This policy sets out the requirements for schools to identify and manage risks that might affect their students, staff or operations.
Managing risk means considering the effect of uncertainty (whether positive or negative) on school objectives.
Managing risk involves:
- identifying and assessing risks and controls
- documenting risks in a risk register (or equivalent)
- implementing actions and treatments to manage identified risks
- monitoring risks, including regularly reviewing risk registers
- reporting on risks.
Identifying and managing risk maximises schools’ ability to make sound decisions to:
- deliver the best possible outcomes for the school and the community
- meet Victorian community and government expectations for accountable and responsible use of public finances and resources
- safeguard student and staff wellbeing.
Assessing and documenting risk
All schools must use the department’s Risk Management Process for Schools when assessing and documenting the risk(s) associated with:
Schools may also assess and document risks for:
- development and review of the school’s Annual Implementation Plan (AIP)
- development and review of the school’s School Strategic Plan (SSP)
- community events such as school fetes, concerts and science fairs
- school projects/programs such as infrastructure builds
- lesson planning associated with higher risk activities such as science experiments or food technology classes.
If a school is uncertain whether a risk assessment is required, they must contact the Planning, Risk and Governance Branch for clarification and advice.
Schools must monitor risks for those mandatory risk assessments outlined above.
Schools may monitor identified risks by:
- including a standing item to review the school’s current and emerging risks on the school leadership meeting agenda
- undertaking a review of all risks associated with delivery of the AIP and the SSP at least once every 6 months
- reviewing all risk registers as necessary or when advised.
Schools may report and escalate relevant risks to stakeholders, for example, school council, regional directors, Senior Education Improvement Leaders etc through appropriate channels.
Communication of this policy
Principals/school leadership are responsible for:
- providing staff with relevant training opportunities to support staff to manage risks at an operational level
- ensuring that all school staff follow departmental policies and processes, as risk management is integrated into other policies and processes.
Risk register templates are available on the to document identified risks and their treatment and controls. Note that some templates include examples of controls or assessments which will need to be reviewed/updated to suit your specific context.
An objective is an aspirational, results-oriented statement describing what your school intends to achieve within the set timeframe, and describes what successful delivery would entail.
The effect (whether positive or negative) of uncertainty on objectives.
The identification, analysis, assessment and prioritisation of risks to the achievement of an objective.
Risk management involves the coordinated allocation of resources to:
- minimise, monitor, communicate and control risk likelihood and/or impact, or
- maximise the potential presented by opportunities.
Risk management includes coordinated activities to direct and control risks to the achievement of an objective.
A formatted list that records identified risks, assesses their impact and describes the actions (controls) to be taken to mitigate them. Typically, it describes the risk, the causes for that risk and the responsible person or group for managing it.
A control is any existing measure that modifies risk such as uniform policy or staff succession plan.
Controls are methods or procedures that assist in achieving objectives, safeguarding assets, ensuring financial information is accurate and reliable and supporting compliance with all financial and operational requirements.
Identifying current controls and their effectiveness is one of the most important aspects of risk management. It allows you to better understand the elements that are impacting the likelihood and/or consequence of a risk.
A risk treatment is an action you undertake to reduce a risk to an acceptable level, by adding new or improving/modifying existing controls.
Reviewed 12 May 2023