Bournemouth Primary MAT Risk Management Policy

Similar documents
Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

Scouting Ireland Risk Management Framework

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Nagement. Revenue Scotland. Risk Management Framework

Risk Management Policy and Procedures.

Risk Management Policy

RISK MANAGEMENT POLICY AND STRATEGY

Meeting of Bristol Clinical Commissioning Group Governing Body

Risk Management Strategy (To be read in conjunction with strategic risk register)

Risk Management Framework

Risk Management Framework

RISK MANAGEMENT POLICY October 2015

Risk Management Policy

RISK MANAGEMENT FRAMEWORK

Kidsafe NSW Risk Management Plan. August 2014

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

Risk Management Policy

Risk Management Policy Adopted by:

The OfS approach to risk management

Information Management Business Area. National Policing Information Risk Escalation Policy V1.0

Effective Assurance Frameworks

Risk Management Framework

University of the Sunshine Coast (USC) Risk Appetite Statement

HEALTH RESEARCH CAPACITY STRENGTHENING INITIATIVE. Program Risk Management Policy. September Imperial : +265 (0)

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK

Approved by: Diocesan Council 17 December 2015

Risk Management Policy. September 2015

RISK MANAGEMENT FRAMEWORK

2.2 For Board Members to approve the five high risks the Trust is facing:

HSC Business Services Organisation Board

British Library Risk Management Policy Framework (2017)

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Integrated Risk Management Framework Sept Page 1 of 17

Risk. Protocol for the Management of Risk

RISK REGISTER POLICY AND PROCEDURE

Risk Management. Policy and Procedures

GRINDROD SOUTH AFRICA//Policy Risk and opportunity governance framework

NHS North Somerset Clinical Commissioning Group Risk Management Strategy and Framework

Risk Management. Webinar - July 2017

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Perpetual s Risk Management Framework

Integrated Risk Management Framework

RISK MANAGEMENT POLICY

Practical aspects of determining and applying a risk appetite for SMEs

GENERAL RISK CONTROL AND MANAGEMENT POLICY

Version: th November 2010 RISK MANAGEMENT POLICY

Network Rail Limited (the Company ) Terms of Reference. for. The Audit and Risk Committee of the Board

Risk Management Policy

South Lanarkshire College Risk Management Policy and Procedures

BBK3253 Risk Management Prepared by Khairul Anuar

West Coast District Municipality. Risk Management Policy

Risk Management Framework. Group Risk Management Version 2

INVEST NI RISK MANAGEMENT STRATEGY AND POLICY

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

RISK MANAGEMENT FRAMEWORK

Goodman Group. Risk Management Policy. Risk Management Policy

Risk Management Strategy Highland Council Pension Fund

Risk Management Policy and Framework

INTEGRATED RISK MANAGEMENT FRAMEWORK (STRATEGY AND POLICY)

Risk Management Policy and Strategy

RISK MANAGEMENT POLICY

Risk Management Framework. Metallica Minerals Ltd

RISK MANAGEMENT POLICY

University of Greenwich Risk Management Guide Revised October 2017

Risk Management Strategy

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Solvency & Financial Condition Report. Surestone Insurance dac March

28 July May October 2016

Pillar 3 As at 31st March 2011

Enterprise Risk Management Program

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK OVERVIEW

Risk Management Strategy

Risk Appetite Statement

Risk Management Strategy

Old Mutual International Singapore Branch MAS Notice 124 Disclosures

RISK MANAGEMENT STRATEGY Version 3

ACPO/ACPOS National Information Risk Appetite Statement

Risk Management Framework

Risk Management Policy

The Criminal Finances Act 2017: The Six Guiding Principles to Inform Prevention Procedures

Ingenious Capital Management Limited: Pillar III Disclosure

OECD GUIDELINES ON INSURER GOVERNANCE

SOLVENCY & FINANCIAL CONDITION REPORT. SureStone Insurance dac

Risk Evaluation, Treatment and Reporting

BERGRIVIER MUNICIPALITY

AIA Group Limited. Terms of Reference for the Board Risk Committee

Risk Management Policy

RISK MANAGEMENT FRAMEWORK

A proactive approach to auditing risk management

Tax Strategy. March 2018

Information security policy

M_o_R (2011) Foundation EN exam prep questions

Risk committee. 1. Role. 2. Responsibilities. Terms of reference. Risk strategy. Culture and behaviour

SOL PLAATJE MUNICIPALITY

Main Sections. Corporate Risk Policy Statement and Procedures AR-RMD-CR01. Executive Summary. Anglia Ruskin University Risk Management

Risk Management & Assurance Strategy. Audit Committee. See reference page 38

Risk Management Strategy

Board Risk Appetite Statement

Transcription:

Bournemouth Primary MAT Risk Management Policy 1. Introduction The Bournemouth Primary Multi-Academy Trust (the Trust) operates a risk management system in order to identify and manage key exposures and potential events that may threaten its ability to deliver its day-to-day activities and its strategic plan objectives. For the purpose of this policy, risk is defined as the threat that an event could adversely affect the Trust s ability to meet its day-to-day objectives and execute its strategies successfully. Risk Management plays an important role in the Trust for a number of reasons: It helps people make better quality decisions, by drawing attention to the positives and negatives associated with different options. Consideration of risk does not stop us doing what we need to do, to get the job done. It is an essential part of governance as it ensures decision makers and other stakeholders are kept informed of significant risks facing the business, and tells them how the organisation is managing these risks effectively. It is also recognised as a useful planning tool for identifying and managing risks, which could affect the Trust s performance in areas such as; o Achieving strategic objectives and priorities; o Complying with legislation or regulatory requirements; o Achieving value for money or high levels of performance; o Delivering projects; o Protecting the organisation s reputation. 2. Scope This policy applies to the Trust and all of its constituent schools. Any local procedures shall be consistent with this policy. 3. Statement of Intent Risk Management The Trust recognises that many of its activities involve risk and accepts that, whereas risk cannot be entirely eliminated, action must be taken to ensure risks are identified, properly assessed, mitigation strategies are agreed, responsibilities are clearly established and appropriate actions plans are implemented. The Trust Board has ultimate responsibility for the management of risk and for agreeing the Trust s annual Statement of Internal Control. It needs to satisfy itself that appropriate policies are in place and that internal control system is functioning effectively so that key risks, which threaten the Trust are identified, recorded and minimised. Members of the Audit & Risk Committee assist the Trust Board in this process by performing an annual review of the effectiveness of the risk management activities and this will be helped by the Internal Auditor s progression of their annual internal audit plan, and their report on the effectiveness of the Trust s systems of internal control. For the Trust to effectively manage risk: Risk Management is considered to be a key competency for Trust Board members and managers; The Trust will maintain a Risk Register showing the main risks faced by the Trust and the arrangements for managing them; Version: 1 December 2016 1

Everyone in the organisation must understand the risk implications of the activities that they perform, recognise the importance of internal controls and act accordingly. The Trust Board recognises that risk management is an integral part of good management practice and to be most effective should become part of the Trust s culture. Therefore the Trust Board is committed to ensuring that risk management forms an integral part of the Trust s approach, practices and strategic plans. Risk management is not viewed or practised as a separate programme and responsibility for implementation shall be at all levels of the organisation. Decisions regarding responses to and the acceptance of individual risks should always be made within the context of the risk appetite as determined by the Trust Board. The Trust Board believes that its general risk appetite fits across the medium risk classifications Minimalist/Cautious/Open (see Appendix A: Risk Appetite Statement). A small number of the Trust s activities, mainly some associated with compliance, need to operate in a low risk environment, e.g. health and safety. 4. Risk Management Approach The 'three lines of defence' has become a standard model in a modern organisation's approach to managing uncertainty and preventing risk. The first line consists of the Trust s front line staff. They are charged with understanding their roles and responsibilities and carrying them out correctly and completely. The second line of defence is the line managers. They set and define work practices and oversee them with regard to risk and compliance. The third and final line of defence is that of auditors and the Senior Management Team. o Internal and external auditors regularly review the Trust s core services and the oversight functions to ensure that they are carrying out their tasks to the required level of competence. o The Senior Management Team takes feedback from a variety of sources and act on any items of concern from any party; they will also ensure that the three lines of defence are operating effectively and according to best practice. In addition, the Trust uses a comprehensive range of internal controls with which to manage risk. These will include: External Audit Programme; Internal Audit Programme; Appropriate Governance Arrangements; Policies and procedures aimed at managing specific risks, e.g. Preventing Financial or other Losses, Health and Safety; Insurance Policies; Procurement requirement for minimum level of Insurance required from our suppliers (where appropriate); Appropriate Codes of Conduct for Trust staff and Trust Board members. The Trust will respond appropriately to each key risk identified. Where appropriate, a series of controls will be introduced by management in order to manage the risk. Whilst the response to each risk will depend on the nature and severity of the risk, the Trust s overall approach will be: Where possible the Trust should withdraw from activities that expose the organisation to unacceptable levels of risk; Introduce controls to prevent the risk event from occurring. These should be as effective as possible whilst giving consideration to the costs/benefits; Where preventative controls are not considered fully effective, introduce controls to promptly identify a risk event occurring and reduce its impact to an acceptable level. Version: 1 December 2016 2

Responsibilities The Trust Board retains overall responsibility for the management of risk. However the Trust Board has delegated responsibility for the oversight of the Trust s risks to the Audit & Risk Committee which reviews the most significant risks faced by the organisation and changes to the Risk Register at each of its meetings. The Trust looks to the Senior Management Team to manage the risks on a day-to-day operational basis. Their aims are to: Encourage a culture of risk awareness amongst the wider staff; Ensure risks remain well managed by their risk owners; Ensure accountability and responsibilities are clear; Create a structure for reporting on appropriate risks to the Trust Board and to the Audit & Risk Committee. In order to raise awareness of Risk Management throughout the organisation, Risk Management should be considered at every level of the business. Risk Management should be introduced to new employees through the Staff Induction process; Risk management should form part of team discussions at all levels in the Trust. Risk Identification The identification of risk involves all Trust Board members, management and staff and should take place in a variety of ways, including: Regular planned discussions between staff and their line managers; Regular, planned discussions by the Senior Management Team; The Audit & Risk Committee will review management s assessment of key risks in the light of developments and current knowledge of changes/risks in the sector. Risk Reporting and Monitoring In order to provide a consistent approach to the management of risk across the Trust: A 5 x 5 matrix, (see Appendix B: Risk RatingAppendix B: Risk ), is used to assess the risks facing the Trust. Risks with a net score of 8 and above (Red and Amber) are considered to be the Trust s key risks. The Audit & Risk Committee will review the key risks as part of a standing agenda item. The Trust Board and Audit & Risk Committee will review the whole risk register annually. Internal Audit A central aim of the Trust s Risk Management Policy is to continually improve risk management throughout the Trust. The Trust has outsourced the Internal Audit function and views the independence of the Internal Auditors as a key factor in obtaining independent validation of the risk management process. The Internal Auditor: Provides an objective evaluation of, and opinion on, the overall adequacy and effectiveness of the Trust s governance, risk management and internal control; Establishes risk based plans for periodic planning purposes based on the Trust's risk register. The Internal Auditor will determine whether the risk management system is effective resulting from an assessment that: Organisational objectives support and align with the Trust's risk appetite; Relevant risk information is captured and communicated in a timely manner across the Trust; Significant risks are identified and assessed; Appropriate risk responses are selected that align with the Trust's risk appetite; Follows up the implementation of recommendations accepted by management to improve the risk management and control environment; Version: 1 December 2016 3

5. Review This policy will be reviewed regularly (at least every 3 years) to ensure that it remains fit for purpose and meets all current statutory requirements. Version: Date: 1 December 2016 Agreed by Audit & Risk Committee: Date: Approved by the Board of Trustees: Date: Next review date: December 2019 Version: 1 December 2016 4

Appendix A: Risk Appetite Statement When making a business decision (e.g. new investment, new project, reviewing policies) there is a need to understand the Trust s attitude to risk, dependant on the nature of the area (Risk Categories) that the decision could impact on. A.1: Risk Appetite Map The following table has been developed to identify the Trust s risk attitude in order to assist in the strategic planning process, as well as, the on-going day-to-day management of the Trust s activities. RISK CATEGORIES Compliance Risk RISK APPETITE Curriculum Data protection Employment Environment Fraud Governance Health & safety Safeguarding LOW MEDIUM HIGH Averse Minimalist Cautious Open Hungry Finance Risk Accounting & budgetary control Cash flow Income Pensions Property & fixed assets Procurement Operational Risk Demand HR - Management behaviours & capabilities HR - Staff retention & succession HR - Staff skills & competences IT & management information Suppliers Strategic & Reputational Risk Academic excellence Brand identity / reputation Community engagement Growth Value for money External Risk Macro-economic changes Natural disaster Version: 1 December 2016 5

A.2: Risk Appetite Guidance Risk Appetite Averse Minimalist Cautious Open Hungry Subjective Description Zero Tolerance The avoidance of risk and uncertainty is a key organisational objective. Minimal Tolerance A preference for an ultra-safe organisation that selects delivery options which have a low degree of gross risk and limited potential for reward. Balanced Tolerance A preference for selecting safe delivery options with a low degree of net risk. They may therefore have only a limited potential for reward. Enquiring Tolerance Willing to consider all potential delivery options and choose the one that is the most likely to result in the successful delivery of objectives whilst also providing an acceptable level of net risk. Entrepreneurial Tolerance Eager to be innovative and to choose options offering potentially higher organisation rewards, despite these having greater inherent risk. BPMAT Example Health & safety Governance Property management Growth - Version: 1 December 2016 6

Appendix B: Risk Rating B.1 Scoring a risk An identified risk should be summarised into a short descriptive title that succinctly describes the issue. The identified risk, for either a Strategic or Operational risk, needs to be measured with respect to its impact on the organisation and the probability of its likely occurrence. Guidance for the appropriate selection of an impact and probability score is given below (see Error! Reference source not found.). Risk register entries, for either Strategic or Operational risks, will require: A gross risk score: The gross score of impact and probability is made before the consideration of organisational controls. A net risk score: The net risk score is made after the consideration of controls that the Trust has put in place. Impact Score 1 2 3 4 5 Probability Score 1 2 3 4 5 Subjective Description Insignificant - Lack of operational effectiveness / efficiency - Budgetary issues that can be resolved within Service Minor - Noticeable impact, but the trust would remain on course to achieve priorities - Localised reputational damage - Budgetary issues that can be resolved within the Trust Moderate - Major impact on the direction of Trust - Long term regional damage to reputation - Significant stakeholder concern with potential for legal intervention - Major budget issue Major - Non-delivery of strategic plan - Regulatory intervention - Irretrievable breakdown of relationships with major stakeholders Catastrophic - Potential to threaten the existence of the Trust Subjective Description Rare - It is unlikely that the event will occur in the next 12-24 months - It is unlikely that the event will occur Unlikely - It is possible that this event will occur within the next 12-24 months Possible - There is a fair chance that this event will occur in the next 12-24 months Likely - It is more likely that the event will happen than not in the next 12-24 months Almost Certain - Unless immediate action is taken, the event will almost certainly occur within the next 12-24 months Impact values 0,000-50,000 50,001-100,000 100,001-250,000 250,001-500,000 > 500,000 Probability of occurrence 0% - 5% 6% - 25% 26% - 50% 51% - 75% >75% Version: 1 December 2016 7

B.2: Risk Rating Matrix A standard 5x5 matrix has been adopted by the trust for the interpreting the risks it faces. The matrix is colour coded to reflect the potential impact of the risk on the organisation and the potential response that is required. All risks in the top right hand corner (Red) are deemed to be the main exposures facing the Trust. These need to be managed and the aggregate impact of their potential occurrence needs to be effectively mitigated. Failure to mitigate these will render the Trust as being high risk. Care is required not to lose sight of the high impact, low probability risks bottom right of the matrix. Such risks may only occur once in a generation, but if left unprotected; their incidence may cause the Trust to fail. Almost Certain 5 10 15 20 25 PROBABILITY Likely Possible Unlikely 4 8 12 16 20 3 6 9 12 15 2 4 6 8 10 Rare 1 2 3 4 5 Insignificant Minor Moderate Major Catastrophic IMPACT Risk Score Risk Rating Recommended Response 15-25 High Immediate action required, including cost benefit analysis / as reasonably practical analysis followed by decision to progress action or authorisation to tolerate risk at this level 8-14 Medium Incorporate improvement actions into existing management & planning processes / monitor & review 1-7 Low Limited action & review to be taken / consider relaxing current level of controls if not proportionate Version: 1 December 2016 8

B.3: Risk Treatment Guidance In addition the Trust uses 4 standard terms to classify its stance regarding the treatment of individual risks: Tolerate - The ability to do anything about some risks may be limited, or the cost of taking any action may be disproportionate to the potential benefit gained. This course of action is common for large external risks. In these cases the response may be toleration but the risk should be tracked so managers are ready to reconsider should it start to escalate. Treat - By far the majority of risks will be in this category. The purpose of taking action to reduce the chance of the risk occurring is primarily to contain it to an acceptable level rather than mitigate it entirely. Risk responsibility will beat the most suitable part of the management chain. It is important to decide what criteria will result in the risk being passed up the management chain. Transfer - For some risks, the best response may be to transfer them. This might be done by conventional insurance or by supporting a third party to take the risk in another way. Terminate - The risk may be removed by doing things differently or by exiting a particular activity thus removing the risk. Version: 1 December 2016 9

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback