// Club Network's Manual for Success: How to design the optimal risk management system

Prevention could save you millions

by Dr Dion Klein, PhD

For most business owners and operators risk management is considered time-consuming, laborious and expensive; but the truth is, it could be even more so if a system and plan is not implemented.

The fitness industry is a high risk one; our daily work involves risking the wellbeing and lives of individuals with the advice that we give or don’t give. In addition, every fitness facility has accidents waiting to happen, be they due to facility design, equipment malfunction or insufficient supervision, so considering this, caution should not be thrown to the wind when it comes to managing risk. Taking a proactive approach by considering and implementing the following principles and practices could potentially save you millions of dollars.

What is Risk Management?

Risk management is the combination of an event or a hazard and the probability of its consequences. A ‘hazard’ is something that has the potential to cause physical or mental harm, while a ‘risk’ is the likelihood that a hazard will actually cause harm.

Risk management involves a systematic analysis of one’s business, finances, facilities and their related programs and services.

Ignoring risk within your facility is in itself a massive risk.

A key reason for taking risk management seriously is that we are dealing with participants; therefore, risks arise.

The riskier the client, the more liability and responsibility we take on. Many risk management initiatives are driven by occupational health and safety legislation and local industry codes of practice, which adopt a more reactive response.

The implementation of a good risk management program can also serve as a customer service and marketing tool to attract clients to your facility. When viewed from this perspective, risk management starts to look more appealing.

1. Identify the Risks

The easiest way to identify risk is to walk around your facility, inside and out, when it is empty, reasonably busy, and very busy. It is wise to ask a professional colleague or external consultant to look at your centre as they may notice risks that have always been there, but which you have never identified as a problem area. There are many risk areas to be aware of.

Financial and Business Risks

These start as soon as you start your own business or become responsible for maintaining a facility. Once the proper business structure is established it is important to protect the company’s intellectual property, including business name registration (www.asic.gov.au), copyright/trademark/patent (www.ipaustralia.gov.au), and domain names (www.melbourneit.com.au).

Insurance cover is the most common financial risk control method. The insurance coverage that businesses must have are Professional Indemnity ($2-$5m), Public Liability ($10-$20m), and Worker’s Compensation. Business risk insurance and income protection (especially for personal trainers) are also advisable.

Facility and Equipment-Related Risks

These are the most commonly known and controlled risks and include access, ventilation, flooring, surveillance, and signage. Poor hygiene practices, failure to notice defective products and improper equipment design can also lead to problems. See Table B for a checklist of Facility and Equipment-Related Risks.

Personnel-Related Risks

A number of changes have occurred in the training and education of fitness instructors over the years.

Management has a responsibility to make sure that in addition to holding the required code of practice qualifications, individuals meet your organisation’s standards. In a case in the United States a health club was sued for US$320 million in punitive and compensatory damages for the death of a member who allegedly died because of nutritional substances that were recommended to her by a personal trainer. The lawsuit stated that the client should not have been taking the supplements because she was also on medication for hypertension.

The trainer went beyond his expertise. Ensure your staff have the appropriate qualifications when working with special populations. See Table C for a checklist of Personnel-Related Risks.

Program-Related Risks

These have increased with more outdoor training and Boot Camps which have become very popular over the past couple of years. Your staff members should be aware of OHS implications as well as other liabilities. Several NSW councils have developed policies with regulations in relation to the use of public space by commercial personal training operators. One of the issues for councils regarding the use of public spaces for fitness activities is risk management. When producing your risk management documentation summarise every activity that is done in your facility including the training processes and the safety precautions.

Supervision-Related Risks

These can also relate to facility surveillance. Your staff should demonstrate ‘Supervision by Wandering Around’. Instructors working on the gym floor need to be vigilant at all times and be on the look out for any ‘at risk’ situations. Examples are; a member lifting a weight incorrectly or lifting too heavy a weight without a spotter.

External Risks

These are a part of being in business. You cannot control recession, depression, inflation nor limited supply and increased demand. Unfavourable legislation and federal and state requirements will always exist. Along with external risks, you must be aware of the compliance issues such as your State/Territory Fitness Industry Code of Practice, Occupational Health and Safety, Workcover, and other local and federal legislations such as privacy and security.

The fitness industry collects sensitive information from clients which must, by law, be treated according to the Privacy Amendment (Private Sector) Act 2000 and the Health Records and Information Privacy Act 2002 (HRIP Act). Sensitive information within the Privacy Amendment Act’s principles is defined as health related information, and it can be argued that this includes fitness assessments and prior medical disposition. All the information we collect as part of our standard operating procedures within our centre can be deemed to be sensitive.

The key thrust of the Privacy Amendment (Private Sector) Act 2000 is that we can only collect information with the consent of the client. On a practical basis this can be covered in an overall privacy policy within your centre, or as part of the terms and conditions of membership.

There are some fundamental foundation elements to consider. Firstly, confidentiality of the information that you are keeping, i.e., to only disclose that information on a need to know basis, and only with the consent of the client. The integrity of the information must be maintained; if an unauthorised person accesses your gym management system or your client database or paper files, that integrity is jeopardised.

You must respect the privacy of your clients; therefore all of your records, paper, electronic or other media based (including backups), need to remain private and secure. You must retain the medical related and historical information about your members during the period they engage your services. It is also good practice to maintain it for at least seven years as per financial archiving standards.

It is important to have contingency plans for ‘what if’ scenarios. If you implement proper elimination and reduction strategies, hopefully, you will not have to rely on your back-up plans. See Table D for a checklist of General, Emergency and Marketing-Related Risks.

2. Assess the Risk

After you identify risk, you need to prioritise it with regards to its’ likelihood and consequence. Likelihood is categorised into ‘almost certain’, ‘likely’, ‘possible’, ‘unlikely’ and ‘rare’. Consequence is defined as catastrophic (death), major (extensive injuries), moderate (medical treatment required/outside assistance), minor (first-aid) or negligible (no injury). Someone diving into your shallow water pool would be a high priority risk since it is a potentially catastrophic consequence and likely to occur (from my experience in aquatics). Someone dropping a light weight on his toe would be a minor consequence and likely to occur. By prioritising the risks, you can easily identify how much money to invest to change or modify that risk. Elimination and risk reduction are the two most common ways of managing risk. Some risks may never go away; the only way to take away the risk of having a pool in your facility is to fill it up with concrete. If your facility has a successful swim school which is a big money spinner then it obviously shouldn’t be removed in order to eliminate the risk, but measures should be taken to reduce the associated risks.

A simple risk assessment chart is useful in prioritising the risks in your facility. Table A below has some examples filled in, but your club’s risks will depend on the nature of the facility and the clientele.

By identifying the risks and then prioritising them according to Table A, you will be able to begin establishing control systems in a systematic and ordered manner.

3. Implement the Plan

When you have identified and assessed a risk, you must implement a plan to address it, and then act on it. If you identify injuries or incidents that happen in a particular area, people slipping on the stairs for example, look at why it is happening and then do something to reduce its’ occurrence. A plan is no good unless action is taken.

In this example of the stairs, the risk of people slipping has been identified. The plan to eliminate the risk could involve researching the practicality and pricing of installing stair grips to the steps and setting a date by which the risk should be eliminated or reduced. The action would involve the installation of this safety measure.

Treat your risk management plan similar to a business plan; there is a particular goal to achieve (i.e. a safe facility), but it is also a work-in-progress since your business is dynamic and ever-changing with the clientele that use your facility. Do not spend time, money and effort to draw up a plan only to put in on the shelf to gather dust.

4. Review/ Evaluate and Modify the Plan

Too frequently centre management invests the time and money to put a risk management system into place but then does not follow up and review the system. Risk management is an ongoing process and should be evaluated monthly, quarterly and annually. It is useful to allocate a member of staff the responsibility for monitoring and reviewing the system; this might be your OHS officer or an interested and proactive staff member.

Conducting routine audits is an excellent way of assessing progress and helps to identify unsafe features and conditions. A method of reviewing systems, equipment, practices, and procedures develops and this safety-conscious culture helps improve communication amongst staff.

Developing a risk management system is not only a safety measure but also a customer service and marketing issue. When your members and clients see that you are taking pro-active measures to make a safe and healthy exercise environment, it sends the message that you care about their wellbeing. Having a good risk management strategy in place may prove to be more powerful and effective in the long-term than a creative promotional campaign.

Resources to assist you in developing your risk management plan

  • Australian Tax Office. (www.ato.gov.au)
  • Australian Standard AS/NZS 4360:1999 tables E1, E2, E3
  • Comcare (2004). Identifying Hazards in the Workplace. Canberra: Commonwealth of Australia.
  • Office of Sport and Recreation, Tasmania (1998). A Sporting Chance: Risk Management for Sport and Recreation Organisations.
  • Parker, R J (2003). Kids in Gyms. Sydney: Fitness NSW and The Children’s Hospital of Westmead.
  • Sports Medicine Australia (1998). How to Become a Sport Safe Club.
  • State and Territory Workcover Authority
  • Standards Australia (www.standards.gov.au)
  • State and Territory Fitness Industry Codes of Practice/Office of Fair Trading
Privacy & Security Resources
  • Privacy Amendment (Private Sector) Act 2000 (which amends the Privacy Act 1988)
  • Health Records and Information Privacy Act 2002 (HRIP Act).
  • Australian Government Department of Defence Signals Directorate (www.dsd.gov.au)
  • ISO 27001, the international standard for an Information Security Management System (ISMS)
  • Guidelines on Privacy in the Private Health Sector (October 2001)
  • RACGP Code of Practice for the Management of Health Information (1998)
  • Joint NH&MRC/AVCC Statement and Guidelines on Research Practice (1997)
  • Office of the Privacy Commission (www.privacy.gov.au)


Dr Dion Klein, PhD
Dion has been involved in the sport, recreation, fitness and health industry for over 25 years as an athlete, coach, trainer, massage therapist, administrator, educator and researcher. His risk management expertise began in the United States where he consulted with city recreation departments, health clubs and universities. Dion has been involved in coordinating national sport championships in the USA and successful event management initiatives in Canberra including the Corporate Health and Fitness Challenge, Fitness and Health Expo, and the Australian Get Healthy Challenge, all of which he founded. Dion is a regular speaker on risk management at FILEX and on various topics including corporate health and networking at the American Alliance of Health, Physical Education, Recreation, and Dance (AAHPERD). He previously served on the board of Fitness Australia, was President of Fitness ACT for four years, was on the ACT Minister’s Advisory Council for Sport and Recreation, and is currently Vice-President of the ACT branch of the Australian Health Promotion Association. Having owned his own fitness facility and massage therapy clinic in Canberra, Dion’s company now has five divisions comprising corporate health, education and training, online bibliographic services, business and life strategy, and event management. For more information, contact Dion at:

Healthy Worksites
PO Box 981, Belconnen, ACT 2616
Ph: 02 6161 6004
E-mail: drdion@bigpond.com
Web: www.healthyworksites.com, www.professormoe.com

CLUB NETWORK'S MANUAL FOR SUCCESS • Volume 1, Number 2, 2006