Risk Management Framework
|
|
- Angel Deborah Chapman
- 8 years ago
- Views:
Transcription
1 4 November 2013 Performance and Resources Board 15 To consider Risk Management Framework Issue 1 To consider a draft revised Risk Management Framework as requested by Council at its meeting on 7 February The Framework will be discussed by the Audit and Risk Committee at its meeting on 6 November 2013, and then considered for approval by Council on 10 December Recommendations 2 The Performance and Resources Board name] is asked to: a consider the draft revised Risk Management Framework, at Annex A b endorse the basic principle of a Risk Summary tool (at Annex B), which was commissioned by the Audit and Risk Committee as a means of displaying our high-level risk profile, and to note that this will be further developed in line with the emerging Corporate Strategy.
2 Risk Management Framework Issue Revising the Risk Management Framework 3 At its meeting on 7 February 2013, Council asked the Audit and Risk Committee to oversee a review of the Risk Management Framework. This review was necessary because: a the Framework had not been substantively reviewed since 2009, and there had been improvements made to internal practice since then b the Framework needed to incorporate outstanding improvement actions identified in recent internal audit recommendations c there would be a clear benefit in this work as it would provide members with the chance to reflect, as a newly formed Audit and Risk Committee, on a range of issues linked to risk management d other changes to our governance structure, such as the role of the Performance and Resources Board, also needed to be reflected in the Framework. 4 The Audit and Risk Committee considered the project at its meeting on 30 April 2013 and agreed that this should be taken forward with external support and expertise. The Audit and Risk Committee was asked to report back to Council with a draft Framework for approval by the end of The exercise of revision and approval offers the opportunity to re-assert the value of the Framework in driving good risk practice and performance management within the organisation. 6 The revised Risk Management Framework: a reflects the outcomes of the review, overseen by the Audit and Risk Committee. It was driven by opinion expressed by our business champions and by Council members, and by a comparison of good practice from other regulators and review of internal risk process b updates roles and responsibilities for risk management to reflect recent changes to our governance, for example inclusion of the Performance and Resources Board, within the monitoring and decision making process around risk c removes inconsistency and gaps in the existing Framework highlighted in recent audits and resulting from improvements to internal practice made 2
3 since the publication of the previous version in 2009, for example, the provision of a clear process for the escalation of risk d Following approval of our revised Risk Management Framework by Council, we will begin its roll out and embedding within our work, including training relevant staff. We will undertake internal communication activity to ensure that the changes to the framework are well understood by our staff. Our Review 7 Initial engagement with the Business Champions helped us identify their perceptions of the strengths and weaknesses of the existing Framework. A record of outstanding actions from recent risk audits was considered, and external support from PA Consulting was commissioned. 8 A seminar on risk management for members of the Audit and Risk Committee and other interested Council members was held on 5 September The objectives of the session were to: a ensure a consistent understanding of the current Framework b share understanding of the different models of risk management c discuss the main risks facing the GMC which the Audit and Risk Committee would like to consider d agree the themes to be taken forward in the review e confirm the next steps. 9 The seminar also included a presentation on alternative models for risk management, together with innovative methods for reviewing key risks, as used by several UK regulators from other sectors. This generated Audit and Risk Committee interest in designing a Risk Summary tool to support discussion on corporate risks; a straw man for which is presented at Annex B. 10 Further work to support the review included: a assessment of where our current practice may have moved on from that outlined in the current Framework b a line by line review of the Framework by both PA Consulting and the Intelligence Unit c views on good practice by PA Consulting. 3
4 11 These recommendations were circulated to Audit and Risk Committee members. A draft Framework was then developed and refined in consultation with the Business Champions and the Head of Consultancy and Review Service. Revisions made to the Framework 12 Whilst substantial updating of the document was required, the existing Framework was fundamentally sound in approach and principle. 13 The draft revised Framework is at Annex A, and features the following substantive changes: a Introduction - a short Purpose section is included, some definitions have been added, and we have emphasised the importance of embedding risk management in our organisational culture. b Policy Principles - we are adding two new principles that, firstly, advocate clear ownership for each risk, and secondly ensure risk review and mitigation is an active process which is considered as part of our everyday work. c Risk Management Overview this section has been added, to replace the previous Planning & risk section. It provides a clear view of risk management through all levels of our organisation and provides guidance for staff in framing their thinking about risk. d Roles and Responsibilities updated largely to reflect changes in our governance structure. We are now including the role of the Performance and Resources Board in the monitoring, discussion and approval of risk. The responsibilities of individual risk owners and of all staff have also been emphasised. e Risk Management Methodology We have provided clearer guidance on how to assess both the impact of the risk to us as an organisation and the likelihood of it occurring. We have also stressed the importance of clear definition of risks, and discussed the roles of the Performance and Resources Board, Audit and Risk Committee and Council. f Throughout the Framework we have highlighted the importance of ownership of risk, raising awareness and taking action. 14 We are encouraging the use of evidence in our identification, assessment and mitigation of risk to take advantage of our research programme, continuing insight received through engagement with stakeholders and the increasing sophistication of our understanding of the regulatory environment. 15 We are communicating the importance of connecting risk management with delivery of our new Corporate Strategy
5 Supporting information How this issue relates to the corporate strategy and business plan 16 Risk management forms an essential part of our corporate and planning processes by ensuring our activity is based on a sound risk assessment. Our local risk register forms part of our Operational Plan. The framework helps manage threats and opportunities effectively thereby creating an environment where surprises are minimised and projects managed effectively. Other relevant background information 17 Risk management forms a central part of our internal control and corporate governance. A good framework enables the Council and the executive to communicate effectively about the risks to the delivery of our aims and objectives at strategic and operational levels How the action will be evaluated 18 The Corporate Risk Register, created using the Risk Management Framework guidance, will be reviewed at the Audit and Risk Committee twice a year. If you have any questions about this paper please contact: Paul Chase, Planning and Reporting Manager, pchase@gmc-uk.org,
6 15 Risk Management Framework Annex A Draft Risk Management Framework A1
7 Contents Purpose page 3 Introduction page 3 Policy principles page 4 Risk management overview... page 4 Roles and responsibilities.. page 6 Risk management methodology and guidance. page 8 o Risk identification page 9 o Risk assessment. page 10 o Risk mitigation page 11 o Risk evaluation. page 12 o Risk monitoring and assurance page 12 Annex A Risk glossary page 14 Annex B Business champions.. page 16 Annex C Version Control Log... page 17 A2
8 Purpose 1 This document sets out our approach to risk management, defines roles and responsibilities, and provides you with guidance on identifying and managing risks. A risk may represent a hazard to our work but it can also present a positive opportunity for action. This framework applies to the entirety of the GMC, including the MPTS. References to Directors should be read as including the MPTS Tribunal Clerk. Introduction 2 A risk is defined as the possibility of an event that could affect the achievement of objectives. For the GMC this ultimately means events that could affect fulfilment of the organisation s statutory purpose: To protect, promote and maintain the health and safety of the public by ensuring proper standards in the practice of medicine. 3 Effective risk management should be embedded in our culture and everyday business, and should not be seen as a separate process outside the normal responsibilities of line management. 4 Risk management is a central part of our internal control and corporate governance arrangements. A good risk management framework enables consistency of approach and a shared view throughout the organisation on the risks to our aims and objectives at strategic and operational levels. 5 The risk management process supports the delivery of the GMC corporate strategy, and is an important part of our business planning processes. It requires us to identify and manage threats and opportunities effectively, creating an environment which minimises unexpected events or surprises. 6 Through our risk registers we classify each risk and identify planned courses of mitigating action to reduce both the impact and also the likelihood of the risk occurring. Both corporate and local risk registers, along with our Performance Review of operational plan delivery, are made available to staff in a central resource, in order to engage them in the day-to-day management of corporate and local risk. 7 We have a Business Continuity Plan which details our immediate response, in the event of an incident, to enable us to deliver an agreed level of key services to stakeholders. A Pandemic Plan is also in place. 8 As a registered charity, we are required under the Charities (Accounts and Reports) Regulations 2005 ("the 2005 Regulations" - SI No.572) to produce an Annual Report. This must contain a statement in which we confirm that our trustees have given consideration to the major risks to which the charity is exposed, and that systems and procedures have been established within our Risk Management Framework in order to manage those risks. A3
9 Policy principles 9 Our policy on risk management can be summarised in the following eight principles: a. Encourage well-managed risk-taking to deliver business objectives. b. Identify and prioritise risk by using effective risk management methodology. c. Embed risk management in the day-to-day business. d. Ensure risk review and mitigation is an active process which is considered as part of our everyday work. e. Require the ownership of risks and their corresponding actions. f. Regularly monitor risks at Chief Executive, Chief Operating Officer and Director level. g. Achieve continuous improvement in risk management. h. Meet the requirements of the Charities Statement of Recommended Practice (SORP) Risk management overview 10 Consideration and mitigation of risk is embedded at both local and corporate levels. All staff are responsible for identifying and raising awareness of risk and ensuring that risk owners are identified to take any required mitigating action. Three questions help to initiate this: a. What are the nature and the scale of the risk to the GMC? b. Who needs to be aware of this risk? c. Who needs to initiate the appropriate response actions? 11 At a corporate level, Council, Audit and Risk Committee and our Boards provide strong governance through review and challenge to risk. A4
10 Figure 1: Risk management and communication throughout the organisation 12 At the local level risk management is driven by: a. Our annual Business Plan which is framed in the context of our Corporate Strategy, and outlines priorities and how they will be achieved. Dynamic Operational Plans communicate activity. b. Local risk registers, embedded in our Operational Plans form an essential part of each directorate s assessment of risk as they develop and monitor activity. They are owned and agreed by Directors, and are updated and monitored as part of performance monitoring. c. In line with best practice, directorates undertake robust risk assessment for major project and programme activity, with clear responsibilities for monitoring, decision and reporting. d. On-going identification and management by staff of concerns arising in their operational areas. 13 Directors take responsibility for the management of risk at a local level, receiving regular risk monitoring through their Business Champion (identified in Annex B). This responsibility includes the escalation of risk between a local register and a Corporate Risk Register. 14 Directors collectively own and compile the Corporate Risk Register which is an aggregation of risks escalated from local level, plus cross-cutting risks. It is held centrally by the Strategy and Communication directorate who present a combined bimonthly review of operational plan delivery and risk status to the Performance and Resources Board. A5
11 15 The Performance and Resources Board is where Directors consider the Corporate Risk register, approving, removing or amending risks. Escalation to the Corporate Risk Register should be driven by: a. An increase in the impact or likelihood of a threat to delivery of the planned activity and/or strategic priorities. b. Where early awareness or discussion of emerging risk by the executive would be beneficial. c. The need to identify increased mitigation especially if executive support and approval is required. 16 The Medical Practitioners Tribunal Service manages its local risks, maintaining a risk register, and escalates risks where appropriate to the Executive level where they are managed alongside all GMC corporate risks. The MPTS Risk Register is reviewed at the quarterly meetings of the GMC/MPTS Liaison Group. 17 Council and the Audit and Risk Committee each receive a full risk review twice a year facilitating an informed discussion and understanding of risk. This includes a full summary of the contemporary Corporate Risk Register, complete with insight into key areas for discussion. An example of this is presented in Annex C. This promotes assurance that the organisation is capable of fulfilling its purpose and strategic priorities. 18 It is imperative to view any risk register as the means to manage risk, rather than the object of the risk management process itself. They are to be used as an objective, evidence-based tool to assist managers organise their understanding of their risk environment and to capture how we have responded to risks. Roles and responsibilities 19 The table below summarises organisational and individual responsibilities for both the operation and monitoring of the risk management process. Council Members (Trustees) Audit and Risk Committee Responsibilities Ultimate responsibility for all risk facing the organisation. Delegated authority for overseeing risk management arrangements on behalf of the Council. Provide assurance to Actions Reviewing the GMC s risk profile within the Corporate Risk Register. Holding the Executive to account, providing challenge, requesting information, or seeking assurance on risks and the appropriateness/ effectiveness of mitigating action. Guidance on appropriate risk appetite. Approval of changes to the Framework. Obtaining assurance on risk management arrangements from internal auditors and senior management. Reviewing and approving the risk A6
12 Performance & Resources Board Directors, Chief Operating Officer, Chief Executive and the MPTS Tribunal Clerk Business Champions Individual risk owners Council on the adequacy and effectiveness of our risk management processes. Oversee the implementation of recommendations, and ensuring continuous improvement. Ownership and responsibility for the risks on the Corporate Risk Register. Ensuring risk management is embedded in the culture and everyday business. Ensuring that each risk has a specific owner, responsible for the corresponding mitigating Reviewing and reporting on risks to Council and other components of the governance model. Identifying and evaluating risks against operational performance, Business Plan activity or Corporate Strategy priorities. Implementing the Risk Management Framework. Responsible for assisting directors to co-ordinate risk management at a local level. Responsible for the identification, assessment and ownership (where appropriate) of individual risks together with ensuring appropriate mitigating actions are taken. Monitoring and reporting any management statement in the Annual Report and Accounts. Review of the Corporate Risk Register. Obtain assurance as to the effective management of risks. Oversight to ensure a fit for purpose Risk Management Framework. Regular review of the Corporate Risk Register and risk therein, to ensure their continued relevancy, and consider proposed escalations. Challenging and identifying risks in the course of meetings and discussions. Ensure both local and the Corporate Risk Registers are up to date, relevant and comprehensive. Ensure that Council and Committee papers provide insightful commentary on contemporary risks and mitigation. Regularly review all risks on their local risk register and assisting Directors with consideration of risks for escalation to the Corporate Risk Register. Acting as a local point of information, knowledge and expertise for staff on the Risk Management Framework. Support the risk assessment of new activity during annual business and operational planning. Development of appropriate management information. Initiating mitigating actions and maintaining progress on these actions. Regular review of risks to assess status of impact, likelihood and the effectiveness/progress of mitigating actions. Exercising judgement on the A7
13 All staff Strategy & Communication Directorate GMC/MPTS Liaison Group change in the status. Responsible for identifying, assessing and raising awareness of risk. Supporting directors in the production and review of the Corporate Risk Register. Providing guidance and advice on all aspects of our corporate risk management arrangements. Co-ordinating of risk assessment as part of annual business and operational planning The purpose of the Liaison Group is to establish an effective working relationship between the MPTS and the functions of the GMC with which it will interact appropriate level of awareness and escalation of each risk. Communication and explanation of their risks to line management and Directors. Identifying risks and cconcerns against the objectives for which they are responsible, raising awareness and escalating where appropriate. Prompting regular updates of the local registers and the Corporate Risk Register. Reporting changes in risk status as part of the regular management reporting to the Chief Executive and directors. Continually reviewing internal and external events and scanning for changes in the business and political environment to identify risks to the organisation. To work collaboratively to manage corporate risks and issues Risk Management Methodology and Guidance 20 Risk is not the responsibility of a few specialists, but rather of all staff. It must be seen as an essential part of primary management responsibility, and a process which is embedded within all policy formulation and in colleagues decision making in day-to-day delivery. A glossary of terms is provided at Annex A. 21 The methodology is underpinned by five key stages a. Risk identification. b. Risk assessment. c. Risk mitigation. d. Risk evaluation. e. Risk monitoring and assurance. A8
14 Figure 2: The GMC risk management methodology Risk identification 22 Risk identification is about asking what can happen to hamper delivery of our business objectives and how might it happen? 23 Best practice is to develop and make available insightful sources that support staff in their identification of potential risk such as our Research Programme meetings with stakeholders, and policy and strategy development tools. Intelligent environmental assessment, including regular horizon scanning, forms part of our ongoing insight work. 24 Risks should be recorded in a clear and precise way that describes the event and it s the root cause, thereby enabling effective mitigation, assessment and audit. 25 The impact of a risk on other activities and teams, and on the GMC s external partners, should be described. Where a risk involves external partners working with the GMC in mitigation, the risk description should be clear on the perimeters of the GMC s responsibility. 26 Good practice recommends that identification involves considering risks to: a. Achievement of strategic priorities and/or our core purpose. For example, this might include risk originating from legislative or regulatory change, which might impact our ability to review doctors fitness to practise. b. Achieving operational objectives, for example, delivering a new standard for doctors. c. Operational health, for example, financial shock or ability to recruit staff. 27 When scoping a risk for inclusion in a Corporate Risk Register, risks should be identified as being one of the following categories which help signify their nature: A9
15 a. Reputational. b. Policy. c. Operational. d. Strategic/Political. 28 For each risk identified a risk owner should be assigned. The owner is responsible for overseeing the management of that risk and periodically reporting on its status. Risk assessment 29 The risk assessment process should drive a clear and decisive consideration of the severity of impact and its likelihood, which supports risk prioritisation and in turn specific risk controls and allocation of resources. 30 Our Risk Assessment Matrix enables risk owners to record and communicate their risks, and these risks should be derived from an evidence-based assessment in order to make a clear and objective recommendation. This is assessment also essential in understanding risk escalation. Consideration of the expected timeframe of the event is also important. Figure 3: Risk Assessment Matrix IMPACT MINOR MODERATE MAJOR UNLIKELY Possible, but unlikely to occur (<40% chance) Low Low Significant LIKELIHOOD QUITE LIKELY More than possible (40-60% chance) HIGHLY LIKELY Much more likely than not to occur (>60% chance) Low Significant Critical Significant Critical Critical Sources of evidenced for assessment: Research and analysis Available tacit or explicit knowledge Assessment of the impact of your activity on wider GMC outcomes Assessment of the threat to operational functionality/ viability e.g. Financial Organisational experience of a similar risk occurring previously A10
16 31 A simple guide to deciding the severity of impact can be to consider the following: Operational Functions Achievement of Strategic Aims Reputation Timeframe of effect Minor Limited disruption to GMC operational functions and/or intended outcomes Almost no adverse impact on the achievement of strategic aim(s) Little/limited adverse impact Short term Moderate Very concerning disruption to GMC operational functions and/or intended outcomes Achievement of strategic aim(s) disrupted or inhibited Very concerning adverse impact More enduring, but still time-bound Major GMC operational functionality critically impaired Strategic aim(s) severely compromised or cannot be achieved Highly damaging adverse impact Potentially longlasting 32 The resulting risk ranks are then grouped into critical (red), significant (amber) and low (green) bands to show the relative priority of the risks. These ratings can only provide a guideline of the relative urgency of a risk and must be used along with all other relevant information to aid judgement and decision-making on risk control and mitigation. 33 Directors are accountable for ensuring that risk assessments in local risk registers are up to date. They are supported by Business Champions, activity leads and all staff. The Performance Review Report, presented to Bi-monthly Performance and Resources Board meetings, and containing a summary of the proposed updated Corporate Risk Register facilitates discussion by Directors and the Chief Operating Officer. Risk mitigation 34 Countermeasures in place to mitigate each risk are recorded. We apply the question what have we done to reduce the likelihood or impact of this risk? 35 Examples of mitigating action include: a. Control procedures. Likely to be the largest component of mitigating action, they include measures such as publishing guidance and conducting regional visits. b. Sharing risks with a third party, such as outsourcing aspects of delivery. c. Avoiding the activity creating the risk. d. Making contingency arrangements, for example through the Responses to Concerns Assessment Team (RCAT) in relation to issues arising in medical education and training. A11
17 36 Mitigating actions are clearly and concisely agreed and regularly updated in a risk register. 37 Once countermeasures have been identified, the risk assessment is applied a second time. The potential severity of impact and likelihood of occurrence is reassessed, taking into account the effect of the countermeasures. The resultant score is known as the residual risk. 38 If the residual risk remains critical on the local risk register, the risk should normally be considered for escalation to the Corporate Risk Register. Risk evaluation 39 Risk evaluation establishes whether risks are adequately mitigated and, if not, determines what additional action is required to reduce their impact or likelihood of occurrence. In each case, we define the level of residual risk that is acceptable. 40 The level of risk appetite is guided by Council and the Audit and Risk Committee during discussion of corporate risk, and at a local level by Directors, guided by the Performance and Resources Board. This supports a clear definition of the level of residual risk that is tolerable and justifiable once mitigating action has been taken. 41 Using these factors, we identify risks that are not adequately mitigated and determine what additional measures are required. 42 Where the residual risk is still considered significant or critical, the risk register includes a further action column for further mitigation. 43 The Performance and Resources Board and the Audit and Risk Committee should be satisfied that mitigation is appropriate, and if not will require further action to be taken. Risk monitoring and assurance 44 As outlined in this Framework, our risk management process seeks to be dynamic and effective with continuous review, evaluation and improvement. This is done by way of: a. Continual review of local risk registers by Directors and their teams. b. Full review of the Corporate Risk Register by the Strategy and Communication Directorate together with directorate Business Champions on behalf of the Performance and Resources Board. c. Oversight by Audit & Risk Committee and Council, who seek assurance from a and b above of effective management of risk. d. Through our annual internal audit programme, the management of specific risk, as well as the approach to risk management, are subject to scrutiny by the GMC s internal auditors, who provide assurance to the Audit A12
18 and Risk Committee that risk is being managed appropriately. The Programme is agreed at the Committee and contains a series of reviews into internal processes and actions. A13
19 Appendix A Risk Glossary Activity Audit & Risk Committee Contingency Corporate Risk Register Effect Evaluation Identification Impact Likelihood Local Risk Registers Milestone Mitigation Monitoring Objectives Operational Plans Operational risk Policy risk Political risk Reputational risk Residual risk Risk Any work which uses resources (people, materials or facilities) and has an associated cost and duration. Has responsibility for overseeing risk management on behalf of the Council. A planned amount of time and/or cost set aside against accepted risks. A record of corporate-level risks from the risk management process. The possible outcome of a risk if it occurs. Establishing if the risks are adequately mitigated and if not, determining what additional action is required to reduce their impact or likelihood of occurrence. The process of exposing knowable risks specifically in relation to business objectives. An assessment of the effect on the activity if a risk occurs. The probability of a risk occurring. A record of all identified risks from the risk management process in each operational area. They are included in the Operational Plans. A marker which notes the end of a phase or project. The planned series of actions to be performed to reduce the likelihood or impact of a risk occurring. Identifying new risks and reassessing and evaluating existing risks in light of any significant changes or developments. Set out what is to be achieved and who will benefit. They should be specific and measurable and included in the Operational Plans. Internal management tools for planning work and reviewing organisational performance. A risk resulting from inadequate or failed internal processes, people and systems, or from external events. A risk to our ability to uphold a policy or arising from a particular policy decision. A risk resulting from unexpected change in government policy. A risk resulting in damage to the GMC through loss of its reputation. The risk remaining after taking into account the effect any actions taken to manage it. The possibility of an event that could affect the A14
20 Risk appetite Risk assessment Risk management Risk Management Framework Risk owner Risk review Strategic risk achievement of an objective. Defining the level of residual risk that is tolerable and justifiable. The process of prioritising risks in terms of their potential severity of impact and likelihood of occurrence using the Risk Assessment Matrix. The process of managing the risks associated with an activity so that if a risk occurs, the impact is minimised. A GMC internal control which reflects the GMC s commitment to sound risk management principles and practices. The person responsible for overseeing the management of a given risk, ensuring that appropriate mitigating action is selected and implemented and is responsible for periodically reporting on the status of the risk. A structured update of the assessment of current risk exposure. A risk resulting from poor strategic business decisions, improper implementation of decisions or lack of responsiveness to changes in the business environment. A15
21 Appendix B Business Champions Education and Standards Nathan Lambert ( ) Fitness to Practise Tom Russell ( ) MPTS Howard Matthews ( ) Registration and Revalidation Rob Scanlon ( ) Resources and Quality Assurance Steve Downs ( ) Strategy and Communication Kimberley Kingsborough ( ) A16
22 Appendix C Version Control Log This current version of the Risk Management Framework was approved [approvals/date] following a formal review of the framework in August - October The schedule below sets out a summary of all amendments to the framework since then. Date Reason for amendment?? October 2013 Redrafted during formal RMF review and approved by the Audit & Risk Committee A17
23 Note: Final approved version will feature a new back cover in the house style. A18
24 15 Risk Management Framework Annex B Risk Summary Tool Purpose of the Risk Summary 1 The Risk Summary Tool will provide the Performance and Resources Board, the Audit and Risk Committee and Council meetings with a visual representation of the risk profile and trends across the organisation, enabling them to prioritise their discussions on specific risk groupings. Background to development of a Risk Summary 2 At a seminar on risk management for the Audit and Risk Committee on 5 September 2013, it was recommended that the review team consider ways in which the Committee might be able to review corporate risks in a more structured way. The Audit and Risk Committee therefore asked the team to develop two strawman diagrams which would provide a summary view of the risks on the Corporate Risk Register. Taking the Risk Summary tool forward 3 Two options were designed to further the discussion as to how we can best support the Audit and Risk Committee s consideration of the Corporate Risk Register. Both options were tested, the pros and cons were discussed and a paper presented back to Committee members on circulation. 4 In discussion with the Chair of the Committee, a preferred option was identified and refined, and which will be finalised in light of the completion of the corporate strategy and approval of the new Risk Management Framework. It will be brought for consideration to each of the first meetings of the Performance and Resources Board, Audit and Risk Committee and Council in The finalised Risk Summary will be compiled by the Intelligence Unit and will be a high-level view of the risks to the achievement of our corporate strategy, using the organisation s current corporate risks. B1
25 Explanation of the preferred option 6 This draft Risk Summary displays the GMC s corporate level risks within five major categories: a Three which link directly to risk to patients. b One dealing with environmental risk, for example political risk. c One covering risk to the business, for example financial risk. 7 Discussions took place at the Audit and Risk Committee seminar on different ways of categorising our organisational risks. The categories used here have been developed subsequently and refined following testing. The categories are based on our purpose, and the organisation s risk profile as recorded in the Corporate Risk Register. 8 The approach taken in this strawman is broadly based on good practice in the Civil Aviation Authority (CAA) (which was discussed at the risk management seminar), which displays the significant seven safety risks facing the CAA. Figure 1: Illustration of draft Risk Summary GMC Purpose: To protect, promote and maintain the health and safety of the public by ensuring proper standards in the practice of medicine RISK TO PATIENTS ENVIRONMENTAL RISK RISK TO THE BUSINESS 1. Failure to provide assurance that doctors are properly qualified and fit to practise 2. Failure to ensure standards in medical education, training and on going practice 3. Failure to detect and act on risk to patients 4. Inability to adapt to external changes in the operating environment 5. Inadequate/ inefficient organisational process or resource utilsation (externally, internally and locally) Crit. Sig SP4 SP5 2.4 SP2 7.3/ SP3 Low SP The illustration above has been populated using existing corporate risks. The shapes and arrows represent the risk rating (after mitigating action) from the Corporate Risk Register, with the arrows indicating a risk that has risen or fallen in rating since the last Council review, the dots representing a risk which has retained the same rating since the last review, and the squares indicating a new risk. B2
26 Benefits 10 The benefits of using the preferred option are: a Displays clear linkage of risk categories (1-4) back to the GMC purpose. b Provides a straightforward view of risk and trends at corporate level. c Encourages more discipline in the articulation of risks. d By phrasing the categories in this way we can better see the likely impact, on our purpose, of failure to mitigate a risk. Explanation of the alternate option 11 Following discussions on the preferred option, an alternate option has been developed, using the same structure as the preferred option, but replacing the risk categories with the Priorities for The headings currently used are based on the emerging themes presented to Council on 25 September 2013, and will be finalised alongside the completion of the development of the corporate strategy. Figure 2: Illustration of alternate option for Risk Summary GMC Purpose: To help protect patients and improve standards of medical practice Priorities for Identifying and acting on risk to patients 2. Maximising the impact of our work 3. Being more effective locally 4. Raising professional standards in medical practice. 5. Working better together Crit. Sig. SP3 SP SP /4 Low SP1 SP The pros and cons of using the alternate option in place of the preferred option are outlined in the table below. Pros Priorities clearly understood throughout the organisation. Cons Not all of the current risks on the Corporate Risk Register map to the emerging Priorities B3
27 Avoids adding a level of complexity if risk categories were used B4
Bridgend County Borough Council. Corporate Risk Management Policy
Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationRisk Management Policy and Process Guide
Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including
More informationUpdate from the Business Continuity Working Group
23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationThe Risk Management strategy sets out the framework that the Council has established.
Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management
More informationReport of the Audit and Risk Committee
10 December 2014 Council 7 To consider Report of the Audit and Risk Committee Issue 1 Twice a year the Audit and Risk Committee prepares a report for Council which details the work it has undertaken since
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationRISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer
RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.
More informationRISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES
RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES GOVERNMENT ACCOUNTING SECTION DEPARTMENT OF FINANCE MARCH 2004 Risk Management Guidance CONTENTS Pages List of guidelines on risk management
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Nuffield College s Risk Management Policy defines the College's approach to risk and how risk management should be embedded into management processes to ensure that the major risks
More informationNorthern Ireland Blood Transfusion Service
Northern Ireland Blood Transfusion Service Risk Management Strategy Northern Ireland Blood Transfusion Service Lisburn Road Belfast BT9 7TS Telephone No. 028 9032 1414 www.nibts.org Page 1 of 12 CONTENTS
More informationPOL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:
POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:
More informationRISK MANAGEMENT STRATEGY
RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationUpdate from the Business Continuity Working Group
18 June 2015 Performance and Resources Board 14 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationRisk Management Policy
Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationMARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc
MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till
More informationRiver Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy
River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise 4. Embedding
More informationCompliance Management Framework. Managing Compliance at the University
Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance
More informationHow To Ensure That Sovini Is A Successful Business
Group Risk Management Policy Originator: Approval date: Policy and Strategy Team Sovini Board PCHA Board OVH Board/EMT 6 th December 2013 31 st October 2013 14 th October 2013 Review date: December 2014
More informationBedford Group of Drainage Boards
Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise
More informationRISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014
RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 Version 1.0 October 2013 Not protectively marked INDEX PAGE NO TITLE 3 Executive Summary 4 Our Shared Vision and Priorities 5 Outline of the Risk and
More informationPM Governance. Executive Team ADCA ADCA
Item 6.5a Action Plan against the Recommendations Made in the Review of Risk Management Arrangements by PM Governance, November 2014 Key: PM Governance Paul Moore, Risk Consultant ADCA Associate Director
More informationMerthyr Tydfil County Borough Council
Merthyr Tydfil County Borough Council DRAFT Risk Management Policy & Strategy April 2014 Prepared by: Kerry O Donovan Page 1 of 47 Contents Page Numbers Foreword 3 Merthyr Tydfil County Borough Council
More informationThe University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17
The University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17 Summary This paper sets out the University s current obligations and arrangements for
More informationRisk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC
Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE
More informationORDINANCE 22 UNIVERSITY OF LONDON RISK MANAGEMENT POLICY
UNIVERSITY OF LONDON RISK MANAGEMENT POLICY Introduction 2 Guide to Risk Management 2 Underlying approach to Risk Management 2 Components of the Risk Management Framework 3 Role and Responsibilities of
More informationWaveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy
Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise
More informationRisk Policy and Risk Management Procedures
Risk Policy and Risk Management Procedures Preface The University s Risk Policy sets out The University s approach to risk and its management together with the means for identifying, analysing and managing
More informationRisk Management. National Occupational Standards February 2014
Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills
More informationShepway District Council Risk Management Policy
Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationProject Risk Analysis toolkit
Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,
More informationWFP ENTERPRISE RISK MANAGEMENT POLICY
WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement
More informationUNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2
UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT Purpose of the guide... 2 Risk Management The Basics... 2 What is Risk Management?... 2 Applying Risk Management... 2 The Use of Risk Registers in Risk Management...
More informationWhat Every Director. How to get the most from your internal audit. Endorsed by
What Every Director Should Know How to get the most from your internal audit Endorsed by Foreword This is the second edition of our flagship governance guide What every director should know. Since we published
More informationRisk Management Strategy
Risk Management Strategy 2010 RISK MANAGEMENT STRATEGY 1 INTRODUCTION 1.1 What is Risk Management? 1.1.1 Risk can be defined as uncertainty of outcome (whether positive opportunity or negative threat).
More informationLondon Legacy Development Corporation s Statement of Risk Appetite September 2015
London Legacy Development Corporation s Statement of Risk Appetite September 2015 Appendix 1 1. INTRODUCTION 1.1 Her Majesty s Treasury uses the Orange Book definition of risk management The amount of
More informationRisk Management. Group Standard
Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS
More informationPolicy and Procedure Statement
Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However,
More informationAvondale College Limited Enterprise Risk Management Framework 2014 2017
Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.
More informationV1.0 - Eurojuris ISO 9001:2008 Certified
Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation
More informationA Risk Management Standard
A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management
More informationCOMPLIANCE CHARTER 1
COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...
More informationRisk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology...
Risk Methodology Contents Introduction... 2 The Risk Management Structure... 2 The Risk Management Cycle... 2 Methodology... 3 Appendix 1...5 Definition of Controls... 5 Appendix 2...6 Definition of Impact...
More informationRisk Management Plan 2012-2015
Risk Management Plan 2012-2015 This controlled document shall not be copied in part or whole without the express permission of the author or the author s representative. Revision Date Previous Revision
More informationBest Value toolkit: Performance management
Best Value toolkit: Performance management Prepared by Audit Scotland July 2010 Contents Introduction The Audit of Best Value The Best Value toolkits Using the toolkits Auditors evaluations Best Value
More informationRisk assessment. made simple
Risk assessment made simple July 2015 1 Sayer Vincent LLP Chartered accountants and statutory auditors Invicta House 108 114 Golden Lane London EC1Y 0TL Offices in London, Bristol and Birmingham 020 7841
More informationCouncil Meeting Agenda 27/07/15
3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities
More informationPaper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business
Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING 10 February 2015 Title of the report: Section: Report by: Presented by: Risk Management Strategy & Policy Governance How we manage
More informationRISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers
Appendix 1 RISK MANAGEMENT POLICY AND STRATEGY Document Status: Draft Originator: A Struthers Updated: A Struthers Owner: Executive Director Corporate Services Version: 01.01.03 Date: 30/3/14 Approved
More informationEnterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management
Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
More informationRisk Management Within an Organisation
COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority
More informationRisk Management Policy
Risk Management Policy DOCUMENT CONTROL Developed by: Date: Origination: Quality, Systems & Shared s March 2014 Authorised by: Colette Kelleher April 2014 DOCUMENT REVIEW HISTORY Original Circulation date:
More informationRisk Management Strategy 2014-2017
Appendix 1 London Fire and Emergency Planning Authority London Fire Brigade Risk Management Strategy 2014-2017 Our Risk Management Strategy, together with our underpinning risk management framework and
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationSUMMARY OF MONITOR S WELL-LED FRAMEWORK FOR GOVERNANCE REVIEWS: GUIDANCE FOR NHS FT S PUBLICATION Report by Trust Secretary
SUMMARY OF MONITOR S WELL-LED FRAMEWORK FOR GOVERNANCE REVIEWS: GUIDANCE FOR NHS FT S PUBLICATION Report by Trust Secretary 1. Introduction Under the Risk Assessment Framework and in line with the NHS
More informationInternal Audit Strategic and Annual Plans 2015/16
Internal Audit Strategic and Annual Plans 2015/16 Financial Scrutiny and Audit Committee 10 February 2015 Agenda Item No 8 Summary: This report provides an overview of the stages followed prior to the
More informationHead of Internal Audit:
Head of Internal : Opinion on the effectiveness of the system of Internal Control at Northern Devon Healthcare NHS Trust for the year ended 31 March 2010 Roles and responsibilities The whole Board of Directors
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationSuccessfully identifying, assessing and managing risks for stakeholders
Introduction Names like Enron, Worldcom, Barings Bank and Menu Foods are household names but unfortunately as examples of what can go wrong. With these recent high profile business failures, people have
More informationAegon Global Compliance
Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationDATA QUALITY POLICY PORTFOLIO RESPONSIBILITY: CORPORATE, CUSTOMER SERVICES AND HUMAN RESOURCES CABINET 10 APRIL 2008
DATA QUALITY POLICY PORTFOLIO RESPONSIBILITY: CORPORATE, CUSTOMER SERVICES AND HUMAN RESOURCES CABINET 10 APRIL 2008 Wards Affected County-wide Purpose To approve the data quality policy. Key Decision
More informationRisk Management Policy Adopted by:
Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009
More informationRisk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7
Risk assessment made simple Introduction 3 step1 Identifying the risks 4 step2 Assessing the risks 7 step3 Establishing action points 11 step4 Developing a risk register 13 Monitoring and assessment 14
More informationPolicy 10.105: Enterprise Risk Management Policy
Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January
More informationAberdeen City Council IT Security (Network and perimeter)
Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationHow To Manage Risk In Ancient Health Trust
SharePoint Location Non-clinical Policies and Guidelines SharePoint Index Directory 3.0 Corporate Sub Area 3.1 Risk and Health & Safety Documents Key words (for search purposes) Risk, Risk Management,
More informationGuide to the National Safety and Quality Health Service Standards for health service organisation boards
Guide to the National Safety and Quality Health Service Standards for health service organisation boards April 2015 ISBN Print: 978-1-925224-10-8 Electronic: 978-1-925224-11-5 Suggested citation: Australian
More informationYear 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction
Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction The purpose of this paper is to help financial institutions, in particular their senior management, address business
More informationInternal Audit Terms of Reference
Internal Audit Terms of Reference Introduction 1. The Internal Audit Terms of Reference (ToR) describes the framework within which the Internal Audit Service is delivered. It is intended to act as a guide
More informationThe Lowitja Institute Risk Management Plan
The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute
More informationRISK MANAGEMENT STRATEGY AND FRAMEWORK
Uniting Church in Australia Synod of Victoria and Tasmania RISK MANAGEMENT STRATEGY AND FRAMEWORK Prepared by: Synod Risk Management Committee Date Prepared and Issued: February 2010 S:\AdminFinance\EDAF\Risk
More informationVISION FOR LEARNING AND DEVELOPMENT
VISION FOR LEARNING AND DEVELOPMENT As a Council we will strive for excellence in our approach to developing our employees. We will: Value our employees and their impact on Cardiff Council s ability to
More informationUnderstanding and articulating risk appetite
Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,
More informationCapital Requirements Directive Pillar 3 Disclosure. December 2015
Capital Requirements Directive Pillar 3 Disclosure December 2015 1. Background The purpose of this document is to outline the Pillar 3 disclosures for BlueBay Asset Management LLP ( BlueBay ). BlueBay
More informationDisability ACT. Policy Management Framework
Disability ACT Policy Management Framework OCT 2012 Disability ACT Policy Management Framework Version October 2012 Page 1 of 19 1. Context... 3 1.1 Purpose... 3 1.2 Scope... 3 1.3 Background... 3 1.4
More informationRisk Management Strategy & Implementation Plan 2014 2016
St George s Healthcare NHS Trust: the next decade Risk Management Strategy & Implementation Plan 2014 2016 DRAFT VERSION 6.0 UPDATED 19.11.14 Executive summary We know, from external assurances received
More informationPrinciples for An. Effective Risk Appetite Framework
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
More informationEffective Internal Audit in the Financial Services Sector
Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors
More informationManaging ICT contracts in central government. An update
Managing ICT contracts in central government An update Prepared by Audit Scotland June 2015 Auditor General for Scotland The Auditor General s role is to: appoint auditors to Scotland s central government
More informationthe role of the head of internal audit in public service organisations 2010
the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public
More informationRisk management framework
Risk management framework Security classification: PUBLIC Reference number: DSITI:FW:001P Policy owner: Executive Director, Strategic Transformation & Performance Contact officer: Principal Consultant,
More informationRISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1
RISK MANAGEMENT 1 Contents Introduction 2 Corporate Governance 2 Purpose of this policy 2 Policy Objectives 2 Policy Statement 3 Scope of the policy 3 What is Risk? 4 The University s Approach 4 Description
More informationBusiness Continuity Management Policy
Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve
More informationGuidance on Risk Management, Internal Control and Related Financial and Business Reporting
Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting
More informationHuman Services Quality Framework. User Guide
Human Services Quality Framework User Guide Purpose The purpose of the user guide is to assist in interpreting and applying the Human Services Quality Standards and associated indicators across all service
More informationSecond Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013
Second Clinical Safety Review of the Personally Controlled Electronic Health Record (PCEHR) June 2013 Undertaken by KPMG on behalf of Australian Commission on Safety and Quality in Health Care Contents
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationAppendix 1e. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Performance Management Framework
Appendix 1e DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Performance Management Framework DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance - Risk Management
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationSolvency II Data audit report guidance. March 2012
Solvency II Data audit report guidance March 2012 Contents Page Introduction Purpose of the Data Audit Report 3 Report Format and Submission 3 Ownership and Independence 4 Scope and Content Scope of the
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationCode of Audit Practice
Code of Audit Practice APRIL 2015 Code of Audit Practice Published pursuant to Schedule 6 Para 2 of the Local Audit and Accountability This document is available on our website at: www.nao.org.uk/ consultation-code-audit-practice
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More information