This guidance defines ‘safeguarding’ and ‘vulnerable people’, and outlines your charity's legal obligations. It also provides approaches for managing safeguarding risks.
There are also additional resources available, including a safeguarding assessment and checklist, and policy templates.
Safeguarding
Safeguarding is protecting the welfare and human rights of people that are connected with your charity or its work – particularly people that may be at risk of abuse, neglect or exploitation.
Safeguarding is part of a charity’s primary duty of care.
Vulnerable people
While all people must be protected from harm, there are additional legislative and ethical considerations for protecting vulnerable people.
Vulnerable people can include:
- children and seniors
- people with impaired intellectual or physical functioning
- people from a low socio-economic background
- people who are Aboriginal or Torres Strait Islanders
- people who are not native speakers of the local language
- people with low levels of literacy or education
- people subject to modern slavery, which involves human exploitation and control, such as forced labour, debt bondage, human trafficking, and child labour.
Vulnerable people are not limited to a charity’s beneficiaries or the users of its services. They can include a charity’s staff, volunteers, and people in third parties, such as suppliers and partners.
Being able to recognise vulnerability in its various forms is the first step towards being able to protect vulnerable people.
Legal obligations
All charities registered with the ACNC must continue to be not-for-profit and pursue solely charitable purposes. They must also keep financial and operational records, and report information to the ACNC annually – including financial information.
Most charities must also comply with the ACNC Governance Standards and, if operating overseas, the ACNC External Conduct Standards.
The Governance Standards do not refer to specific obligations for safeguarding. However, they do require charities to comply with Australian law (Governance Standard 3), and they set duties for a charity’s Responsible People (Governance Standard 5). These duties include the requirement to act with care and diligence and in the charity’s best interests.
For charities that operate or send funds overseas, there are explicit requirements for protecting vulnerable people (External Conduct Standard 4).
There may be other state, federal or overseas legislation with which your charity must comply, depending on the location and nature of your charity’s operations. Charities could consider creating a register of legal obligations, so they are aware of all relevant obligations. You may consider getting legal advice to fully understand your charity’s legal obligations.
Risks, harms and possible consequences
Safeguarding is a priority for all charities, and your charity must be aware of the risks that come with its work, as well as any potential incidents of harm.
Incidents of harm may include:
- sexual harassment, bullying or abuse
- serious sexual offences, such as rape
- threats of violence or actual violence
- verbal, emotional or social abuse
- cultural or identity abuse, such as racial, sexual or gender-based discrimination or hate crimes
- coercion and exploitation
- abuse of power.
These incidents of harm can lead to consequences, such as:
- mental and physical health issues, or even death, for affected people
- civil or criminal sanctions for the charity or individuals
- community anger
- reputational damage and negative media attention
- disruption to services
- decrease in team cohesion, morale and productivity
- inability to attract staff and volunteers
- loss of donors and access to grants.
Managing risks
While everyone involved in a charity has a role to play in protecting people, the ultimate responsibility sits with a charity’s Responsible People. They must ensure the charity is able to identify and manage the relevant risks it faces, and do so in the context of the charity’s unique and specific circumstances.
How charities manage risks will vary significantly, but there are seven steps that every charity can take to help protect people from harm:
- Identify and assess the risks and any legal and ethical obligations
- Commit to managing the risks involved when working with vulnerable people
- Prevent harm and mitigate risks with clear and comprehensive policies, procedures and systems
- Engage people, including third parties, to help manage risks by adhering to those policies, procedures and systems
- Detect changes in risks, instances of harm and of non-compliance with obligations
- Take action when concerns, suspicion or complaints arise
- Assure the charity’s board that risks are being managed.
Your charity may find it helpful to set out these steps, and the actions it will take under each, in a formal action plan. That way, it can keep track of what it is doing, when action is being taken, and who is responsible.
It is important that your charity’s staff and volunteers have the appropriate skills and experience to carry out the action in each of the steps. If they do not, seek outside help, as not doing things properly can lead to more harm.
It may also be helpful to engage with other charities, particularly those involved in similar work, to share resources and knowledge about safeguarding. This can help your charity stay informed about trends or legislative changes that may impact its safeguarding work, and develop more robust governance practices.
The three important actions are to:
- understand your charity’s risks
- understand your charity’s obligations
- determine the policies, procedures and systems your charity needs to manage those risks and obligations.
Risk assessment
A risk assessment will help your charity to identify the risks that come with its work with people, prioritise each risk according to its likelihood and consequences, and identify the policies, procedures and systems to address the risks.
You can conduct risk assessments for the whole organisation, a department, or for specific processes, programs or projects. Risk assessments do not have to be complex; a simple and methodical approach is best.
When conducting a risk assessment, you should:
- think broadly about all the people your charity affects – what forms of abuse, exploitation or coercion could happen to them, and who might be responsible for them?
- consider potential risks in all activities, including those in your charity’s supply chain or of partners and subcontractors
- think about the likelihood of your charity’s resources being affected by these risks
- consider the consequences of an incident: the effects on the victim, your charity’s beneficiaries, its reputation, financial position, partners, and the staff morale.
- seek out information to understand the risks – consult widely, for example through meetings, workshops and surveys, and identify information sources such as previous incidents, reports, events in other organisations, and media reports.
Remember that talking about safeguarding may be confronting, particularly if people have had a traumatic experience, so approach the topic with care.
It is important that your charity knows its legal obligations. Keeping a register that lists the national, state and international legislation that affects your charity’s work can help.
This register should:
- identify the jurisdiction and source of the obligation
- provide a short summary of the obligation
- record what your charity does to ensure that it complies with the obligation.
Review the obligations regularly to ensure the register is up to date.
Your charity can also use the register to record and monitor other external obligations, such as government policies or professional standards or codes of practices.
When your charity has considered its risks and its obligations, it can evaluate whether it has the right policies, procedures and systems to manage them.
Committing to protecting people from harm means:
- having a clear and accessible safeguarding policy
- allocating adequate resources, leadership and authority to manage the risks
- ensuring everyone in your charity shares the commitment.
A policy that outlines your charity’s approach to safeguarding is an important document. This document should:
- reference your charity’s legal obligations
- outline identified risks
- define key terms (for example, ‘safeguarding’ and ‘vulnerable person’)
- clearly state your charity’s expectations of staff, volunteers and partners
- outline your charity’s processes for managing risks
- identify who is responsible for managing safeguarding
- clearly define the roles and responsibilities of people involved in safeguarding
- extend obligations to your charity’s partners and contractors
- contain supporting resources, such as an incident response plan or an employee vetting document
- be endorsed by your charity’s board.
Your charity can use our template safeguarding policy as a starting point.
Everyone in your charity should have access to the policy. It is also a good idea to also make it publicly available.
It is important that safeguarding is given appropriate resources and is supported by your charity’s leaders.
Ensure those resources are proportionate to your charity’s work, its risks and its funding. It can be helpful to use the risk assessment, and the priorities that came out of it, to decide where to focus resources.
Ensure your charity's leaders support the safeguarding approach and take it seriously. Have a senior person take responsibility for safeguarding and make sure it features regularly in board meetings.
Internal controls are policies, procedures and systems that can reduce the likelihood and consequences of incidents. It is important that these internal controls are appropriate for your charity and address its specific risks.
Examples of procedures and systems include:
- due diligence – the research, background checks and preparation that your charity does to minimise the possibility of doing harm to people
- segregating duties and providing supervision – policies or procedures that ensure the responsibility for high-risk situations is shared by more than one person
- managing third parties – third parties are people or organisations that your charity works with, and managing them includes ensuring they are capable of, and committed to, protecting people in their work. Written agreements, contracts or memoranda of understanding are useful ways to do this.
It is not enough for a charity to have a culture of good safeguarding practices – formal procedures and policies should be adopted by charities to ensure that there is a consistent process for addressing safeguarding risks.
Engaging everybody involved in your charity and its work means communicating the charity's expectations, raising awareness of the issue and building a positive culture of protecting people.
Your charity may do this through formal channels such as policies, procedures and training resources, or less formal methods such as email updates, newsletters and staff meetings.
To help develop and maintain a culture that values safeguarding, consider:
- Are your charity’s values expressed in a code of conduct and do these values support safeguarding?
- Has your charity considered the kind of culture it wants?
- Does your charity's leadership embody the desired culture and encourage others to be part of it?
- How do attitudes and events in your charity compare with its desired culture?
It is important to detect incidents of harm, moments of non-compliance with commitments, and indicators of changing risks.
To detect an incident of harm effectively, ensure that:
- staff, volunteers and third parties report any concerns they have – and can do so confidentially, if they wish
- there are ways for people to provide feedback, raise grievances and report suspected or actual incidents of harm
- people who report concerns or incidents of harm are protected
- there is guidance for managers and staff on detecting situations which have risks of abuse, neglect and exploitation
- there is a supportive culture that encourages staff and volunteers to speak up – a whistleblower policy may also be appropriate.
- there is a clear and transparent system for investigating and responding to concerns.
Examples of ways your charity can do this include:
- training on safeguarding for new staff and volunteers
- having clearly defined reporting procedures in its policy
- providing staff and volunteers with simple guidance on 'red flags' that might indicate incidents of harm
- a communication campaign that shows volunteers, staff and beneficiaries that it is safe to make reports
- an email address, contact number or other way through which people can make anonymous disclosures.
In the event of a suspected incident, your charity needs act promptly to understand what might have happened, the risks that might exist, and how to protect the people affected.
To effectively respond, it is helpful to be able to follow a response plan. This plan will help your charity manage the suspected incident and the risks involved. A response plan should:
- clearly assign roles and responsibilities for responding to the incident (with major roles and responsibilities reserved for people with appropriate training, skills and experience)
- set out what is required at each stage of the response
- include an internal investigation to understand what may have happened
- provide guidance for when matters should be reported to an external party, for example, the police, the ACNC or a partner or donor agency
- include a step focused on development and learning lessons.
Your charity can use our template incident response plan as a starting point.
Carefully consider the risks before beginning an internal investigation into a matter. Some incidents may be beyond your charity’s ability to investigate effectively, meaning you may need external help, or to refer them to police.
Your charity’s board needs to make sure that there are regular reviews of safeguarding policies, procedures and systems.
Review them at least annually and after any incident. Consider, for example, the following questions:
- Are they up to date, reflecting the current working environment and legislation or regulation?
- Do they reflect the current risks for your charity’s work?
- Do staff, volunteers and third parties follow the policies, procedures and systems properly?
- Do the policies and procedures work?
- What feedback has your charity received about them?
- What improvements could be made?
Case study: A risk assessment
A charity runs workshops and mentoring sessions to help people re-enter the workforce.
The charity had not previously done a safeguarding risk assessment, but an incident at a workshop made it think about the risks involved in its work. The charity’s management committee realised that the charity served people who might be considered vulnerable.
The management committee decided to do a risk assessment. They thought critically about the charity’s work and identified risks by talking to staff and mentors, meeting with volunteers and having service users complete an anonymous survey.
Following the risk assessment, the charity developed a new safeguarding policy as well as new procedures to help manage its risks. In developing the new policy and procedures, the charity consulted:
- its staff responsible for workshops and mentoring services
- its finance officer to understand costs
- its pro-bono legal advisor to understand its legal obligations, including work health and safety responsibilities.
The charity also took extra steps to ensure it addressed the risks of working with vulnerable people by:
- organising training sessions for staff and volunteers to help them identify and work appropriately with vulnerable people
- implementing a simple ‘whistleblowing’ system through which service users and others could report concerns.
The importance of safeguarding vulnerable people is now at the forefront of the charity’s governance practices. It features in all policies, is a regular item on meeting agendas, and all staff and volunteers are aware of how to work with vulnerable people.
Safeguarding resources
After reading this guide, you can check your understanding by taking our safeguarding assessment. We also have a checklist that your charity can use to ensure it has policies and procedures in place to safeguard vulnerable people.
You do not need to submit the assessment or checklist to the ACNC – they are optional resources designed to help you measure your understanding of safeguarding, and to identify areas for further training or improvement.
We also have a safeguarding policy template and an incident response plan template that your charity can use as a guide.
Downloads
More information and resources
- Guidelines for the development of a child safeguarding policy, ACFID
- Fundraising: Charities and people in vulnerable circumstances, ACNC
- National principles for child safe organisations, Australian Human Rights Commission
- Child Protection Policy 2017, Department of Foreign Affairs and Trade
- Preventing Sexual Exploitation, Abuse and Harassment, Department of Foreign Affairs and Trade
- Child Safety Toolkit, Moores
- Safeguarding Checklist, National Society for the Prevention of Cruelty to Children (UK)
- Safeguarding policy and procedures, Oxfam
- Child Safeguarding Toolkit, UNICEF
- Whistleblower Regime, ASIC