Better health and ageing for all Australians

Risk and Compliance

OATSIH Risk Framework Business Rules

PDF Printable version: OATSIH Risk Framework Business Rules (PDF 24 KB)

Purpose

To set out the business rules that determine whether the OATSIH Risk Assessment is required to be conducted on an organisation, or whether another Risk Assessment process may be utilised.

Business Rules

  1. An OATSIH Risk Assessment must be undertaken where the organisation:
    2. is funded through the Department of Health and Ageing Head Agreement for Multi Project Funding; and receives Departmental funding in excess of $300,000 per annum (GST Exclusive); and is under any Board Structure.

  2. Where an OATSIH Risk Assessment must be undertaken, the approximate required interval between assessments is:
    3. Rating Interval Exceptions
    Low once every two years unless there is an occurrence that poses a risk to the Commonwealth
    Medium once every two years unless there is an occurrence that poses a risk to the Commonwealth
    High Annually
    Extreme Annually

    **Note that the periods described are the maximum interval that can lapse between risk assessments. Risk assessments should be conducted on a more frequent basis if required. If there is an occurrence that poses a risk to the Commonwealth, a full risk assessment may be undertaken to assess the level of risk.

  3. An OATSIH Risk Assessment does not need to be undertaken where the organisation is a:
    4. University; State/Territory Government Department; Commonwealth Government Department; Statutory Authority (State or Commonwealth) - this includes Local Area Health Services established as Statutory Authorities; Local Council as defined under Local Government Act (or local equivalent) - this includes non-Indigenous councils and Aboriginal and Torres Strait Island councils; or Organisation that receives less than $300,000 (GST Exclusive) in funding from the Department per annum.

  4. Where an OATSIH Risk Assessment is not undertaken risk must still be assessed through the Department’s Risk Management Framework and associated resources.


  5. Where a decision is made not to undertake the OATSIH Risk Assessment and to use an alternative risk assessment methodology:
    6. the rationale for this must be documented and approved by the OATSIH risk delegate (the Central Office Director responsible for OATSIH Risk); and a record of this approval and the alternative risk assessment documents, must be kept on file to ensure an auditable trail.

  6. When a Risk Assessment is undertaken it must comply with the OATSIH Risk Procedures including the documenting and recording of all decisions and outcomes.

    7. Help with accessing large documents

    When accessing large documents (over 500 KB in size), it is recommended that the following procedure be used:

    1. Click the link with the RIGHT mouse button
    2. Choose "Save Target As.../Save Link As..." depending on your browser
    3. Select an appropriate folder on a local drive to place the downloaded file

    Attempting to open large documents within the browser window (by left-clicking) may inhibit your ability to continue browsing while the document is opening and/or lead to system problems.

    Help with accessing PDF documents

    To view PDF (Portable Document Format) documents, you will need to have a PDF reader installed on your computer. A number of PDF readers are available through the Australian Government Information Management Office (AGIMO) Web Guide website.