vic_logo
education.vic.gov.au

School operations

Risk Management — Schools

Policy

This policy sets out the requirements for schools to identify and manage risks that might affect their students, staff or operations.

Summary

Managing risk means considering the effect of uncertainty (whether positive or negative) on school objectives.

Schools must proactively manage risks by following the Department’s Risk Management Process for Schools set out in the Guidance tab.

Managing risk involves:

  • identifying and assessing risks and controls
  • documenting risks in a risk register (or equivalent)
  • implementing actions and treatments to manage identified risks
  • monitoring risks, including regularly reviewing risk registers
  • reporting on risks

Managing risk is everyone’s responsibility, as explained in the Department’s Three Lines of Defence model.

Identifying and managing risk maximises schools’ ability to make sound decisions to:

  • deliver the best possible outcomes for the school and the community
  • meet Victorian community and government expectations for accountable and responsible use of public finances and resources
  • safeguard student and staff wellbeing

Details

Assessing and documenting risk

All schools must use the Department’s Risk Management Process for Schools when assessing and documenting the risk(s) associated with: 

When assessing the risks listed above, schools must document the identified risks in a risk register. A template risk register is available in the Resources tab.

Schools may also assess and document risks for:

  • development and review of the school’s Annual Implementation Plan (AIP)
  • development and review of the school’s School Strategic Plan (SSP)
  • community events such as school fetes, concerts and science fairs
  • school projects/programs such as infrastructure builds
  • lesson planning associated with higher risk activities such as science experiments or food technology classes

If a school is uncertain whether a risk assessment is required, they must contact the Planning, Risk and Governance Branch for clarification and advice.

Monitoring risks

Schools must monitor risks for those mandatory risk assessments outlined above.

Schools may monitor identified risks by:

  • including a standing item to review the school’s current and emerging risks on the school leadership meeting agenda
  • undertaking a review of all risks associated with delivery of the AIP and the SSP at least once every 6 months
  • reviewing all risk registers as necessary or when advised

Reporting risks

Schools may report and escalate relevant risks to stakeholders, for example, school council, regional directors, Senior Education Improvement Leaders etc through appropriate channels.

Communication of this policy

Principals/school leadership are responsible for:

  • providing staff with relevant training opportunities to support staff to manage risks at an operational level
  • ensuring that all school staff follow Departmental policies and processes, as risk management is integrated into other policies and processes

Templates

Risk register templates are available on the Resources tab to document identified risks and their treatment and controls. Note that some templates include examples of controls or assessments which will need to be reviewed/updated to suit your specific context.

Support

School leadership teams (principals and business managers) can contact the Planning, Risk and Governance Branch for specific risk advice and risk training workshops.

Printed copies of the Risk Management Process for Schools pocket guide (available in the Resources tab) can also be ordered from the Branch.

Definitions

Objective
An objective is an aspirational, results-oriented statement describing what your school intends to achieve within the set timeframe, and describes what successful delivery would entail.

Risk
The effect (whether positive or negative) of uncertainty on objectives.

Risk management
The identification, analysis, assessment and prioritisation of risks to the achievement of an objective.

Risk management involves the coordinated allocation of resources to:

  • minimise, monitor, communicate and control risk likelihood and/or impact, or
  • maximise the potential presented by opportunities

Risk management includes coordinated activities to direct and control risks to the achievement of an objective.

Risk register
A formatted list that records identified risks, assesses their impact and describes the actions (controls) to be taken to mitigate them. Typically, it describes the risk, the causes for that risk and the responsible person or group for managing it.

Control
A control is any existing measure that modifies risk such as uniform policy or staff succession plan.

Controls are methods or procedures that assist in achieving objectives, safeguarding assets, ensuring financial information is accurate and reliable and supporting compliance with all financial and operational requirements.

Identifying current controls and their effectiveness is one of the most important aspects of risk management. It allows you to better understand the elements that are impacting the likelihood and/or consequence of a risk.

Treatment
A risk treatment is an action you undertake to reduce a risk to an acceptable level, by adding new or improving/modifying existing controls.

Relevant legislation

Department policy outlining the requirements for schools to identify and manage risks that might affect their students, staff or operations

Reviewed 21 February 2021

Policy last updated

15 June 2020

Scope

  • Schools
  • School councils

Contact

Planning, Risk and Governance Branch

Was this page helpful?