The system of control in aged care

Share this article

A guide to resetting risk and governance in aged care

The Aged Care Quality Standards, an unannounced accreditation regime and the final report from the Royal Commission into Aged Care Quality and Safety (aged care royal commission) all point to providers needing to better understand and demonstrate a robust system of control. 

This is chapter 5, our final chapter in the step-by-step guide to ‘get the basics right’ when it comes to aged care governance and risk management. Chapter 1 focussed on understanding how the risk and governance bar is lifting; chapter 2 considers the basics of good governance in aged care; chapter 3 looks at effective risk management and issue resolution in aged care; and chapter 4 highlights the importance of risk prevention in aged care.

In this chapter, we outline establishing a robust system of control that will enable board attestation, as recommended by the aged care royal commission’s final report (see R90(f)).

What do we mean by a system of control? 

A robust system of control provides confidence to consumers, their families and the Board that your organisation has a structured and systematic approach to support safe, quality consumer-led care.

Elements and approach to establishing a robust system of control:

  • Design: Processes and activities (controls) are designed to address risks and meet compliance obligations (such as the aged care standards).

  • Operationalise: These processes and activities are operationalised through policies, procedures and training.

  • Communicate and educate: They are communicated, well understood and applied at all levels. 

  • Continuously monitor and improve: The approach to monitoring the system of control provides insights into emerging issues and trends (e.g. proactive risk identification), whilst enabling organisation-wide benchmarking, sharing of lessons and continuous improvement.

Whilst an organisation-wide system of control relates to more than the aged care standards, they are a good place to start.

In practical terms, to understand your organisation’s system of control relating to the aged care standards you should first look at each service's self-assessment against the standards (using the Aged Care Quality and Safety Commission’s template and guide). This will provide insight into what is in place to meet the objectives, what is not in place, and what is in progress.  

It is important that this self-assessment tool is well understood and up to date, as this is one of the key documents (if not the first) you provide to assessors during a visit.

As an executive and board using this information, it is also important to consider the variation in these self-assessments. Are there services that have really strong responses that you can pick up and share across the organisation, and others where there are clearly gaps and issues that require more immediate support? 

Once you have visibility of what is in place and in progress, consider how you get comfort over these activities and controls. How do you know they are in place and operating as intended?

Prioritise the activities and consider the different ways and frequency with which you want to get visibility. We have seen the sector effectively use the following approaches.

1. Standardised review and reflection activities

Establish review processes over key activities, and define the frequency of review (e.g. weekly, monthly or quarterly). The purpose of these activities is to review, reflect, act and, importantly, record what was done, by who, and what happened as a result.

These review activities provide confidence that the system of control is active and being continuously reviewed and assessed. 

It is important to record the following:

  • What was reviewed (e.g. monthly review of complaints register);

  • What themes or findings were identified (for example, all complaints addressed promptly and timely consumer resolution achieved; however, trend/increase in complaints relating to call bell responsiveness);

  • Critically, what action was taken. 

    • Undertook further review and analysis to understand impact if any (e.g. increased incidents/falls)

    • Engaged with consumers to better understand the issue and identify the root cause. 

    • Addressed the root cause and implemented changes to reduce or eradicate the risk and provided education and training to staff.

    • Ensured the change is embedded and sustained (e.g. added the action to our continuous improvement plan; updated our standard operating procedure and our training materials; added the new control to our self-assessment and clinical audit program).

    • Continued monitoring of progress through active engagement with consumers and staff, including specific feedback on this action (e.g. as part of the next quarter’s consumer feedback survey).

2. Second and Third Line audit and assurance

Ensure these activities and controls are mapped to, and tested, as part of your internal clinical audit program, and periodically by your independent internal audit team.

3. Management attestations

Periodic management attestations should be made (at a service level/organisation-wide level) to your governing body/committee with evidence that controls are in place, embedded and operating effectively. Note the importance of retaining documented evidence to support these attestations from points 1 and 2 above.

This approach helps to provide structure and transparency to the board so they are confident attesting to the system of control. This then helps the board to answer the following questions:

  • What is the system of control at our organisation?
  • How do we bring it to life and ensure its operating effectively?
  • How do we monitor effectiveness, identify and action improvements in a robust and systematic way?

The Serious Incident Response Scheme’s (SIRS) to “preventing and reducing incidents of abuse and neglect” requires providers to take a systematic approach to managing and responding to all resident incidents and to take proactive steps to minimise the risk of incidents from recurring. SIRS is the initial stepping stone to mandating providers develop capability in risk management through utilising data to effectively identify, investigate, support and manage risks to consumers, enforcing sector-wide change. 

Is standardisation required to enable a consistent approach to governance, risk and compliance? 

Governance, risk and compliance are an integrated collection of capabilities that enable organisations to reliably achieve objectives, meet regulatory requirements and deliver quality care.

Providers need a robust, holistic corporate and clinical governance approach with integrated systems to manage safety, risk and quality in clinical and care services. 

An effective standardised framework that incorporates all elements of leadership, accountability, culture, protocols, practices, policies, education, measurement, evaluation and relationships will align well with the necessary system of control. Coupled with organisational roles, responsibilities, structures and accountabilities, providers will be better placed to demonstrate oversight across standards. 

How would your board and leadership team answer these questions?

  • Do we have a standardised, holistic and integrated system to manage safety, risk and quality in clinical and care services?

  • Has this been effectively communicated across the organisation and have staff been trained on what this means for them?

  • Is there clear responsibility and accountability for the management of safety, risk and quality across the organisation, and is it clearly connected to the overall system of control?

  • Do we monitor and report on the effectiveness of our strategies to manage safety, risk and quality?

  • Does the board have sufficient knowledge, experience (R90(a)) and oversight of assurance activities and outcomes to enable annual attestation?

What are the benefits of a system of control?

Aligned to this system of control is standardising best practices, an important part of delivering effective, safe and high quality care and can result in the following.

Consistent outcomes

The implementation of strong systems and processes over time leads to consistency in improved outcomes for consumers and their care.

Improved quality of care

Standardised policies, processes and procedures, with associated education of staff results in overall improvement in evidence based care.

Continuity of care

Coordinated teamwork, good record systems and the timely communication of relevant information between and within care providers, consumers and families results in seamless care.

Improved consumer safety and decreased unintended harm

With consistency, continuity and standardisation of care, risks become well managed, incidents and complaints decrease and KPIs are exceeded.

Brand and reputational security

Positively reflects on the provider as a trusted name in aged care service, in the eyes of our consumers, employees, investors, regulators and stakeholders.

Continuous improvement

Monitoring and reporting on the effectiveness of standardised systems and processes supports early identification of red flags and can inform continuous improvement strategies and actions.

Positive organisational culture 

A service built on trust and communication with the consumer at the centre, improves teamwork, raises morale and connectedness enhancing performance and staff retention.

Annual attestation by the board

Confidence that the provider has the structures, systems and processes in place to deliver safe and high quality care (R90(f)).

Would a standardised system of control, along with indicators provide greater transparency and oversight by consumers, the Department and the Commission?

There is a need for open and reportable lines of communication between the Aged Care Quality and Safety Commission, the Department of Health, providers, consumers and families. This would address the demand for visibility of a provider’s compliance against standards via its complaints, quality of care, indicators, clinical incidents and SIRS. 

Under a standardised system of control, key control activities are implemented, tracked and monitored with defined accountabilities. Sufficient knowledge, experience (R90(a)) and oversight of key control activities should support timely identification of issues or red flags to initiate action.

Consequently, standardisation of elements of the system of control across the sector would enable providers to transparently report on the performance of their processes as well as consumer outcomes. This results in a greater understanding of the end to end care continuum at a service level and community confidence that consistent, safe, quality care to elder Australians is being delivered.

For more information on governance hot topics and board issues, visit PwC’s Governance Insights Centre.

Contact us

Nicola Lynch

Nicola Lynch

Health & Education Industry Leader, PwC Australia

Tel: +61 425 147 707

Edwina Star

Edwina Star

Risk Consulting Lead, PwC Australia

Tel: +61 416 301 798

Tracy Robertson

Tracy Robertson

Senior Manager, Assurance, PwC Australia