There is no room for complacency for risk management in any school with new risks emerging all the time with the recent COVID-19 pandemic risk being a good example. A recent publication highlighted the top six operational and strategic risks facing schools in 2020.
Many schools have traditionally siloed their risks and, sometimes, even their policies. Each part of the school or even each department or faculty could have their own risks and their own controls (policies) to mitigate those risks. The lack of an overarching approach to risk management will mean risk management will be ineffective.
Schools frequently have a risk register containing a large number of risks. These registers are often poorly organised and lack a classification methodology. The risks are also often poorly articulated. Many of these risk registers may contain very ‘micro’ risks such as driveway or traffic risks as well as something like a competition risk which is a very ‘big picture’ or strategic risk.
The best way for schools to effectively implement a risk management program in their school is to embrace an enterprise risk management (ERM) approach to risk management. ERM can bring all of the individual and siloed risks into a coherent ‘whole of school’ approach to risk management.
Risks are often interdependent on others and a failure to manage risks in a more holistic manner could mean that possible risks could ‘fall through the cracks’ with the result that students or staff could be hurt or the school could be in breach of any number of laws. A fully integrated ERM approach to risk management coordinates the response to various types of risk (it accounts for interdependence of some risks), resulting in a more efficient process, as well as allowing the school to gain a better view of the risks facing the entire school. Where a school is not seeing the whole picture, it is possible that its response to a particular risk may be inadequate.
ERM also assists governing body members, principals and executive staff in schools to predict future events that may impact (positively or negatively) on their school’s activities and allows them to take appropriate actions to address the impact of these events.
Schools sometimes have had little or no experience of enterprise risk (in contrast with activity-based risk assessments for excursions or health and safety risk assessments), so, for many, it is hard to know where or how to begin.
Here are some suggestions for implementing ERM in your school:
Schools that embrace ERM, and effectively implement an integrated ERM program, can expect to experience some (if not all) of the following benefits:
For many years now, school regulators have been looking to see that schools have systems and processes in place for the identification and management of risk. This usually includes a risk management framework and overarching risk management policy, a risk register or registers, evidence that risk controls have been implemented and risks have been regularly reviewed and updated.
The regulators also want to know whether school governing bodies and school executives have been engaged in the risk management processes through, for example, receiving reports, examining operational and strategic risks and reviewing the effectiveness of risk controls.
However, while ERM is not an explicit obligation for non-government schools in every state and territory, it is quite clear that there is a general trend within the education sector to embrace continuous improvement processes and that ERM, compliance and incident management programs are considered to be central components of these processes.
The effective management of risk is about understanding the risks that a school faces, determining which risks are worth taking and which should be prevented or reduced, so that the school can achieve its outcomes. ERM is key to enabling schools to manage those risks effectively and allowing them to:
James Field, CEO of CompliSpace will be presenting a risk management webinar on Friday 7 August for schools. It is designed to be a practical webinar on implementing ERM in your school. The webinar will expand on many of the matters mentioned in this article.
To learn more about Enterprise Risk Management and the International Risk Management Standard ISO 31000, we recommended that you complete CompliSpace’s introductory ERM course that we have made available for free through our CompliLearn professional learning lists site.
This introductory Enterprise Risk for Schools course takes approximately 1 hour to complete and provides an overview of the International Risk Management Standard ISO 31000.
To access the course:
Jonathan is a Principal Consultant working with CompliSpace education clients. He has more than 10 years experience in the school sector as a teacher, compliance and legal adviser and more recently as a Business Manager. Jonathan has been a solicitor for nearly 30 years and worked in both private practice and community legal centres.
With 37 years of educational experience, Craig D’cruz is the National Education Lead at CompliSpace. Craig provides direction on education matters including new products, program/module content and training. Previously Craig held the roles of Industrial Officer at the Association of Independent Schools of WA, he was the Principal of a K-12 non-government school, Deputy Principal of a systemic non-government school and he has had teaching and leadership experience in both the independent and Catholic school sectors. Craig currently sits on the board of a large non-government school and is a regular presenter on behalf of CompliSpace and other educational bodies on issues relating to school governance, school culture and leadership.