RM4 - Risk Information

Purpose

To determine the information requirements for the management of risk at an aquatic facility.

Description

Owners or operators of aquatic facilities should design their aquatic risk management framework to ensure that information about risks and their management are reported and used as a basis for decision making and accountability at all levels within your organisation.

Risk information includes information used to:

• identify, measure and report on the nature and level of risks
• make decisions about treating risks
• monitor consistency in the decisions that are being made about risks and their treatment
• monitor risks and the strategies in place to manage them
• monitor the effectiveness of the risk management framework

Risk information can be qualitative or quantitative. The owner or operator of an aquatic facility should use information from a range of sources to inform your risk management activities, including:

• results of environmental scanning activities, such as SWOT analyses (Strengths, Weaknesses, Opportunities, Threats)
• service delivery information
• internal human resources and industrial relations information
• Australian Bureau of Statistics data
• reports of compliance infringements
• asset maintenance reports
• insurance data
• risk registers
• incident reports, critical incident debriefs and decision review meetings
• audit findings and reports.

The owner or operator of the aquatic facility should ensure risk information is:

• relevant – to the needs of individual stakeholders
• reliable – it contains current, accurate information
• timely – it is produced when needed
• understandable – by users
• complete – it has an appropriate level of detail
• consistent – it is captured in a form that ensures all users interpret it in the same way.

Risk Management Information Systems

In developing an effective risk management framework, the owner or operator of an aquatic facility will need to consider the right tools they require. The right tools and technology need to be able to capture data about risks, analyse the data, report and communicate relevant and reliable information in a timely manner to internal and external stakeholders.

A risk management information system (RMIS) is recommended to be used as it applies consistency, based on a common language and definition of key terms, can aid and develop communication, understanding and management of risks. The size, complexity and risk management maturity of an aquatic facility, and the nature of its risks will influence the information system requirements.

In circumstances where the Aquatic Facility is either not one of the primary purposes of the facility (i.e. Caravan Park, Hotel, and Residential Pools) or is in the early stages of implementing risk management, the cost of acquiring and maintaining a proprietary package may be prohibitive. In that case, the use of Microsoft Excel or Word documents to record, report and communicate risk information may be appropriate.

Larger or more risk-mature aquatic facilities may consider purchasing proprietary software or developing their own RMIS.

Irrespective of the technology the owner or operator of an aquatic facility should ideally be able to perform the following with an information system:

• store risk management policy and procedures documents and related information
• categorise risks according to likelihood and consequence
• rank risks
• capture risk treatment options (controls) and resource requirements
• monitor risks
• produce reports such as risk profiles (refer to Volume 2 for examples)
• track progress and implementation of risk treatment
• record details of control weaknesses and failures
• capture actual losses or gains and near-miss events
• conduct trend analysis

References

• AS/NZS ISO 31000:2018 Risk management- Principles and Guidelines