Embed Size (px)
DESCRIPTION
VMIA general insurance and risk newsletter highlighting employee use of social media, identifying risks in Victorias snowfields and Diploma of Intergrated Risk Management
Citation preview
RISKYBUSINESS
SPRING 2012
IN THIS ISSUE:
Spotlight on business continuity 2 Snowed under 3A social affair 4Mapping out the risks 6
2 | Risky Business Spring 2012 www.vmia.vic.gov.au
Risky Business
Self check-in Victorian public health firstAustin Health’s new electronic calling system is set to empower patients and improve efficiency
Austin Health’s new system for patient self-check-in is a Victorian Public Hospital first.
Developed with co-funding from VMIA, the check-in and electronic calling system has been designed to improve patient privacy, reduce the risks associated with delays in treatment and reduce complaints about excessive waiting times.
Melinda Cosgriff, the manager of Austin Health’s Specialist Clinics, said patients were currently advised to allow two hours for appointments, however most of this time was waiting time.
“Patients and carers become increasingly frustrated with waiting, with clerical and clinical staff often unable to confirm the time to be seen,” she says.
“At times, patients leave without being seen, which is not a great result for the patients because their appointments then need rescheduling or the patients present to a GP or at the emergency department for treatment.”
Under the new system, patients swipe their Medicare or DVA card, or scan their appointment letter, at the self-managed kiosk on arrival, which provides a ticket for the patient.
“The clinic staff will see that a patient has arrived on the QM dashboard on their computer desktop, and start to prepare paperwork and review test results required for the appointment,” Melinda says.
“When the clinician is ready, they will select the patient ticket number on the dashboard, and the ticket number and room number will display on the screen in the waiting room for a short time,
informing the patient of which clinic room to go to.” The first patient self checked-in on Thursday September 6.
Once the system has been operational for some time, statistics detailing patients’ arrival times, calling to clinic room and length of appointment can be analysed to improve appointment scheduling and streamlining work processes.
Reports from two health services in Queensland with similar systems have shown a significant reduction in patient waiting times by up to 50%.
A similar system is planned for the Olivia Newton-John Cancer & Wellness Centre, however instead of a ticket, patients will be given a pager and encouraged to use the centre’s facilities instead of sitting in the clinic waiting room.
Spotlight on business continuityVMIA project showcases need for greater attention to business continuity planning
A VMIA-sponsored exercise has highlighted the need for organisations to continually re-visit their business continuity planning.
Under the program, which was supported by the VMIA’s Risk Management Partnership Program, five organisations from across the public sector took part in a scenario-based program involving a plausible event with severe ramifications.
The organisations – which represented the health, education, cultural, major events and transport sectors – were asked to rely on their existing plans to identify appropriate response and recovery processes.
According to Jonathon Masom, the acting manager risk services for VMIA, the exercise showed that organisations can obtain valuable insights through putting their business continuity plans to the test.
“About two years ago VMIA surveyed the public sector on their business continuity management maturity,” he says.
“This latest exercise reinforces the fact that a lot of organisations may have a plan in place to cope with severe business disruption, however ensuring management is fully aware of the plan remains a challenge.
“A solid business continuity management strategy is a key component of good risk management and it reduces the impact of business disruptions on an organisations’ ongoing operations.”
The VMIA regularly runs training and information sessions on business continuity management. For a more detailed consultation, get in touch with your risk management adviser.
Now on our website
Managing Clinical Risk Edition 15 www.vmia.vic.gov.au/managingclinicalrisk
VNews – Latest news and information from the VMIA latest issue available now
David Paterson checks in.
www.vmia.vic.gov.au Risky Business Spring 2012 | 3
Snowed underPotentially dangerous activities like skiing and snowboarding are only part of the risk register for the managers of Victoria’s alpine resorts
Although personal injury is the first risk that springs to mind when considering Victoria’s snowfields, it is only one part of the risk management program employed by the resorts’ management.
For Jon Hutchins, the chief financial officer at Mount Hotham Alpine Resort Management, the region’s geography is a key factor in any risk analysis.
“We are remotely located, and our turnover of staff is quite high,” he says.
“Everyone thinks it would be great to work at a ski resort, but they don’t realise that you can’t go down to a pharmacy at lunchtime or you can’t go to the bank at lunchtime. It’s fine in the three months that we are busy, when we have a whole host of services that open, but for the rest of the year it is quite remote.”
Stuart Ord, the chief executive of Mount Baw Baw Alpine Resort, agrees that the problems of geography affect his resort too.
“We manage all the lifts, all the food and beverage and the water supply,” he said.
“We also supply all the power in the village – we generate all our own electricity. If that goes down then there are all sorts of risks across the village.”
Stuart said the resort relied on two gas fired generators and two diesel generators to supply power.
Another major risk facing Victorian snowfields this year was worsening economic conditions, Jon says.
“We are self-funded, so financial risk is a key issue,” he says.
“In a declining economy, where there are stresses on disposable income, that impacts on property values and spending and tourism.
“Like all Australian tourism we are impacted by the high Australian dollar. Economically it’s very competitive to ski in overseas locations. We operate in a highly competitive environment, which most statutory authorities wouldn’t normally face.
“In terms of financial resources we have got to be prudent. In terms of staffing we had 20% redundancies last year from our permanent staff. We have got to move with the economic conditions like everyone else.”
Jon said the resort was constantly looking to increase visitor numbers through various marketing initiatives and through developing loyalty through social media platforms such as Facebook.
“We operate in a highly competitive environment, which most statutory authorities wouldn’t normally face.” Jon Hutchins, CFO, Mount Hotham Alpine Resort Management
What, then, of the risks to customers who are partaking in more dangerous activities such as skiing and snowboarding – how do the resorts manage that?
According to Stuart, the issue is not confined to the snowfield areas.
“The risks start from the time the guests come up the hill,” he explains.
“People aren’t used to driving in these sorts of wet and slippery conditions, and every year we have cars that slide off the road that we have to drag back.
“Many people come up just to play in the snow, and can result in a large number of people in quite confined areas, particularly the tobogganing slopes. We are a very small village, with two toboggan runs and seven lift areas, but if we have 2000 people in the village on any one day then incidents between skiers or tobogganers are always possible.
“So far this year we have had more than 150 separate incidents that have had to be dealt with by a paramedic or a first aid person.”
Stuart says there is another emerging risk to the safety of customers with new equipment being imported for snowplay.
“There are numerous items of equipment coming onto the market which are giving us grief in terms of our risk profile,” he says.
I have a volunteer at my health service that is 89-years-old. What is the cut-off age in your policy?
Volunteers at public healthcare organisations are insured under VMIA’s Group Personal Accident insurance policy, which provides cover for workers aged between 5-years-old and 100 years.
Q&A
4 | Risky Business Spring 2012 www.vmia.vic.gov.au
Risky Business
The rapid rise of social media has created an increased risk for employers as the line blurs between an employee’s professional and private life – meaning that what may harmlessly have been done in a person’s private life previously can now impact on an employer’s business in a very public way.
The risk has grown for employees as well, with their private life now opened to further scrutiny both in the workplace and by potential employers.
This uptake of social media has also seen an increase in the number of cases brought before Fair Work Australia for unfair dismissal involving social media.
“Social media is a very powerful tool, and one which has developed relatively recently and exploded in growth,” says Rory Jolley, a senior associate with Minter Ellison Lawyers.
“It’s a very powerful tool, but with that power comes a great potential for disaster as well.”
Rory cites the recent “St Kilda schoolgirl” incident, where Kim Duthie posted on Facebook nude photos of several St Kilda footballers, as an example of how “dangerous” social media could be.
“It was in the news for weeks and we all heard about it, and it turned out to have quite serious ramifications for the footballers because those images are out there now, and they are permanent,” Rory says.
“But it may also have some serious ramifications for Ms Duthie, because employers are more frequently using cyber screening when they are recruiting staff and any Google search of ‘Kim Duthie’ is going to bring that up. For the rest of her life she is going to have to live with that.
“That is a really important lesson for people when they are using social media. There is that permanence, and once something is out there, it can get out of your control really quickly.”
In an international example, in 2009, two Domino’s Pizza employees posted a video on YouTube showing food being prepared in an unhygienic manner, and the video quickly went viral.
According to The New York Times, the two employees were later fired and received civil charges for delivering prohibited food. The store they worked in was shut down until it received a sanitation clearance and the share price of Domino’s Pizza dropped 10% in the wake of the scandal.
A poorly defined boundary between employers and employees and their respective use of social media also creates potential risks.
“Perhaps 10 years ago we might have ignored social media by measures such as banning Facebook at work and not allowing
employees access to other social media, but closing our eyes in that respect is no longer an option”, Rory says.
“Sure, you could ban Twitter or Facebook on work computers but all of your employees have smartphones – we can all go on our phone or go home to our broadband connections and post whatever we want.
“For employers, ignoring it isn’t really an option, and it is sensible to take proactive steps to protect your own interest, and your staff’s interests, and the reputation of your company and its brands.”
Ian Patterson, Chief Information Officer for VMIA, agrees with this assessment, and to this end is investigating several options involving use of social media for the maximum benefit of staff and the organisation as part of a comprehensive online strategy under development.
“New social media applications spring up almost daily and while many may not be appropriate, we’re considering introducing some tools that will be beneficial to our staff and our clients”, Ian said.
Unfair dismissalAccording to Rory, organisations should be wary of staff members excessively using social media on workplace systems or during work hours. He says it is sensible for employers to monitor their employees’ use of technology, in concert with clear and well drafted IT policies that permit the employer to do so.
“If an employer could show that a substantial period of work time was used for non-work purposes, then that may constitute a valid reason for termination,” Rory said, highlighting a case where a staff member was alleged to have sent more than 3,000 ‘chats’ during office hours. In that case, Commissioner Anne Gooley held while excessive social media use during work hours could indeed be a valid reason for termination, the employer had not in fact proven that misconduct justifying dismissal had occurred.
Staff could also use social media to bully or harass other members of staff, he said, citing the case of O’Keefe v William Muir’s (trading as The Good Guys) [2011] FWA 5311. In that case, Damien O’Keefe wrote explicit, insulting and threatening messages on his Facebook page about his employer and another employee.
A social affairIf your employee makes offensive remarks about your organisation on their Facebook or Twitter accounts, do you have a valid reason to terminate them?
Risky Business
www.vmia.vic.gov.au Risky Business Spring 2012 | 5
Although his Facebook account settings were set to private, and he wrote the message on his own computer during personal time, 11 of his 70 friends on the site were co-workers.
In her decision, Deputy President Deidre Swan found that “the fact that the comments were made on the applicant’s home computer, out of work hours, does not make any difference… The comments were read by work colleagues and it was not long before [management] was advised of what had occurred”.
Damien’s case for unfair dismissal was not successful.
Rory says that employers can discipline employees for social media use, in certain circumstances.
“If they are using work systems on work time then the employer clearly has an interest in it – any breach of that would likely be a breach of an IT or other policy that could result in discipline,” he says.
“Conduct that is out of hours, and using non-work related systems, is not as clear cut, but employees can still be properly disciplined in certain circumstances, if their action could be said to breach an express or implied term of their employment contract.”
ProtectionWhat can organisations do to protect themselves from possible issues arising from employee’s social media use?
According to Rory, an organisation’s first step should be to formulate a clear set of guidelines or policies relating to social media. In several instances, the absence of clear guidelines by the employer relating to social media were an important factor in the outcome of the case.
An example of this occurred last year, when Glen Stutsel was successful in his unfair dismissal case against Linfox Australia, which had relied on a series of Facebook posts as the basis for the termination of employment ([2011] FWA 844).
Commissioner Michael Roberts found that the company did not have a policy relating to the use of social media by its employees, and was instead relying on its induction training and handbook to justify the dismissal.
“In the current electronic age, this is not sufficient and many large companies have published detailed social media policies and taken pains to acquaint their employees with those policies,” Commissioner Roberts noted in his decision.
Rory says that an appropriate policy and training for staff are essential.
“A policy is important because it will give you boundaries for what is allowed, and not allowed, in relation to social media at work, and what you can and can’t do outside of work. It will also outline the consequences of any breach and deal with the issue of reasonable personal use and the use of an organisation’s equipment during personal time,” he says.
“Employers are starting to see an influx of employees who have grown up with social media, it is all they know.
“Staff need to be trained in these matters, maybe as part of their induction, and managers should be trained to address some of these risks.”
Beware the searchOrganisations can be exposed to litigation through their use of social media as part of the employment process, with a growing number of employers using ‘cybervetting’, where a potential employee’s digital footprint is examined.
“Employees obviously need to be careful about what is on their Facebook site or other personal web pages,” Rory warns.
“What might seem harmless now could really come back and haunt you. And people can be lulled into a false sense of security by privacy settings. People think because they have checked their privacy settings, they can now say what they want. Sure, there might not be immediate ramifications, but what if someone who is a friend of a friend saves a photo and it winds up in the public domain?”
Employers need to be wary too that they don’t expose themselves to potential allegations of discrimination or breach of privacy.
“If you are taking a screen dump of the Facebook account of an applicant for employment, for example, it may be open for that person to request that data from you under privacy legislation,” Rory says.
“There is an exemption for employee records, but that doesn’t encompass potential employees. If they know that a company has looked into their Facebook account, and they believe that they did not get the job because of their race, religion, or because they are a single parent, for example, it’s really open for the employee to make an allegation that they were discriminated against.
“It doesn’t need to have actually been discrimination – even if there was absolutely nothing untoward happening if someone believes that it could have been discriminatory then there is nothing stopping them from making a complaint to a State or Federal human rights commission, and then there are inevitably costs involved in defending that claim.
“Often there are entirely appropriate reasons for not employing someone based on their use of social media. For example, if you find they have been making offensive comments or indulging in illicit activity, that may be an entirely legitimate reason not to employ them.
“The lesson for employers is that they just need to be careful with how they use information obtained from social media, and how they may be perceived to have used that information.”
6 | Risky Business Spring 2012 www.vmia.vic.gov.au
Risky Business
Data mapping of Victoria’s infrastructure and organisations by VMIA is continuing, with more than 24,000 assets currently in the system.
The geospatial database includes details of a diverse range of assets, including infrastructure such as roads, hospitals and other State-owned buildings.
Each asset is coded with information such as its address, elevation and value, together with relevant documents including site risk
surveys, photographs and site maps.
“Because the mapping system is a visual concept, it’s much easier to understand a particular event when you can see it laid out on a map,” explains Wan Tse Tan, technical co-ordinator with VMIA.
“It’s much easier to see a flood area or a bushfire zone and the relevant affected assets.
“For example, during the March 2012 floods we were able to quickly get an overview of the affected area and establish a quick
estimate of the affected assets and their value. This allowed us to get in touch with our clients to offer our assistance”
Data in the mapping system is drawn from a range of sources including other government departments and statutory authorities.
The number of assets in the system has more than trebled since its inception, and work is continuing to add more assets to provide a more holistic picture of the state’s asset register, Wan Tse says.
The 2012 VMIA Risk and Insurance Forum is set to welcome a host of well-known figures from the private and public sector in October.
The invitation-only event, hosted by Channel 10 weather presenter Mike Larkan, will focus on the rising impact of natural disasters under the theme of Weathering Heights.
Highlights of the event program include a keynote speech by Bob Parker, the Mayor of Christchurch, who will speak about leadership in a time of crisis drawing on his personal experiences from the city’s devastating earthquake.
Beaconsfield miner Todd Russell will also share his experiences after an earthquake caused the mine he was working in to collapse in 2006.
Industry figures from Aon Risk Services, Swiss Re, Australian Davos Connection and VicRoads are also among the speakers.
The Hon. Robert Clark, MP, Minister for Finance will open the one-day forum on 17 October.
Mapping out the risks
www.vmia.vic.gov.au Risky Business Spring 2012 | 7
Employee red flags• A lifestyle which seems excessive, particularly in relation to their salary• Consistently suffering from financial difficulties• Persistent rumours that the employee has addictions or vices, particularly gambling• Works long hours and / or never takes a vacation• Is unusually inquisitive of the controls and procedures the organisation has for
payments or purchases• Displays control issues or is unwilling to share duties• Becomes defensive when questioned about work systems• Has an unusually close association with a vendor/customer or vendors/customers
will only deal with this particular employee• Appears to be constantly stressed or under pressure
Diploma of Integrated Risk Management kicks offThe first intake of students for the Diploma of Integrated Risk Management are about to begin their studies this month.
The diploma, developed by the Australian and New Zealand Institute of Insurance and Finance (ANZIIF) in partnership with VMIA, is targeted at risk management professionals working across the Victorian public sector.
Bronwyn Mills, the manager of accreditation, pathways and consultancy for ANZIIF, says the course was designed for professionals who were starting out in a risk management role, for example, someone holding an administrative role in a risk management team.
“These people are likely to come from a background in accounting, legal, business management, science or occupational health and safety before being seconded to risk management,” she says.
“In the diploma, students will learn how to identify, assess and manage risks, together with developing and monitoring policy and procedures. In addition they will learn about managing an operational plan, analysing and commenting on management reports and providing leadership across their organisation. They will also learn to manage specific risk exposures, including project risk and fraud risk.”
David Pearce, the client learning services manager for VMIA, says more than 150 professionals across the Victorian public sector registered their interest in the diploma.
“We expect interest in the Diploma of Integrated Risk Management will grow as more organisations develop their skills in risk management.”
Enrolments for the next study period close in mid-November.
How to spot a fraudsterDespite Hollywood inspired images of fraudsters as outcasts with tattoos and excessive body piercings, most fraudsters are generally average people that are able to slip through checks and balances without detection.
But organisations who are worried about internal or employee fraud can still protect themselves, by being alert to behavioural red flags from their employees.
According to fraud risk management specialists RISQ Group, a red flag is an event or set of circumstances that should alert an organisation to fraud risk.
“While these red flags are not absolute proof that an employee is engaging in fraudulent behaviour, it does suggest an increased level of risk,” says Guy Underwood, chief executive of RISQ Group.
Some of the more common red flags seen among previous fraudsters include a lifestyle which seems excessive, particularly in relation to the employee’s salary, or people who are consistently suffering from financial difficulties.
Other red flags include working long hours or never taking holidays and persistent rumours that the employee has addictions or vices, especially gambling (for more red flags, see below).
Organisations should monitor for any changes in employees behaviour, and also be aware of other circumstances in an employee’s life
which may create additional pressure and make them more susceptible to the temptation – or need – to commit fraud.
“Many frauds over the years have been committed to finance gambling addictions,” Guy says. “If we look at changes in personal circumstances, how many of those fraudsters were born with the gambling addiction? The answer is none - but their circumstances changed to the point that they felt the need to commit the fraud.”
In one case in 2009, three employees of a Victorian council were convicted of stealing $1.5 million through the submission of fake invoices. At the sentencing of one of the offenders the court was told the fraud was committed in order to assist the offender’s family, who had fallen into financial troubles. After his family’s debts were paid, the offender continued to commit the fraud after he “realised how easy it was to siphon off the money”.
“We are often asked ‘what makes a good person turn bad?’” Guy says.
“But a large number of people who commit fraud do not have a previous history of dishonesty. As identified earlier, a number of factors can conspire to turn an otherwise good employee into a fraudster. Understanding these factors, and being able to identify behavioural red flags, are important tools in helping prevent your organisation from becoming a victim of fraud in the future.”
Risky Business
© VMIA 2012 www.vmia.vic.gov.au
We value your feedbackPlease provide any feedback to [email protected] or contact us on 03 9270 6900.Visit www.vmia.vic.gov.au for previous editions.The information provided in this document is intended for general use only. It is not a definitive guide to the law, does not constitute formal advice, and does not take into consideration the particular circumstances and needs of your organisation. Every effort has been made to ensure the accuracy and completeness of this document at the date of publication. The VMIA cannot be held responsible and extends no warranties as to the suitability of the information in this document for any particular purpose and for actions taken by third parties.
Risky Business
Thank God it’s FRIdayRisky Business caught up with Luba Surmon, senior planning and risk adviser at the Department of Human Services, to discuss the team’s social media initiative: a Yammer social network devoted to risk management launched in March 2012
Why did you decide to set this social network up?
We have a risk management community which includes representation from all the regions and divisions. They were mentioning that people outside the network didn’t have a clear understanding of risk management terminology or its benefits.
We decided to use our social media application Yammer because it’s free and we can keep the communication quite short to share snippets. We only ever cover one tiny topic at a time.
We can also keep it quite informal, so we don’t turn it into a management briefing. We also make it fun – we’ve referenced Rebecca Black and her song ‘It’s Friday’ for example. I know it’s hard to believe but some people think risk management is quite stuffy.
How do you use the service?
Each week we release a blog, and support it with fact sheets that explain what we have talked about in the blog in a bit more detail. Those fact sheets are then published on the intranet as well, for anyone who wants to access them later.
What has the response been?
We’ve had good feedback and some mixed responses. Once we did something on risk appetite and we had a reply saying that this particular person had a really low appetite for our risk management stories. I’m sure he meant it as a witty joke but to me that showed the culture we need to overcome. It ended up being a great comment because it stirred up conversation with some others coming in to defend the benefits and values of risk management.
Yammer creates some interaction and it’s not just a one-sided thing.
I have had a lot of people contact me for something else, who mention what I have written in Yammer. And I’ve also had people contribute stories to me to share with the group.
I definitely think it has worked. I checked the stats in May and June, and we were the second most liked item on Yammer.
How have you built interest in what you are doing?
We send it out on Friday, and the reason we do that is because we’ve created a pseudo-acronym where FRIday is Risk management Information day. It’s just a gimmick. We open each blog with “Hi it’s FRIday, time for some risk management information …” just to get people interested.
We have 2870 people registered for our Yammer application across the department who can access our information through the public forums, so we have the potential to reach that many people.
You can put comics in it or funny pictures to lighten it up, because everyone has had enough of formal briefings.
We have had Department of Health contact us because they wanted to do the same thing. For something which doesn’t cost anything, can potentially contact 2000 people and as it doesn’t require 15 levels of approval, it can be quite responsive and we can answer questions that arise as a result of previous blogs. It is a useful tool.
