Mitigating risk

Australian Red Cross has a well-structured, strategic and proactive risk management strategy.

Our goals in risk management are threefold: to improve business operations; minimise liability; and most importantly to protect our staff, volunteers and the people we endeavour to help. To deliver on these goals, we use a customised risk management framework known as ‘RiskSmart’, modelled on the global AS/NZS ISO31000:2009 standard and designed in conjunction with Deloitte. This framework guides the definition, communication and investigation of potential and actual risks.

Some of our activities can be high-risk, as we purposely send employees into environments experiencing conflict. To enable us to continue doing this important work, our cultural attitude is to be ‘risk-smart’, not risk-averse. Many of our risks are related to the people we assist and services we deliver; therefore it is imperative that risk management is not kept solely at a board and executive level, but that our volunteers, staff and other people on the front line are trained in risk management and capable of performing risk assessments. We train Red Cross people such as caseworkers and social workers to perform their own risk assessments in an effort to identify and prevent risks prior to them occurring.

Our ‘risk smart’ framework is applied in sending aid workers like Jay Matta to various overseas locations. In Timor-Leste, he has helped to provide better water and sanitation systems for villages. Photo: Australian Red Cross/Conor Ashleigh

The positive reputation of Red Cross is our greatest asset and enables us to receive the public and financial support on which we rely. We protect our reputation through risk identification, evaluation and mitigation. All services, regardless of budget or size, complete risk assessments and promote risk awareness at all stages of the planning, implementation and evaluation processes. Risk assessments on major contracts are reviewed on a quarterly basis. Our services, business processes and practices are subjected to vigorous external and internal auditing processes by Deloitte and Ernst & Young to ensure that we are operating to the highest standard and using risk management techniques effectively.

This year we focused on addressing risks around the financial sustainability of our organisation. We vastly improved our contract management after identifying a potential liability risk in some of the contracts and agreements being signed across the organisation. We responded by strengthening our delegations of authority and mandating that all contracts and agreements, regardless of dollar value, must be reviewed and approved by members of our legal, risk and insurance departments. This better ensures that we can fully comply with all legislative and contractual obligations.

Bolstering our contracts also aims to ensure continuity of funding, regardless of any changes in government or management. The majority of our funding comes from government sources. We are addressing this risk by putting advocacy strategies in place to improve our relationships with governments and diversifying our funding sources.

We also have a comprehensive insurance program in place, including policies for public liability, professional indemnity, motor vehicles, property, voluntary workers, personal accidents, workers’ compensation, employment practices liability, crime, travel and international travel. In the past year we have seen a significant risk reduction in areas such as motor vehicle accidents, work health and safety, contract management and compliance.