9. Risk Management, Health and Safety Flashcards

1
Q

What are our risk management principles?

A
  • Develop a culture of risk awareness and continuous improvement, where risk is recognised as a natural and necessary part of the way we work, to ensure we can be even more successful than we are today
  • provide a supportive environment where risk is openly discussed and managed, so our people are empowered and feel safe to identify, escalate and report risks where something doesn’t look or feel right
  • Include and actively consider Te Ao Maori views and perspectives in our risk Korero and Kaupapa.
  • Incorporate the views and perspectives of the communities police serves.
  • Embed risk management behaviours and practises into decision making, organisational governance, strategy development , business planning and programme and project management.
  • Safeguard the mana, reputation and integrity of Police so the public, our communities and the Government have confidence in Police and the work we do.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do we define Risk?

A

Any potential future, uncertain event that may affect the achievement of our objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is risk management about?

A

knowing our options, understanding what could stop us from achieving our objectives and what could help us achieve them. Then we can work to reduce the likelihood and impact of the risks we’ve identified, as well as our ability to realise the benefits. Our management of risk ultimately shapes and influences how we achieve our business goals and objectives and make quality informed decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the responsibility of all staff when it comes to risk management?

A
  • Understand their role in managing risk at police.
  • identify, discuss and help manage risks in their area of responsibility.
  • Escalate and report risks to their one up People leader, Programme or Project manager when appropriate to ensure there are no surprises.
    Seek support when needed from the Assurance group.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the repsonsibility of Executive leaders and managers ( Tier 3 and below?)

A
  • Identify risks for their respective groups and teams and commit to review these risks regularly.
  • Ensure processes are in place to manage these risks, their impact on day to day activities and the acheivement of group of team objectives.
  • Ensure risk is considered when managing or delivering programmes, projects, products, services and assets.
  • Receive and/or share risk information with other groups and teams to enhance Police’s risk culture and Maturity.
  • Support and encourage leaders and their teams to escalate and report risks
  • Seek support when needed from the Assurance group.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the responsibility of the Organisational governance when it comes to risk management?

A
  • Govern strategic and organizational risk on behalf of the ELT.
  • Seeks assurance, monitors the effectiveness of risk mitigations and holds risk and treatment owners to account where appropriate.
  • May direct action or intervention to better enable management of risks.
  • Maintains awareness of risks across Police, within the scope of each of the sub-governance groups, as set out in the Police governance and leadership chapter.
  • Ensures risk is a consideration for every decision.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the role of the Executive Leadership Team ( ELT ) in risk management?

A
  • Responsible for Polices’s strategic direction.
  • owns and governs Police’s strategic risks.
  • Seeks and receives assurance that strategic risks are being managed effectively.
  • Advocates and drives the embedding of risk management in all activities, by building a risk awareness culture to inform decision making.
  • Provides assurance to the ARC and ministers that Police’s risk management framework is operating as intended.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the role of Assurance and risk Committee in Risk management?

A
  • Provides independant and oversight and advice to the commissioner on a wide range of strategic risks and issues, to test, challenge and offer new ideas and approaches.
  • Reviews and assesses the reporting and management of risk as it relates to Police’s strategic objectives.
  • Provides advice to improve the risk management culture, approach and processes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the role of the assurance group in Risk management?

A
  • Develops and maintains the risk management police manual chapter, framework and approach.
  • Supports and guides our people in Districts, Service centres, and work groups to increase their understanding and awareness of risk and how to apply Police’s risk management framework.
  • Provides advice and a risk lens to support risk discussions at stewardship and performance governance Group ( S&PGG) meetings.
  • Uses risk management products and outputs to inform the development of annual Assurance, Internal Audit and Risk and Resilience work programmes.
  • Provides advice, reporting and information to the ELT and ARC on risks and how they are being managed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describe the 4 types of risk

A

Strategic, organisational, operational and portfolio( Programmes and Projects)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe Strategic risk and how we manage it?

A
  • Risks that may affect the acheivement of Police’s strategic objectives
  • high level, thematic and long term ie 5-10 years.
  • Risks that are strategically important and core to achieving police’s strategic intent.

Responsibility of commissioner and ELT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe organisational risk and how we manage it?

A
  • Risks that are systemic, and affect one or more work groups
  • Risks that relate at an enterprise level, to people, legal and regulatory compliance, capability and capacity, finance, information management, managing change and the external environment.

Responsibility of Service centres and districts. Safer people oversees and monitors health, safety and wellness across police, and provides regular reporting to the health and safety Governance group (HSGG)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe operational risk and how we manage it?

A
  • Risks that may affect the achievement of day-day operations
  • Risks that relate to the business as usual operational activities of staff ( including constabulary and employees) who deliver services to the public’

Responsibilty of staff at all levels.
Can be often dealt with at the time but may be symptomatic of higher level risk. May have deeper causes, wider ranging impacts or cannot be managed effectively at an operational level. It is important that these are assessed and monitored to consider whether they should be shared with others or escalated for support.
Operational risk information is also shared to ensure transparency and consistency across police for dealing with similar risk events, and to help eachother be safe.

TENR- Operational risk is broader than TENR, which fits within Police’s general risk management and frameworks and processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe Portfolio risks and how to manage them?

A
  • Risks that may affect a programme or project’s ability to deliver and achieve its objectives and intended benefits.

Responsibility of the programme/ project manager and should be reported to the sponsor, senior responsible officer ( SRO) and/pr steering group overseeing the specific programme or project.

For larger programmes/projects the treasury requires police to complete a Risk Profile Assessment ( RPA) at the start of the project, which may be reassessed when the risk profile changes during the delivery lifecycle.

Programes and projects apply the risk management policy, framework and approach to their work programme. Captured in Sentient, our project management tool, overseen by Police’s Investment Portfolio Office ( IPO)

IPO oversees and monitors programmes and projects and provides a view on programme and project risks to the S&PGG and sub portfoloios.

IPO ensures programme/project closure activities include handover of any open risks which may impact BAU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe the first line in the Three lines Model

A

we all act as the first line, which includes - Identifying and discussing potential risks
-Sharing risk information
- Ensuring risk is integrated in decision making
- Managing risks within our areas and reporting or escalating risks to the appropriate level and
- recording them in the appropriate place of system ie a risk register or risk log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe the second line in the Three Lines Model

A

Our people in districts, Service centres and PNHQ contribute to a robust management environment that monitors and oversees risk and the application of risk controls. In the second line people should be discussing, acting upon and escalating risks and performance issues of controls, where necessary

17
Q

Describe the third line in the Three Lines Model

A

Provided by assurance group and other independant functions which maintain a view of Police’s control environment. The third line provides assurances and assesses, verifies or certifies that controls are operating as intended.

18
Q

What are the 5 steps of the risk management process and the two ongoing processes?

A

1 - Establish context
2 - Identify risk
3 - Analyse risk impact
4- Evaluate risk
5- Take action

Communicate and consult

  • should be done at all stages of the risk management process as often as necessary and should operate as a chek on your logic, thinking and judgement .

Done correctly , this process
- takes advantage of different S/K/E of colleagues and third parties
- ensures interest and views of stakeholders are understood and considered
- secures endorsements and support for further management of risk.

Police must ensure that the right people have the right information at the right time - who else needs to know, who can take action, who might have more information? Who else may be effected ? Escalate and collaborate

Monitor and review
whatever we have decided after a risk evaluation, Act, monitor, accept or achieved, the risk owner must monitor and review as often as appropriate for the level of risk.

In addition to risk owner responsibility, monitoring should be a routine part of Governance and Management processes ( Governance, management , or performance meetings)>

Thematic risk areas or specific risks may also require more frequent of critical monitoring. Could be conducted by an independent/objective person/function.

19
Q

Describe Step 1 of the risk management process ( Establish context)

A

Establishing the context includes understanding :
Internal context - anything within Police that influences how we manage risk , for example
- your objectives
- governance, structure, roles and accountabilities
- Our Business, other strategies, plans, work programmes and initiatives
- Policies, processes and Practices ( Police instructions and PPPs)
- Authoritative support
- Capabilities - resources, S/K
- Relationships and the perceptions and values of internal stakeholders
- Organisational culture
- Information flows and decision making processes
- Form and extent of contractual relationships, MOU’s , and other agreements

External context
Anything outside police control that may affect our ability to manage risk, for example.
- the social, cultural, political , legal and regulatory, financial , technological , economic , natural and competitive environment.
- Relationships and perceptions and values of external stakeholders.

20
Q

Describe Step 2: Identify risk management

A

Risk identification can be done
- ad hoc / as part of BAU
- through a risk workshop or other dedicated process : systematic and focussed examination of risks in a particular area of work with the aim of generating a comprehensive picture.

  • what might prevent/affect or delay the achievement of our objectives?
    -What about the risks of not doing something
  • Have you considered knock-on or cumulative effects of other actions
  • Are there any unintended consequences?

Describe the risk
- what is the future uncertain event ( this is the risk)
- what is the cause or causes
- what is the effect of the risk occurring? this is the Consequences.

Note - often we confuse risk with threat and hazard.
- threats/hazards contribute to the risk.
-threats are usually expressed as intent x capability ( sometimes opportunity is added)
- hazards usually depend on their own attributes.

21
Q

Describe Step 3: Analyse risk

A

Involves seeking further information to develop an understanding of
- the level of risk, using Police’s risk matrix and supporting criteria and
- any existing controls in place and how effective these are to determine what level of risk we are currently carrying.

Any assumption made during risk analysis should clearly be documented and communicated to decision makers.

Controls ie
- nature and level of risk
- how the control changes the likelihood or consequence of the risk
- how much the likelihood or consequence is reduced
- how reliable is the control? to what extent can it be relied on?
- how available is the control in practice? is the control in place for some of the time or in particular circumstances only?
- where there are other overlapping controls that have the same effect

22
Q

Describe Step 4: Evaluate

A

Once we know what our risks are, what controls are in place to help prevent or manage, and therefor what risk we are carrying we must consider how comfortable we are with this information.

If not comfortable we should decide
- what we can do about it
- costs and benefits of any proposed actions
- the wider context, including legal, regulatory and other obligations ( such as Police instructions or MOU’s and contracts)
- priorities
- does this need to be escalated?

May decide to
- Act - high risk exposure where additional action plan required
- Monitor - high risk exposure where action plan is sufficient
- Accept - low risk exposure where action plan are nascent or inefficient.
- Achieved - low risk exposure where action plans are sufficent , efficient management is achieved

23
Q

What is the risk rating calculation?

A

Likelihood x consequences after you have taken into account the existing controls.

24
Q

Describe Step 5: Take Action

A

After risk evaluation, if we find that existing controls are not managing a risk to an acceptable level of comfort, the risk owner or Governance group must act or monitor the risk, to do this they prioritize a treatment/ further action

If you need to act you will treat and take action to respond to a risk. Act should reduce the likelihood or consequences pre or post the uncertain event.

Treatments and any further action should be prioritized based on
- level of risk
- assurance in the proposed treatments
- relative costs and benefits of treatments/ future actions and
- an ongoing assessment of our internal and external context

25
Q

How do we incorporate risk management into what we do every day?

A
  • Planning/SPTS
  • New initiatives
  • Changing how we do things
  • Changes in our operating environment
  • Near misses/ lessons learnt and events.
26
Q

What are the 3 reasons why you need to know about health and safety?

A

Legal
Ethical - looking after our people is the right thing to do.
Our business- good health and safety is good business.

27
Q

Describe S36 Health and Safety at Work Act 2015 ( HSWA)

A

Primary duty of care.
Police has the “Primary duty of care” - the responsibility for people’s health and safety at work. We must ensure the health and safety of
- Police employees (constabulary and non-constabulary)
- Any other workers it influences ie contractors, SAR, third parties including volunteer workers, cleaners, temporary staff etc.
- Other people who could be put at risk by our work, ie detainees and general public.

28
Q

What is the work environment?

A

Includes physical and psychological work environment. Duty of care applies wherever Police are working
Health includes mental health, just not physical injury or illness.

29
Q

Describe recruitment and retention in context of Health and safety

A

Nobody wants to work for an organisation that is injuring its people. If police are seen as proactive in injury prevention that helps retain staff because they are fit for work and feel valued. If an employee leaves Police we lose all the experience they have acquired during their career. In addition, it costs more than 45k to train a recruit at RNZPC.

30
Q

Describe ACC levies in context of Health and Safety

A

ACC levies and payments for injuries and illness cost police approx $7 million. this doesn’t include vehicle or property damage costs. Preventing injuries allows this money to be used to better effect.

31
Q

What is “Reasonably practical”?

A

Two parts
1 - consider what is possible in your circumstances to ensure health and safety
2 - Of the possible actions, consider what is reasonable to do in your circumstances.

  • How likely is the risk and how severe is the harm? the greater the harm, the greater the action required.
  • What do you know or ought to reasonably know about the hazard or risk and the ways of eliminating or minimising the risk?
  • What is the availability of the control measures and how suitable are they for the specific risk?
  • How many control measures do you need to apply? The greater the harm, the more layers or protection that should be applied.

As a final step, what are the costs of the control measure and are the costs grossly disproportionate to the risk?

32
Q

Describe the hierachy of control

A

Elimination - physically remove the hazard ( most effective)
Substitution - Replace the hazard
Engineering controls - Isolate people from the Hazard
Administrative controls - change the way people work
PPE - protect the worker with PPE ( least effective )

33
Q

What is a ‘Near miss”

A

An unplanned or unexpected event that occurs as a result of police work activities and, under slightly different circumstances, could have resulted in harm to a person but did not. Includes “loss only “ incidents where damage was caused to Police property, but no people were harmed. A near miss is an opportunity to prevent a further injury before someone is hurt

  • eg a minor car crash
34
Q

Who must review near misses and incidents

A

A supervisor

35
Q

When must you notify worksafe?

A
  • Admissions to hospital
  • Serious head injuries
  • Loss of consciousness.

Certain near miss events which have the potential for death or serious injury.

Exemptions - the only exemption are for NZDF deployed on active operations and some SIS/GCSB activities. Not for police

36
Q
A