Appendix 6 – Risk Assessment Information

Conducting a risk assessment

In conducting risk assessments in relation to the risk that reprisals will be taken against a discloser, the following matrix should be used:

Examples of seriousness of reprisals

• Minor: occasional or one-off action that is likely to have a relatively minor adverse effect on the person (for example, occasional exclusion of the person from a social activity).
• Moderate: repeated action which is likely to have an adverse effect on the person (for example, routinely failing to copy in the person on work-related emails which the person has a genuine business need to know about).
• Major: sustained or one-off action which has a significant impact on the person (for example, consistently excluding the person from team discussions or imposing a negative performance assessment on the person without reasonable cause and supporting evidence).
• Extreme: action which is likely to have a very severe impact on the person (for example, physical violence).

Criteria for assessing the likelihood of potential reprisals

When considering the likelihood of a reprisal being taken against a discloser, the Authorised Officer should take into account all relevant factors, including to the extent relevant:

• the likelihood of the discloser being identified, which may involve a consideration of: 
• the size of the work area in which the discloser is located; and
• the number of people who are aware of the information leading to the disclosure; 
• the number of people implicated in the disclosure; 
• the subject matter of the disclosure; 
• the number of people who are aware of the disclosure or are likely to become aware of the disclosure (for example, through participation in the investigation as witnesses); 
• the culture of the workplace; 
• whether any specific threats against the discloser have been received;
• whether there are circumstances that will make it difficult for the discloser not to discuss the disclosure in the workplace; 
• whether there are allegations about individuals in the disclosure;
• whether there is a history of conflict between the discloser and the subject of the disclosure; and
• whether the disclosure can be investigated while maintaining confidentiality.

Criteria for assessing the likely seriousness of potential reprisals

In considering the likely seriousness of any potential reprisal against a discloser, the Authorised Officer should take into account all relevant factors, including, to the extent relevant:

• the significance of the issue being disclosed; 
• the likely outcome if the conduct disclosed is substantiated; 
• the subject matter of the disclosure; 
• whether the discloser is isolated; 
• whether the discloser is employed on a full-time, part time or casual basis; 
• whether the alleged wrongdoing that is the subject of the disclosure was directed at the discloser; and
• the relative positions of the discloser and the person whose alleged wrongdoing is the subject of the disclosure.

When conducting the risk assessment, where consistent with protecting the discloser's confidentiality, the discloser may be asked why they are reporting the wrongdoing and who they might fear a reprisal from, and may also speak to the discloser's supervisor or manager.

The following tables may assist in conducting a risk assessment.

Table 1 – Indicators of a higher risk of reprisals or workplace conflict

Table 2 – Detailed risk assessment matrix