisation wants to do.

Basic Good Best
Processes designed to keep a minimum
level of robustness to the organisation.
Processes (typically) driven in an ad-hoc
manner, uncontrolled and used as the
need arises.
Process performance likely to be variable
(inconsistent) and is heavily dependent
on the efforts of relatively few people or
small groups.
Lack formality and/or structure.
Meets minimum regulatory requirements.
Processes designed to ensure
robustness and some efficiency to the
organisation.
Some processes are repeatable, possibly
with consistent results.
Process discipline is beginning to be
rigorous and where it exists, it may help
to ensure that existing processes are
maintained during times of stress.
Processes and their outputs are visible to
management at defined points, but
consistency needs to be improved.
Management can effectively control the
current situation, and adjust and adapt
the process to particular situations/
projects.
Using quantitative/ statistical techniques,
process performance is measured and
monitored, generally predictable and
controllable, and aligned to objectives at
all levels of the organisation.

It is important that the computations are performed as accurately as possible to give an honest reflection of how an organisation is managing its
risks and to allow the organisation to benchmark progress and formulate improvement plans to mitigate potential risks.

The Model is designed in accordance with AS/ NZS ISO 31000:2009 Risk Management Principles and guidelines.


SELF ASSESSMENT: QUICK VERSION
The following self-assessment table will enable you to determine the level at which your organisation manages risk in the key areas of:
1) Leadership
2) Strategy and planning
3) Financial management
4) Innovation, quality and improvement
5) People
6) Client and market focus

The self-assessment is designed to be used as an internal tool, whereby existing controls and/or planned risk treatments are identified, and
compared with the desired level of risk appetite. This self-assessment requires an organisation to determine any potential gaps, given its
services, complexity, resource levels and governance structure.

The table below outlines the criteria for managing risk at a Basic, Good or Best level.


Leadership Strategy & Planning Finance People Client & Market
Focus
Innovation, Quality &
Improvement
Basic Informal governance
framework
Board understands roles
and responsibilities
Annual financial
reporting and external
financial audit, as
required by legislation
Annual business plan
Risk management
processes designed
Performance against
organisational goals are
measured and reported
Quarterly review against
annual Business Plan
and outcomes

Annual budgeting
process
Annual financial
reporting and auditing
Asset register
Chart of accounts
Fundraising conducted
on ad-hoc basis
Billing and collection
process
Recruitment process for
qualified/ skilled/
competent people
Learning and
development strategy
Informal performance
appraisal system
OHS management
system includes the
identification,
management and
monitoring of OHS risks
Process for staff
complaints/ feedback
User-friendly client
interfaces and feedback
mechanisms
Knowledge of products
and services offered
Marketing/ promotional
materials accurately
describe products and
services
Some consultation with
stakeholders with
respect to service
provision
Complaints/ feedback
documented and
measured
Information on service
and costing provided to
client in an accessible
format
Quality management
plan for short-term (1
year outlook)
Transparent information
and reporting systems
Good Formal governance
framework in place
Board approved
delegations policy
and responsibilities
Board provides strategic
direction to
management
Board takes measures
to fill gaps in skills/
expertise
Annual financial
financial audit/
assurance, as required
by legislation
Board Audit and Risk
Committee
Three year Strategic
Plan with clear Goals
and direction
Risk management
processes designed and
operating within the
organisation
Evaluation process in
place to measure
organisational progress
against Goals and KPIs
measured
Quarterly review against
annual Business Plan
and outcomes
medium-term Strategic
Plan review at end of
each year
Medium-term budgeting
process (operational
and capital) with 3-5
year outlook
Annual financial
with effective internal/
external audit function
Asset register and
facilities management
program
Standard chart of
accounts
on regular basis
system
Recruitment and
retention strategy
Learning and
Formal performance
appraisal system
OHS management
system includes the
identification,
management and
Process for staff
incorporates an annual
organisational health
survey with results
reported back to staff
User friendly client
mechanisms with client
surveys conducted
Good knowledge of
product and services
offered
Annual Marketing Plan
includes provision of
clear, easy to read
marketing/ promotional/
materials
Regular contact with
stakeholders with
respect to service
provision
Complaints/ feedback
documented and
measured
format
Quality management
plan for medium-term (3
year outlook)
and effective record
management system
Asset control register


Leadership Strategy & Planning Finance People Client & Market
Focus
Innovation, Quality &
Improvement
Best Governance framework
reviewed regularly
Board approved
delegations of authority
and responsibilities and
provides strategic
direction and
performance targets
Board members have
the necessary skills and
knowledge to ensure
compliance including
financial, operational,
legal, risk and
governance issues
Annual financial
financial audit, as
Audit and risk
committee in place

Five year Strategic Plan
with clear Goals and
direction
Comprehensive risk
management framework
is operating successfully
within the organisation
Evaluation process to
measure organisational
progress against Goals
and KPIs
Monthly reporting and
review against annual
Business Plan and
outcomes with in-depth
variance analysis,
including:
Variance against
financial and capital
plans and budgets
Variance against
Strategic Plans and
objectives
Long-term budgeting
process (operational
and capital) with 5-10
year outlook
Annual financial
with effective internal/
external audit function
and risk-based
approach to audit
planning
Asset register and
facilities management
program which are
updated regularly
Standard chart of
accounts and integrated
accounting/ financial/
CRM system
on regular basis with
annual calendar of
events planned
system
Recruitment and
retention strategy
includes career
pathways and
succession planning
(including for Board
members)
Learning and
fosters strong learning
culture, including
leadership development
and mentoring
Formal performance
management and
appraisal system linked
to the organisations
Mission
OHS management
system includes the
identification,
management and
Process for staff
incorporates an annual
organisational health
survey with results
reported back to staff
User-friendly client
mechanisms with client
surveys conducted
which feed continuous
quality improvements
within the organisation
Very good knowledge of
product and services
offered
Medium-term Marketing
Plan includes provision
of clear, easy to read
marketing/ promotional/
sales materials
Regular contact with
stakeholders with
respect to service
provision and changes
to the sector
Complaints
management system in
place
format
Quality management
framework
and integrated records
management system
Asset management
system in place


STEP 1: HOW TO USE THIS RISK MANAGEMENT AND CONTROLS MODEL

The Model is a self-assessment tool which allows an organisation to evaluate and benchmark against three levels of management practice -
Basic Good and Best. The maturity scale describes how risk is managed across key areas and enables the organisation to make informed
decisions about acceptable/ unacceptable risk and appropriate risk controls.

Self-assessment and calculation can be completed collaboratively by key Board members and staff (for individual sections e.g. Leadership or
Client & Market Focus, or the entire Model). In this way, the organisations collective expertise is used to inform discussion and decisions.
Self-Assessment Detailed Sheets: Calculation Method
1. Read and score each component with a 1 or 0 in the Yes = 1/ No = 0 column. Mark 1 in the column if this process/ practice exist and
0 if the process/ practice do not exist, as below. If the process/ practice is not applicable to your organisation, mark an X in the
Applicable? column.

Applicable? Core outcomes Yes = 1/ No = 0
GOVERNANCE FRAMEWORK
Basic
o Board charter
o Code of conduct (including separation of management and
governance roles)
o Governance framework (informal)
o Delegations policy (limits of authority)
o Board meeting procedures

1
0

1
0
1


2. Calculate the total percentage for each maturity level. Calculation method: Total Points Total Questions x 100. For example:

Applicable? Core outcomes Yes = 1/ No = 0 % Compliance

1
0

1
0
1

Calculation: Total
points 5 x 100
Basic
o Board Charter
o Code of Conduct (including separation of management and
governance roles)
o Delegations Policy (limits of authority)

Total points

3
3 5 x 100 = 60
60% Basic

1

0

0
0
1
0

Calculation: Total
points 6 x 100

Good
o Board Charter with detailed responsibilities and
accountabilities
o Code of Conduct (including separation of management and
governance roles)
o Governance framework (formal)
o Board approved Delegations Policy
o Audit Committee or equivalent (for financial compliance)

Total points

2
2 6 x 100= 33
33% Good

Please note: If you have listed an X in the Applicable? column, your calculation will change. In the example below there are 5 components in
the Governance Framework. If one of these components is not applicable then the score will be calculated out of 4.



1
1

1
0

Calculation: Total
Points 4 x 100

X
Basic
o Board Charter
o Code of Conduct (including separation of management
and governance roles)
o Board meeting procedures not applicable to
organisation, therefore removed from the calculation

Total points

3
3 4 x 100 = 75
75% Basic

3. When you have finished calculating the percentages, add the Basic percentages and populate the self-assessment table. Repeat with
the total percentages for Good and Best.


STEP 2: SELF-ASSESSMENT
For each of the key elements shown below, use the detailed self-assessment sheets to rate your organisations completeness at each level of
maturity. For each element calculate percentages (per the self-assessment detailed sheets calculation method), and at the end calculate an
approximate % complete against Basic, Good and Best.

Enter these results into the Key Element Table (below) to see the level of maturity at which your organisation functioning.
Key Element Table
Basic Good Best
Accept?
Y/ N
Action
Status
Key Element
0 50% . 100% 0 50% . 100% 0 50% . 100%
LEADERSHIP
Governance Framework
Skills of Board
Audit and Compliance
STRATEGY and
PLANNING

Strategic Planning
Risk Management
Evaluating Performance
against KPIs

FINANCIAL
MANAGEMENT

Budgeting
Auditing and Reporting

Basic Good Best
Accept?
Y/ N
Action
Status
Key Element
0 50% . 100% 0 50% . 100% 0 50% . 100%
Asset Management
Systems and Processes
Funding, Fundraising
and Investment

Cash and Cash-flow
Management

INNOVATION, QUALITY
& IMPROVEMENT

Policies and Procedures
Service Delivery
Quality
Information Management
Asset Management
PEOPLE
Recruitment and
Retention

Learning and
Development

Performance
Management

Volunteer Management
OHS
Communications

Basic Good Best
Accept?
Y/ N
Action
Status
Key Element
0 50% . 100% 0 50% . 100% 0 50% . 100%
Contractor Management
CLIENT & MARKET
FOCUS

Client Satisfaction and
Communications

Client Service Delivery
Marketing and reputation
Key Stakeholder
Management


STEP 3: RISK IMPROVEMENT PLAN
Gaps
Once the organisations level of functioning is calculated using the Basic, Good and Best scale in the Key Element Table, you can formulate
Goals for the level your organisation will progress to in the future. For example, if your organisation scored 50% Good for the Leadership
element, you might determine that the organisation is capable of reaching 70% Good risk management within a certain period of time. To
progress to 70% Good risk management some of the gaps in the Leadership section will need to be addressed.

These gaps will be the processes/ practices that received a score of 0 in the Good sections of the Leadership element. List these gaps in the
Gaps identified/ Risk column in the Risk Improvement Plan below.

Assess any further action that needs to be taken to address these gaps and list under the Required Actions column.
Risks
The Risks that threaten objectives sections (at the end of each Element) identifies the risks to which your organisation is currently exposed.
Calculate the grading of each risk identified using the Risk Calculation Table below.

In calculating the risk assess the likelihood of the event/ activity occurring and the consequence to your organisation. For example, if the
likelihood of incurring bad debt is likely and the consequence to your organisation would be major then your overall risk ranking for bad debt
would be B.

An example of a Risk Calculation Table (see below) which has been specifically calibrated to a particular organisations tolerance for risk.
Complete the blank risk calculation table template according to your organisations tolerance for risk and organisational circumstances. Use this
Risk Calculation Table to grade the risks.


Risk Calculation Table Sample

LIKELIHOOD CONSEQUENCE

Insignificant (1)

Minor (2) Moderate (3) Major (4) Extreme (5)
Almost certain (5) B B B A A
Likely (4)
B

B B B A
Possible (3) C B B B B
Unlikely (2) C C B B B
Rare (1) C C C B B


Risk Calculation Table Template

In the Risk Improvement Plan, list the risk under the gaps identified/ risk column and then list the risk grading under the Priority (A, B, C)
column.

After listing current controls, assess any further actions needed to control the risk and list them in the Required Actions column.

LIKELIHOOD CONSEQUENCE

Insignificant (1)

Minor (2) Moderate (3) Major (4) Extreme (5)
Almost certain (5)
Likely (4)
Possible (3)
Unlikely (2)
Rare (1)

Risk Improvement Plan
Item
No.
Gaps identified/ Risk Priority
(A,B,C)

Current
Controls
Required
Actions
Acceptable?
(Yes/ No)
Whom
(person
responsible for
managing the
risk)
When
(time by which
risk control
must be
implemented)
Determine the level of
risk by using the above
Risk Calculation Table


Abbreviations
Item Description
CEO Chief Executive Officer
CRM Client Relationship Management System
EBA Enterprise Bargaining Agreement
FAR Financial Accountability Requirement
HR Human Resources
IR Industrial Relations
KPI Key Performance Indicator
OHS Occupational Health and Safety
PROS 07/ 01
Standard
Public Record Office Standard General Retention and Disposal Authority for Records of Common
Administrative Functions


Definitions
Item Definition
Compliance The conduct of adhering to and demonstrating adherence to applicable laws and regulations. Organisations
should list all applicable laws and regulations pertaining to the conduct and/ or performance of the core
process, sub-process and activities within each sub-process.
Controls linked to
risk
Controls are policies, procedures, systems, etc, which may or may not be put in place to provide reasonable
assurance that the risks are mitigated and/ or reduced to a level acceptable (based on risk appetite) to
achieve the objectives.
Objectives Definition, reason and scope of the element.
Risk Effect of uncertainty on objectives
Risk control Actions implementing risk decisions.
Risk criteria Terms of reference against which the significance of a risk is evaluated.
Risk evaluation Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its
magnitude is acceptable or tolerable.
Risk identification Process of finding, recognising and describing risks.
Risk management Coordinated activities to direct and control an organisation with regard to risk.
Risk management
framework
Set of components that provide the foundations and organisational arrangements for designing,
implementing, monitoring, reviewing and continually improving risk management throughout the organisation.
Risks which threaten
process objectives
Risks which may threaten the attainment of objectives.
Stakeholder Any individual, group or organisation that can affect, be affected by or perceives itself to be affected by, a risk.


LEADERSHIP

Objectives Authority, accountability, stewardship, leadership, direction and control exercised in an organisation, including:
o Relationships and interactions between a Service Provider and stakeholders, including government.
o Relationships and interactions between the Board and management.
o Accountability and compliance arrangements.
o Responsibility of Boards for ensuring good governance by determining strategic direction, ensuring legal
compliance and sound financial governance.
o Risk management and monitoring and evaluating results and achievements

Applicable? Core outcomes Yes = 1/ No = 0 % compliance

Basic
o Board Charter

Total points

............ % Basic


Good
accountabilities
o Governance framework (formal)
o Board approved Delegations Policy
o Board meeting procedures documented
o Board has an annual work plan in place
o Audit Committee or equivalent (for financial compliance)

Total points

............ % Good

Best
accountabilities
o Governance framework reviewed regularly
o Board approved Delegations of Authority
o Board meeting procedures documented
o Board has an annual work plan in place
o Audit and Risk Committee(s) in place to oversight all risk
areas

Total points

............ % Best


SKILLS OF BOARD
Basic
o Board is aware of the skills and expertise required of the
Board
o Board understands roles and responsibilities
o Selection criteria for Board members and CEO

Total points

............ % Basic

Good
o Board is aware of the skills and expertise required on the
Board and has taken measures to address gaps in skills/
expertise
o Understands roles and responsibilities and provides
strategic direction
o Induction program for new Board members in place
o Training program for Board in place
o Selection criteria for Board members and CEO
established, and effective recruitment of Board members

Total points

............ % Good

Best
o Board members have the necessary skills and knowledge
to ensure compliance including, but not limited to,
financial, operational, legal, risk and governance issues
o Board understands roles and responsibilities and provides
clear strategic direction and performance targets
o Induction program for new board members in place
o Training and succession program for Board
o Ongoing development for Board members
o Performance management of Board members and Board
o Selection criteria for Board members and CEO and
effective recruitment and retention of board members
o Board regularly reviews its effectiveness
o Board sets and supports risk management culture

Total points

............ % Best
AUDIT & COMPLIANCE
Basic
o Regular (monthly) meetings
o Meetings follow a meetings procedure, including agendas
and minutes
o Regular oversight reports
o Annual financial reporting and external financial audit as
o Reporting processes with formal terms of reference for
each committee formed



Total points

............ % Basic

Good
o Regular (monthly) meetings
o Meetings follow a meeting procedure, including agendas
and minutes
o Regular oversight reports on key systems and high risks
o Internal Audit Program in place for financial compliance
o Reporting processes with formal terms of references for
o Policy framework in place

Total points

............ % Good

Best
o Regular (monthly) meetings where minutes are prepared
and circulated
o Meetings follow a meetings procedure and Terms of
Reference, including agendas and minutes
o Regular oversight reports on key systems and high risks
o Reporting includes:
- Progress against strategic and annual plans
- Risk and risk controls
- Financial reporting (short-term and long-term)
o Internal and external audit program linked to key risks
o Audit recommendations actioned
o Reporting processes with formal terms of reference for
o Policy framework in place
o Governance requirements are documented, understood
and implemented at Board and management levels
o Compliance to regulatory requirements is monitored and
reviewed on a regular basis

Total points

............ % Best



Risks that threaten objectives Controls linked to risks
Poor technical/ competency skills of Board members o Technical skills courses
o Recruitment process
o Expectations of Board members clearly communicated
o Governance framework Board charter, Board
committees
o Regular Board meetings (at least quarterly)
o Board members with relevant skills and knowledge
o Induction manual and training program
o Training system for Board
o Rigorous Board program of service visits and briefings
Ineffective Board o Evaluation of Board performance and self-assessment
o Governance training
o Board succession plan
Failure to attract and retain Board members o Effective recruitment systems and processes
o Effective induction and training processes
Poor quality of governance

Disconnect between governance and the behaviour
demonstrated by the organisation
o Governance framework
o Performance management framework
o Communications framework
o Reporting framework
No Vision or drive or strategic direction from Board o Board with appropriate skill set and competence
o Inclusion in annual planning processes
Poor link between planners and agency governance o High level networking
o Involvement of key stakeholders in major strategy
meetings
Loss of funding o Process, timeline, communication and audit
Failure to move to accreditation o Accreditation or third party assurance


Lack of clarity of accreditation requirements

Service requirements not clear 3 years out
o Universal commitment to quality and safety
o Robust quality policy and procedures
o High level networking
o Service requirements forecast and linked to Strategic Plan
Increasing levels of regulation, monitoring and compliance o Best practice management system
o Total Quality Framework
o Compliance register monitored
Non-compliance o Quality assurance system in place which is monitored and
reviewed regularly
o Rewards and penalties considered as part of the
organisations performance management system

Compliance o Funding and Service Agreement
o Standards for Client services in Victoria 2007
o The Human Rights and Responsibilities Act 2006
o Sex Discrimination Act 1984
o Occupational Health and Safety Act 2004
o Corporations Law

Comments/
additional
risks &
controls


STRATEGY & PLANNING

Objectives To define and guide the direction of the organisation, in the short and long-term, and make informed decisions on
allocating resources to pursue the organisations strategic and operational objectives and plans

STRATEGIC PLANNING
Basic
o Board sets Vision, Mission and Goals
o Board meets to plan annually
o Strategic Plan in place
o Annual Business Plan in place

Total points

............ % Basic

Good
o Three year Strategic Plan with clear Goals, objectives and
direction
o Strategic planning process linked to and supports
business plans, reporting processes and decision making
o Board sets Vision, Mission and Goals and reviews Vision
and Mission every three years
o Performance indicators and targets are set and cascaded
through to Departmental/ Unit Performance Plans (and
measurement)
o Board meets to review performance against plan every six
months
o Consultation with stakeholders in the context of the
strategic planning process
o Strategic planning cycle includes risk identification
o Key stakeholders are involved in planning
o Financial and capital plans aligned to annual business
plans and strategic objectives

Total points

............ % Good

Best
o Three - five year Strategic Plan with clear Goals, SMART
objectives and direction
o Strategic planning process linked to and supports Vision,
Mission, Values, operations, organisational capacity and
financial performance
o Board sets Vision, Mission and Goals and reviews Vision
and Mission every three years
o Business plans developed by management and staff
o Performance indicators and targets are set and cascaded
through to Departmental/ Unit and individual Performance
Plans (and measurement)
o Board meets to plan quarterly
o Strategic planning cycle includes risk identification
o Strategic Plan communicated to primary (employees,
service users, suppliers, etc) and secondary (broader
community/ local government etc.) stakeholder groups
which are involved in planning
o Knowledge and information to inform planning (monitoring
trends/ forecasting)
o Financial and capital plans aligned to annual business
plans
o Strategic Plan and business plans updated annually
o Strategic planning factors in future service provision
requirements, based on factors including changing
demographics of society

Total points

............ % Best


RISK MANAGEMENT
Basic
o Appropriate insurances are in place
o Risk management processes designed but not
implemented
o Legislative requirements listed

Total points

............ % Basic
Good
o Appropriate insurances are in place
o Risk management roles and responsibilities defined
o Risk management framework and process in place and
operating effectively, efficiently and adequately within the
organisation
o Board approved risk management policy
o Risk register in place and reviewed at least quarterly for
improvement of priority risks
o Risk is considered as part of planning
o Legislative requirements listed
o Business continuity plans developed and tested
o An emergency response plan exists

Total points

............ % Good

Best
o A managed insurance portfolio is in place
o Risk management roles and responsibilities actively lived
out in the organisation
o Comprehensive Risk Management Framework and


process are operating successfully in the organisation
o Risk Management framework monitored for continual
improvement
o Risk is considered as part of planning, budgeting, major
projects and decisions at all levels of the organisation
o Board approved risk management policy and plan
o Risk Management Framework aligned to organisational
objectives and organisational culture
o Risk Management process fully embedded within the
organisations existing processes
o Risk register aligned to Strategic Plan and reviewed at
least quarterly for improvement of priority risks
o Employees have been trained in risk management and
understand their role
o Adequate resources are provided for risk management
activities
o Risk management is a standing agenda in all meetings
and as a standard reporting item in reports
o Risk treatment plans are developed for priority risks and
reviewed bi-monthly for progress
o Risk-based decision making is embedded at all levels of
the organisation and is part of normal decision making
processes
o Risk-based assurance and audit planning
o Legislative requirements listed and constantly monitored
for changes
o Compliance matrix in place and constantly monitored for
non-performance
o Business continuity and emergency management plans
developed, tested annually and evaluated

o An emergency response plan exists and is tested regularly

Total points

............ % Best
EVALUATING PERFORMANCE AGAINST TARGETS
Basic
o Progress against organisational Goals measured
o Quarterly review against annual Business Plan and
outcomes

Total points

............ % Basic
Good
o Evaluation process in place to measure organisational
progress against Goals and targets
o Quarterly review against annual Business Plan and
outcomes feed into medium-term Strategic Plan review (at
the end of each year)
o Basic variance analysis reports monthly to Board and
management

Total points

............ % Good

Best
o Evaluation process in place to measure organisational
progress against Goals, objectives and targets
o Business plans and targets clearly communicated and
understood by everyone throughout the organisation
o Performance management is actively used to drive
performance against targets
o Employees involved in setting organisational objectives
o Organisational outcomes are measured against objectives
annually and targets adjusted accordingly
o Monthly reporting and review against annual Business
Plan and outcomes with in depth variance analysis
including:
- Variance against financial and capital plans and
budgets
- Variance against Strategic Plans and objectives
- Progress of implementing risk treatment plans,
especially for high and extreme risks
o Variance analysis reports monthly to Board and
management

Total points

............ % Best



Risks which threaten objectives Controls linked to risks
Mission drift/ poor strategic and business planning o Strategic Plans and objectives developed and reviewed
o Annual Business Plans and budgets developed, aligned to
strategy and regularly reviewed
o Regular reporting against plans and budgets
o Performance indicators developed and reported against
o Establish an overarching Risk Management Framework
o Establish business continuity/ emergency/ pandemic plans
o Strategic direction is well communicated to and
understood by all key stakeholders
o Staff understand where they fit within the bigger
(organisational) picture
o Communications process and plan
o Gain broad organisational input in planning process
o Governance framework
o Board of Directors training plan

Strategy not being actioned or reviewed o Communication with staff
o Systematic cascading of objectives throughout the
organisation, ensuring line-of-sight of individual
performance for achievement of objectives
o Use tools like the balanced scorecard
o Strategy review process
o Planning, reporting and monitoring processes
o Action plan which is communicated to all staff, linked to
operations and reviewed regularly
o Strategic Plan linked to operational strategies and
individual KPIs
o Get broader organisational input and capacity to
completely review
o Embed risk management process into all decision making
process at all levels of the organisation
o Understand internal and external environments including
forecasting, trend analysis, etc.
o Flexible strategic planning process, informed by evidence,
data analysis, etc.
o Adequately/ appropriately skilled staff in key positions
o Adequately/ appropriately skilled Board/ Committee
Disconnect between operations, Vision and government policy
direction
o Clear understanding within organisation of Vision,
objectives and targets
o High level networking
o Stakeholder involvement in strategy meetings
o Clear communication to all stakeholders of strategic
direction

Loss of business

Privatisation of aspects of the business
o Marketing/ Communication Plan
o Collaboration with other Service Providers and
consideration of alliances, joint business or diversification
opportunities
o Understand and analyse market trends and potential
impacts to ensure responsiveness
o Knowledge management
Loss of funding/ insolvency o Include all stakeholders in strategic planning and review of
annual Business Plans
o Budget / plans supported by sensitivity analysis
Loss of opportunities and reputation o Regular review of Strategic and Marketing Plan
o Regular consultation with stakeholders, clients and
community
o Effective public relations/ stakeholder Communications
Plan
Loss of community support o Community involvement in planning
o Continuous improvement
o Improved public profile
o Effective public relations/ stakeholder Communications
Plan
Poor governance with no succession

Cultural change timeline may be too fast

No link between governance and service delivery
o External/ internal audits/ assurance
o Succession plans
o Review mechanism
o Communications/ reporting framework
o Implementation plan which supports Strategic Plan
o Targeted recruitment
o Clear change management focus in business plans
o Rigorous Board program of service visits and briefings

Poor legal advice o Understanding the legal contract
o Monitoring key contract terms, conditions and service
levels
o Diversified legal advice
Major catastrophic event e.g. fire/ flood o Tested and regularly reviewed business continuity and
emergency response strategies and plans
o Adequate and regularly reviewed insurance cover

Compliance o XX

Comments/
additional
risks &
controls


FINANCIAL MANAGEMENT

Objectives The organisation is responsible for the stewardship and proper accounting of its income/ funding, expenditure, assets
and liabilities. It ensures integrity and completeness of financial information

BUDGETING
Basic
o Annual budgeting process
o Regular monitoring and review of budget vs. actual
o Accurate costing to cover overheads
o Annual operational and capital budgets in place for short-
term (One year)

Total points

............ % Basic
Good
o Medium-term budgeting process (operational and capital
expenditure) with 1-3 year outlook
o Regular cash flow analysis
o Monthly monitoring and review of budget vs. actual
o Basic variance reporting against budget and capital plan
o Operational and capital plans and budgets aligned to
strategy and annual Business Plans
o Board approved medium-term financial strategy (up to 3-
year timeframe)

Total points

............ % Good

Best
o Long-term budgeting process (operational and capital
expenditure) with 3-5 year outlook
o Cash flow projections reported and managed
o Monthly monitoring and review of budget vs. actual
o Advance variance reporting against budget and capital
plan
o In depth variance analysis against budget and capital
plans
o Board approved long-term financial strategy (3 - 5 years +)
o Board approved budgets to match annual/ operational
plan
o Capital expenditure budget and planning
o Effective financial performance indicators established (for
example revenue, debtor days, financial ratios, etc.)
o Operational and capital plans and budgets aligned to
strategy and annual Business Plans
o Long-term financial strategy benchmarked and factors in
external financial environmental trends considered

Total points

............ % Best
AUDITING & REPORTING
Basic
o Annual financial reporting and auditing
o Regular reconciliation of funding budgets
o Ad-hoc/ some internal/ external audit function

Total points

............ % Basic

Good
o Effective internal/ external audit function
o Financial Management Framework reports to Board

Total points

............ % Good
Best
o Effective internal audit function (risk-based approach to
audit planning)
o Audited Financial Management Framework/ process in
place and reports on progress submitted to Board
o Attestation against Victorian Government Risk
Management Framework (if applicable)
o 1-3 year audit/ assurance plan
o Audit recommendations are implemented and monitored
o Financial strategy monitored and in line with organisational
strategy/ growth projection

Total points

............ % Best
ASSET MANAGEMENT
Basic
o Asset register in place

Total points

............ % Basic

Good
o Capital works plans and modelling
o Procurement policies, systems and processes
o Facilities management program
o Basic asset maintenance program in place

Total points

............ % Good
Best
o Asset register in place and updated regularly
o Capital works plans and modelling
o Procurement policies, systems and processes
o Asset management plan linked to strategy
o Facilities management system
o Comprehensive asset maintenance program in place

Total points

............ % Best
SYSTEMS & PROCESSES
Basic
o Pricing process documented for services provided
o Accurate recording of invoices and receivables
o Regular reconciliations
o Chart of Accounts
o Financial System copes with reporting requirements
o Financial delegations documented

Total points

............ % Basic

Good
o Pricing process and strategies for services provided
documented
o Cost structure caters to volume fluctuations
o Accurate and timely recording of financial transactions
o Monthly reconciliations
o Timely invoicing and receivables follow-up
o Accurate recording of invoices and receivables
o Standard Chart of Accounts
o Integrated accounting/ financial system
o Financial system copes with reporting requirements
o Financial policies and processes documented
o Financial delegations documented, approved and
communicated
o Procurement policies and systems in place
o Financial management processes are implemented at
departmental level
o Financial drivers understood, business model calculations
show viable business

Total points

............ % Good

Best
o Pricing process and strategies for services provided
documented
o Cost structure caters to volume fluctuations
o Monthly reconciliations
o Timely invoicing and receivables tracking
o Regular monitoring of financial statements and
performance
o Accurate and timely recording of financial transactions
o Standard Chart of Accounts
o Integrated accounting/ financial/ CRM system
o Financial System copes with reporting and analysis
requirements
o Financial policies and processes documented
o Financial delegations documented, approved,
communicated and audited
o Financial management framework in place, including
procurement policies and systems
o Financial management processes are implemented
throughout the organisation
o Financial drivers understood, business model calculations
show viable business which supports growth
o Financial modelling, including trend analysis and business
case approvals process

Total points

............ % Best

FUNDING, FUNDRAISING & INVESTMENT
Basic
o Short-term funding stability
o Fundraising conducted on ad-hoc basis
o Board approved investment policy

Total points ............ % Basic
Good
o Medium-term funding stability
o Fundraising conducted on regular basis
o Fundraising compliance to standards
o Fundraising events (if applicable) include relevant
stakeholders
o Board approved investment strategy to ensure operational
continuance
o Consistency of income/ revenue stream and cash flow
o Board approved investment policy and procedures in
place

Total points

............ % Good

Best
o Long-term funding stability (multiple/ diverse income
streams/ sources)
o Fundraising conducted on regular basis with an annual
calendar of events planned
o Fundraising compliance to standards
o Fundraising events (if applicable) include relevant
stakeholders
o Submission writing for fundraising
o Investment returns benchmarked against market rate
o Board approved investment strategy/ policy/ procedures in
place
o Consistency of income/ revenue stream
o Strategies and procedures for investment include short-
term and long-term strategies to ensure operational
continuance

Total points

............ % Best
CASH & CASH-FLOW MANAGEMENT
Basic
o Cash handling process
o Billing and collection process
o Basic internal controls
o Segregation of duties

Total points

............ % Basic

Good
o Documented cash handling system, including security
arrangements
o Billing and collection system
o Cash flow and debt levels managed
o Credit card and direct debit facilities in place as needed
o Fraud control plan communicated
o Bad debts policy

Total points

............ % Good
Best
o Documented cash handling system, including security
arrangements
o Billing and collection system
o External service is used for debt collection as needed
o Timely payment on all Financial commitments
o Cash flow and debtor days managed
o Cash flow projections and cash management
o Cash flow statement prepared and reviewed quarterly
o Flexible payment options exist, e.g. EFTPOS, credit cards,
direct debit, etc
o Fraud control plan and whistle-blowing procedures
communicated
o Bad debts and write-off policy

Total points

............ % Best


Financial targets not monitored or modified
Strategy execution ineffective
o Ongoing monitoring of financial activity and cash flow
o Regular financial reporting and analysis
o Financial KPIs linked to strategy
o Constant review of business trends and environment
o Regular review of business and cost model
o Business and cost model aligned to strategy
Unable to attract clients o Marketing
o Delivery of services aligned to individual needs
Lack of upfront funding negatively impacting cash flow o Regular financial monitoring and reporting
o Good cash flow and debtor management systems
Risk of client purchasing service elsewhere
Reduced service delivery

o Clear statement of agreed service provided
o Marketing Plan
o Selling to the client
o Sound financial and cost control practices
o Accurate unit costing
o Intake of clients managed
o Staff training and development
o Recruitment of staff
Fundraising does not meet budget o Increase applications
o Due diligence, project management
o Regular reporting on fundraising program
o Increased community/ public profile
o Organisations Mission understood by philanthropists

Poor financial governance o Governance framework for entire organisation
o Finance and Audit Committee (or similar)
o Accountabilities and responsibilities clearly defined.
Criminal/ departmental investigation o Complaints systems and external audits
Loss of funding and service agreements o Compliance register/ matrix
o Compliance monitored and measured
IT systems have no capacity for growth/ unable to be supported o Use and/or build IT capacity within organisation
o Seek business expertise through recruitment/ networking
o Capacity planning
Lack of staff capacity and capability o Staff trained in financial cash-flow and debtor
management
o Business education
Budget not linked to strategy o Integrated financial and performance management
systems
o Strategic planning ensures budgets are aligned to
organisational Goals/ outcomes
o Regular review to ensure alignment of budget with
Strategic Plan
o Maintaining funding and service agreement
o Monitoring cash flow and debts
o Maintain awareness of IR/ employment changes
o Clear operational communication to the Board or
Committee
o Board or Committee has appropriate financial /
operational expertise

Incorrect costing of individual services/ overheads

Cost and effort duplicated
o Review of current and anticipated overheads
o Review of service costing
o Regular reporting on anticipated service demand
o Recover with administration fee
Bad debt

Damage to reputation re: debtor management
o Bad debt policy and review process
o Write-off policy
o Debt collection policies and procedures
o Regular review and monitoring
o Invoicing methods such as prepayment, penalty clauses,
etc. included in service agreement
o Service agreement clearly communicated and understood
by client
o Relationship management
Unable to adapt to industry reform o Systems include forecasting of financial, service delivery
and recruitment/ retention statistics
o Strategy includes contingency planning across all sectors
of the organisation
o Skill/ capability gap analysis conducted and measures
taken to address gaps
Client not authorising invoicing or delaying payment of invoice o Standard sector terms and conditions for invoicing
Lack of cash for long-term asset management o Perpetual maintenance investment policy
o Cash flow monitoring and review
Loss of assets o Asset register
o Security processes
o Internal controls
o Fraud control plans and whistle blowing procedures

Armed hold-up or robbery o Contract for cash collection
o Insurance
o Use alternate payment methods, including EFTPOS,
credit card, direct debit
o Minimise cash accepted
Cash flow (particularly around the delayed payment process)

Insolvency
o Cash flow monitoring and review cash flow management
o Monitoring budgets by major program, services or activity
o Review and follow up of budget and period-to-period
operating variances in a timely manner
o Review and discuss operating results with management
and Board in a timely manner
o Debtor management
o Debt collection procedures
o Electronic transfer of funds system developed for
electronic tracking
Lack of tracking and monitoring of funding o Processes and consistency of electronic transfer of funds
and tracking
o Client management system which feeds into financial
systems i.e. payroll/ financing
o Inter-connected financial systems
Suppression or overriding of internal controls o Documenting decisions regarding non-routine transactions
o Implementing monitoring programs
o Fraud control plan

Investment policy not meeting requirements of Strategic Plan o Effective Board oversight of investment policy with regular
meetings
o Investment management expertise
o Transaction review
o Use of performance indicators
o Regular position monitoring, review and reporting
Wage increases/ costs increase o Robust budgeting system
o Effective cost control policies and procedures
o Human resource policies and procedures
o Quickly adaptable and responsive pricing process
Fraud o Segregation of duties
o Delegations process
o Internal and external audit plan
o Management control
o Fraud control plan and whistle-blowing procedures
o Investigation and termination policy (human resource)
o Information security policies and procedure
Government legislation/ direction affects financial position o Maintain close relationships with government
o Be proactive/ innovative for early response
Economic climate o Robust budgeting system
o Effective monitoring system
o Investment policy and procedure
o Diversified investment strategy
o Regular market reviews and reports
o Capital guaranteed investments
o Investment committee oversight and approvals


Compliance o Financial Management Act 1994
o Audit Act 1994
o Financial Management Regulations 2004
o Government regulations
o Standards for Client services in Victoria 2007
o Pricing regulations
o National Competition Policy
o Funding and Service Agreement
o Fundraising Appeals Act 1998

Comments/
additional
risks &
controls


INNOVATION, QUALITY & IMPROVEMENT

Objectives o Ensure that the organisations service delivery systems are flexible, dynamic and support the needs and
requirements of clients.
o Ensure the organisation is operated in an efficient, effective manner, adhering to applicable quality principles
and practices.

POLICIES & PROCEDURES
Basic
o Consistent core policies and procedures for each section
of the organisation documented and applied
o Incident reporting policy followed
o Complaints/ feedback documented and measured
o Personnel informed of procedures
o Service provider fulfils requirements (where required) as
outlined in Acts and Regulations

Total points

............ % Basic

Good
o Standard policy and procedures manual, incorporating
core policies and operating procedures for each section of
the organisation, that is reviewed on a regular basis
o Policies and procedures discussed regularly in staff
meetings
o Incident reporting policy followed with incidents
investigated
o Complaints/ feedback documented and measured
o Personnel trained in relevant procedures
o Quality, OHS and environmental management systems
developed and implemented

Total points

............ % Good
Best
o Standard policy and procedures manual reviewed as per
the review schedule - includes a proper referencing
system with change controls put in place
o Policies and procedures discussed regularly in staff
meetings
o Incident reporting policy part of incident management
process which includes tracking and identification of
incident trends
o All staff receive copies of the policies and procedures
which are reinforced at staff meetings
o Regular supervisory inspections (monthly) are conducted
to ensure employees follow procedures
o Regular systems audits are conducted, both internally and


externally
o Services provided by external sources (suppliers, etc) are
monitored for compliance with Integrated management
system requirements
o Quality data included in evidence-based decision making
o Process and operations trend analysis conducted for
continual improvement opportunities
o Systems that can deal with growth, adaptable and
scalable
o Integrated management system in place including:
o Financial management system
o Risk management system
o Quality management system
o OHS management system
o Environmental management system
o Incident/ feedback/ complaints management
system
o Evidence collected to measure how clients are impacted
by service - trend analysis on client outcomes.
o Complaints management system in place

Total points

............ % Best

SERVICE DELIVERY
Basic
o Service Provider maintains registration (if applicable)
o Client needs evaluated and planning for support
conducted
o Case referral to various service providers (if applicable)
o Service costing developed and communicated to client
o Information on service and costing is provided to client in
an accessible format
o Client plan developed and documented
o Deliver and monitor service
o Regular review of client plan

Total points

............ % Basic
Good
o Service provider maintains registration (if applicable)
o Client needs assessed in detail, evaluated and planning
for support conducted
o Client plan developed, documented and communicated to
client
o Regular feedback sought from client
o Exit survey given to clients, as needed



Total points

............ % Good
Best
o Service provider maintains registration (if applicable)
o Client needs assessed in detail, evaluated and planning
for support conducted
o Needs assessment and service plan takes into account
clients aspirations and quality of life
o Client plan developed, documented and communicated in
conjunction with client
o Client plan takes into account safety and security of clients
and staff
o Client plan documented with service level agreements
o Client plan contract includes terms and conditions
o Regular feedback sought from client
o Exit survey given to clients, and comments inform quality
process

Total points

............ % Best

QUALITY
Basic
o Quality management plan for short-term (1 year outlook)
o Quality policies and procedures
o Quality benchmarking
o Services monitored and evaluated regularly
o Service users involved in quality self-assessment
processes
o Quality accreditation of services maintained

Total points

............ % Basic
Good
o Quality management plan for medium-term (1-2 year
outlook)
o Quality management framework, including quality policies
and procedures
o Robust quality management system which is client
focussed
o Quality benchmarking and progress reviewed
o Streamlined processes and procedures
o Continuous improvement program/ processes
o Services monitored and evaluated regularly and
suggestions made for improvement
processes and assist in quality self-evaluation

Total points

............ % Good

Best
o Quality management plan for long-term (1 - 3 year
outlook)
o Accredited quality framework, continuous certification
o Quality management framework
o Robust quality management system which is client
focussed
o Quality benchmarking is used as basis for long-term
Quality management plan (3 5 year outlook)
o Streamlined processes and procedures
o Employee involvement/ input is actively sought
o Employees/ teams are involved in continuous
improvement
o Organisation actively promotes and drives continuous
improvement
o Continuous improvement program/ processes in place
o Services monitored and evaluated with proactive
improvement plan in place
processes and assist in quality self-evaluation and
benchmarking

Total points

............ % Best

INFORMATION MANAGEMENT
Basic
o Records maintained
o Transparent information and reporting systems
o Systems able to collect data and meet reporting
requirements

Total points

............ % Basic
Good
o Effective records management system
o Integrated information systems (including IT/ technology)
o Information Security Policy
o Privacy and Access Policy
o Records stored in secure place
o IT/ electronic records backed up regularly
o Systems able to collect data and meet reporting
requirements

Total points

............ % Good

Best
o Integrated Records Management System with Client
Relationship Management database
o Fully integrated information and financial management
system
o Effective knowledge management
o Information Security Policy and Procedures, including
maintenance, storage and destruction of client records
o Privacy and Access Policy and procedures
o Records stored in fire/ flood proof facility
o IT records backed up daily to off-site/ third-party facility
o Systems collect data efficiently and meet reporting
requirements

Total points

............ % Best
ASSET MANAGEMENT
Basic
o Regular inventory inspection to monitor movement,
condition and maintenance service records of assets

Total points

............ % Basic

Good
o Preventative maintenance schedules in place to maintain
assets
o Forward planning for future replacement of assets
o Contract management process in place
o Out-of-hours access managed
o Work-order process in place

Total points ............ % Good

Best
o Asset Management System in place
o Preventative maintenance schedules in place to maintain
assets
o Facilities management
o Monthly progress reporting against key preventative
maintenance schedules
o Asset life-cycle methodology is used to identify planning,
acquisition, operations and maintenance and disposal for
current and future capital assets
o Contract management and administration processes and
systems in place
o Out-of-hours access managed
o Maintenance planning is linked to preventative
maintenance system
o Physical security process in place
o Work-order system in place

Total points

............ % Best



Loss of key supply or supplier (e.g. gas) o Contract management process (service level agreements)
o Supply chain management
o Business continuity/ emergency management plans
o List of approved suppliers
o Inventory policies and stock-piling
o Stakeholder relationship management
Record deterioration or loss of information

Inadequate information to inform decision making damage to
reputation
o Information management system
o Analysis and testing of decision processes
Drought/ water restrictions o Environmental systems
o Determine carbon footprint
Ageing assets/ infrastructure o Preventative maintenance plan
o Capital budgeting
o Capital replacement program
o Long-term investment strategy
IT virus/ security o IT Disaster recovery plan (part of business continuity and
emergency management plans)
o Access control
o Information security policy

Poor quality, client complaints, unmet client needs o Policies and procedures, integrated management system
o Employee training
o Client complaints system
o Client satisfaction survey
o Employee performance management system
o Client plan monitored at regular intervals and progress
measured against client Goals.
o Client plans include supports and services which reflect
individual client priorities
o Active engagement in community networks and area
planning processes
Unauthorised disclosure of confidential information o Establish security and privacy policies and monitor
implementation
Absence of risk analysis around cross-sector systems o Risk Management Framework
High staff and client turnover o Marketing/ Communication Plan
o Client and staff satisfaction surveys
o Regular communication with staff
o Consultation with stakeholders, internal and external
o Management of fluctuations in staff/ asset levels
Loss of funding o Networking with key stakeholders in government
Loss of community support and reputation o Continuous improvement
o Regular review and consultation with community
o Relevant target group

Inefficient system resulting in loss of income

Service quality reduced through dispersing service provision

o Review actual against targets
o Review Business Plan approach
o Communication accurate, current, relevant
o Brand recognition
o Community networks
o Sales/ marketing strategy
o Establish policy and process formulation and review
system
o Integrated quality management system
o Robust sub-contracting arrangement which ensure
accountabilities can be met
Non-compliance/ failure to move to certification o Quality assurance and management system
Unclear organisation/ service requirements

o Intelligence gathering
o Policy and procedures
o Accreditation/ third party assurance
o Universal commitment to quality
o Robust quality management system

Service model change not being implemented o Service model established which reflects self-directed
approach to service delivery
o Constant revising of self-directed approach and client
centred model
o Learning and development opportunities for clients and
staff about service delivery
o Consultation and regular review and action
o Location monitoring
o Monitor service provided
o Peer support link to broader team
o Adapt to consultation, regular review and refine Strategic
Plan based on feedback from stakeholders
o Adapt to monitor and review supports and services
provided
Failure to adequately plan for future services and cost of service
delivery
o Assess and review business requirements
System break down system not meeting needs o Regular audit of systems
Not meeting legislative requirements, including requirements for
registration
o Information provided on registration requirements as per
the relevant legislation
o Process consistency across regions
Inadequate information regarding the outcomes of support and
service delivery

o Clearly defined information provided to organisations and
clients regarding the level of support and services
o Information includes terms of self-directed planning and
funding which supports the funding and expenditure of
service/ support provision

Lack of resources to provide service/ respond to request

Lack of assessment in planning
o More targeted resources
o Forecast required resources
o List of options, including for referral to another service
provider
o Information sourced to enable accurate assessment
o Skilled/ competent planners/ facilitators/ case manager
o Management/ assessment strategies to determine
continuation of service provision for individual
Changes in client requirements during approval process o Flexible services
o Ensure accurate and current information relating to the
needs of clients
Ad-hoc solutions

Provision of support for which there is no funding/ allocation in the
budget
o Systemic, planned approach
o Clear contingency plan to enable short-term response
solutions with clear review processes
o Proactive support
Too many referrals overwhelm service delivery capacity o Contracting
o Regular communication with other service providers with
regard to distributing service delivery
Loss of business o Contingency planning on loss of clients
Information theft o Regularly reviewed and tested information management
systems
o Controlled and reviewed access delegations


o Freedom of Information Act 1982
o Health Act 1958
o Information Privacy Act 2000
o Public Records Act 1973
o Water Act 1989
o Record management policy, procedures and system as per PROS 07/ 01 Standard.
o Local Government requirements

Comments/
additional
risks &
controls


PEOPLE

Objectives o Attract and retain skilled and competent employees to achieve organisational Goals at the minimum cost
necessary, considering best value service delivery with regard to quality and the organisations operating
environment.
o A skilled workforce of managers and workers with the right values and with structured and well developed
career paths
o Staff empowerment
o Workforce planning

RECRUITMENT & RETENTION
Basic
o Recruitment process for qualified / skilled/ competent
people
o Clear position descriptions exist for each role
o Effective pre-employment screening
o Staff retention measured
o Informal HR policies/ systems

Total points

............ % Basic

Good
o Recruitment and retention strategy
o Clear position descriptions exist for each role
o Effective pre-employment screening
o Staff retention measured regularly
o Workforce is working towards multi-skilling
o Employee satisfaction surveys are conducted on an ad-
hoc basis
o Staff reward/ recognition
o Staff satisfaction and engagement
o Staff turnover and absenteeism are measured with
corrective action taken
o Well functioning HR system
o Long-term workforce planning based on the likely client
demographic
o A culture of value and respect for colleagues is fostered
o Staff suggestion scheme
o Industry benchmarking undertaken for remuneration
o Exit interviews are conducted when staff leave and
improvements made, where relevant

Total points

............ % Good

Best
o Recruitment and retention strategy - includes career
pathways and succession planning (including for Board
members)
o Clear position descriptions exist for each role and
reviewed regularly
o Comprehensive pre-employment screening
o Multi-skilled workforce
o Enterprise bargaining agreement
o Staff satisfaction and engagement measured through
regular surveys
o Staff recognition and rewards
o Staff turnover and absenteeism are measured and
reported, with timely corrective action taken
o Strong Human Resources function
o Long-term workforce planning based on the likely client
and workforce demographic trends
o Staff suggestion scheme
o Strategic planning includes collection of workforce data
and skills gap analysis
o Recruitment plan includes Action Plans for targeting
people with particular skills, including graduate recruitment
programs
o Reward and recognition program
o Competitive remuneration and conditions
o Exit interviews are conducted when staff leave and
improvements made, where relevant



Total points

............ % Best
LEARNING & DEVELOPMENT
Basic
o Learning and development strategy
o Orientation/ induction conducted for new employees
o All training is documented
o Training needs analysis conducted
o Post training evaluation conducted

Total points

............ % Basic
Good
o Learning and development strategy
o Induction training conducted and feedback sought on
quality
o A training program is provided for staff which encourages
multi-skilling
o Training is consistent with organisational objectives and
priorities
o Training is linked to performance assessment and
management
o All training is documented
o Empowered staff

Total points

............ % Good

Best
o Learning and development strategy aligned to
organisational objectives drives strong learning culture,
including leadership development and mentoring
o Learning and development support for staff results in
improved staff capabilities
o Induction/ orientation training conducted and feedback
sought on quality
o Learning program encourages multi-skilling
o Learning and development plans support current role plus
succession planning
o Training is consistent with:
- Service Providers objectives and priorities
- Roles and responsibilities of staff and volunteers
o Training is linked to performance assessment and
management
o Partnerships with educational and learning institutions
o Leadership development programs in place
o Training data is documented and maintained
o Staff feel empowered and supported
o Annual learning and development matrix established as
per training needs analysis

Total points

............ % Best

PERFORMANCE MANAGEMENT
Basic
o Expectations on performance levels articulated to staff and
documented
o Informal performance appraisal system

Total points

............ % Basic
Good
o Expectations on performance levels clearly articulated to
staff and documented
o Formal performance appraisal system
o Performance Management process in place linked to the
organisations Mission
o Timely, corrective action taken to address under-
performance

Total points

............ % Good

Best
o Strong performance management reporting framework,
including measurement of staff performance against
management stated expectations
o Formal performance management and appraisal system
linked to the organisations Mission
o Leadership driving values-based, high performance
culture
o 360-degree feedback process in place
o Timely, corrective action taken to address under-
performance
o Counselling in place to address under-performance

Total points

............ % Best
VOLUNTEER MANAGEMENT
Basic
o Volunteers and community participation are valued and
recognised

Total points

............ % Basic
Good
o Volunteers are:
- Inducted
- Supported
- Acknowledged
o Register of volunteers
o Compliance with applicable regulations



Total points

............ % Good
Best
o Volunteers are:
- Inducted
- Trained
- Supported
- Acknowledged
o Specific policies and procedures on volunteers
o Register of volunteers
o Compliance with applicable regulations and best practice

Total points

............ % Best
OHS
Basic
o OHS management system includes the identification,
management and monitoring of OHS risks
o All personnel have been given the appropriate training in
OHS duties
o Incident reporting system, including reporting on near
misses
o Personnel identify and report OHS issues and incidents
o Some employee consultation with Health and Safety
Representatives and OHS Committee on OHS risks

Total points

............ % Basic

Good
o Risk management process integrated into OHS system
o Incident/ feedback reporting system, including reporting on
near misses
OHS duties
o Personnel trained in key OHS risks
o Personnel identify and report OHS issues which are acted
upon
o Regular OHS inspections are conducted
o OHS issues discussed at regular staff meetings
o Employee consultation with Health and Safety
o Induction in WorkCover claims

Total points

............ % Good

Best
o OHS management system aligned with AS4801/ AS4804
o Risk management process integrated into OHS system
o OHS Culture including regular reports on health and
wellness
o All OHS risks have been systematically identified
o Key OHS risks are managed with treatment plans
developed and monitored as part of an integrated risk
management framework
o Incident reporting and OHS system includes near misses
reporting and is aligned with the risk management
framework with incidents reported, investigated and
followed up in a timely fashion
OHS duties
o Monthly OHS inspections and review are conducted
o Personnel identify and report OHS issues which are acted
upon
o OHS is a standing agenda item for staff meetings
o Regular OHS inspections and annual OHS systems audit
is conducted
o Regular employee consultation with Health and Safety
o Induction in WorkCover claims

Total points

............ % Best

COMMUNICATIONS
Basic
o Communication structure in place
o Process for staff complaints/ feedback
o Staff meetings held on ad-hoc basis
o Bulletin board/ verbal instruction main form of
communication

Total points

............ % Basic
Good
o Strong communications and feedback structures in place,
including weekly/ fortnightly meetings, newsletter, etc
o Regular staff meetings
o Process for staff complaints/ feedback incorporates an
annual Organisational Health Survey with results reported
back to staff
o Reporting and communication framework

Total points

............ % Good

Best
o Strong staff communications including regular staff
meetings and satisfaction surveys
o Formalised meeting structure and processes
o Formal reporting on monthly basis
o Frequent use of a wide variety of communication channels
e.g. intranet, newsletters, noticeboards
o Management and staff work together in addressing any
problems identified in the Organisational Health Survey
o Strong reporting and communication framework

Total points

............ % Best
CONTRACTOR MANAGEMENT
Basic
o Contractor briefed on OHS risks prior to commencing work
on site
o Contractor performs Job Safety Analysis upon arrival at
site
o Contractor regularly supervised by staff/ manager
o Contractors certificates and licences are required, where
required by law

Total points
............
% Basic

Good
o Contractor briefed on OHS risks prior to commencing work
on site
o Contract administration system in place
site
o Contractor regularly supervised by staff/ manager
o Preferred supplier list established
o Contractor selection process in place
o Adequate insurance coverage taken by contractors
o Contractors certificates and licences are required, where
required by law
o Basic contract management process in place

Total points
............
% Good

Best
o Contractor inducted onto site and briefed on OHS policy,
including risks and reporting procedures, and evacuation
procedures
o Contract management system in place that tracks key
deliverables
site
o Regular communication between contractor, staff and
management in regards to the progress of the work and
any risks involved
o Monitoring and supervision requirements established and
enacted by management
o Preferred supplier list established
o Contractor selection process in place
o Contractor payment system in place
o Adequate and appropriate insurance coverage taken by
contractors
o Active supply chain management
o Contractors hold appropriate professional accreditations or
certificates and licences
o Managing adherence/ compliance to agreed service levels
o Contract management system in place

Total points

............ % Best



Staff turnover/ loss of key personnel o Targeted recruitment and retention strategies
o Rewards and recognition
o Succession planning
o Exit interviews
o Staff satisfaction/ culture/ engagement survey
o Management/ leadership development program
o Workforce development program
o Clarity of roles and responsibilities
o Regular contact with all staff
o Competency development
o Performance management system
o Process improvement
Inadequate HR support o Implement HR management system
o Process improvement and strategic planning initiatives
o Recruitment and retention strategies
o Multi-skilling/ multi-tasking
o Competency development
o Appropriate technology supports
IR issues/ EBA negotiations o Build relationships with unions
o Commence EBA negotiations early

Poor leadership practices/ management and supervision o Leading the culture from the Board down
o Effective recruitment processes
o Management/ leadership development and performance
management program
o Reporting framework based on Strategic and Business
Plans
o Clear communication of direction
o Educate staff on managing upwards
Staff injuries or illnesses o OHS management system
o Incident management system
o Staff educational session
o OHS inspections
o Job design
o Re-engineering, where possible
o Contractor safety management system
o Quality management system
o Employee suggestion system
o Staff health policy/ practice

Poor staff performance/ unproductive staff

Poor morale/ unmotivated personnel/ employee burn-out
o Performance management system
o Reward and recognition
o Effective training and development programs
o Job design
o Disciplinary system
o Counselling services
o Staff investigations
o Staff satisfaction survey
o Clarity of roles, responsibilities and expectations
o Team building exercises/ development
o Communications structure
o Knowledge management
o Resource/ workforce planning
o Training and performance management systems
integrated
Lack of communication o Communication structure
o Communication channels
o Communications matrix and plan regularly reviewed
Lack of competency/ skills o Training needs analysis
o Learning program
o Competency matrix
o Job design
Bullying/ harassment o Bullying and harassment policy
o Employee support program
o Whistleblower policy and process

Inappropriate remuneration o Award payments
o Clarity of roles and responsibilities position descriptions
o Industry benchmarking
Increased workers compensation costs o Return to work process
o Near misses and incidents reported, investigated and
drive change
Loss of direction/ focus o Development and empowerment
o Role clarification
o Position description
o Strategic planning
Risks to client wellbeing due to potentially unskilled workforce

o Training needs analysis with agency training planned
o Training and development
o Coaching
o Providing good communications
o Regular supervision, support, mentoring and feedback
o Develop systems and procedures for uncontrolled
environments
o Develop training plan matrix
o Job design
Increased cost of staff working outside normal hours o Renegotiate agreements
o Process improvements/ re-engineering
Lack of flexibility of staff o Education re: organisational and client value
o Training/ up-skilling
o Diversity of roles
o Job design

Ageing workforce o Review of core business/ services/ funding levels
o Process improvements/ re-engineering
Working in isolation without direct support or supervision o Effective risk management process

o Equal Opportunity Act 1995
o Occupational Health and Safety Regulations 2004
o Equal Opportunity for Women in the Workplace Act 1999
o Human Rights and Equal Opportunity Act 1996
o Public Sector Management and Employment Act 1998
o Racial Discrimination Act 1975
o Sex Discrimination Act 1984
o Workers Compensation Act 1996
o Workplace Relations Act 1996
o Whistleblowers Protection Act 2001

Comments/
additional
risks &
controls


CLIENT & MARKET FOCUS

Objectives Delivering quality services in a respectful manner

CLIENT SATISFACTION & COMMUNICATIONS
Basic
o User-friendly client interfaces and feedback mechanisms
o Client enquiries and feedback process in place
o Complaints process that is accessible, fair, equitable and
transparent
o Management and communication of client complaints/
enquiries to involved staff
o Client expectations managed
o Constant review of programs to meet client needs/
requirements
o Regular reporting against client outcomes

Total points

............ % Basic

Good
o User friendly client interfaces and feedback mechanisms
o Client enquiries and feedback process in place
transparent
o Management and communication of client complaints/
enquiries to all involved stakeholders
o Regular contact with stakeholders, as appropriate
o Business partnerships
o Client expectations managed
o Constant review of programs to meet client needs/
requirements
o Regular reporting against client outcomes
o Client surveys conducted
o Client planning

Total points

............ % Good

Best
o Strong client engagement and communication strategies
o User friendly on-line client feedback processes
o Provision of correct and timely information
transparent
o Active management of client complaints/ enquiries
including communications and feedback processes
o Regular contact with stakeholders, as appropriate
o Client survey to understand client needs and diversity,
their concerns and requirements, and to encourage input
for future service planning
o Demographic modelling is conducted to understand future
needs of community
o Client relationship management system in place
o Information obtained through client surveys/ complaints
informs continuous quality improvements within the
organisation
o Client planning
o Meeting client needs/ expectations

Total points

............ % Best
CLIENT SERVICE DELIVERY
Basic
o Knowledge of product and services offered
o Pricing process for products offered is clear and
transparent
o Realistic promises on ability to deliver services



Total points

............ % Basic
Good
o Good knowledge of products and services offered
o Individualised and flexible product offerings - include
online service delivery
o Pricing process for services and/ or products is clear and
transparent
o Realistic promises on ability to deliver services and/ or
products
o Values and beliefs underpinning service delivery
articulated in client communication
o Recommendations made to client for alternative Service
Providers which may better meet the needs of a person
o Feedback provided to support stakeholders regarding the
outcome of the service delivery monitoring and review
process, as appropriate

Total points

. % Good

Best
o Very good knowledge of products and services offered
o Client service charter/ policy in place
o Individualised and flexible product offerings --Include
online service delivery
o Pricing process for services and/ or products offered is
clear and transparent
o Realistic promises on ability to deliver services and/ or
products
o Values and beliefs underpinning service delivery
articulated in client communication
o Recommendations made to client for alternative Service
Providers which may better meet the needs of a person
o Community/ stakeholder consultation undertaken in
respect to the development of new facilities and services
o Strategic Plan for service delivery considers demographic
movement and likely demand
o Feedback provided to support stakeholders regarding the
outcome of the service delivery monitoring and review
process, as appropriate
o Availability of interpreters, if required

Total points

............ % Best

MARKETING & REPUTATION
Basic
o Clear, easy to read marketing/ promotional/ materials
o Marketing/ promotional/ materials provided accurately
describing products and services
o Professional, clear English (and languages other than
English) information provided to client in accessible format
o All client communications (written and verbal) in line with
marketing policy and checked for style, content, language
and tone

Total points

............ % Basic
Good
o Annual Marketing Plan includes provision of clear, easy to
read marketing/ promotional/ materials
o Informative and useful website
English) information provided to client in an accessible
format
o All client communications consistent with marketing/
promotional/ policy and procedures and checked for style,
content, language and tone
o Some market research is undertaken to determine
preference for type of service and/ or product
o Some marketing/ promotional/ events are held

Total points

............ % Good

Best
o Medium-term Marketing Plan (3 year outlook) includes
provision of clear, easy to read marketing/ promotional/
materials
o Informative and useful website
English) information provided to client in accessible format
o All client communications consistent with marketing/
promotional/ policy, procedures and planning and checked
for style, content, language and tone
o Market research and community consultation results feed
into strategic Marketing/ Promotional/ Plan
o Marketing/ promotional/ events are held on a regular basis
with a calendar of events established
o Service Provider recognised as active and involved
community member/ stakeholder

Total points

............ % Best
KEY STAKEHOLDER MANAGEMENT
Basic
o Some consultation with stakeholders with respect to
service provision
o Some liaison with relevant government agencies and local
government

Total points

............ % Basic

Good
o Regular contact with stakeholders
o Links to community and local government
o Business and community partnerships
o Build partnerships across all levels of government/ public
service
o Some liaison with business and industry stakeholders

Total points

............ % Good
Best
o Regular contact with stakeholders as appropriate
o Stakeholders consulted on changes to sector and part of
decision process
o Stakeholders involved in strategic direction planning
meetings
o Strong links to community and funders with regular
consultation meetings
o Sector participation in service benchmarking
o Business and industry connections and partnerships
o Build partnerships across all levels of local government/
public service
o Relevant government agency representatives included
strategic planning
o Climate monitoring (i.e. trends in the industry/
communicating with stakeholders/ interlocutors, formal
network)
o A communications framework is developed for all
community stakeholders
o Stakeholder management part of Strategic Plan



Total points

............ % Best



Damage to reputation/ adverse publicity

o Communications framework and education for
stakeholders
o Community events
o Effective Risk Management Framework, including incident
reporting and claims monitoring processes
o Crisis Communication Plan
Reputation damage due to mix of packages which reduce
capacity to cross-subsidise

o Forecasting types of service required
o Organisational analysis of financial circumstances of
organisation and sustainability
Not meeting community needs

Ineffective/ inefficient service delivery
o Market analysis/ research
o Demographic studies
o Client satisfaction surveys
o Community liaison groups
o Policies and procedures
o Client complaint system
Economic downturn o New and emerging products and services
o Product/ service diversity
o Marketing/ promotional processes
o Review of asset management and investment approach
o Stakeholder engagement
Ineffective policies, procedures and personnel related to billing
and collection activities
o Periodic monitoring and review
Inaccurate and/ or untimely information management o Effective information management system

Client expectations mismatched with service capability o Clear definition, communicate to staff and visit regularly
with staff
o Clearly identified client group
o Clients who cannot be provided with a specialised service
referred to other Service Providers
o Appropriate planning
o Understand needs upfront
o Providing skilled/ competent staff
Increased risk of injury o Pre-activity risk assessment process
o Risk assessment and management
o Compliance with regulatory requirements
Unmet and unnoticed need o Thorough needs assessments conducted
Loss of cohesive coordination o Guidance and education programs from agency, checking
in on client constantly
o Define Service Model
Poor communication with clients

Client does not understand administrative overhead costing
o Compliance with Client Communication Strategy
o Clear and accurate brochures
o Training/ induction in product knowledge and client
service
o Effective information management system
o Transparent costing to client
o Agreed base-line operation for cost within package
o Clear, easy English language reading materials
o Interpreters

Client dissatisfaction

Poor sales
o Marketing/ promotional process
o Client Communication Strategy
o Review of cash/ resource forecasts
o Client feedback processes
o Acting within agreed timeframes
o Effective Risk Management framework, incident reporting
and claims monitoring processes
o Education/ induction/ orientation of programs
o Good clear contracts and discussions minuted
o Monitor relationship and service delivery
o Monitoring processes
o Strong complaints management system and process
o Culture which values complaints and regards them as key
to organisational improvement
o Continuing education of programs
o Contracts and discussions minuted
o Monitor relationship and service delivery
o Realistic/ robust planning
o Delivering to promise
o Understanding client needs upfront
o Clear, easy English language reading materials
Competitive market place o Understand competitors
o Understand client value
o Define value proposition

Lack of sales/ adequate marketing skills o Develop sales/ promotional expertise
o Formulate marketing/ sales/ promotional strategy
o Define marketing competency gaps and develop plan to
address those gaps
o Understanding of clear market segmentation and
positioning of business model
o Pricing/ costing model incorporates marketing element
Client outcomes not met o Action Plans and internal reviews
o Gant charts reminders of review cycles
o Progress against Goals monitored consistently
o Recognise Goals can change
Dignity of risk

Inadequate safeguards / injury to Client

Lawsuits and WorkCover claims
o Policy and staff training
o Risk assessment
o Education of stakeholders throughout planning process
o OHS management system

o Occupational Health and Safety Regulations 2004

Comments/
additional
risks &
controls

Generic Risk MGT and Controls Model

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Generic Risk MGT and Controls Model

Uploaded by

Copyright:

Available Formats

Risk Management and Controls Model for Service Providers

You might also like