Risk management and mitigation
We are a large and diverse organisation, requiring a well-structured, strategic and proactive approach to managing risk. Our enterprise-wide risk management framework, known as RiskSmart, is based on the global AS/NZS ISO31000:2009 standard and captures our smart, rather than risk-averse, approach to risk management.
Our risk management goals are: to protect our staff, volunteers and the people we endeavour to help; to create a sustainable and effective operating environment; and to minimise risk while maximising opportunity.
This year we have focused on identifying and mitigating cyber and data security-related risks; reducing liability risks; and exploring ways we can safely increase our risk appetite to meet our strategic objectives.
Upholding compliance standards
We focus on best practice in all our policy and regulatory compliance.
Fundraising industry compliance
As a member of the Fundraising Institute of Australia (FIA), we are bound by – and act in accordance with – its Principles and Standards of Fundraising Practice. We actively participate in special interest groups, including the Public Fundraising Regulatory Association (PRFA) and the FIA Sustainability Task Force.
Australian Council for International Development (ACFID)
We are a member of the Australian Council for International Development and abide by its Code of Conduct for Non-Government Organisations, which sets minimum standards of governance, management and accountability. Adherence to the Code is monitored by an independent Code of Conduct committee.
Australian Charities and Not-for-profits Commission (ACNC)
Red Cross is registered with the independent national regulator of charities, the Australian Charities and Not-for-profits Commission, under ABN 50169561394.
Red Cross complies with all relevant state, territory and federal laws with the oversight of the Legal & Policy Unit which provides comprehensive legal advice and support to the Board, the CEO, senior management and Red Cross staff. The Unit covers all governance and operational activities, ensuring we work ethically and achieve best practice.
Work health and safety
Red Cross is a diverse organisation and supporting the wellbeing of our people and clients is paramount. We have a strategic roadmap to keep Red Cross people safe. This includes compulsory e-learning modules for all staff and volunteers to embed positive WHS behaviour as well as creating a safety-first culture, incorporating physical and mental health.
We recognise that children are one of the most vulnerable groups in society and we have put in place stringent measures to ensure their safety. Our child protection policy ensures all staff, volunteers and contractors are trained in best practice when working with children and that anyone who comes into contact with a person under 18 has the appropriate certificate.
Our work deals extensively with children and we acknowledge our critical responsibility to keep them safe across all operations at all times.
We promote the wellbeing of children and seek to ensure all families have access to health, education and other social services, leading to less neglect and abuse of children. We strive to take preventative action and not solely be responders.
We are ethically minded when sourcing goods and services and our procurement policy details these obligations. We work closely with Supply Nation to use Indigenous suppliers where practicable and this message is promoted across the organisation.
Our procurement process focuses on using suppliers that can prove they have strong socially responsible principles and a commitment to the environment. When engaging new suppliers, we seek to understand their supply chain network to find evidence of active social responsibilities and promote improvement where needed.
This financial year, we plan to appoint an independent service to establish the ethical standards of suppliers. This process will enable us to establish their ethical and environmental commitments and promote them as preferred suppliers.
Our new People and Organisational Effectiveness Team focuses on creating a strong, innovative and sustainable organisation with empowered, engaged and accountable people.
Teams coming under this umbrella are Culture and Capability, People Advisory, Innovation, IT and Legal.
The Culture and Capability team has created two new leadership development programs for managers to enable a culture of achievement, engagement, efficiency and accountability. We have focused on practical, everyday ways to empower staff.
Our clients, supporters, volunteers, members and staff have entrusted us to hold their personal and financial information and we have a duty of care to ensure this data is protected.
The Trust Initiative improves information management security and technical controls and reduces the risks associated with handling sensitive information. We have improved authentication methods in our business systems by implementing multifactor approvals.
A certification process raises awareness of individual behaviours and improves the management of physical devices, suppliers and user access. The Trust Initiative will identify risks, provide remediation pathways and escalate incidents where necessary.
Maintaining and advancing a secure information technology platform is integral to the success and safety of our organisation. This year we transitioned our core infrastructure to Amazon Web Services, providing the foundations for our digital platform and creating a connected Movement.
This year we streamlined our network providers and consolidated 119 sites to the Vocus network, increasing network data capacity.
We moved the majority of our mobile services to Vodafone, improving capacity and reducing global roaming costs. Skype for Business was also introduced, allowing us to take advantage of digital communication channels.
In recognition of the success of these initiatives, our Chief Information Officer, Veronica Frost, was acknowledged as one of the top 50 CIOs in Australia by CIO Magazine.