GuardRail
Sign inRequest access

Risk Management Policy

Version 1.0 - Revised April 2026

Related NDIS Practice Standard Indicators

NDIS-CORE-2.2 - Risk Management

1. Purpose

This policy establishes [Organisation Name]'s approach to identifying, assessing, treating, and monitoring risks. It ensures compliance with NDIS Practice Standard 2.2 (Risk Management).

2. Scope

This policy applies to all workers, contractors, and volunteers of [Organisation Name]. It covers risks to participants, workers, the organisation, and its operations.

3. Policy Statement

[Organisation Name] is committed to proactive risk management to ensure the safety and wellbeing of participants and workers. We:

  • Systematically identify and assess risks across all areas of operation
  • Implement controls to treat risks to an acceptable level
  • Monitor and review risks and controls regularly
  • Embed risk management into everyday decision-making

4. Risk Management Process

Step 1: Identify Risks

  • Conduct regular risk assessments (at least quarterly)
  • Identify risks from incident reports, complaints, audits, and worker feedback
  • Consider risks to participants, workers, the organisation, and stakeholders

Step 2: Assess Risks

  • Rate each risk using the likelihood and consequence matrix
  • Determine the risk rating (Low, Medium, High, Critical)

Step 3: Treat Risks

  • Develop risk treatment plans for all High and Critical risks
  • Treatment options: avoid, reduce, transfer, or accept
  • Assign a responsible person and timeframe for each treatment

Step 4: Monitor and Review

  • Risk register is reviewed quarterly by management
  • New risks are added as they are identified
  • Completed treatments are verified
  • Risk ratings are updated

5. Risk Register

[Organisation Name] maintains a risk register that includes risk description, category, likelihood, consequence, overall rating, current controls, treatment plan, responsible person, and review date.

6. Participant-Specific Risks

  • Individual risk assessments are completed for each participant
  • Risk assessments are reviewed when circumstances change
  • Participants and their support networks are involved in risk assessment
  • Risk management supports participant choice and control

7. Related Policies

  • Incident Management Policy
  • Emergency and Disaster Management Policy
  • Quality Management Policy
  • Governance Policy

8. Review

This policy will be reviewed at least annually or following a significant incident or change.

| Version | Date | Author | Changes | |---------|------|--------|---------| | 1.0 | [Date] | [Author] | Initial release |

This template is provided by GuardRail as general guidance only. Organisations should customise this policy to their specific circumstances and have it reviewed by a legal professional before adoption.