This guidance defines ‘safeguarding’ and ‘vulnerable people’, and outlines your charity's legal obligations. It also provides approaches for managing safeguarding risks.
This guidance focuses on safeguarding vulnerable people in the context of meeting your obligations as a registered charity. Your charity may have additional safeguarding obligations based on its beneficiaries or the sector it operates in, for example.
There are also additional resources available, including a safeguarding assessment and checklist, and policy templates.
Safeguarding
Safeguarding is protecting the welfare and human rights of people that are connected with your charity or its work – particularly people that may be at risk of abuse, neglect or exploitation.
Safeguarding is part of a charity’s primary duty of care.
Vulnerable people
While all people must be protected from harm, there are additional legislative and ethical considerations for protecting vulnerable people.
Vulnerable people are defined as a people aged under 18 or other individuals who may be unable to take care of themselves or are unable to protect themselves against harm or exploitation.
Vulnerable people can include:
- children and seniors
- people with impaired intellectual or physical functioning
- people from a low socio-economic background
- people who are Aboriginal or Torres Strait Islanders
- people who are not native speakers of the local language
- people with low levels of literacy or education
- people subject to modern slavery, which involves human exploitation and control, such as forced labour, debt bondage, human trafficking, and child labour.
The vulnerability may be permanent (for example, aged-related) or temporary (for example, a person forced to move to a shelter due to personal circumstances). Other vulnerabilities may include people in remote communities or overseas countries experiencing conflict or disaster, or where they don't speak the language or have supports around them.
Vulnerable people are not limited to a charity’s beneficiaries or the users of its services. They can include a charity’s staff, volunteers, and other people connected to the charity, such as those working for suppliers and partners.
Being able to recognise vulnerability in its various forms is the first step towards being able to protect vulnerable people.
Legal obligations
All charities registered with the ACNC must continue to be not-for-profit and pursue solely charitable purposes. They must also keep financial and operational records, and report information to the ACNC annually – including financial information.
Most charities must also comply with the ACNC Governance Standards and, if operating overseas, the ACNC External Conduct Standards.
The Governance Standards do not refer to specific obligations for safeguarding. However, they do require charities to comply with Australian law (Governance Standard 3), and they set duties for a charity’s Responsible People (Governance Standard 5). These duties include the requirement to act with care and diligence and in the charity’s best interests.
For charities that operate or send funds overseas, there are explicit requirements for protecting vulnerable people (External Conduct Standard 4).
There may be other state, federal or overseas legislation with which your charity must comply, depending on the location and nature of your charity’s operations. Charities could consider creating a register of legal obligations, so they are aware of all relevant obligations. You may consider getting legal advice to fully understand your charity’s legal obligations.
Charities operating in certain sectors, such as education and childcare, disability care or aged care should ensure they understand and follow all requirements of other relevant regulators, in addition to ACNC requirements.
Charities working overseas may also have additional safeguarding considerations – for example, if they have staff or volunteers working conflict zones or other dangerous locations.
Risks, harms and possible consequences
Safeguarding is a priority for all charities, and your charity must be aware of the risks that come with its work, as well as any potential incidents of harm.
Incidents of harm may include:
- sexual harassment, bullying or abuse
- serious sexual offences, such as rape
- threats of violence or actual violence
- verbal, emotional or social abuse
- cultural or identity abuse, such as racial, sexual or gender-based discrimination or hate crimes
- coercion and exploitation
- abuse of power.
These incidents of harm can lead to consequences, such as:
- mental and physical health issues, or even death, for affected people
- civil or criminal sanctions for the charity or individuals
- community anger
- reputational damage and negative media attention
- disruption to services
- decrease in team cohesion, morale and productivity
- inability to attract staff and volunteers
- loss of donors and access to grants.
Managing risks
While everyone involved in a charity has a role to play in protecting people, the ultimate responsibility sits with a charity’s Responsible People. They must ensure the charity is able to identify and manage the relevant risks it faces, and do so in the context of the charity’s unique and specific circumstances.
How charities manage risks will vary significantly, but there are seven steps that every charity can take to help protect people from harm:
- Identify and assess the risks and any legal and ethical obligations
- Commit to managing the risks involved when working with vulnerable people
- Prevent harm and mitigate risks with clear and comprehensive policies, procedures and systems
- Engage people, including third parties, to help manage risks by adhering to those policies, procedures and systems
- Detect changes in risks, instances of harm and of non-compliance with obligations
- Take action when concerns, suspicion or complaints arise
- Assure the charity’s board that risks are being managed.
Your charity may find it helpful to set out these steps, and the actions it will take under each, in a formal action plan. That way, it can keep track of what it is doing, when action is being taken, and who is responsible.
It is important that your charity’s staff and volunteers have the appropriate skills and experience to carry out the action in each of the steps. If they do not, seek outside help, as not doing things properly can lead to more harm.
It may also be helpful to engage with other charities, particularly those involved in similar work, to share resources and knowledge about safeguarding. This can help your charity stay informed about trends or legislative changes that may impact its safeguarding work, and develop more robust governance practices.
The three important actions are to:
- understand your charity’s risks
- understand your charity’s obligations
- determine the policies, procedures and systems your charity needs to manage those risks and obligations.
Risk assessment
A risk assessment will help your charity to identify the risks that come with its work with people, prioritise each risk according to its likelihood and consequences, and identify the policies, procedures and systems to address the risks.
You can conduct risk assessments for the whole organisation, a department, or for specific processes, programs or projects. Risk assessments do not have to be complex; a simple and methodical approach is best.
When conducting a risk assessment, you should:
- think broadly about all the people your charity affects – what types of vulnerability may they be experiencing, what forms of abuse, exploitation or coercion could happen to them, and who might be responsible for them
- consider potential risks in all activities, including those in your charity’s supply chain or of partners and subcontractors
- think about the likelihood of your charity’s resources being affected by these risks
- consider the consequences of an incident: the effects on the victim, your charity’s beneficiaries, its reputation, financial position, partners, and the staff morale.
- seek out information to understand the risks – consult widely, for example through meetings, workshops and surveys, and identify information sources such as previous incidents, reports, events in other organisations, and media reports.
Remember that talking about safeguarding may be confronting, particularly if people have had a traumatic experience, so approach the topic with care.
It is important that your charity knows its legal obligations. Keeping a register that lists the national, state and international legislation that affects your charity’s work can help. This could include obligations based on its industry (for example, working in childcare), mandatory reporting requirements, and obligations relating to handling personal or sensitive information.
This register should:
- identify the jurisdiction and source of the obligation
- provide a short summary of the obligation
- record what your charity does to ensure that it complies with the obligation.
Review the obligations regularly to ensure the register is up to date.
Your charity can also use the register to record and monitor other external obligations, such as government policies or professional standards or codes of practices.
When your charity has considered its risks and its obligations, it can evaluate whether it has the right policies, procedures and systems to manage them.
Committing to protecting people from harm means:
- having a clear and accessible safeguarding policy
- allocating adequate resources, leadership and authority to manage the risks
- ensuring everyone in your charity shares the commitment.
A policy that outlines your charity’s approach to safeguarding is an important document. This document should:
- define key terms (for example, ‘safeguarding’ and ‘vulnerable person’)
- reference your charity’s legal obligations (for example, mandatory reporting requirements, requirements for background checks, occupational health and safety obligations, privacy laws)
- outline how your charity identifies and manages safeguarding risks
- clearly state expected behaviours and conduct of staff, volunteers and partners
- identify the people in your charity who are responsible for managing safeguarding
- clearly define the roles and responsibilities of people involved in safeguarding, including in the induction and training of staff, volunteers and contractors
- extend obligations to your charity’s partners and contractors
- outline how your charity manages complaints or allegations of wrongdoing
- outline how your charity manages sensitive or personal information
- outline how your charity complies with relevant legal obligations (for example, occupational health and safety obligations and mandatory reporting requirements)
- contain supporting resources, such as an incident response plan, risk matrix or register, employee due diligence processes or an induction plan for staff and volunteers.
If your charity works with partners, your policy should also include:
- a definition of partner
- the roles and responsibilities of key stakeholders
- how partners will be identified and selected
- due diligence and background checks
- how partners are monitored, reviewed, and evaluated
- terminating a partnership.
Your charity can use our template safeguarding policy and our incident response plan template as a starting point.
Everyone in your charity should have access to the policy. It is also a good idea to also make it publicly available.
It is important that safeguarding is given appropriate resources and is supported by your charity’s leaders.
Ensure those resources are proportionate to your charity’s work, its risks and its funding. It can be helpful to use the risk assessment, and the priorities that came out of it, to decide where to focus resources.
Ensure your charity's leaders support the safeguarding approach and take it seriously. Have a senior person take responsibility for safeguarding and make sure it features regularly in board meetings.
Internal controls are policies, procedures and systems that can reduce the likelihood and consequences of incidents. It is important that these internal controls are appropriate for your charity and address its specific risks.
Examples of procedures and systems include:
- due diligence – the research, background checks and preparation that your charity does to minimise the possibility of doing harm to people
- segregating duties and providing supervision – policies or procedures that ensure the responsibility for high-risk situations is shared by more than one person
- managing third parties – third parties are people or organisations that your charity works with, and managing them includes ensuring they are capable of, and committed to, protecting people in their work. Written agreements, contracts or memoranda of understanding are useful ways to do this.
It is not enough for a charity to have a culture of good safeguarding practices – formal procedures and policies should be adopted by charities to ensure that there is a consistent process for addressing safeguarding risks.
Your charity’s Responsible People, paid staff and volunteers may be required under state or territory legislation to have certain checks done before working at the charity. This could include a police check, or a Working with Children or Blue Card Check.
One way that Responsible People and other senior staff can promote a culture safeguarding is to also complete relevant checks, even if they are not legally required to do so in their role. It is also important to remember that Responsible People may still come into contact with children and other vulnerable people as part of their duties, even if they are not directly involved with day-to-day operations.
Engaging everybody involved in your charity and its work means communicating the charity's expectations, raising awareness of the issue and building a positive culture of protecting people.
Your charity may do this through formal channels such as policies, procedures and training resources, or less formal methods such as email updates, newsletters and staff meetings.
To help develop and maintain a culture that values safeguarding, consider:
- Are your charity’s values expressed in a code of conduct and do these values support safeguarding?
- Has your charity considered the kind of culture it wants? (for example, a culture of disclosure and transparency; a victim/survivor-centred approach)
- Does your charity's leadership embody the desired culture and encourage others to be part of it?
- How do attitudes and events in your charity compare with its desired culture?
- How is your charity’s desired culture put into practice? (for example, information about how to raise issues is easily accessible to beneficiaries, staff, volunteers, and members of the public; incidents, complaints and allegations of wrongdoing are escalated to the board as needed, and are managed by unconflicted people)
It is important to detect incidents of harm, moments of non-compliance with commitments, and indicators of changing risks.
To detect an incident of harm effectively, ensure that:
- staff, volunteers and third parties report any concerns they have – and can do so confidentially, if they wish
- there are ways for people to provide feedback, raise grievances and report suspected or actual incidents of harm
- people who report concerns or incidents of harm are protected
- there is guidance for managers and staff on detecting situations which have risks of abuse, neglect and exploitation
- there is a supportive culture that encourages staff and volunteers to speak up – a whistleblower policy may also be appropriate.
- there is a clear and transparent system for investigating and responding to concerns.
Examples of ways your charity can do this include:
- training on safeguarding for new staff and volunteers
- having clearly defined reporting procedures in its policy
- providing staff and volunteers with simple guidance on 'red flags' that might indicate incidents of harm
- a communication campaign that shows volunteers, staff and beneficiaries that it is safe to make reports
- an email address, contact number or other way through which people can make anonymous disclosures.
In the event of a suspected incident, your charity needs act promptly to understand what might have happened, the risks that might exist, and how to protect the people affected.
To effectively respond, it is helpful to be able to follow a response plan. This plan will help your charity manage the suspected incident and the risks involved. A response plan should:
- clearly assign roles and responsibilities for responding to the incident (with major roles and responsibilities reserved for people with appropriate training, skills and experience)
- set out what is required at each stage of the response
- include an internal investigation to understand what may have happened
- provide guidance for when matters should be reported to an external party, for example, the police, the ACNC or a partner or donor agency
- include a step focused on development and learning lessons.
Your charity can use our template incident response plan as a starting point.
Carefully consider the risks before beginning an internal investigation into a matter. Some incidents may be beyond your charity’s ability to investigate effectively, meaning you may need external help, or to refer them to police.
Your charity’s board needs to make sure that they are aware of and have access to the charity’s safeguarding policies, procedures and systems, and that they regularly review them.
Review them at least annually and after any incident. Consider, for example, the following questions:
- Are they up to date, reflecting the current working environment and legislation or regulation?
- Do they reflect the current risks for your charity’s work?
- Do staff, volunteers and third parties follow the policies, procedures and systems properly?
- Do the policies and procedures work?
- What feedback has your charity received about them?
- What improvements could be made?
Case study: A risk assessment
A charity runs workshops and mentoring sessions to help people re-enter the workforce.
The charity had not previously done a safeguarding risk assessment, but an incident at a workshop made it think about the risks involved in its work. The charity’s management committee realised that the charity served people who might be considered vulnerable.
The management committee decided to do a risk assessment. They thought critically about the charity’s work and identified risks by talking to staff and mentors, meeting with volunteers and having service users complete an anonymous survey.
Following the risk assessment, the charity developed a new safeguarding policy as well as new procedures to help manage its risks. In developing the new policy and procedures, the charity consulted:
- its staff responsible for workshops and mentoring services
- its finance officer to understand costs
- its pro-bono legal advisor to understand its legal obligations, including work health and safety responsibilities.
The charity also took extra steps to ensure it addressed the risks of working with vulnerable people by:
- organising training sessions for staff and volunteers to help them identify and work appropriately with vulnerable people
- implementing a simple ‘whistleblowing’ system through which service users and others could report concerns.
The importance of safeguarding vulnerable people is now at the forefront of the charity’s governance practices. It features in all policies, is a regular item on meeting agendas, and all staff and volunteers are aware of how to work with vulnerable people.
Safeguarding resources
After reading this guide, you can check your understanding by taking our safeguarding assessment. We also have a checklist that your charity can use to ensure it has policies and procedures in place to safeguard vulnerable people.
You do not need to submit the assessment or checklist to the ACNC – they are optional resources designed to help you measure your understanding of safeguarding, and to identify areas for further training or improvement.
We also have a safeguarding policy template and an incident response plan template that your charity can use as a guide.
Downloads
More information and resources
- Safeguarding governance tool, ACNC
- Guidelines for the development of a child safeguarding policy, ACFID
- Fundraising: Charities and people in vulnerable circumstances, ACNC
- National principles for child safe organisations, Australian Human Rights Commission
- Child Protection Policy, Department of Foreign Affairs and Trade
- Preventing Sexual Exploitation, Abuse and Harassment, Department of Foreign Affairs and Trade
- Safeguarding and protecting people for charities and trustees, Charity Commission for England and Wales
- Child Safety Toolkit, Moores
- Safeguarding Checklist, National Society for the Prevention of Cruelty to Children (UK)
- Safeguarding policy and procedures, Oxfam
- Child Safeguarding Toolkit, UNICEF
- Whistleblowing, ASIC