Risk Management: The Third and Final of Three Registration ‘Pain Points’ for Schools.

27 May 2021

“I know there are areas in the school where we are not managing risk as well as we should be”.

This is the third article in a three part series on Registration 'Pain Points' for Schools. You can access part 1 here and part 2 here.

Managing risk is a very common pain point for many schools.

Why? Because schools are high risk environments – many children, young people and adults are interacting, having a wide range of experiences and doing a wide range of activities. And then, factor in parents and volunteers, sports and camping, excursions, and higher risk curriculum areas such as science or manual arts. Basically, schools have large numbers of children mixing with large numbers of adults with many activities that have wide-ranging risks.


So how should schools deal with this complex risk environment?

Staff are usually excellent at managing risk on a day-to-day, individual or department basis. They do so by looking at hazards, identifying the risk and then applying a control-either a verbal request (“Don’t run in the corridors”), a procedure (“Students are not to run in the corridors”), training, a disciplinary action or via a policy. This simple example highlights the fact that risk management practices can vary markedly from one school operational area to another. Some departments do it better than others and some teachers are better at the management of operational risks than others and are more ‘risk aware’. In addition, it is often the case that the school leadership does not have a clear picture of the effectiveness of risk management practices across all areas of school operations.

An inconsistent approach to the management of risk and a lack of overall visibility by school leaders as to how risk is being managed across the school can lead to many problems, including a failure to identify and deal with interdependent risk-where one risk is dependent on another.


Risk Silos

Having risk silos is a problem faced by many organisations whereby:

  • risk is not managed well across all activities and operations-some areas or departments are very effective at risk management and others not so.
  • there is a lack of visibility by management of the risk management practices in various areas and departments so that management is unaware that risk is not being managed effectively in some areas.

An example of risk silos might be comparing excursion risk management with risk management practices in PE/Physical Education classes and activities. There may be some good risk management practices in relation to excursions including detailed risk assessments, detailed excursion risk management policies for all types of excursion activities and an effective process for ensuring that the policies are followed and students and staff are informed of safety requirements contained in the policies.

On the other hand, in the PE/Physical Education department, an audit of their risk management systems might uncover a lack of clear guidelines for running PE activities safely, a lack of training of staff regarding how to run activities safely, no systems for ensuring that casual or relief staff understand the risk management systems for PE or are adequately trained and supervised and finally that risk assessments that the department has undertaken do not cover all PE activities and have not been reviewed for several years.

Who has looked out a window at the school oval and seen classes involved in some form of sporting activity and thought “that doesn’t look safe”? It may in fact be safe but if something did go wrong and there was an investigation, would the PE department be able to produce documentation in relation to their risk management for that activity including in relation to the safety guidelines that they used, the records of equipment inspection and staff training or qualifications for that activity etc?

Having silos within a school in terms of the approach to risk management leads to:

  • a lack of visibility as to what is actually happening with risk management in one of these silos
  • an inconsistent approach to risk management where each silo areas uses their own systems or processes for risk management. This can mean they use different definitions, perhaps different risk matrixes and some in some cases very minimal risk management systems and processes
  • little effective reporting where there is no ability for the school as a whole to receive reports on risk management for all activities and operations.


What Should Schools Be Doing?

So, what are the solutions? How does a school get consistency across the school when it comes to risk management? What approach should a school take?

The starting point is to think in terms of implementing an enterprise risk management program (often referred to as ERM) – based on the International Risk Management Standard ISO 31000.

This may well be something that a school is considering but yet to implement or may be aware that more needs to be done.

Implementing an ERM program breaks down the silos and takes a whole of enterprise’ approach to managing risk with consistency of approach and consistent and meaningful reporting.

Building an ERM system can feel like it is too hard and it can be difficult to know where to start. Here are some suggestions for implementing an enterprise risk management approach in a school:

Leadership and Commitment

This is crucial to develop and integrate risk systems and bring all risk management up to the required standard. Breaking down the silos and getting consistency cannot occur without leadership and commitment and a ‘top-down approach’.

Leadership and commitment should include:

  • developing an overarching risk management program that includes both strategic high level operational risks and the micro risks and hazards of each area of operations
  • mandating a consistent approach to risk management. This includes definitions for all key concepts and consistent risk methodology. It also means breaking down the risk management silos
  • determining the risk management responsibilities of everyone from the school board down and ensuring that there are risk owners identified with specific responsibilities for management of significant operational and strategic risks
  • driving a culture of risk management and articulating the importance of effective and consistent risk management which will benefit the organisation as a whole.



Ensure that there is sufficient training for department heads and staff who must complete risk assessments. Discuss with department heads what they see as the problems with risk management in their area of responsibility.


Risk Controls

It is vital that everyone understands that effective risk management is much more than conducting a risk assessment. Good risk management should focus on identifying and implementing the risk controls for each risk and making sure these controls are actually working effectively.


Feedback from Staff

Staff should feel comfortable in asking for extra support and guidance regarding how to manage risk in their operational area. Many staff have never been adequately trained in risk management. It is important that the school leaders ask questions such as: “how can we help you do this better?” Also, encourage an openness to talk about the day-to-day risk management issues and challenges the staff must deal with.



Investigate whether the school needs external or internal assistance and increased resources. This might be a need for better systems for training, new policy delivery platforms and risk management and incident capture software and reporting.


Capturing Data

Capture data on incidents, injuries and near misses and make sure that serious incidents or a spike in incidents or near misses are investigated from the perspective of the adequacy of risk management practices and risk controls. And, if these are found to be inadequate, ensure that additional risk management and risk control systems are implemented and resourced.


Regular Reviews

Undertake regular reviews of risk management systems and practices in all areas of the school.


Agenda Item

Lastly, put risk on the agenda. Have risk management and risk control effectiveness discussions at all levels of the school. This means that risk discussions should be held at department meetings and team meetings all the way up to the executive and the board.


Some Questions to Consider 

As we conclude this series of School Governance articles on the three registration ‘pain points’ for schools, we leave you with a few questions to consider:

  • If you are due for re-registration this year, have you at least reviewed the Registration Standards, Guidelines or Manual that apply to your school? If not, when will you start? Have they changed, has your school remained compliant or do you have a mountain of review work to do? And, have you allocated sufficient resourcing in terms of both time and people to prepare for, and submit, all of the re-registration evidence?
  • Can you relate to the policy management issues outlined in our second article? Do you have a plan to address these issues in the next 12 months before keeping them up to date gets too hard?
  • Lastly do you know whether your risk management across the school is patchy, and what operational areas you are most concerned about when it comes to risk management? Have you started to develop a plan to address these risk management issues over the next 12 months?

Jonathan Oliver

Jonathan is a Principal Consultant working with CompliSpace education clients. He has more than 10 years experience in the school sector as a teacher, compliance and legal adviser and more recently as a Business Manager. Jonathan has been a solicitor for nearly 30 years and worked in both private practice and community legal centres.