Risk Management Policy and Processes

Similar documents
South Lanarkshire College Risk Management Policy and Procedures

Risk Management Policy

BestExHub RTS 28 EXAMPLE SCHEMA

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

Enterprise Risk Management Program

HARNESSING INDUSTRIAL CONTROL SYSTEMS SECURITY IN A GLOBAL ORGANIZATION

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

Goodman Group. Risk Management Policy. Risk Management Policy

Perpetual s Risk Management Framework

Nagement. Revenue Scotland. Risk Management Framework

Andrea Hasler. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam tincidunt

RISK MANAGEMENT FRAMEWORK

Risk Management Policy

Bournemouth Primary MAT Risk Management Policy

Risk Management Strategy

Risk Management Policy and Procedures.

Best Practices in Issues Management

West Coast District Municipality. Risk Management Policy

Risk Management Strategy

RISK MANAGEMENT POLICY AND STRATEGY

Risk Management. Webinar - July 2017

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

Version: th November 2010 RISK MANAGEMENT POLICY

Integrated Risk Management Framework Sept Page 1 of 17

British Library Risk Management Policy Framework (2017)

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Practical aspects of determining and applying a risk appetite for SMEs

Senior Director, Fire Life Safety & Risk Management

HSC Business Services Organisation Board

University Risk Management Policy

NHS North Somerset Clinical Commissioning Group Risk Management Strategy and Framework

HEALTH RESEARCH CAPACITY STRENGTHENING INITIATIVE. Program Risk Management Policy. September Imperial : +265 (0)

1.1. This document forms the Council s Risk Management Strategy. It sets out:

RISK MANAGEMENT STRATEGY Version 3

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Risk Management Policy. September 2015

Scouting Ireland Risk Management Framework

Risk Management Policy and Framework

Topic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011

Risk Management Framework

Procedure: Risk management

Risk Management Framework

Policy No. Contact Brian Orpin Version 3.0 Issue Date 28/11/2014 Telephone Review Date IA Date 09/08/2013

LONDON BOROUGH OF ENFIELD RISK MANAGEMENT STRATEGY

Risk Management Strategy

Risk Management Policy

European and Regulatory Development and Prospects Seminar

RISK MANAGEMENT FRAMEWORK

Risk Management Framework. Metallica Minerals Ltd

INTEGRATED RISK MANAGEMENT FRAMEWORK (STRATEGY AND POLICY)

Risk Management. Policy and Procedures

RISK MANAGEMENT POLICY October 2015

UNIVERSITY OF ABERDEEN RISK MANAGEMENT FRAMEWORK

Board Risk Appetite Statement

Kidsafe NSW Risk Management Plan. August 2014

Risk management procedures

SPLODA DILIGENCE REPORT

University of the Sunshine Coast (USC) Risk Appetite Statement

Policy Number: 040 Risk Management August 2018

W E L O O K A T T H I N G S D I F F E R E N T L Y. Supervision, Regulation & Risk Management

MENU. Morgan Keegan Settles SEC Fraud Charges Related to Mortgage-Backed Securities Valuations in its Registered Funds

Risk Management Strategy Highland Council Pension Fund

RISK MANAGEMENT FRAMEWORK

Click to edit Master title style. brought to you by

Ind AS 117 Insurance Contracts

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Risk Management Framework

Risk Management Strategy and Board Assurance Framework

APPENDIX 1. Transport for the North. Risk Management Strategy

GRINDROD SOUTH AFRICA//Policy Risk and opportunity governance framework

Section Defining Risk Management. 11. Principles of Risk Management

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

Risk Management Strategy

RISK MANAGEMENT FRAMEWORK

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

NATIONAL RISK MANAGEMENT SYSTEM

JCU Risk Management Framework and Plan

Main Sections. Corporate Risk Policy Statement and Procedures AR-RMD-CR01. Executive Summary. Anglia Ruskin University Risk Management

Risk. Protocol for the Management of Risk

Fundamentals of Project Risk Management

New beginning. Lorem ipsum. Lorem ipsum. Lorem ipsum. Lorem ipsum dolor sit amet, consectetuer. Lorem ipsum dolor sit amet, consectetuer

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Risk Management & Assurance Strategy. Audit Committee. See reference page 38

RISK MANAGEMENT FRAMEWORK

Risk Management Strategy

SOL PLAATJE MUNICIPALITY

Anyone can invest in Real Estate! Learn How you can make money in Real Estate for less than you think with affordable REIT Opportunities.

Risk Management Policy and Strategy

Risk Management Policy

Risk Management Framework Policy (incorporating the Risk Management Policy and Strategy)

Risk Management Framework

JFSC Risk Overview: Our approach to risk-based supervision

An Introductory Presentation for ECU Staff

Risk Management Policy

Risk Assessment Policy (Trust, Summer, Senior and Prep School & EYFS)

28 July May October 2016

DARLINGTON BUILDING SOCIETY CAPITAL REQUIREMENTS DIRECTIVE

Effective Assurance Frameworks

BERGRIVIER MUNICIPALITY

Transcription:

Management Policy and Processes Purpose of this document This document sets out IMPRESS s arrangements for risk management, as well as the definition of risk and how it is assessed, managed and reported. It also lists the responsibilities of the Board, Finance & Audit Committee (F&AC) and senior management team (SMT) with regards to risk. policy statement The IMPRESS Management Policy requires that: risks are identified, measured, managed, monitored and reported on as part of the strategic planning process and day-to-day operational management; those risks are assessed against risk appetite, and any corrective management actions are identified and acted upon; a proportionate system of governance for risk management is implemented. Definitions is the probability or threat of a negative occurrence, which may be avoided or the likely impact reduced through pre-emptive action by management. All business activities carry some degree of risk, so complete elimination of risk is impossible. assessment is an evaluation of the nature and severity of risk to IMPRESS s business activities. The evaluation is based upon known or theoretical vulnerabilities and threats, the likelihood of the threats being realised and their potential impact on the organisation. management is the process of identifying, evaluating and responding to risks to the organisation s business activities for the purpose of reducing those risks to acceptable levels. management uses the results of risk assessments to make decisions on the acceptability of individual risks, on any possible mitigating actions to reduce the impact of those risks, and on the reporting and ongoing monitoring of those risks. appetite describes the extent to which individual risks may or may not be acceptable. Approach to risk management management is central to the strategic management of IMPRESS. It provides a systematic process for identifying risks associated with new and current business activities that might inhibit achievement of IMPRESS s strategy and operational plans. IMPRESS: The Independent Monitor for the Press, 9655520 Page 1 of 7

management involves the evaluation of each risk based on a judgement of the likelihood of the risk occurring and the impact the risk will have when control measures are in place. IMPRESS will ensure there is sufficient flexibility to respond to risks and that there are adequate resources to mitigate risks. It is recognised that risks can be most effectively managed if risk management is embedded within the culture of the organisation. Strategic and risk management process IMPRESS creates a Register and Statement for the approaching business year (1 st April to 31 st March) as part of the process of creating the Annual Plan. This is undertaken by carrying out the following actions: 1. In December, an annual strategy workshop takes place attended by the Board and SMT. This workshop agrees the strategic objectives for the approaching business year. 2. These strategic objectives are used by the SMT to create the operational objectives. These two sets of objectives are the primary content of the Annual Plan for the approaching business year. 3. The Annual Plan is reviewed at the January Board meeting. A Workshop takes place at this meeting to evaluate the risks involved in achieving the objectives of the plan. 4. The risk workshop will identify risks, their impact, likelihood of occurring, the board s appetite for risk and management actions that are proposed to mitigate risk. 5. These risks are recorded on a Register (Appendix B) and then scored in terms of the likelihood of each risk occurring. (see Appendix A for explanations of the likelihood scoring) 6. Mitigating actions that should be taken to prevent the risk occurring are then listed. Each risk is scored based on its impact once any actions are already in place. The risk score would be expected to trend downwards as actions are put in place. (see Appendix A for explanations of the impact scoring) 7. The final score for each risk is then calculated by multiplying the likelihood (once mitigating actions have been taken into account) by the impact and then adding the impact. 8. The Register also lists any contingent actions to take place if the risk occurs, the risk appetite for each entry and any further comments. s are ranked on the register from highest to lowest overall score. 9. After the Register has been populated, a Statement for the approaching business year is created summarising IMPRESS s major risks for the period as well as its appetite for these risks. 10. At the March Board meeting, the Annual Plan with the Register and Statement included are signed off by the Board. Ongoing risk management The risks in the Register are monitored throughout the year by the SMT with specific regard to any significant changes to the likelihood of events occurring and IMPRESS: The Independent Monitor for the Press, 9655520 Page 2 of 7

the implementation of actions to mitigate risks. If the SMT believes that any changes should be made to the Register, a Update Report (Appendix C) should be completed. This report contains a table for new risks and a table for updating current risks. Changes should be recorded in the table with reasons behind those changes noted in the Comments box. The Update Report is then presented at the quarterly F&AC meeting where the F&AC may approve, amend or reject the changes. Any changes that are agreed by the F&AC then become part of the F&AC s quarterly report to the Board. The F&AC may also evaluate selected risks in more detail if it feels this would be of benefit to the Board or upon the Board s request. The F&AC report to the board will identify any significant changes to the risk profile of the organisation and on the status of management activities to mitigate risk and will make recommendations to the board as appropriate. At the next Board meeting, the Board consider any suggested changes to the Register from the F&AC report as well as any detailed risk evaluations. The Register is only changed with Board approval. Role of the Board The Board has a fundamental role to play and has ultimate responsibility for the management of risk. Its role is to: Provide the content for the annual Register and Statement; Set the tone and influence the culture of risk management within the organisation. This includes: a) determining whether the organisation is risk taking or risk averse as a whole or on any relevant individual issue; b) determining what types of risk are acceptable and which are not; c) setting the standards and expectations of staff with respect to conduct and probity; Determine the appropriate risk appetite for the organisation; Monitor the management of significant risks to reduce the likelihood of unwelcome surprises; Satisfy itself that the less significant risks are being actively managed, with the appropriate controls in place and working effectively; Annually review the organisation s approach to risk management and approve changes or improvements to key elements of its processes and procedures; Delegate the F&AC to review the organisation s Register each quarter and report to the Board. Role of the F&AC The key roles of the F&AC acting on behalf of the Board, are to: Oversee the SMT s compliance with the Statement and Policy; Review and evaluate any changes to the Register identified by the SMT; Review the organisation s Register on a quarterly basis; Undertake occasional detailed evaluations of individual risks; Report quarterly to the Board on the organisation s risk profile. Role of the SMT Key roles of the SMT are to: IMPRESS: The Independent Monitor for the Press, 9655520 Page 3 of 7

Create the organisation s Annual Plan; Abide by the organisation s Statement and Policy in its actions; Review the organisation s Register on a quarterly basis; Identify and evaluate any changes to significant risks faced by the organisation for consideration by the F&AC on a quarterly basis; Implement and monitor the effectiveness of mitigating actions; Implement any contingent actions if any risks are realised. Approved by the Board 15/05/2018 Last updated IMPRESS: The Independent Monitor for the Press, 9655520 Page 4 of 7

Appendix A Impact 1 Insignificant No financial, operational or reputational damage or disruption to day to day work manageable within existing systems 2 Minor Minor financial, operational or reputational damage / disruption to systems, procedures require review but manageable, limited slippage in work activity 3 Moderate Disruption to financial systems, significant slippage in work activity, procedures and protocols require significant review 4 Major Major financial, operational or reputational damage, considerable disruption to business activity Likelihood 1 Very unlikely May only occur in exceptional circumstances 2 Possible May occur at some time 3 Likely Will probably occur / re-occur at some point 4 Very likely Almost certain to occur / re-occur Appetite 1 High The Board is willing to accept a high level of risk 2 Medium The Board is willing to accept some degree of risk 3 Low The Board is willing to accept a low level of risk 4 None The Board is not willing to accept any risk Scoring Scoring is worked out by multiplying the likelihood by the impact and then adding on the impact e.g. a risk with impact 4 and likelihood 2 would score (4*2)+4 = 12. This method of scoring gives added weight to high-impact risks. High 20 Medium 12-16 Low <12 Immediate intervention required to mitigate threat to organisation Action required and/or specific responsibility delegated and overseen Activity manageable by established procedures IMPRESS: The Independent Monitor for the Press, 9655520 Page 5 of 7

Appendix B IMPRESS Register 2018-19 No. Appetite for this risk Inherent risk description Likelihood (L) of risk occurring Actions we are already taking to mitigate the risk 1 1 Lorem ipsum dolor sit amet, 4 Lorem ipsum dolor sit adipiscing elit, 2 4 Lorem ipsum dolor sit amet, 3 1 Lorem ipsum dolor sit amet, Impact (I) after actions score (LxI)+I Actions we will take if the risk happens 4 20 Lorem ipsum dolor sit adipiscing elit, sed do Comments including planned actions Lorem ipsum dolor sit amet, consectetur adipiscing elit, 4 16 Lorem ipsum dolor sit amet, consectetur adipiscing elit, 4 16 Lorem ipsum dolor sit adipiscing elit, sed do Movement 4 4 Lorem ipsum dolor sit amet, 5 4 Lorem ipsum dolor sit amet, 4 16 4 16 Lorem ipsum dolor sit adipiscing elit. 6 3 Lorem ipsum dolor sit amet, 7 2 Lorem ipsum dolor sit amet, 4 Lorem ipsum dolor sit adipiscing elit, 8 2 Lorem ipsum dolor sit amet, 4 16 Lorem ipsum dolor sit adipiscing elit, sed do 3 15 3 12 9 1 Lorem ipsum dolor sit amet, 10 1 Lorem ipsum dolor sit amet, 4 Lorem ipsum dolor sit adipiscing elit, 3 12 2 10 IMPRESS: The Independent Monitor for the Press, 9655520 Page 6 of 7

Appendix C Update Report New risks number description Likelih ood Impact Mitigating action Contingent action Comments Changes to current risks number description Score change details Mitigating action change Contingent action change Comments IMPRESS: The Independent Monitor for the Press, 9655520 Page 7 of 7

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback