Risk Management. Group Standard
|
|
- Jonas Long
- 8 years ago
- Views:
Transcription
1 Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS GS-RM1 Risk Management July 2014 v1.0 Serco Public
2 Document Details Document Details erence SMS GS-RM1: Risk Management Approval Date July 2014 Serco Public Version 1 Date for next review July 2016 Applicability Serco Group covering all business regions, operating companies and business units throughout the world 1 Authority Chief Executive, Serco Group plc Accountable Policy Owner (Group) Director, Risk and Acquisitions Additional Information Supporting standards, standard operating procedures and guidance relating to this Group Standard are available on Our World under Serco Management System Governance Our policies and standards, together with any regional or market requirements and enhancements to them, are authorised through a robust governance process. The SMS Quality Manual describes this process and is available on Our World under Serco Management System Consequence Management As a Group Standard the requirements detailed in this document are mandated and must be adhered to. Non-compliance will have consequences which may include disciplinary action. The Consequence Management Group Standard (SMS-GS-G1) details how instances of non-compliance will be dealt with 1 As used herein, Serco Group and its affiliates, subsidiaries and operating companies are referred to as Serco, the Company or company, or we, us or our. Contents Document Details... 1 Contents Objectives Policy Standards Policy Risk Management Priorities Risk Management Lifecycle Risk Applied to Business Lifecycle Gates Risk Tools & Risk Registers Risk Training Compliance assessment and audit Responsibilities & Accountabilities Processes and Controls Governance processes and controls Key processes and controls Supporting documentation and guidance Definitions Further information and support SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
3 1 Objectives Risk management will be established, operated and measured in such a way as to drive value across the Serco organisation. Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise. Management at all levels are required to manage risks on a daily basis as part of normal management processes. The objectives of effective risk management are to: create a robust control environment that reduces negative impacts to our business performance provide an early line of sight (visibility) and increased understanding of material risks up, down and across the organisation, and early warning of increases in threat/exposure support informed risk-taking that promotes business growth and success while recognising the risks associated with key decisions To achieve these objectives, risk management will be: mandated and integrated with all business processes and linked to the achievement of Serco s objectives standardised and structured via a continuous process of planning, identification, analysis, mitigation, monitoring and reporting open and transparent across the business and promptly communicated so as to support effective and timely decision making iterative and responsive to business change 2 Policy Standards 2.1 Policy S1. Risk Management Policy will be defined, documented, implemented and maintained S2. Risk management policy and the organisation s risk management capability will deliver three organisational service needs: a. definition of risk management standards and capability (roles, processes, tools and skills) b. managing and reporting of risk c. assurance of risk management activities S3. Group will adopt a Risk Operating Model (ROM) that will meet these service needs. The ROM will comprise of: a. Risk Policy and Standard b. Risk Organisation Structure: roles and responsibilities c. Risk Management Lifecycle: mandated processes, controls, tools, guidance and skills/training d. Risk Assurance S4. The ROM will be appropriate and proportionate to the nature of the organisation s risks S5. The ROM will be regularly reviewed (at least annually) to ensure risk continues to be effectively identified, managed and mitigated. 2.2 Risk Management Priorities S6. The priority of risk management will be on material risks and their consistent management across the business; focusing on these risks rather than all risks allows more effective use of our people and financial resources. S7. Material risks are those that present the most significant threat to the business and are defined as those risks that have a residual risk score of major or severe. Material risks will be consistently scored and defined by using a standardised risk scoring system, the Serco Standard Risk Scoring Matrix 1 1 See Risk Management GSOP : SMS GSOP RM1-1 2 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
4 S8. Where other Risk scoring systems are required (for example by a customer, regulatory agency or other), material risks will continue to be defined using the Serco Standard Risk Scoring Matrix so they are visible and internally consistent when reported within the business S9. Business Leaders will ensure that all material risks will have appropriate mitigation actions that are monitored and updated to ensure mitigation is effective S10. Business Leaders will ensure that material risks will be reported both up and down the organisation, and at each organisational level they will be aggregated to represent the profile of risk at that level S11. Non-material risks will continue to be monitored until these recede or become material, in which case they will then be reported and managed as a material risk S15. The Business Leader will be responsible for both the adoption of the Risk Management Lifecycle and allocation of employees with appropriate risk expertise to deliver the risk management processes S16. The Divisional Risk Director in consultation with the Director, Group Risk & Programmes will ensure appropriate divisional risk resources are in place based on the nature and occurrence of material risks in the division, and that those performing risk management within the business are trained and competent. The divisional risk management structure will be approved by the Divisional CEO S17. Business Leaders will ensure that Risk Management is performed at Bid, Contract, Business Unit, Division, Corporate Function and Group organisational levels. Table 1 below shows what is meant by Business Leader at each organisational level. This is not an exhaustive list 2.3 Risk Management Lifecycle S12. The Risk Management Lifecycle, consisting of seven processes, six of which apply to the business with mandated tools and templates, will be used to manage risk effectively and consistently. The seven processes are 2 : 0. Group Risk Planning (solely at Group / Corporate level) 1. Risk Planning 2. Risk Identification 3. Risk Analysis 4. Risk Mitigation 5. Risk Monitoring 6. Risk Reporting S13. The Divisional Risk Director (for Division) or the Director, Group Risk & Programmes (for Group) will be responsible for and will determine which business activities will implement the full Risk Management Lifecycle S14. Where the decision has been made to adopt the full Risk Management Lifecycle, all mandated processes, templates and tools within the lifecycle will be applied 3 Table 1 Organisational Level Group Corporate Functions Division Business Unit Contracts Bid, Transition, Transformation Programme Business Leader Role Group CEO CFO, CIO, COO, Group HR Director, General Counsel, Head of Shared Services etc. Divisional CEO BU MD Contract Manager or Director Bid Director, Transition Director, Programme Director 2 Further details of each of the mandated processes in the Risk Management Lifecycle can be found in the Risk Management GSOP : SMS GSOP RM1-1 3 These are defined in Risk Management GSOP : SMS GSOP RM1-1 3 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
5 S18. Business Leaders will review and report on risk as specified in the table below, with a focus on material risks. Table 2 below shows the risk review and reporting requirements across the organization: Table 2 Risk Register Group Risk Register Corporate Function Register Division Risk Register Business Unit (BU) Risk Register Contract Reviewed By Group Risk Management Lead Director, Group Risk & Programmes Corporate Function Director Director, Group Risk & Programmes Divisional Executive Management Team (EMT) (including Divisional Risk Director) BU Senior Management Team (SMT) Contract Management Team Approved By Report To Frequency Executive Committee Executive Committee Divisional CEO BU MD CRRC plc Board CRRC COO (in line with Divisional Performance Review (DPR) Director, Group Risk & Programmes Divisional EMT Quarterly Quarterly (as recommended by CRRC) Quarterly Bi-Monthly Quarterly Bi-Monthly Contract Manager BU SMT Bi-Monthly Risk Register Bid or Transition Reviewed By Business Lifecycle Review Team 4 Approved By Report To Frequency Bid, Transition or Transformation Director/ Manager BU SMT Bi-Monthly S19. Irrespective of reporting cycles, a material risk that the Business Leader (in consultation with their relevant risk experts) determines cannot be mitigated locally is to be immediately escalated to the next management level. The next organisation level up will then own and be responsible for developing and implementing mitigation of the risk S20. Material risks will be reported using the standard All Key Risks Dashboard in estrim (see estrim User Guide, which can be found within the estrim tool under Documents ) S21. The Group Executive Committee will decide which top ten risks will reside on the Group Risk Register and be reported to both the Corporate Responsibility and Risk Committee (CRRC) and plc Board S22. Corporate Functions will review their material risks on a quarterly basis and report these to the Director Group Risk & Programmes S23. Divisions will review their material risks on a bi-monthly basis, discuss them at Divisional Executive Management Team (EMT) meetings and in the Divisional Performance Review (DPR). These will be reported to the Director Group Risk & Programmes each quarter S24. Business Units will review their material risks on a bi-monthly basis. These will be reported by the Business Unit MD to the Divisional EMT for their review S25. Contract Managers will review their material risks with their contract management team on a bi-monthly basis, discuss them with the Business Unit MD and SMT on a regular basis, and escalate risks that cannot be mitigated at contract level S26. Bids and transition programmes will review their material risks at the respective bid or programme reviews with the Business Lifecycle Review Team 4 See Internal Boards and Committees Group Standard : SMS-GS-G4 4 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
6 2.4 Risk Applied to Business Lifecycle Gates S27. The relevant Business Leader (e.g. Bid Director) will commence risk management at Gate 1 of the Business Lifecycle 5 whereby the material risks will form part of the qualification decision S28. Effective use of risk management processes will be reviewed by the Business Leader and material risks will be signed off for accuracy, completeness and progress against plan at all subsequent Business Lifecycle Gates 2 9 S29. The risk register will be a live document, actively managed and handed over through each phase of the business lifecycle through to Gate 9 in order to ensure absolute continuity and consistency of interpretation and the management of risks S30. Each Gate approval decision will consider: a. the appropriateness of the risk management processes b. evidence that appropriate risk identification and analysis has been performed and that it has identified a set of material risks that bring to light the risk threat/exposure to this business activity c. evidence that material risks are being mitigated appropriately and reported correctly d. evidence that appropriate decisions relating to risk are being made and that the right subject matter experts have been involved S31. Where a deficiency in risk management activity is identified it will be reported to the Divisional Risk Director, and to the Director, Group Risks & Programmes where required 2.5 Risk Tools & Risk Registers S32. All identified risks will be scored and recorded. Material risks will be recorded on the corporate system estrim either directly or through the estrim Upload Tool. The estrim Upload Tool 6 S33. As agreed with the Divisional Risk Director, bids and contracts with three or less material risks will record these on the Business Unit Risk Register rather than create their own register in estrim S34. Entry of material risks on estrim should be timely, accurate and complete. The Divisional Risk Director will monitor material risks reported on estrim and request correction of poor quality content S35. The Divisional Risk Director will ensure registers of material risks will be retained on estrim and, where identified for disposal, disposed of in accordance with Document Retention 7 requirements 2.6 Risk Training S36. Risk training is a fundamental part of the Risk Operating Model (ROM). The Divisional Risk Director and Director of Group Risk & Programmes will identify people fulfilling the relevant risk management roles who will benefit from risk training. In agreement with the Divisional Chief Executive Officer (CEO) and Group Chief Operating Officer (COO) they will ensure all people in these roles are trained on both this Standard, the Risk Management Group Standard Operating Procedure (GSOP) and the Risk Management Lifecycle using training materials provided by Group Risk & Programmes S37. Individual competency requirements to undertake risk management and use required tools, such as estrim, will be assessed with training needs identified and delivered S38. Records will be maintained of individual s training and competency 2.7 Compliance assessment and audit S39. Risk management systems will be periodically assessed to provide evidence on the levels of risk management controls compliance within the business and to ensure continual strengthening of the risk management controls environment by addressing non-compliance. S40. Risk management compliance assessments and audits will be completed in accordance with Compliance and Internal Audit requirements 8 via a planned, independent and documented assessment of compliance, effectiveness and adequacy S41. All actions arising from risk management compliance assessments and audits including changes in procedures will be documented, communicated, followed up and completed 5 See Bidding Group Standard : SMS-GS-BD1 6 See estrim Upload Tool : FRM1 7 See Document Retention GSOP : SMS-GSOP-II1-2 8 See Compliance Group Standard : SMS-GS-G2 and Internal Audit Group Standard : SMS-GS-G3 5 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
7 3 Responsibilities & Accountabilities S42. The following responsibilities will apply to the delivery of the defined standards. If these are not completed effectively, the person responsible will be accountable for any consequences 9 S43. Risk management is delivered through roles in the Group and Divisional risk management function and roles embedded in the business as defined in the ROM Group S44. The Serco plc Board and Corporate Responsibility and Risk Committee (CRRC) is responsible for: a. setting the context regarding risk and organisational risk taking b. oversight of risk management within the Group c. oversight of Group level material risks S45. The Group Executive Management Team is responsible for: a. reviewing and monitoring the implementation of the ROM b. reviewing and challenging the Group risk register associated controls and management action plans for completeness, effectiveness and appropriateness c. considering the findings from internal audit in the context of their impact on risk d. considering new and changed emerging risks and key control gaps S46. The Group CEO is responsible for: a. ensuring the context regarding risk and risk taking is as directed by the CRRC b. owning Group level material risks c. The appointment of a Risk Management Lead S47. The Group COO is responsible for: a. the development and enforcement of all Serco policies and standards, including this Risk Management Standard b. the oversight of operational risks that reside on the Group risk register 9 See Consequence Management Group Standard : SMS-GS-G1 S48. The Group Risk Management Lead is responsible for: a. reviewing and maintaining risk management policy and associated ROM b. ensuring the SMS standard and associated procedures and key controls remain fit for purpose, reflect legislative and regulatory requirements and effectively manage business risks c. overseeing the activities of the Group risk management function d. owning the Group level risk register to ensure that its breadth in focus is an appropriate aggregation of all the business risks, and that focus is on the major enterprise level risks e. ensuring Group level material risks are identified and managed f. providing oversight and reporting on business risks and the performance of the ROM S49. The Group Risk Management Lead will establish a Group risk management function the head of which [Director Group Risk and Programmes] will be responsible for: a. developing risk management policy and associated ROM b. ensuring risk management standards, processes and controls, tools and risk training are defined, agreed and remain fit for purpose, and that Group has oversight of their implementation in the business c. defining risk management service needs, standards and capability (roles, processes, tools and skills) d. ensuring appropriate Group level risk resources (Group Risk Managers) are in place, based on the nature and occurrence of material risks at Group level, development of policy and the ROM and business support required to embed risk management e. ensuring the risk management function operates globally to support the business, coordinating the activities of Group and divisional risk directors and managers f. assessing Group risks and developing the Group risk register, the detailed review of Group risks, and managing Group level material risks that impact our strategy g. ensuring material risks are defined consistently and ensuring focus is on material risk h. reporting on risk including trend analysis across the divisions and identifying and communicating emerging Group level material risks i. assuring risk management activities j. appropriate retention and disposal of Group risk registers on the corporate system estrim 6 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
8 Division S50. The Divisional Chief Executive Officers (CEOs) are responsible for: a. owning material risks across the division b. owning Group level material risks that are operational in nature c. ensuring the bi-monthly review of all material risk at Divisional level d. monthly reporting obligation including DPR S51. The Divisional Executive Management Team is responsible for: a. reviewing and challenging material risks facing the division; associated controls and management actions each quarter b. considering key current and emerging risks facing the division c. assessing and agreeing the internal processes for determining and managing key risks S52. The Divisional CEO in consultation with the Director of Group Risk and Programmes will jointly appoint a divisional risk lead [Divisional Risk Director] who, whilst being part of the Divisional Executive Team, will have a dotted line reporting relationship to the Director of Group Risk and Programmes. Divisional Risk Directors are responsible for: a. implementing risk policy, ROM, standards, procedures and key controls across the division b. ensuring procedures and key controls, remain fit for purpose and effectively manage business risks c. Reviewing the Divisional risk organizational structure and determine, in agreement with the Divisional CEO, the appropriate structure and roles required for effective risk management d. ensuring appropriate risk resources [managers and subject matter experts] are in place, based on the nature and occurrence of material risk in the division, to support the division in managing its risks, comply with the ROM and provide competent risk management e. ensuring those performing risk management are trained and competent to fulfill their roles f. ensuring risk management is performed by the business reinforcing that ultimately the business is responsible for risk management g. assessing risks within the division and developing the Divisional risk register h. determining which Divisional business activities will implement the full Risk Management Lifecycle i. ensuring material risks are defined consistently and ensuring focus is on material risk j. oversight of the divisions material risks (this may be part of project or contract reviews, through appropriate risk reporting, as a combination of both of these or by other means) k. providing oversight and reporting on Divisional risks and the performance of the Divisional risk function l. assuring divisional risk management activities m. reviewing all Internal Audit and assurance reports produced for their Division to help ensure the necessary improvements S53. The Divisional Risk Manager where necessary and in agreement with the Divisional CEO: a. supporting the implementation of the ROM and risk standards, procedures and controls across the division b. ensuring material risks are defined consistently and ensuring focus is on material risk c. assessing, reviewing and reporting on material risks faced by the division d. assuring risk management activities in the division e. supporting the business in managing its risks Business Unit S54. The Business Unit Managing Director is responsible for: a. complying with risk policy, ROM, standards, procedures and key controls b. assessing risks within their Business Unit c. owning material risks in their Business Unit d. allocating competent resource and ensuring risk responsibilities are clearly defined to enable appropriate risk management and assurance within the Business Unit e. ensuring material risks are defined consistently and ensuring focus is on material risk f. ensuring the bi-monthly review of all material risk at Business Unit level and considering emerging risks facing the Business Unit g. monthly reporting into the DPR process, escalating material risks that cannot be mitigated at the Business Unit level 7 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
9 Contract/Function S55. Business Leads (Bid Director/ Transition and or Transformation Director/Contract Director or Manager/Corporate Function Head) are responsible for: a. complying with risk policy, ROM, standards, procedures and key controls b. ensuring risks within their area of responsibility are identified, analysed and managed c. ensuring appropriate resources i.e. risk experts are of sufficient competence to perform risk management responsibilities d. ensuring material risks are defined consistently and ensuring focus is on material risk e. ensuring local controls are in place for providing assurance that risks are being effectively managed f. bi-monthly review of risks, and regular reporting requirements are met, considering emerging risks and escalating material risks that cannot be mitigated at the contract level 8 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
10 Group (S44-S49) Division (S50 S53) Business Unit (S54) Contract/ function (S55) All Employees 4 Processes and Controls 4.1 Governance processes and controls Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference Responsibility for ensuring controls are in place and operating effectively Description Description P1 Risk Responsibilities are defined and understood C1 Risk management organisation and roles are in place that meet the organisational service needs and the requirements of this standard C2 Risk management responsibilities are clearly defined C3 Appropriate and competent risk management resource is deployed P2 Establish Risk Operating Model C4 Risk Operating Model is defined and published through policy, standards and group procedures C5 Appropriate risk management processes, controls and tools are defined, developed and published C6 The ROM, risk policy. standards, processes, controls, tools and guidance are communicated and implemented 9 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
11 Group (S44-S49) Division (S50 S53) Business Unit (S54) Contract/ function (S55) All Employees Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference Responsibility for ensuring controls are in place and operating effectively Description Description C7 The ROM, risk policy, standards, processes, controls, tools and guidance are periodically reviewed (at least annually) P3 Develop competent risk resources C8 Risk training requirements are defined, planned and recorded C9 Risk training materials are developed and available which reflect the ROM and how risk management is to be managed C10 Risk training requirements are periodically reviewed (at least annually) and updated P4 Risk compliance C11 Risk management compliance plan in place C12 Risk management compliance and audit reports with action plans to address non conformances C13 Agreed actions closed out 10 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
12 Group (S44-S49) Division (S50 S53) Business Unit (S54) Contract/ function (S55) All Employees 4.2 Key processes and controls Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference Responsibility for ensuring controls are in place and operating effectively Description Description P5 Application of risk management priorities C14 Serco Standard Scoring Matrix is used to identify material risks P6 Application of the Risk Management Lifecycle C15 Business activities which will apply the full Risk Lifecycle are defined C16 Where the full Risk Management Lifecycle is being applied all mandated processes, templates and tools are being used P7 Risk planning C17 An approved Risk Management Plan is in place P8 Risk identification C18 Stakeholders have participated in the risk identification process C19 Business Leader has reviewed and approved identified risks P9 Risk analysis C20 Identified risks have inherent, residual and target risk probability and impact assessments C21 Risk registers have been reviewed and approved 11 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
13 Group (S44-S49) Division (S50 S53) Business Unit (S54) Contract/ function (S55) All Employees Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference Responsibility for ensuring controls are in place and operating effectively Description Description C22 Risk Registers are live documents that are reviewed and updated throughout the business lifecycle of a Contract through to Gate 9 P10 Risk mitigation C23 Approved controls and plans are in place to manage and mitigate material risks P11 Risk monitoring C24 Approved material risks are entered on estrim C25 Data entered on estrim is accurate and complete C26 Material risks and mitigating controls and plans are monitored and periodically reviewed and approved P12 Risk reporting C27 Risk reporting and escalation requirements are defined C28 Risk reports are timely, accurate and complete 12 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
14 5 Supporting documentation and guidance The following should be read in conjunction with this standard: SMS_PS_RM SMS-GSOP-RM1-1 SMS_GS-BD1 SMS-GS-BD2 SMS-GS-O1 SMS-GS-G2 SMS-GS-G3 SMS GSOP II1-2 FRM1 Document Risk Management Policy Risk Management GSOP Bidding Group Standard Transition Group Standard Operations Group Standard Compliance Group Standard Internal Audit Group Standard Document Retention GSOP estrim Upload Tool 6 Definitions Term Accountability Responsibility Group Division Definition Being accountable means being not only responsible for something but also answerable for your actions. A responsible person is the individual who completes the task required. Responsibility can be shared and delegated. All responsible persons will also be accountable for completing tasks effectively. Non-compliance will have consequences which may include disciplinary action as defined within the Consequence Management Group Standard. Serco Group plc is the administrative centre of the organisation, responsible for setting corporate strategy, defining governance requirements and supporting the business in its day to day operations. The Group will define a set of business divisions which will be responsible for business delivery within a defined set of markets or geographies. Business Unit A Business Unit is a cluster of contracts which provide a similar service e.g. Health, Defence, Transport etc. Where appropriate, a separate legal entity wholly owned or where Serco has a controlling share may also be referred to as a Business Unit. This may also refer to Counties/Territories. 13 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
15 Contract Organisation Contract Manager Corporate Responsibility & Risk Committee (CRRC) Director, Group Risk & Programmes Divisional Risk Director Emerging Risk estrim A Contract provides specified requirements to a customer (either directly with Serco or to a consortium/joint Venture in which Serco is a party) A Contract will also refer to a corporate/functional area. Corporate/functional areas are functions which support the business and they include finance, HR, procurement etc. Organisation refers to a site, Contract, Business Unit and Division. This refers to a manager with responsibility for managing the performance of a contract and can include a Contract Manager on a day-to-day basis (or Operational Manager with devolved responsibility), a Contract Director, Partnership Director and/or a Business Unit Managing Director. Is a sub-committee of the plc Board responsible for the oversight of corporate responsibility and risk across the business. The committee meets each quarter. The Director of the Group Risk & Programmes Function, assigned by the Risk Management Lead. The identified and responsible Risk Management lead for each Division within Serco. An emerging risk is a newly developing or changing risk which is difficult to quantify and which may have a major impact on Serco. It needs to be highlighted and further investigated due to the potential impact on the business. estrim is Serco s electronic software tool for risk management and has been developed to support the Serco risk management process. estrim upload tool Group Risk & Programmes Function Impact Material Risk Risk The estrim upload tool aligns with estrim to provide risk process leads that are not directly accessing estrim, a risk register tool with standardised minimum mandatory fields that can subsequently be uploaded. This ensures that we have standardised risk registers for business activities where estrim is not used and all risk data is contained in our corporate risk repository. Centre of excellence for risk management through leadership and oversight. Sets the overall risk management strategy and risk policy across Serco globally and works with the Divisional Risk Directors to support risk management implementation. Impact, is the effect of a risk, should it occur. This effect is generally measured in terms of quality, cost and/or time. Material risks are those that are the most significant threat and as a business we have to manage very effectively. Using the Serco standard risk scoring matrix material risk are those residual risks that score above 20, in category 1 or 2, red or orange. When using estrim or the estrim upload tool the tool will automatically define risks scoring as material. Risk is defined as an uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on objectives. An upside source of risk is termed as on opportunity (+ve risk) while a downside source of risk is viewed as a threat (-ve risk). 14 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
16 Risk Escalation Risk Management Lifecycle Risk Management Plan Risk Management Training Risk Register Serco Management System (SMS) Risk escalation is an essential management activity that ensures risks which cannot be resolved by the management teams at one level are elevated to the next level where they can be effectively assessed and managed. A set of processes and their expected application, providing detailed procedures that help the business implement and integrate risk in to operations The Risk Management Plan defines how activityrelated risks will be identified, analysed, and managed. The Risk Management Plan contributes to the achievement of business activity objectives as it outlines how risk management will be performed, recorded, and monitored throughout the lifecycle of the business activity using Serco Group provided tools and templates for recording and prioritising risks. A training regime to enhance risk awareness, embed risk culture and improve understanding of Serco s risk management approach. Conducted via face to face training sessions, WebEx sessions and CBTs (Computer Based Trainings) Record of Information about identified risks. The term risk log is sometimes used instead of risk register but Serco prefer the use of the term Risk Register. The register can sometimes be part of a Risk, Assumptions, Issues and Dependencies (RAID) Log. The SMS is the Group s management framework which describes how we do business. It defines the rules which govern the way we operate, deliver our strategy and the way we behave. Serco Standard Risk Scoring Matrix Risk scores are a function of the risk s probability and impact. A standard Serco formula is applied via use of the Serco Standard Risk Scoring Matrix; this scores risks on a numeric basis and enables an associated red, amber and green status to be applied. 7 Further information and support If you require any further information or support regarding this Group Standard, or if you have any suggestions for improvement, please contact the Accountable Policy Owner (Group) or sms@serco.com 15 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public
Compliance. Group Standard
Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public
More informationConsequence Management
Group Standard Consequence Management Serco is committed to creating an open and transparent environment, where good behaviour is rewarded and where employees feel safe in the knowledge that poor behaviour
More informationBusiness Continuity & Crisis Management
Group Standard Business Continuity & Crisis Management The need to plan and respond effectively is critical to the successful management of any crisis situation. Business Continuity Management is the holistic
More informationOperations. Group Standard. Business Operations process forms the core of all our business activities
Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations
More informationReputation, Brand & Communications
Group Standard Reputation, Brand & Communications Serco is committed to building a positive reputation with its stakeholders, wherever we operate SMS-GS-BC4 Reputation, Brand and Communication December
More informationInformation Integrity & Data Management
Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is
More informationProcurement & Supply Chain
Group Standard Procurement & Supply Chain An effective procurement and supply chain is a critical success factor in driving competitive advantage for Serco and driving benefits for our customers SMS GS-PSC1
More informationRISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer
RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationRisk Management Policy Adopted by:
Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009
More informationHow To Manage Risk At Atb Financial
Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Regulatory risk is the risk of non-compliance with applicable regulatory requirements. For the
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationBridgend County Borough Council. Corporate Risk Management Policy
Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk
More informationGovernance, Risk and Compliance Charter
Governance, Risk and Compliance Charter Charter Owner Director GRC Charter Approver Board of Management Effective date November 15 th, 2013 Date of issue Version Name Title 15 Nov 2013 1.0 Fokko Kool Group
More informationFramework for an Aviation Security Management System (SeMS)
Framework for an Aviation Security Management System (SeMS) CAP 1223 Civil Aviation Authority 2014 All rights reserved. Copies of this publication may be reproduced for personal use, or for use within
More informationAPPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES
APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company
More informationRisk Management Policy and Process Guide
Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including
More informationReserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI
Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 NOTICE TO INSURANCE COMPANIES LICENSED UNDER THE INSURANCE ACT 1998 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS
More informationThe anglo american Safety way. Safety Management System Standards
The anglo american Safety way Safety Management System Standards 2 The Anglo American Safety Way CONTENTS Introduction 04 Anglo American Safety Framework 05 Safety in anglo american 06 Monitoring and review
More informationPreparation of a Rail Safety Management System Guideline
Preparation of a Rail Safety Management System Guideline Page 1 of 99 Version History Version No. Approved by Date approved Review date 1 By 20 January 2014 Guideline for Preparation of a Safety Management
More informationVersion Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator
Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review
More informationASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES
ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND
More informationA Guide to Corporate Governance for QFC Authorised Firms
A Guide to Corporate Governance for QFC Authorised Firms January 2012 Disclaimer The goal of the Qatar Financial Centre Regulatory Authority ( Regulatory Authority ) in producing this document is to provide
More informationPrinciples for An. Effective Risk Appetite Framework
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationAPPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014
WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles
More informationUniversity of New England Compliance Management Framework and Procedures
University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system
More informationNotion VTec Berhad (Company No. 637546-D) Board Charter
1. Introduction In achieving the objectives of transparency, accountability and effective performance for Notion VTec Berhad ( Notion or the Company ) and its subsidiaries ( the Group ), the enhancement
More informationRegulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))
Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose
More informationIT Services Risk Management Strategy
Prepared by: DOCUMENT CONTROL Change Control Table Version Amendment Description Release Date 1.00 Initial Draft Reviewed by DIB 16.01.14 Updated by 1.00 Approved by IT Lead
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationGuidance on Risk Management, Internal Control and Related Financial and Business Reporting
Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting
More informationRevised May 2007. Corporate Governance Guideline
Revised May 2007 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK
More informationIT Governance Charter
Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms
More informationRisk Management Committee Charter
Ramsay Health Care Limited ACN 001 288 768 Risk Management Committee Charter Approved by the Board of Ramsay Health Care Limited on 29 September 2015 Ramsay Health Care Limited ABN 57 001 288 768 Risk
More informationCompliance Policy AGL Energy Limited
Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5
More informationInformation Commissioner's Office
Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:
More informationCapital Requirements Directive Pillar 3 Disclosure. December 2015
Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay
More informationEffective Internal Audit in the Financial Services Sector
Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors
More informationNational Occupational Standards. Compliance
National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements
More informationRISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers
Appendix 1 RISK MANAGEMENT POLICY AND STRATEGY Document Status: Draft Originator: A Struthers Updated: A Struthers Owner: Executive Director Corporate Services Version: 01.01.03 Date: 30/3/14 Approved
More informationAssociation for Project Management Business Management System
Association for Project Management Business Management System December 2012 2 Association for Project Management About APM Formed in 1972, the Association for Project Management (APM) is committed to developing
More informationCharter of the Audit Committee of the Board of Directors
Charter of the Audit Committee of the Board of Directors Dated as of April 27, 2015 1. Purpose The Audit Committee is a committee of the Board of Directors (the Board ) of Yamana Gold Inc. (the Company
More informationAudit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee
Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have
More informationRisk Management Strategy & Implementation Plan 2014 2016
St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received
More informationAPES 320 Quality Control for Firms
APES 320 Quality Control for Firms APES 320 Quality Control for Firms is based on International Standard on Quality Control (ISQC 1) (as published in the Handbook of International Auditing, Assurance,
More informationRisk Management Framework
Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationCompliance Management Framework. Managing Compliance at the University
Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance
More informationRISK MANAGEMENT AND COMPLIANCE
RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February
More informationRISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY
RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management
More informationING Group Compliance Risk Management Charter and Framework
ING Group Compliance Risk Management Charter and Framework Corporate Compliance Risk Management ING GROUP COMPLIANCE RISK MANAGEMENT CHARTER AND FRAMEWORK Information sheet Target audience: All employees
More informationPublished by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD. Publication date: January 2014
Evidence guidelines Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD Publication date: January 2014 Supported by the Commonwealth Government
More informationGUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS
GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute
More informationINTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES. Effective January 9, 2015
INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES Effective January 9, 2015 These principles have been adopted by the Board of Directors (the "Board") of Integrated Silicon Solution, Inc.
More informationThe Role of Compliance and Supervision. Rules Notice Guidance Note Dealer Member Rules. Introduction
Rules Notice Guidance Note Dealer Member Rules Please distribute internally to: Corporate Finance Credit Institutional Internal Audit Legal and Compliance Operations Registration Regulatory Accounting
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationPROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution
PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution 1. The Challenge Large enterprises are experiencing an ever increasing burden of regulation and legislation against which they
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationCOMPLIANCE FRAMEWORK AND REPORTING GUIDELINES
COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:
More informationR000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.
2 of 34 Revision Summary Revision Number Date Description of Revisions Initial issue of the document. Table of Contents Item Description Page 1. Introduction and Purpose... 5 2. Project Management Approach...
More informationProject Risk Analysis toolkit
Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,
More informationAegon Global Compliance
Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group
More informationIntegrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans
Integrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans A guide to implementing integrated assurance and approvals Version 1.0 - May 2011 Contents Introduction 03 Integrated
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationPM Governance. Executive Team ADCA ADCA
Item 6.5a Action Plan against the Recommendations Made in the Review of Risk Management Arrangements by PM Governance, November 2014 Key: PM Governance Paul Moore, Risk Consultant ADCA Associate Director
More informationDirect Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference
Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference Chair An Independent Non-Executive Director In the absence of the Committee Chairman and an appointed
More informationCorporate Governance Statement
Corporate Governance Statement The Board of Directors of APN Outdoor Group Limited (APO) is responsible for the overall corporate governance of APO, including establishing the corporate governance framework
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationDerbyshire Trading Standards Service Quality Manual
Derbyshire Trading Standards Service Quality Manual This Quality Manual has been developed to give a broad outline of how the Trading Standards Division s range of services comply with the requirements
More informationPolicy (Board Approved)
Policy (Board Approved) Compliance and Regulatory Management Document Number GOV-POL-20 1.0 Policy Statement Stanwell Corporation Limited (Stanwell) is a Queensland company Government Owned corporation.
More informationCorporate governance statement
Corporate governance statement Compliance with the UK Corporate Governance Code In the period to 30 March 2013, as detailed below and in the risk and risk management report and the remuneration report
More informationBasel Committee on Banking Supervision. Review of the Principles for the Sound Management of Operational Risk
Basel Committee on Banking Supervision Review of the Principles for the Sound Management of Operational Risk 6 October 2014 This publication is available on the BIS website (www.bis.org). Bank for International
More informationCapital Adequacy: Advanced Measurement Approaches to Operational Risk
Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements
More informationSenate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University
SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee
More informationHow To Ensure That Sovini Is A Successful Business
Group Risk Management Policy Originator: Approval date: Policy and Strategy Team Sovini Board PCHA Board OVH Board/EMT 6 th December 2013 31 st October 2013 14 th October 2013 Review date: December 2014
More informationRisk Management Within an Organisation
COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority
More informationCouncil Meeting Agenda 27/07/15
3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities
More informationCONTROLLED DOCUMENT. Traffic Management Policy
CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE Controlled Number: Document Version Number: 1 Controlled Sponsor: Controlled Lead: Approved By: On: Document Document Policy Governance To set out
More informationengage ERM ADVISORY Insurer Management Risk Committee Practices
engage ERM ADVISORY Insurer Management Risk Committee Practices 2012 There are three major organizational steps that insurers with significant Enterprise Risk Management programs usually consider: the
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
More informationKING III COMPLIANCE REGISTER 2015
KING COMPLIANCE REGISTER 2015 Partially Not 1.1 The Board should provide effective leadership based on an ethical foundation. Mr Paul Jenkins is currently the executive chairman of MNY. He is a well respected
More informationBoard of Directors and Management Oversight
Board of Directors and Management Oversight Examination Procedures Examiners should request/ review records, discuss issues and questions with senior management. With respect to board and senior management
More informationPaper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business
Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING 10 February 2015 Title of the report: Section: Report by: Presented by: Risk Management Strategy & Policy Governance How we manage
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationAnnual Governance Statement 2013/14
31 Annual Governance Statement 2013/14 1. SCOPE OF RESPONSIBILITY ESPO is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money
More informationNOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE
STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationHEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM
HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM September 2011 OUR HEALTH, SAFETY AND ENVIRONMENT POLICY OUR PRINCIPLE OF DUE CARE We care about the wellbeing of our people and our impact on the environment.
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationWhat Every Director. How to get the most from your internal audit. Endorsed by
What Every Director Should Know How to get the most from your internal audit Endorsed by Foreword This is the second edition of our flagship governance guide What every director should know. Since we published
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationSAI GLOBAL LIMITED Risk Management Policy
SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...
More informationAudit and Performance Committee Report
Audit and Performance Committee Report Date: 3 February 2016 Classification: Title: Wards Affected: Financial Summary: Report of: Author: General Release Maintaining High Ethical Standards at the City
More informationAUDIT AND RISK MANAGEMENT COMMITTEE CHARTER
MASTERMYNE GROUP LIMITED AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER Purpose of Charter 1. The Audit and Risk Management Committee Charter (Charter) governs the operations of the Audit and Risk Management
More informationProject organisation and establishing a programme management office
PROJECT ADVISORY Project organisation and establishing a programme office Leadership Series 1 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital
More information