Risk Management. Group Standard

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Risk Management. Group Standard"

Transcription

1 Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS GS-RM1 Risk Management July 2014 v1.0 Serco Public

2 Document Details Document Details erence SMS GS-RM1: Risk Management Approval Date July 2014 Serco Public Version 1 Date for next review July 2016 Applicability Serco Group covering all business regions, operating companies and business units throughout the world 1 Authority Chief Executive, Serco Group plc Accountable Policy Owner (Group) Director, Risk and Acquisitions Additional Information Supporting standards, standard operating procedures and guidance relating to this Group Standard are available on Our World under Serco Management System Governance Our policies and standards, together with any regional or market requirements and enhancements to them, are authorised through a robust governance process. The SMS Quality Manual describes this process and is available on Our World under Serco Management System Consequence Management As a Group Standard the requirements detailed in this document are mandated and must be adhered to. Non-compliance will have consequences which may include disciplinary action. The Consequence Management Group Standard (SMS-GS-G1) details how instances of non-compliance will be dealt with 1 As used herein, Serco Group and its affiliates, subsidiaries and operating companies are referred to as Serco, the Company or company, or we, us or our. Contents Document Details... 1 Contents Objectives Policy Standards Policy Risk Management Priorities Risk Management Lifecycle Risk Applied to Business Lifecycle Gates Risk Tools & Risk Registers Risk Training Compliance assessment and audit Responsibilities & Accountabilities Processes and Controls Governance processes and controls Key processes and controls Supporting documentation and guidance Definitions Further information and support SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

3 1 Objectives Risk management will be established, operated and measured in such a way as to drive value across the Serco organisation. Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise. Management at all levels are required to manage risks on a daily basis as part of normal management processes. The objectives of effective risk management are to: create a robust control environment that reduces negative impacts to our business performance provide an early line of sight (visibility) and increased understanding of material risks up, down and across the organisation, and early warning of increases in threat/exposure support informed risk-taking that promotes business growth and success while recognising the risks associated with key decisions To achieve these objectives, risk management will be: mandated and integrated with all business processes and linked to the achievement of Serco s objectives standardised and structured via a continuous process of planning, identification, analysis, mitigation, monitoring and reporting open and transparent across the business and promptly communicated so as to support effective and timely decision making iterative and responsive to business change 2 Policy Standards 2.1 Policy S1. Risk Management Policy will be defined, documented, implemented and maintained S2. Risk management policy and the organisation s risk management capability will deliver three organisational service needs: a. definition of risk management standards and capability (roles, processes, tools and skills) b. managing and reporting of risk c. assurance of risk management activities S3. Group will adopt a Risk Operating Model (ROM) that will meet these service needs. The ROM will comprise of: a. Risk Policy and Standard b. Risk Organisation Structure: roles and responsibilities c. Risk Management Lifecycle: mandated processes, controls, tools, guidance and skills/training d. Risk Assurance S4. The ROM will be appropriate and proportionate to the nature of the organisation s risks S5. The ROM will be regularly reviewed (at least annually) to ensure risk continues to be effectively identified, managed and mitigated. 2.2 Risk Management Priorities S6. The priority of risk management will be on material risks and their consistent management across the business; focusing on these risks rather than all risks allows more effective use of our people and financial resources. S7. Material risks are those that present the most significant threat to the business and are defined as those risks that have a residual risk score of major or severe. Material risks will be consistently scored and defined by using a standardised risk scoring system, the Serco Standard Risk Scoring Matrix 1 1 See Risk Management GSOP : SMS GSOP RM1-1 2 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

4 S8. Where other Risk scoring systems are required (for example by a customer, regulatory agency or other), material risks will continue to be defined using the Serco Standard Risk Scoring Matrix so they are visible and internally consistent when reported within the business S9. Business Leaders will ensure that all material risks will have appropriate mitigation actions that are monitored and updated to ensure mitigation is effective S10. Business Leaders will ensure that material risks will be reported both up and down the organisation, and at each organisational level they will be aggregated to represent the profile of risk at that level S11. Non-material risks will continue to be monitored until these recede or become material, in which case they will then be reported and managed as a material risk S15. The Business Leader will be responsible for both the adoption of the Risk Management Lifecycle and allocation of employees with appropriate risk expertise to deliver the risk management processes S16. The Divisional Risk Director in consultation with the Director, Group Risk & Programmes will ensure appropriate divisional risk resources are in place based on the nature and occurrence of material risks in the division, and that those performing risk management within the business are trained and competent. The divisional risk management structure will be approved by the Divisional CEO S17. Business Leaders will ensure that Risk Management is performed at Bid, Contract, Business Unit, Division, Corporate Function and Group organisational levels. Table 1 below shows what is meant by Business Leader at each organisational level. This is not an exhaustive list 2.3 Risk Management Lifecycle S12. The Risk Management Lifecycle, consisting of seven processes, six of which apply to the business with mandated tools and templates, will be used to manage risk effectively and consistently. The seven processes are 2 : 0. Group Risk Planning (solely at Group / Corporate level) 1. Risk Planning 2. Risk Identification 3. Risk Analysis 4. Risk Mitigation 5. Risk Monitoring 6. Risk Reporting S13. The Divisional Risk Director (for Division) or the Director, Group Risk & Programmes (for Group) will be responsible for and will determine which business activities will implement the full Risk Management Lifecycle S14. Where the decision has been made to adopt the full Risk Management Lifecycle, all mandated processes, templates and tools within the lifecycle will be applied 3 Table 1 Organisational Level Group Corporate Functions Division Business Unit Contracts Bid, Transition, Transformation Programme Business Leader Role Group CEO CFO, CIO, COO, Group HR Director, General Counsel, Head of Shared Services etc. Divisional CEO BU MD Contract Manager or Director Bid Director, Transition Director, Programme Director 2 Further details of each of the mandated processes in the Risk Management Lifecycle can be found in the Risk Management GSOP : SMS GSOP RM1-1 3 These are defined in Risk Management GSOP : SMS GSOP RM1-1 3 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

5 S18. Business Leaders will review and report on risk as specified in the table below, with a focus on material risks. Table 2 below shows the risk review and reporting requirements across the organization: Table 2 Risk Register Group Risk Register Corporate Function Register Division Risk Register Business Unit (BU) Risk Register Contract Reviewed By Group Risk Management Lead Director, Group Risk & Programmes Corporate Function Director Director, Group Risk & Programmes Divisional Executive Management Team (EMT) (including Divisional Risk Director) BU Senior Management Team (SMT) Contract Management Team Approved By Report To Frequency Executive Committee Executive Committee Divisional CEO BU MD CRRC plc Board CRRC COO (in line with Divisional Performance Review (DPR) Director, Group Risk & Programmes Divisional EMT Quarterly Quarterly (as recommended by CRRC) Quarterly Bi-Monthly Quarterly Bi-Monthly Contract Manager BU SMT Bi-Monthly Risk Register Bid or Transition Reviewed By Business Lifecycle Review Team 4 Approved By Report To Frequency Bid, Transition or Transformation Director/ Manager BU SMT Bi-Monthly S19. Irrespective of reporting cycles, a material risk that the Business Leader (in consultation with their relevant risk experts) determines cannot be mitigated locally is to be immediately escalated to the next management level. The next organisation level up will then own and be responsible for developing and implementing mitigation of the risk S20. Material risks will be reported using the standard All Key Risks Dashboard in estrim (see estrim User Guide, which can be found within the estrim tool under Documents ) S21. The Group Executive Committee will decide which top ten risks will reside on the Group Risk Register and be reported to both the Corporate Responsibility and Risk Committee (CRRC) and plc Board S22. Corporate Functions will review their material risks on a quarterly basis and report these to the Director Group Risk & Programmes S23. Divisions will review their material risks on a bi-monthly basis, discuss them at Divisional Executive Management Team (EMT) meetings and in the Divisional Performance Review (DPR). These will be reported to the Director Group Risk & Programmes each quarter S24. Business Units will review their material risks on a bi-monthly basis. These will be reported by the Business Unit MD to the Divisional EMT for their review S25. Contract Managers will review their material risks with their contract management team on a bi-monthly basis, discuss them with the Business Unit MD and SMT on a regular basis, and escalate risks that cannot be mitigated at contract level S26. Bids and transition programmes will review their material risks at the respective bid or programme reviews with the Business Lifecycle Review Team 4 See Internal Boards and Committees Group Standard : SMS-GS-G4 4 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

6 2.4 Risk Applied to Business Lifecycle Gates S27. The relevant Business Leader (e.g. Bid Director) will commence risk management at Gate 1 of the Business Lifecycle 5 whereby the material risks will form part of the qualification decision S28. Effective use of risk management processes will be reviewed by the Business Leader and material risks will be signed off for accuracy, completeness and progress against plan at all subsequent Business Lifecycle Gates 2 9 S29. The risk register will be a live document, actively managed and handed over through each phase of the business lifecycle through to Gate 9 in order to ensure absolute continuity and consistency of interpretation and the management of risks S30. Each Gate approval decision will consider: a. the appropriateness of the risk management processes b. evidence that appropriate risk identification and analysis has been performed and that it has identified a set of material risks that bring to light the risk threat/exposure to this business activity c. evidence that material risks are being mitigated appropriately and reported correctly d. evidence that appropriate decisions relating to risk are being made and that the right subject matter experts have been involved S31. Where a deficiency in risk management activity is identified it will be reported to the Divisional Risk Director, and to the Director, Group Risks & Programmes where required 2.5 Risk Tools & Risk Registers S32. All identified risks will be scored and recorded. Material risks will be recorded on the corporate system estrim either directly or through the estrim Upload Tool. The estrim Upload Tool 6 S33. As agreed with the Divisional Risk Director, bids and contracts with three or less material risks will record these on the Business Unit Risk Register rather than create their own register in estrim S34. Entry of material risks on estrim should be timely, accurate and complete. The Divisional Risk Director will monitor material risks reported on estrim and request correction of poor quality content S35. The Divisional Risk Director will ensure registers of material risks will be retained on estrim and, where identified for disposal, disposed of in accordance with Document Retention 7 requirements 2.6 Risk Training S36. Risk training is a fundamental part of the Risk Operating Model (ROM). The Divisional Risk Director and Director of Group Risk & Programmes will identify people fulfilling the relevant risk management roles who will benefit from risk training. In agreement with the Divisional Chief Executive Officer (CEO) and Group Chief Operating Officer (COO) they will ensure all people in these roles are trained on both this Standard, the Risk Management Group Standard Operating Procedure (GSOP) and the Risk Management Lifecycle using training materials provided by Group Risk & Programmes S37. Individual competency requirements to undertake risk management and use required tools, such as estrim, will be assessed with training needs identified and delivered S38. Records will be maintained of individual s training and competency 2.7 Compliance assessment and audit S39. Risk management systems will be periodically assessed to provide evidence on the levels of risk management controls compliance within the business and to ensure continual strengthening of the risk management controls environment by addressing non-compliance. S40. Risk management compliance assessments and audits will be completed in accordance with Compliance and Internal Audit requirements 8 via a planned, independent and documented assessment of compliance, effectiveness and adequacy S41. All actions arising from risk management compliance assessments and audits including changes in procedures will be documented, communicated, followed up and completed 5 See Bidding Group Standard : SMS-GS-BD1 6 See estrim Upload Tool : FRM1 7 See Document Retention GSOP : SMS-GSOP-II1-2 8 See Compliance Group Standard : SMS-GS-G2 and Internal Audit Group Standard : SMS-GS-G3 5 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

7 3 Responsibilities & Accountabilities S42. The following responsibilities will apply to the delivery of the defined standards. If these are not completed effectively, the person responsible will be accountable for any consequences 9 S43. Risk management is delivered through roles in the Group and Divisional risk management function and roles embedded in the business as defined in the ROM Group S44. The Serco plc Board and Corporate Responsibility and Risk Committee (CRRC) is responsible for: a. setting the context regarding risk and organisational risk taking b. oversight of risk management within the Group c. oversight of Group level material risks S45. The Group Executive Management Team is responsible for: a. reviewing and monitoring the implementation of the ROM b. reviewing and challenging the Group risk register associated controls and management action plans for completeness, effectiveness and appropriateness c. considering the findings from internal audit in the context of their impact on risk d. considering new and changed emerging risks and key control gaps S46. The Group CEO is responsible for: a. ensuring the context regarding risk and risk taking is as directed by the CRRC b. owning Group level material risks c. The appointment of a Risk Management Lead S47. The Group COO is responsible for: a. the development and enforcement of all Serco policies and standards, including this Risk Management Standard b. the oversight of operational risks that reside on the Group risk register 9 See Consequence Management Group Standard : SMS-GS-G1 S48. The Group Risk Management Lead is responsible for: a. reviewing and maintaining risk management policy and associated ROM b. ensuring the SMS standard and associated procedures and key controls remain fit for purpose, reflect legislative and regulatory requirements and effectively manage business risks c. overseeing the activities of the Group risk management function d. owning the Group level risk register to ensure that its breadth in focus is an appropriate aggregation of all the business risks, and that focus is on the major enterprise level risks e. ensuring Group level material risks are identified and managed f. providing oversight and reporting on business risks and the performance of the ROM S49. The Group Risk Management Lead will establish a Group risk management function the head of which [Director Group Risk and Programmes] will be responsible for: a. developing risk management policy and associated ROM b. ensuring risk management standards, processes and controls, tools and risk training are defined, agreed and remain fit for purpose, and that Group has oversight of their implementation in the business c. defining risk management service needs, standards and capability (roles, processes, tools and skills) d. ensuring appropriate Group level risk resources (Group Risk Managers) are in place, based on the nature and occurrence of material risks at Group level, development of policy and the ROM and business support required to embed risk management e. ensuring the risk management function operates globally to support the business, coordinating the activities of Group and divisional risk directors and managers f. assessing Group risks and developing the Group risk register, the detailed review of Group risks, and managing Group level material risks that impact our strategy g. ensuring material risks are defined consistently and ensuring focus is on material risk h. reporting on risk including trend analysis across the divisions and identifying and communicating emerging Group level material risks i. assuring risk management activities j. appropriate retention and disposal of Group risk registers on the corporate system estrim 6 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

8 Division S50. The Divisional Chief Executive Officers (CEOs) are responsible for: a. owning material risks across the division b. owning Group level material risks that are operational in nature c. ensuring the bi-monthly review of all material risk at Divisional level d. monthly reporting obligation including DPR S51. The Divisional Executive Management Team is responsible for: a. reviewing and challenging material risks facing the division; associated controls and management actions each quarter b. considering key current and emerging risks facing the division c. assessing and agreeing the internal processes for determining and managing key risks S52. The Divisional CEO in consultation with the Director of Group Risk and Programmes will jointly appoint a divisional risk lead [Divisional Risk Director] who, whilst being part of the Divisional Executive Team, will have a dotted line reporting relationship to the Director of Group Risk and Programmes. Divisional Risk Directors are responsible for: a. implementing risk policy, ROM, standards, procedures and key controls across the division b. ensuring procedures and key controls, remain fit for purpose and effectively manage business risks c. Reviewing the Divisional risk organizational structure and determine, in agreement with the Divisional CEO, the appropriate structure and roles required for effective risk management d. ensuring appropriate risk resources [managers and subject matter experts] are in place, based on the nature and occurrence of material risk in the division, to support the division in managing its risks, comply with the ROM and provide competent risk management e. ensuring those performing risk management are trained and competent to fulfill their roles f. ensuring risk management is performed by the business reinforcing that ultimately the business is responsible for risk management g. assessing risks within the division and developing the Divisional risk register h. determining which Divisional business activities will implement the full Risk Management Lifecycle i. ensuring material risks are defined consistently and ensuring focus is on material risk j. oversight of the divisions material risks (this may be part of project or contract reviews, through appropriate risk reporting, as a combination of both of these or by other means) k. providing oversight and reporting on Divisional risks and the performance of the Divisional risk function l. assuring divisional risk management activities m. reviewing all Internal Audit and assurance reports produced for their Division to help ensure the necessary improvements S53. The Divisional Risk Manager where necessary and in agreement with the Divisional CEO: a. supporting the implementation of the ROM and risk standards, procedures and controls across the division b. ensuring material risks are defined consistently and ensuring focus is on material risk c. assessing, reviewing and reporting on material risks faced by the division d. assuring risk management activities in the division e. supporting the business in managing its risks Business Unit S54. The Business Unit Managing Director is responsible for: a. complying with risk policy, ROM, standards, procedures and key controls b. assessing risks within their Business Unit c. owning material risks in their Business Unit d. allocating competent resource and ensuring risk responsibilities are clearly defined to enable appropriate risk management and assurance within the Business Unit e. ensuring material risks are defined consistently and ensuring focus is on material risk f. ensuring the bi-monthly review of all material risk at Business Unit level and considering emerging risks facing the Business Unit g. monthly reporting into the DPR process, escalating material risks that cannot be mitigated at the Business Unit level 7 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

9 Contract/Function S55. Business Leads (Bid Director/ Transition and or Transformation Director/Contract Director or Manager/Corporate Function Head) are responsible for: a. complying with risk policy, ROM, standards, procedures and key controls b. ensuring risks within their area of responsibility are identified, analysed and managed c. ensuring appropriate resources i.e. risk experts are of sufficient competence to perform risk management responsibilities d. ensuring material risks are defined consistently and ensuring focus is on material risk e. ensuring local controls are in place for providing assurance that risks are being effectively managed f. bi-monthly review of risks, and regular reporting requirements are met, considering emerging risks and escalating material risks that cannot be mitigated at the contract level 8 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

10 Group (S44-S49) Division (S50 S53) Business Unit (S54) Contract/ function (S55) All Employees 4 Processes and Controls 4.1 Governance processes and controls Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference Responsibility for ensuring controls are in place and operating effectively Description Description P1 Risk Responsibilities are defined and understood C1 Risk management organisation and roles are in place that meet the organisational service needs and the requirements of this standard C2 Risk management responsibilities are clearly defined C3 Appropriate and competent risk management resource is deployed P2 Establish Risk Operating Model C4 Risk Operating Model is defined and published through policy, standards and group procedures C5 Appropriate risk management processes, controls and tools are defined, developed and published C6 The ROM, risk policy. standards, processes, controls, tools and guidance are communicated and implemented 9 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

11 Group (S44-S49) Division (S50 S53) Business Unit (S54) Contract/ function (S55) All Employees Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference Responsibility for ensuring controls are in place and operating effectively Description Description C7 The ROM, risk policy, standards, processes, controls, tools and guidance are periodically reviewed (at least annually) P3 Develop competent risk resources C8 Risk training requirements are defined, planned and recorded C9 Risk training materials are developed and available which reflect the ROM and how risk management is to be managed C10 Risk training requirements are periodically reviewed (at least annually) and updated P4 Risk compliance C11 Risk management compliance plan in place C12 Risk management compliance and audit reports with action plans to address non conformances C13 Agreed actions closed out 10 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

12 Group (S44-S49) Division (S50 S53) Business Unit (S54) Contract/ function (S55) All Employees 4.2 Key processes and controls Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference Responsibility for ensuring controls are in place and operating effectively Description Description P5 Application of risk management priorities C14 Serco Standard Scoring Matrix is used to identify material risks P6 Application of the Risk Management Lifecycle C15 Business activities which will apply the full Risk Lifecycle are defined C16 Where the full Risk Management Lifecycle is being applied all mandated processes, templates and tools are being used P7 Risk planning C17 An approved Risk Management Plan is in place P8 Risk identification C18 Stakeholders have participated in the risk identification process C19 Business Leader has reviewed and approved identified risks P9 Risk analysis C20 Identified risks have inherent, residual and target risk probability and impact assessments C21 Risk registers have been reviewed and approved 11 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

13 Group (S44-S49) Division (S50 S53) Business Unit (S54) Contract/ function (S55) All Employees Process A set of related activities that must be carried out to achieve policy outcomes Controls The action we put in place to mitigate a risk(s) within a key process and/or the delivery of policy outcomes. These are mandated and are the minimum that should be implemented regardless of any local difference Responsibility for ensuring controls are in place and operating effectively Description Description C22 Risk Registers are live documents that are reviewed and updated throughout the business lifecycle of a Contract through to Gate 9 P10 Risk mitigation C23 Approved controls and plans are in place to manage and mitigate material risks P11 Risk monitoring C24 Approved material risks are entered on estrim C25 Data entered on estrim is accurate and complete C26 Material risks and mitigating controls and plans are monitored and periodically reviewed and approved P12 Risk reporting C27 Risk reporting and escalation requirements are defined C28 Risk reports are timely, accurate and complete 12 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

14 5 Supporting documentation and guidance The following should be read in conjunction with this standard: SMS_PS_RM SMS-GSOP-RM1-1 SMS_GS-BD1 SMS-GS-BD2 SMS-GS-O1 SMS-GS-G2 SMS-GS-G3 SMS GSOP II1-2 FRM1 Document Risk Management Policy Risk Management GSOP Bidding Group Standard Transition Group Standard Operations Group Standard Compliance Group Standard Internal Audit Group Standard Document Retention GSOP estrim Upload Tool 6 Definitions Term Accountability Responsibility Group Division Definition Being accountable means being not only responsible for something but also answerable for your actions. A responsible person is the individual who completes the task required. Responsibility can be shared and delegated. All responsible persons will also be accountable for completing tasks effectively. Non-compliance will have consequences which may include disciplinary action as defined within the Consequence Management Group Standard. Serco Group plc is the administrative centre of the organisation, responsible for setting corporate strategy, defining governance requirements and supporting the business in its day to day operations. The Group will define a set of business divisions which will be responsible for business delivery within a defined set of markets or geographies. Business Unit A Business Unit is a cluster of contracts which provide a similar service e.g. Health, Defence, Transport etc. Where appropriate, a separate legal entity wholly owned or where Serco has a controlling share may also be referred to as a Business Unit. This may also refer to Counties/Territories. 13 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

15 Contract Organisation Contract Manager Corporate Responsibility & Risk Committee (CRRC) Director, Group Risk & Programmes Divisional Risk Director Emerging Risk estrim A Contract provides specified requirements to a customer (either directly with Serco or to a consortium/joint Venture in which Serco is a party) A Contract will also refer to a corporate/functional area. Corporate/functional areas are functions which support the business and they include finance, HR, procurement etc. Organisation refers to a site, Contract, Business Unit and Division. This refers to a manager with responsibility for managing the performance of a contract and can include a Contract Manager on a day-to-day basis (or Operational Manager with devolved responsibility), a Contract Director, Partnership Director and/or a Business Unit Managing Director. Is a sub-committee of the plc Board responsible for the oversight of corporate responsibility and risk across the business. The committee meets each quarter. The Director of the Group Risk & Programmes Function, assigned by the Risk Management Lead. The identified and responsible Risk Management lead for each Division within Serco. An emerging risk is a newly developing or changing risk which is difficult to quantify and which may have a major impact on Serco. It needs to be highlighted and further investigated due to the potential impact on the business. estrim is Serco s electronic software tool for risk management and has been developed to support the Serco risk management process. estrim upload tool Group Risk & Programmes Function Impact Material Risk Risk The estrim upload tool aligns with estrim to provide risk process leads that are not directly accessing estrim, a risk register tool with standardised minimum mandatory fields that can subsequently be uploaded. This ensures that we have standardised risk registers for business activities where estrim is not used and all risk data is contained in our corporate risk repository. Centre of excellence for risk management through leadership and oversight. Sets the overall risk management strategy and risk policy across Serco globally and works with the Divisional Risk Directors to support risk management implementation. Impact, is the effect of a risk, should it occur. This effect is generally measured in terms of quality, cost and/or time. Material risks are those that are the most significant threat and as a business we have to manage very effectively. Using the Serco standard risk scoring matrix material risk are those residual risks that score above 20, in category 1 or 2, red or orange. When using estrim or the estrim upload tool the tool will automatically define risks scoring as material. Risk is defined as an uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives. A risk is measured by a combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on objectives. An upside source of risk is termed as on opportunity (+ve risk) while a downside source of risk is viewed as a threat (-ve risk). 14 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

16 Risk Escalation Risk Management Lifecycle Risk Management Plan Risk Management Training Risk Register Serco Management System (SMS) Risk escalation is an essential management activity that ensures risks which cannot be resolved by the management teams at one level are elevated to the next level where they can be effectively assessed and managed. A set of processes and their expected application, providing detailed procedures that help the business implement and integrate risk in to operations The Risk Management Plan defines how activityrelated risks will be identified, analysed, and managed. The Risk Management Plan contributes to the achievement of business activity objectives as it outlines how risk management will be performed, recorded, and monitored throughout the lifecycle of the business activity using Serco Group provided tools and templates for recording and prioritising risks. A training regime to enhance risk awareness, embed risk culture and improve understanding of Serco s risk management approach. Conducted via face to face training sessions, WebEx sessions and CBTs (Computer Based Trainings) Record of Information about identified risks. The term risk log is sometimes used instead of risk register but Serco prefer the use of the term Risk Register. The register can sometimes be part of a Risk, Assumptions, Issues and Dependencies (RAID) Log. The SMS is the Group s management framework which describes how we do business. It defines the rules which govern the way we operate, deliver our strategy and the way we behave. Serco Standard Risk Scoring Matrix Risk scores are a function of the risk s probability and impact. A standard Serco formula is applied via use of the Serco Standard Risk Scoring Matrix; this scores risks on a numeric basis and enables an associated red, amber and green status to be applied. 7 Further information and support If you require any further information or support regarding this Group Standard, or if you have any suggestions for improvement, please contact the Accountable Policy Owner (Group) or 15 SMS-GS-RM1 Risk Management July 2014 v1.0 Serco Public

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Consequence Management

Consequence Management Group Standard Consequence Management Serco is committed to creating an open and transparent environment, where good behaviour is rewarded and where employees feel safe in the knowledge that poor behaviour

More information

Business Continuity & Crisis Management

Business Continuity & Crisis Management Group Standard Business Continuity & Crisis Management The need to plan and respond effectively is critical to the successful management of any crisis situation. Business Continuity Management is the holistic

More information

Operations. Group Standard. Business Operations process forms the core of all our business activities

Operations. Group Standard. Business Operations process forms the core of all our business activities Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations

More information

Reputation, Brand & Communications

Reputation, Brand & Communications Group Standard Reputation, Brand & Communications Serco is committed to building a positive reputation with its stakeholders, wherever we operate SMS-GS-BC4 Reputation, Brand and Communication December

More information

Information Integrity & Data Management

Information Integrity & Data Management Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is

More information

Speaking Up. Group Standard

Speaking Up. Group Standard Group Standard Speaking Up Where someone believes they have information which demonstrates malpractice, wrongdoing or violations of our Code of Conduct or Governing principles, they are required to Speak

More information

Procurement & Supply Chain

Procurement & Supply Chain Group Standard Procurement & Supply Chain An effective procurement and supply chain is a critical success factor in driving competitive advantage for Serco and driving benefits for our customers SMS GS-PSC1

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

A Guide to Corporate Governance for QFC Authorised Firms

A Guide to Corporate Governance for QFC Authorised Firms A Guide to Corporate Governance for QFC Authorised Firms January 2012 Disclaimer The goal of the Qatar Financial Centre Regulatory Authority ( Regulatory Authority ) in producing this document is to provide

More information

Principles for An. Effective Risk Appetite Framework

Principles for An. Effective Risk Appetite Framework Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

Framework for an Aviation Security Management System (SeMS)

Framework for an Aviation Security Management System (SeMS) Framework for an Aviation Security Management System (SeMS) CAP 1223 Civil Aviation Authority 2014 All rights reserved. Copies of this publication may be reproduced for personal use, or for use within

More information

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Preparation of a Rail Safety Management System Guideline

Preparation of a Rail Safety Management System Guideline Preparation of a Rail Safety Management System Guideline Page 1 of 99 Version History Version No. Approved by Date approved Review date 1 By 20 January 2014 Guideline for Preparation of a Safety Management

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

Governance, Risk and Compliance Charter

Governance, Risk and Compliance Charter Governance, Risk and Compliance Charter Charter Owner Director GRC Charter Approver Board of Management Effective date November 15 th, 2013 Date of issue Version Name Title 15 Nov 2013 1.0 Fokko Kool Group

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

The anglo american Safety way. Safety Management System Standards

The anglo american Safety way. Safety Management System Standards The anglo american Safety way Safety Management System Standards 2 The Anglo American Safety Way CONTENTS Introduction 04 Anglo American Safety Framework 05 Safety in anglo american 06 Monitoring and review

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM)) Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose

More information

Association for Project Management Business Management System

Association for Project Management Business Management System Association for Project Management Business Management System December 2012 2 Association for Project Management About APM Formed in 1972, the Association for Project Management (APM) is committed to developing

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Notion VTec Berhad (Company No. 637546-D) Board Charter

Notion VTec Berhad (Company No. 637546-D) Board Charter 1. Introduction In achieving the objectives of transparency, accountability and effective performance for Notion VTec Berhad ( Notion or the Company ) and its subsidiaries ( the Group ), the enhancement

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction

Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Regulatory risk is the risk of non-compliance with applicable regulatory requirements. For the

More information

Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI

Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 NOTICE TO INSURANCE COMPANIES LICENSED UNDER THE INSURANCE ACT 1998 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS

More information

APES 320 Quality Control for Firms

APES 320 Quality Control for Firms APES 320 Quality Control for Firms APES 320 Quality Control for Firms is based on International Standard on Quality Control (ISQC 1) (as published in the Handbook of International Auditing, Assurance,

More information

Risk Management Committee Charter

Risk Management Committee Charter Ramsay Health Care Limited ACN 001 288 768 Risk Management Committee Charter Approved by the Board of Ramsay Health Care Limited on 29 September 2015 Ramsay Health Care Limited ABN 57 001 288 768 Risk

More information

Revised May 2007. Corporate Governance Guideline

Revised May 2007. Corporate Governance Guideline Revised May 2007 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK

More information

Information Commissioner's Office

Information Commissioner's Office Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:

More information

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting

More information

Effective Internal Audit in the Financial Services Sector

Effective Internal Audit in the Financial Services Sector Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

Leadership, Governance and Management ACUTE HOSPITAL SERVICES. Supporting services to deliver quality healthcare JUNE 2013

Leadership, Governance and Management ACUTE HOSPITAL SERVICES. Supporting services to deliver quality healthcare JUNE 2013 QUALITY ASSESSMENT & IMPROVEMENT ACUTE HOSPITAL SERVICES JUNE 2013 Leadership, Governance and Management Supporting services to deliver quality healthcare Effective Care and Support Safe Care and Support

More information

Administration and General Order No. AD/1/TBC

Administration and General Order No. AD/1/TBC COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

RISK MANAGEMENT AND COMPLIANCE

RISK MANAGEMENT AND COMPLIANCE RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6

More information

CORPORATE GOVERNANCE FRAMEWORK

CORPORATE GOVERNANCE FRAMEWORK CORPORATE GOVERNANCE FRAMEWORK TABLE OF CONTENTS 1 INTRODUCTION 3 2 PURPOSE 3 3 SCOPE 3 4 GOVERNANCE PRINCIPLES 3 4.1 THREE LINES OF DEFENCE 4 4.2 COMBINED ASSURANCE 4 4.3 FIT AND PROPER REQUIREMENTS FOR

More information

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.

R000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document. 2 of 34 Revision Summary Revision Number Date Description of Revisions Initial issue of the document. Table of Contents Item Description Page 1. Introduction and Purpose... 5 2. Project Management Approach...

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:

More information

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS

GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute

More information

Derbyshire Trading Standards Service Quality Manual

Derbyshire Trading Standards Service Quality Manual Derbyshire Trading Standards Service Quality Manual This Quality Manual has been developed to give a broad outline of how the Trading Standards Division s range of services comply with the requirements

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

The Role of Compliance and Supervision. Rules Notice Guidance Note Dealer Member Rules. Introduction

The Role of Compliance and Supervision. Rules Notice Guidance Note Dealer Member Rules. Introduction Rules Notice Guidance Note Dealer Member Rules Please distribute internally to: Corporate Finance Credit Institutional Internal Audit Legal and Compliance Operations Registration Regulatory Accounting

More information

Managing Risk at Bank of America Corporation. Overview

Managing Risk at Bank of America Corporation. Overview Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,

More information

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français. Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance

More information

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Capital Requirements Directive Pillar 3 Disclosure. December 2015 Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay

More information

Charter of the Audit Committee of the Board of Directors

Charter of the Audit Committee of the Board of Directors Charter of the Audit Committee of the Board of Directors Dated as of April 27, 2015 1. Purpose The Audit Committee is a committee of the Board of Directors (the Board ) of Yamana Gold Inc. (the Company

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

Risk Management Strategy & Implementation Plan 2014 2016

Risk Management Strategy & Implementation Plan 2014 2016 St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received

More information

Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks

Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks Basel Committee on Banking Supervision - Guidelines on the corporate governance principles for banks Basel Committee on Banking Supervision Guidelines on the corporate governance principles for banks (

More information

Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD. Publication date: January 2014

Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD. Publication date: January 2014 Evidence guidelines Published by the National Regulatory System for Community Housing Directorate. Document Identification: 003-04-13/NRSD Publication date: January 2014 Supported by the Commonwealth Government

More information

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52

More information

IT Services Risk Management Strategy

IT Services Risk Management Strategy Prepared by: DOCUMENT CONTROL Change Control Table Version Amendment Description Release Date 1.00 Initial Draft Reviewed by DIB 16.01.14 Updated by 1.00 Approved by IT Lead

More information

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY

RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY RISK MANAGEMENT FRAMEWORK 2013-2014 OKHAHLAMBA LOCAL MUNICIPALITYITY Page 1 CONTENTS 1. Foreword by the Mayor... 3 2. Background... 4 2.1 Introduction... 4 2.2 Overall purpose of the Enterprise Risk Management

More information

Group Risk Management Policy

Group Risk Management Policy Group Risk Management Policy Originator: Approval date: Policy and Strategy Team Sovini Board PCHA Board OVH Board/EMT 6 th December 2013 31 st October 2013 14 th October 2013 Review date: December 2014

More information

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES 20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles APPLICATION of KING III CORPORATE GOVERNANCE PRINCIPLES 2013 Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have

More information

Chair Cabinet Committee on State Sector Reform and Expenditure Control

Chair Cabinet Committee on State Sector Reform and Expenditure Control Office of the Minister of State Services Chair Cabinet Committee on State Sector Reform and Expenditure Control REPORT OF THE GOVERNMENT CHIEF INFORMATION OFFICER ON THE REVIEW OF PUBLICLY ACCESSIBLE INFORMATION

More information

Board of Directors and Management Oversight

Board of Directors and Management Oversight Board of Directors and Management Oversight Examination Procedures Examiners should request/ review records, discuss issues and questions with senior management. With respect to board and senior management

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

KING III COMPLIANCE REGISTER 2015

KING III COMPLIANCE REGISTER 2015 KING COMPLIANCE REGISTER 2015 Partially Not 1.1 The Board should provide effective leadership based on an ethical foundation. Mr Paul Jenkins is currently the executive chairman of MNY. He is a well respected

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

ING Group Compliance Risk Management Charter and Framework

ING Group Compliance Risk Management Charter and Framework ING Group Compliance Risk Management Charter and Framework Corporate Compliance Risk Management ING GROUP COMPLIANCE RISK MANAGEMENT CHARTER AND FRAMEWORK Information sheet Target audience: All employees

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TABLE OF CONTENTS 1. Purpose... 33 2. Scope... 33 3. Policy... 33 4. Procedure... 33 5. Responsibility and Authority... 44 6. Review of Policy... 55 7. Availability of

More information

Integrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans

Integrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans Integrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans A guide to implementing integrated assurance and approvals Version 1.0 - May 2011 Contents Introduction 03 Integrated

More information

SAI GLOBAL LIMITED Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...

More information

Application of King III Corporate Governance Principles

Application of King III Corporate Governance Principles Application of Corporate Governance Principles Application of Corporate Governance Principles This table is a useful reference to each of the principles and how, in broad terms, they have been applied

More information

Corporate Governance Statement

Corporate Governance Statement Corporate Governance Statement The Board of Directors of APN Outdoor Group Limited (APO) is responsible for the overall corporate governance of APO, including establishing the corporate governance framework

More information

Project Risk Analysis toolkit

Project Risk Analysis toolkit Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,

More information

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting

More information

Project organisation and establishing a programme management office

Project organisation and establishing a programme management office PROJECT ADVISORY Project organisation and establishing a programme office Leadership Series 1 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Corporate governance statement

Corporate governance statement Corporate governance statement Compliance with the UK Corporate Governance Code In the period to 30 March 2013, as detailed below and in the risk and risk management report and the remuneration report

More information

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Policy (Board Approved)

Policy (Board Approved) Policy (Board Approved) Compliance and Regulatory Management Document Number GOV-POL-20 1.0 Policy Statement Stanwell Corporation Limited (Stanwell) is a Queensland company Government Owned corporation.

More information

For personal use only

For personal use only Statement of Corporate Governance for the Year Ended 30 June 2015 This Corporate Governance Statement is current as at 1 September 2015 and has been approved by the Board of Equus Mining Limited ( the

More information

CONFIGURATION COMMITTEE. Terms of Reference

CONFIGURATION COMMITTEE. Terms of Reference SWBTB (8/13) 166 (g) CONFIGURATION COMMITTEE Terms of Reference 1. CONSTITUTION 1.1 The Board hereby resolves to establish a Committee of the Board to be known as the Configuration Committee (The Committee).

More information

PM Governance. Executive Team ADCA ADCA

PM Governance. Executive Team ADCA ADCA Item 6.5a Action Plan against the Recommendations Made in the Review of Risk Management Arrangements by PM Governance, November 2014 Key: PM Governance Paul Moore, Risk Consultant ADCA Associate Director

More information

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM September 2011 OUR HEALTH, SAFETY AND ENVIRONMENT POLICY OUR PRINCIPLE OF DUE CARE We care about the wellbeing of our people and our impact on the environment.

More information

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee

More information

INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES. Effective January 9, 2015

INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES. Effective January 9, 2015 INTEGRATED SILICON SOLUTION, INC. CORPORATE GOVERNANCE PRINCIPLES Effective January 9, 2015 These principles have been adopted by the Board of Directors (the "Board") of Integrated Silicon Solution, Inc.

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Capital Adequacy: Advanced Measurement Approaches to Operational Risk Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements

More information