Vic Management Interns' blog

Blog posts by Victorian Management Interns of the Australasian College of Health Service Management. Views are those of the individual authors and not those of ACHSM or management interns’ host organisations or employers.

Oscar Chaffey
Oscar Chaffey

Health Management Interns, ACHSM

Risky Business: Learning about Risk Management in Healthcare (Lucy Bertino)

By Lucy Bertino

1st Year Health Management Intern

Working in hospitals as a speech pathologist prior to the internship, I had developed an understanding of common clinical risks patients can be impacted by: falls, medication safety errors and pressure injuries just to name a few.

My first work placement for this internship has opened my eyes to the reality of non-clinical risks – the other type of scary monsters under the bed that keep health service managers up at night. However, getting some first-hand understanding about the value of risk management has shown me how we can shine a light on these unknown issues before they develop into full-blown nightmares.

The discipline of risk management extends far beyond clinical risk – this was news to me! Organisations in finance and business sectors are often well versed in enterprise risk management. Contrastingly, Enterprise Risk Management is a relatively new concept in healthcare (Martin, 2020). Risk managers in our sector face a unique challenge: in addition to scoping risks businesses outside the health sector keep line of sight of; they also need to factor in the inherent risks associated with clinical care. This is no small feat! 

Do we have the skilled workforce in adequate numbers to deliver our services? Are our facilities fit for purpose? Are we forming partnerships to meet our strategic objectives? Do emerging risks such as the COVID-19 pandemic threaten to compromise our ability to achieve other imperatives?

During this placement I have had the opportunity to complete a risk assessment for a new vaccination service responsible for delivering the COVID-19 vaccine to a catchment of over 300,000 community members. I have gained a valuable insight into the considerable number of factors which need to be considered when establishing a new service and importantly the risks that need to be identified and managed during the process.

The experience has enabled me to develop new knowledge, skills and experience in risk management.

When reflecting upon the last few months during my internship I’ve come to really appreciate the following take-home messages about risk management:

  • There is an Australian Standard for Risk Management

AS ISO 31000:2018 outlines a best practice guideline for managing risk effectively (Standards Australia, 2018). It includes specific steps for identifying, assessing, monitoring and reviewing risks in a systematic way.

  • Risk management has a unique vocabulary

Similar to clinical areas in health, risk management comes with a secret language and set of concepts to understand. Controls, risk bow-ties, risk artefacts, risk treatments, risk management frameworks, risk matrices, risk metrics and risk appetite and tolerance statements. Without a knowledgeable risk mentor, some key resources and the formal training undertaken during my internship I don’t know if I would have the confidence to communicate about these complex concepts.

  • Positive risk culture is important

In order for risk management to be effective; a positive risk culture is essential. When senior leaders and healthcare managers set the tone by encouraging their teams to speak openly about risk; issues concerning team members at all levels of the organisation can be addressed. I have learnt education is an essential enabler for this.

  • Effective Risk Management should be proactive rather than reactive

Risk Management should take place regularly and be seen as a part of usual business – much more than a “paper exercise”. Shining a light on a potential risk early enables controls to be implemented to reduce the chance of the risk occurring or to minimise its impact.

Benefits of risk management are twofold:                                                                                                               
Effective risk management not only “keeps us out of trouble” but also helps us improve. Organisations with robust and mature risk management approaches set clear boundaries (aka tolerances) to help guide decision making. This can include decisions about the type or amount of risk an organisation is prepared to take on to achieve an outcome. For example, expanding a health service’s clinical service profile may be considered a risk worth taking in order provide a greater range of services to healthcare consumers.

Healthcare is a risky business. I’m looking forward to continuing my journey learning and applying risk management well into the future so I can get a solid 8 hours sleep each night.


Martin, N. (2020). Enabling effective oversight: Enterprise risk management and board governance in healthcare. Healthcare Management Forum, 33(4), 182-185.

Standards Australia. (2018). Risk Management – Guidelines (AS ISO 31000:2018). Standards Australia.  


Views are those of the individual authors and not those of ACHSM or management interns’ host organisations or employers.

Comments are closed.