Organisational systems

Clinical governance supports aged care organisations to deliver high-quality care so that those receiving care achieve good health and care outcomes. [1] The Aged Care Quality and Safety Commission (ACQSC) suggests six core, interrelated elements to clinical governance which together promote optimal health and wellbeing outcomes for people receiving aged care services. [2] Governing bodies need to consider each of these and set up systems to manage, operationalise, and monitor success against them. One of these elements is organisational systems. The other core elements are covered in detail in our clinical governance themes.

Why are organisational systems important for clinical governance?   

Organisational systems are imperative in clinical governance to ensure care and services are cohesive and delivered in a consistently safe, effective, and person-centred manner.  This will ensure nothing, or no one, is missed or forgotten, but importantly, will also enable effective corporate governance through oversight and decision-making by a board which is ‘in touch’ with the care and services it is ultimately responsible for.  

Amongst other things, robust and integrated organisational systems will enhance care, in support of Standard 3(a) of the current Aged Care Quality Standards which requires providers to demonstrate that each care recipient receives ‘safe and effective personal care, clinical care, or both personal care and clinical care’. [3 p54] However, risks to the quality and safety of both forms of care span all levels and operations of an aged care organisation. Clinical governance, therefore, requires a whole-of-organisation ‘systems approach’ to identifying, assessing, reporting, and managing clinical and care risks. This includes a system for responding to and managing incidents (and ‘near misses’) that may occur while delivering care, such as medication errors. [4] 

Organisational systems for clinical governance comprise the integrated set of policies, procedures, and protocols put in place by the governing body to manage care quality and safety across the organisation. [5] They are the mechanisms by which everyone understands what they are expected to do in providing quality care and managing risks. [2] These systems underpin and operationalise the clinical governance framework [5] and help the organisation to meet its legislative and compliance requirements. [2] These systems therefore are an important part of the organisation’s broader corporate governance arrangements. [6]  

In offering a coordinated and cohesive approach to putting the framework into action, organisational systems can also prevent the organisation from operating in ‘silos’—the ‘enemy of good clinical governance’—in achieving its goals for care. [7] This includes siloes created by lack of integration and communication between staff with different areas of responsibility, staff working at different worksites, and even different committees within the organisation. An effective organisation-wide system of control over care quality and safety can also strengthen care recipient confidence, providing the service provider has a strategy for communicating and explaining its role and purpose in safeguarding their wellbeing. [8] Staff expected to work within these systems—who are likely to span the entire operation—need to be clear about their responsibilities and tasks under them. Where they lack the competencies to fulfil the expectations on them, they must receive the appropriate training. [2]  

For operational systems focused on risk and incident management to be effective, they need to be founded on current evidence of best practices and effectiveness, and updated as new evidence and guidelines are produced. [2] Although they will be unable to eliminate all risks and incidents, these systems will at least provide a structured, proactive approach to addressing them [2] and serve as a tool for reducing their likelihood and occurrence. [9]  

Moving into the future, organisational systems should be enabled and supported by appropriate technology to maximise their effectiveness, as well as optimise consumer and workforce engagement. Digitisation will also facilitate corporate governance through improved transparency of data, however, the risks of this will also need to be managed (Dr Melanie Tan, personal communication, April 2023). 

Organisational systems and Australian aged care regulations

The Quality of Care Principles 2014 that support the Aged Care Act 1997 detail the responsibilities of approved aged care providers in regard to incident management and prevention (Part 4B), which is one important aspect of organisational systems. [10] This includes the requirement to have an incident management system in place and to establish procedures for its operation. These procedures are to include:  

  • How incidents are identified, recorded, and reported and to whom 
  • How support will be provided to the persons affected by the incident 
  • When remedial action is required and the nature of the action (15MB). [10] 

System procedures are to be documented and made available in an accessible form to everyone within the organisation, including care recipients (15MC). The provider is also responsible for setting out the roles and responsibilities of staff members working within the system to safeguard the health and wellbeing of care recipients or manage and resolve incidents that have taken place (15MD). [10] 

The Aged Care Quality Standards also outline provider responsibilities, including where clinical care is concerned (Standard 3). It requires aged care organisations to have systems in place for effective identification and management of: 

  • High-impact or high-prevalence risks associated with the care of each consumer (3(b) and 8(3)(d)) 
  • Deterioration or change of a consumer’s mental health, cognitive or physical function, capacity, or condition (3(d)) 
  • Infection-related risks and medication management (3(g)), including antimicrobial stewardship (8(3)(e)) 
  • Incidents (8(3)(d)). [3] 

Standard 3(b) identifies several specific areas of clinical care that pose a high risk to care recipients. These include medication management, the management of pain, preventing and managing pressure injuries, minimising restrictive practices, and managing delirium. [3] Despite the Aged Care Quality Standards highlighting these issues, the Royal Commission into the Quality and Safety of Aged Care identified them as common areas of clinical care failure. [11] More recently, ACQSC sector performance reports have indicated that providers still face challenges in the management of high-impact risks and recognising and responding to deterioration. These remain the most frequent areas of non-compliance against the Standards. [12] 

The Revised Aged Care Quality Standards (under public consultation) address the need for organisational systems to identify and manage risks and incidents within Standard 2 (The organisation). Specifically:  

  • Risks to older people, workers, and the organisation are identified, managed and continually reviewed (Action 2.4.1) 
  • The provider uses an incident management system to safeguard older people and acknowledge, respond to, effectively manage and learn from incidents (Outcome 2.5). [13] 

Other aged care reforms that also serve to strengthen organisational systems for managing clinical and care risks include:

Components of effective organisational systems for clinical governance

There are several components that comprise an effective organisational system for clinical governance. Risk identification and management is another important component of clinical governance. [15] Organisations therefore need strong risk and incident management systems, as well as processes for their ongoing review and improvement, if they are to successfully deliver care that is both safe and of high quality. While these systems are of prime importance, they need to be supported by other systems within the organisation, in an integrated way. These are equally important and include systems for information management, continuous improvement, feedback and complaints, and regulatory compliance. [3]

    A well-functioning risk management system provides the organisation with an effective tool to proactively:  

    • Identify, assess, and respond to all risks to the health, safety, and wellbeing of care recipients (including emerging risks) [16] 
    • Reduce or remove the risks in a timely way, which includes escalating those that pose the most harm. [3]  

    Where common risks are likely to have a higher impact on health and wellbeing, the system needs to be particularly effective in getting these recognised and addressed promptly. [15] For example, amongst other things, policies and processes should be in place for controlling infection in residential aged care settings, while preventing antimicrobial resistance through effective antimicrobial stewardship programs (which is also a specific requirement of Standard 8 of the Aged Care Quality Standards). [3]   

    A range of intersecting factors will contribute to the success of a risk management system. These include the governing body’s ability to:   

    • Understand the requirements of the Aged Care Quality Standards and aged care legislation [2] 
    • Create clear policies, procedures, and processes that everyone can understand and work with for identifying, preventing, and managing risk [2] 
    • Communicate and promote this system across the whole operation, [2] and implement it effectively through entire workforce engagement 
    • Set up processes for rapidly escalating high-impact risks to people with responsibility for acting on them  
    • Create effective committee and subcommittee structures that keep the governing body fully informed of present and emerging risks, and responses to these risks   
    • Establish a workplace culture where all staff are engaged in identifying, managing and, if necessary, rapidly escalating risks [15] 
    • Foster a culture of open disclosure and learning from incidents across the workforce. [9] 

    In considering risk, the organisation also needs to understand the concept of ‘dignity of risk’. [16] This means striking a balance between a duty of care and regulatory obligation to keep people safe, and the individual’s right to determine their own life course and exercise independence, even when this might include an element of risk to themselves. [3] For dignity of risk to be respected and supported within aged care, the workforce needs training specifically focused on strategies to keep people safe while not infringing upon their right to self-determination. [3]  

    An example: Systems to manage the risk of infection 

    The literature suggests a range of enablers and barriers to effective infection control risk management systems in aged care organisations. These may include: 

    • Access to a designated infection prevention and control professional [17] with recognised qualifications in this area and delegated responsibility for the system’s operation across all levels of the organisation [18]  
    • Education sessions and resources to support infection prevention and control which include both staff and residents [18] 
    • Facilitating staff to attend training. [18] 

      Barriers to effective infection control processes include:  

    • Lack of a clear, robust, structured framework for managing infection prevention and control across the organisation  
    • Lack of facility and resident interest in infection prevention and control  
    • Inadequate staff training. [17] 

    An incident management system is any system that helps the organisation identify, minimise, respond to, and manage incidents and near misses that occur during the course of delivering care. [4] It is another important component of a good organisational system, that should feed into other components (such as the organisational risk management system). According to the Quality of Care Principles 2014, an ‘incident’ might be an act, omission, event, or circumstance that causes harm to the care recipient, or which could be reasonably expected to cause harm. [10] This includes incidents and near misses arising from clinical care (e.g., medication errors [4]) as well as care more broadly. [2] Under the SIRS, only a subset of incidents are reportable to the ACQSC. [4] However, documenting non-reportable as well as reportable risks helps the organisation learn from problems for continual quality improvement, and an organisation’s incident management system is required to capture all incidents, not only reportable incidents. [19]  

    An incident management system forms part of an organisation’s risk management strategy and is an essential component of an effective clinical governance framework. [4] Effective systems can demonstrate that incidents are both recorded and acted upon, including through ‘open disclosure’. [2] Open disclosure involves: 

    • Apologising to people affected by an incident (saying ‘sorry’) 
    • Openly discussing the problem with the persons affected (allowing them to ask questions) 
    • Addressing immediate needs  
    • Working in partnership to decide upon determining together the steps to be taken to prevent a similar incident happening again. [4] 

    Each organisation’s incident management system will look different as it should reflect the organisation’s size, location, the type of services it provides, and the individual characteristics of the people it serves. [4] The system might rely on paper-based processes or a computer program such as MS Excel; however, it is preferable to use technology where feasible. Specialist commercial digital platforms and applications are available for managing risks, which offer benefits such as efficient recording, management, and trend analysis of the data, as well as real-time reporting of incidents. [4] Ideally, such a system should integrate and interoperate with the organisation’s other systems. 

      Clinical governance systems can be supported by: 

      • A continuous improvement system that assesses, monitors, and improves the quality and safety of the care and services provided, on an ongoing basis.  
      • A feedback and complaints system that is transparent, in accordance with best practice guidelines, and which contributes to continuous quality improvement of care. [3] This system should support care recipients, their families, and staff to report concerns and incidents without fear of reprisal [3]  
      • A compliance system that supports the organisation to track and demonstrate compliance with all relevant legal and regulatory requirements, as well as standards and guidelines [3] 
      • An information management system that supports effective delivery and continuity of care by controlling how information, including within policies and procedures, is maintained, stored, and shared across the organisation. [3] The Revised Aged Care Quality Standards require that information from different sources across the organisation is integrated, and that the information management system itself is regularly reviewed and its effectiveness improved upon (Action 2.7.3). [13]  

      What might effective organisational systems for clinical governance look like?

      People working in an aged care organisation with effective organisational systems for clinical governance in place may be more likely to agree with the following statements.  

      • The governing body has established a standardised, holistic, and integrated system for identifying, capturing and escalating risks and incidents impacting care quality and safety. [4, 7]  
      • Incident and/or risk management systems are clear, simple, communicated well, and consistently applied across all service settings. They are easily accessible and can be understood by everyone within the organisation. [4, 8] 
      • All staff, both clinical and non-clinical, are comfortable reporting risks and incidents and understand their responsibility to do so. [9] 
      • The organisation supports its workers to respect people’s right to make their own choices, even when there are risks involved. Staff are comfortable working with people to find solutions to manage the risk without restricting choice and independence. [3] 
      • The system includes mechanisms to ensure incidents and risks are responded to and resolved in a timely and transparent way. [4]  
      • The system supports continuous quality improvement by enabling staff to identify trends, issues and areas for improvement. [4, 8] 
      • There are policies and procedures in place that address key clinical risk areas including infection control, antimicrobial stewardship, minimising the use of restraint, end-of-life care, and recognising and responding to mental, cognitive, and physical deterioration. [3]  
      • These systems are continuously monitored, reviewed, and improved as part of good clinical governance. [5]
      1. Tan M. Aged care regulation through the looking glass of clinical governance: A framework for aged care providers. Australian Health Law Bulletin. 2022 Jul 1;30(5/6):116-126.  
      2. Aged Care Quality and Safety Commission. Fact sheet 3: Core elements of clinical governance [Internet]. Canberra, ACT: ACQSC; 2019 [cited 2023 Apr 14]. Available from:
      3. Aged Care Quality and Safety Commission. Guidance and resources for providers to support the Aged Care Quality Standards [Internet]. Canberra, ACT: ACQSC; 2022 [cited 2023 Apr 20]. Available from:
      4. Aged Care Quality and Safety Commission. Effective incident management systems: Best practice guidance [Internet]. Canberra, ACT: ACQSC; 2022 [cited 2023 Apr 25]. Available from:
      5. Aged Care Quality and Safety Commission. Toolkit: Developing and implementing a clinical governance framework. Canberra, ACT: ACQSC; 2019. Available from:
      6. Aged Care Quality and Safety Commission. Fact sheet 1: Introduction to clinical governance. Canberra, ACT: ACQSC; 2019 [cited 2023 Apr 14]. Available from:
      7. Australian Institute of Company Directors. Board governance in the aged care sector [Internet]. Australia: AICD; 2020 [cited 2023 Apr 20]. Available from:
      8. PwC Australia. The system of control in aged care: A guide to resetting risk and governance in aged care [Internet]. Australia: PwC Australia; n.d. [cited 2023 Apr 20]. Available from:
      9. Aged Care Quality and Safety Commission. Discussion paper: Incident learning [Internet]. Canberra, ACT: ACQSC; 2023 [cited 2023 Apr 25]. Available from:
      10. Quality of care principles 2014. Sect. 96.1 (2014).  
      11. Royal Commission into Aged Care Quality and Safety. Final report: Care, dignity and respect. Volume 1: Summary and recommendations [Internet]. Canberra, ACT: RCACQS; 2021 [cited 2023 Apr 20]. Available from:
      12. Aged Care Quality and Safety Commission. Sector performance report: October-December 2022 [Internet]. Canberra, ACT: ACQSC; 2022 [cited 2023 Apr 21]. Available from:
      13. Department of Health and Aged Care (Australia). Revised Aged Care Quality Standards: Draft for Pilot [Internet]. Canberra, ACT: Department of Health and Aged Care; 2023 [cited 2023 Jun 6]. Available from:
      14. Aged Care Quality and Safety Commission. Aged care reforms - an overview. Canberra, ACT: ACQSC; 2022 [cited 2023 20 April]. Available from:
      15. Australian Institute of Company Directors. Clinical governance for boards in the aged care sector [Internet]. Australia: AICD; 2021 [cited 2023 Apr 20]. Available from:
      16. Tan M. Clinical governance in changing times: Balancing risk, regulation and duty of care in aged care. Australian Health Law Bulletin. 2020 Nov 1;28(9):150-155.  
      17. Mitchell BG, Shaban RZ, MacBeth D, Russo P. Organisation and governance of infection prevention and control in Australian residential aged care facilities: A national survey. Infect Dis Health. 2019 Jul 3;24(4):187-193.  
      18. Shaban RZ, Sotomayor-Castillo C, Macbeth D, Russo PL, Mitchell BG. Scope of practice and educational needs of infection prevention and control professionals in Australian residential aged care facilities. Infect Dis Health. 2020 Jun 11;25(4):286-293.  
      19. Tan M. Clinical governance and the serious incident response scheme in home and community aged care. Australian Health Law Bulletin. 2023 Feb 1;31(1):10-15.  
      Spacing Top
      Spacing Bottom

      Connect to PubMed evidence

      This PubMed topic search is limited to home care and residential aged care settings. You can choose to view all citations or citations to articles available free of charge.

      Selected resources

      How to meet your aged care governance obligations Part 1: Organisational governance

      This article explains what organisational governance means, why it’s important, and what Aged Care Quality and Safety will be looking for when they assess organisational compliance.

      Updated 04 May 2023
      Information Sheet
      Discussion paper: Compliance with clinical governance obligations

      An information sheet produced by the Aged Care Quality and Safety Commission, that discusses compliance with clinical governance obligations. The discussion paper includes tips to use before a meeting, and questions for discussion during the meeting. (Clicking on the link will download an MS Word doc.)

      Updated 22 Jun 2023
      Provider governance reform quick reference

      A quick reference poster produced by the Aged Care Quality and Safety Commission that shows current and new providers of aged care services their responsiblities under the aged care reforms from December 2022.

      Updated 11 Apr 2023