Risk Management Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Risk Management Policy"

Transcription

1 Risk Management Policy Effective from 4 July 2015 Version Number: 2.1 Author: Director of Planning Planning Directorate

2 Document Control Information Status and reason for development Revised updating the previous policy to reflect the 2014 CUC Higher Education Code of Governance. There are no fundamental changes to the underlying policy requirements. Revision History Author Summary of changes Version Authorised & Date John Forshaw John Forshaw Updated to reflect change in University Committee structure Incorporated internal governance and committee structures, national guidance and risk process updates V2.1 Audit & Risk Committee: 02/06/15 John Forshaw Approved original version V1.0 Council V2.0 Council: 03/07/14 Audit Committee:18/06/14 Exec:06/05/14 Ops Board:30/04/14 Policy Management and Responsibilities Owner: Vice Chancellor is the Policy Owner and has delegated day to day management and communication of the policy to the Director of Planning. Others with See Roles & Responsibilities within Appendix 6. responsibilities (please specify): Have you completed consultation / formal Please specify date completed and brief outcome, or N/A assessment with the following advisory teams Equality Analysis (E&D, HR) Legal implications (LPG) Information Governance (LPG) Student facing procedures (QEO) Consultation Staff Trades Unions via HR Students via USSU Any relevant external bodies (please specify) N/A N/A N/A Specify date/outcomes of any relevant consultations or N/A Authorised by: Audit & Risk Committee Date authorised: 02 June 2015 Effective from: 4 July 2015 Review due: 1 July 2018 Document location: University Policy & Procedure Pages Document dissemination and communications plan: This policy is available via the University website. Briefings and associated training will be provided by the Planning Directorate to Colleges, Schools and Professional Services as part of embedding risk management within the operational and performance management cycle. Page 2 of 15

3 1.0 Purpose 1.1 The CUC Higher Education Code of Governance states that the governing body ensures institutional sustainability by working with the Executive to set the institutional mission and strategy. In addition, it needs to be assured that appropriate steps are being taken to deliver them and that there are effective systems of control and risk management. Responsibilities include: Decisions that might have significant reputational or financial implications and seeking assurance that these undergo a rigorous process of due diligence. Academic risks such as those involving partnerships and collaboration, recruitment and retention, data provision, quality assurance, and research integrity. 1.2 The Code also requires that the Audit Committee has the financial expertise and the time to examine risk management control and governance under delegation from the governing body. It cannot confine itself to financial matters, and its role extends to all areas of institutional activity. The Audit committee must produce an annual report for the governing body, including: its opinion on the adequacy and effectiveness of the institution's risk management, control and governance arrangements. 1.3 Risk management informs strategic development through the identification and treatment of risk so that strategic objectives are more likely to be achieved, damaging events are avoided or minimised and opportunities are maximised. Good risk management increases the probability of success, and reduces the probability of failure and uncertainty of achieving the University s objectives. 1.4 The purpose of the risk management policy is to explain the University's underlying approach to risk management and to document the roles and responsibilities of Council and its sub-committees, the senior management team and other key parties. It also outlines key aspects of the risk management process, and identifies the main reporting procedures. 2.0 Scope 2.1 Risk can be defined as the threat or possibility that an action or event will adversely or beneficially affect an organisation s ability to achieve its objectives 1. Accordingly risks include both threats and opportunities. 2.2 Risk Management involves the planned and systematic approach to the identification, evaluation and control of risk. It is concerned with evaluating the measures an organisation has in place already to manage identified risks and then suggesting actions that the organisation should take to control these risks more effectively. For threats, the outcome of risk management is the reduced likelihood (probability) of a risk occurring or limiting the consequences (impact) should the risk occur by implementing appropriate methods of control (risk mitigations). The opposite is the case for opportunities. 2.3 This risk management policy forms part of the University's internal control and corporate governance arrangements. It explains the institution s underlying approach to risk management, documents the roles and responsibilities of Council, senior management, and other key parties. It also outlines key aspects of the risk management process, and identifies the main reporting procedures. It applies to institutional, School, Professional Services Directorates, subsidiary companies, and project risk management: At an institutional level: risks can affect either positively or negatively the University's ability to operate as a business and/or deliver its long term strategic aims and objectives as outlined in the University s Strategic Plan. 1 HEFCE 01/28 Risk management A guide to good practice for higher education institutions Page 3 of 15

4 At an operational level (Schools, Professional Services Directorates and Subsidiary Companies): risks can affect the successful delivery of operational plans and hence achievement of academic and financial priorities as contained in the University s key sub-strategies. At a project level: risks can affect the successful delivery of the project s stated benefits by impacting the cost, time and/or quality of outputs. 3.0 Policy Statements Underlying approach to risk management 3.1 The following key principles outline the institution s approach to risk management and internal control: Council has responsibility for overseeing risk management within the institution as a whole; An open and receptive approach to solving risk problems is adopted by Council; The Vice-Chancellor and the University Management Team supports, advises and implements policies approved by Council; The institution makes conservative and prudent recognition and disclosure of the financial and non-financial implications of risks; Deans, Heads of School and Directors of Professional Services are responsible for encouraging good risk management practice within their areas; and The University s significant risks will be identified and closely monitored on a regular basis. Risk appetite The University has a responsible approach to risk management, seeking to recognise and manage its exposure to risks. In pursuit of achieving its strategic aims and academic mission the University will, therefore, accept a degree of risk, commensurate with the potential reward within defined tolerances for risk appetite agreed by Council for key areas: Corporate and operational risk appetite: the University s general approach is to minimise its exposure, classified as minimalist (see Appendix 1), with respect to its core business and values specifically: Adherence to the values stated in the University s Strategic Plan ; Prioritisation of the health and safety of staff, students and visitors to the University; Ensuring business continuity that is, the continued operation of University systems and processes that support the ongoing delivery of critical business operations; Maintenance of the quality of academic provision; and Compliance with statutory requirements. Project risk appetite: in pursuing its distinctive mission and goals the University s project risk appetite is classified as open. The University is committed to seizing the opportunities provided by the imagination and enthusiasm of its staff, the co-operation of partners and its support for innovation. It will do so, subject always to ensuring that the opportunities are consistent with its mission, that the potential benefits (reward and value for money) and risks are fully understood before developments are authorised, and that appropriate measures to mitigate risk are established. Strategic risk appetite: the University s strategic risk appetite is classified as cautious. The University is driven to pursue its distinctive mission and goals, through seizing developed and presented opportunities, but it also has to protect its core business and values. 3.3 The classifications of risk appetite can be found at Appendix 1. 2 Defined as the amount of risk that an organisation is prepared to accept, tolerate, or be exposed to at any point in time. The Orange Book: Management of Risk Principles and Concepts, HM Treasury, October 2004 Page 4 of 15

5 Risk identification, assessment and management 3.4 Risk management is undertaken as an integral part of strategic and operational management: Strategic and operational plans will include an assessment of the risks and mitigating actions associated with each objective; these will be reviewed regularly by the local management teams with the most significant risks being reported to and reviewed by the University as part of the quarterly review cycle; Risks must be identified and assessed as part of the business case for all new schemes, investments and projects; once approved risks must be reviewed regularly by the project board or similar governance committee. 3.5 The Planning Directorate will maintain the University Risk Register. Each School and Professional Services Directorate will maintain its own local risk register. 3.6 For each risk the details identified in Appendix 2 will be recorded and monitored in a risk register. The register will be maintained by a nominated risk champion within each area with the authority and responsibility to collate the component risks on behalf of the Dean / Head of School / Director of Professional Service and ensure procedures are in place to enable effective capture of new risks on a timely basis. The risk champion will liaise with relevant staff and use appropriate methods defined by the Planning Directorate as the custodian of the University Risk Register. 3.7 Risks will be assessed using a 5x5 scale for the likelihood and impact of each risk before and after mitigating actions according to the criteria shown in Appendices 3 and 4 respectively. The overall risk score will be assessed using the probability impact matrix shown in Appendix 5. These criteria are incorporated in to risk register templates available from the Planning Directorate. 3.8 The main options available to the University in dealing with the risks facing it are to: Terminate avoid the risk (e.g. terminating a risky activity); Transfer transfer the risk to a third party if cost-effective (e.g. by contracting out); Treat retain and control the risk; Tolerate exposure to the risk is tolerable without any further action. 3.9 Risks should be controlled at a management level with the resources to underwrite the impact of the risk. Such resources may include the holding of a financial or time contingency as a means of mitigating the impact should the risk occur. Where the degree of exposure increases beyond a management level s ability/delegated authority, the risk should be escalated. Appendix 5 identifies the risk scores which would require a risk to be escalated to the University Executive. Of these the top 10 will be escalated to Council.Risk governance 3.9 The University Management Team, Audit and Risk Committee and Council have key roles to play in the overall risk management framework. The specific responsibilities of the different groups are shown in Appendix 6. This also shows the frequency with which these groups review risks. Scrutiny and assurance by Council and Audit and Risk Committee 3.10 Annually the Audit and Risk Committee will, based upon their quarterly assessment of the risk register, provide the Council with an opinion on whether the University has had an effective and mature risk management process in place for the preceding year. It should consider: Leadership: do senior management and the Executive support and promote risk management? Risk Strategy and Policies: Is there a clear risk strategy and risk policies? People: Are staff equipped and supported to manage risk well? Page 5 of 15

6 Partnerships & Resources: Are there effective arrangements for managing risks with partners and are there appropriate supporting resources? Processes: Do the University s processes incorporate effective risk management? Risk Handling: Are risks handled well? Outcomes: Does risk management contribute to achieving outcomes? 3.11 Based on these reports the Council, advised by the Audit and Risk Committee and the External Auditors, must satisfy itself that key risks have been identified and are being managed in accordance with the University s policy as well as whether any revisions to the policy should be implemented. It should consider: Whether risk management continues to be linked to the achievement of the University's objectives; The appropriate risk appetite or level of exposure for the University as a whole; Whether risk review procedures cover fundamental reputation, governance, staff, research, teaching, operational, compliance, student experience, estates, financial and other risks to achieving the University's objectives; Whether risk assessment and risk-based internal control are embedded in ongoing operations and form part of its culture; Changes in the nature and extent of fundamental risks and the University's ability to respond to changes in its internal and external environment since the last assessment; The extent and frequency of reports on internal control to Council and whether this is sufficient for Council to build up a cumulative assessment of the state of control and effectiveness of risk management; The incidence of any fundamental control failings or weaknesses identified at any point within the year and the impact that they have had or could have on financial results or the institutions reputation; The effectiveness of the overall approach, compliance and policy to risk management and whether changes or improvements to processes and procedures are necessary. 4.0 Related Documentation CUC Higher Education Code of Governance, 2014 HEFCE 01/28 Risk management A guide to good practice for higher education institutions Risk Register template (Excel spreadsheet) 5.0 Appendices Appendix 1 Classification of risk appetite Appendix 2 Components of the Risk Register Appendix 3 Risk Probability Criteria Appendix 4 Risk Impact Criteria (Threat / [Opportunity]) Appendix 5 - Probability Impact Matrix (and Risk Scores) Appendix 6 - Risk Governance Page 6 of 15

7 APPENDIX 1 Classification of risk appetite Classification Description Averse Avoidance of risk and uncertainty is a key organisational objective Minimalist Cautious Open Hungry Preference for ultra-safe business delivery options that have a low degree of inherent risk and only have a potential for limited reward Preference for safe delivery options that have a low degree of residual risk and may only have limited potential for reward Willing to consider all potential delivery options and choose the one that is most likely to result in successful delivery while also providing an acceptable level of reward (and value for money etc.) Eager to be innovative and to choose options offering potentially higher business rewards, despite greater inherent risk Page 7 of 15

8 APPENDIX 2 Components of the Risk Register Field Id Category Risk Description Owner Probability (pre mitigation) Impact (pre mitigation) Gross Risk Level Description Unique identifier for the risk The type of risk e.g. financial, operational A short description of the uncertain event and the consequences should it materialise The senior member of the team with responsibility for managing the risk The likelihood of the risk happening before any additional action (control) is taken (see Appendix 3) The effect of the consequences should the risk occur before any additional action (control) is taken (see Appendix 4) The initial rating of the risk without any additional controls based on the Gross Risk Score Gross Risk Score Probability x impact score pre mitigation (see Appendix 5) Proximity Risk Causes Mitigating Actions Probability (post mitigation) Impact (post mitigation) Net Risk Level The earliest the risk is likely to occur The events or circumstances which may trigger the risk The current or intended actions with target completion dates to reduce the probability and/ or impact of the risk The likelihood of the risk happening after the identified mitigating actions have been implemented (see Appendix 3) The effect of the consequences should the risk occur after the identified mitigating actions have been implemented (see Appendix 4) The rating of the risk after the mitigating actions based on the Gross Risk Score Net Risk Score Probability x impact score post mitigation (see Appendix 5) Status Response Category Escalation level Open / Closed / New Terminate / Transfer / Treat / Tolerate The level to which the risk is escalated (including Executive and Council) Page 8 of 15

9 APPENDIX 3 Risk Probability Criteria Scale Description Criteria Very High Highly Likely >75% 3 out of 4 or more frequently High Probable 51-75% 1 in 2 chance (50-50) to 3 out of 4 Medium Possible 26-50% 1 in 4 chance to 1 in 2 (50-50) Low Remote 6-25% 1 in 20 chance to 1 in 4 Very Low Very Remote <5% 1 in 20 chance or less frequent Page 9 of 15

10 APPENDIX 4 Risk Impact Criteria (Threat / [Opportunity]) 3 Scale Very High Description Catastrophic Strategy and Policy Prevents successful achievement of several strategic priorities resulting in strategy needing to be revised. High Major Prevents successful achievement of one strategic priority resulting in parts of strategy needing to be revised. Financial Impact on budget or additional expenditure / [income]: Capital > 5M Revenue > 1m recurrent Impact on budget or additional expenditure / [income]: Capital 1M - 5m Revenue 0.5m - 1m recurrent Operational Performance / Business Continuity Loss of major customer / contract / partnership / bid. Inability to deliver core service resulting in stopping delivery of programmes. Interruption of critical services > 24 hours. Loss of mid-sized customer / contract / partnership / bid. Inability to deliver core service resulting in noticeable loss of performance affecting ability to deliver programmes. Interruption of critical services > 12 hours. Criteria Student Experience Severe impact affecting large numbers of students which will have a significant affect on University level NSS scores and/or retention. High impact affecting large number of students which will have a significant affect on overall School level NSS scores and/or retention. Reputation Severe level of criticism / [praise] in national press. Permanent impact on student recruitment; irreparable damage to relationships with funding bodies and significant partners. > 12 months to restore level of credibility. University criticised / [praised] in national press. Long term impact on student recruitment, relationship with funding bodies or partners. Recoverable within 6 months. Legal / Regulatory Compliance / Governance / Health & Safety Major legislative breach resulting in suspension of business. Multiple major irreversible injuries or deaths of staff, students or members of public. Serious legislative breach resulting in intervention, sanctions and legal action. Major irreversible injury or death of staff, student or member of public. Programme / Projects (Time / Benefits) 4 > 12 months Failure to deliver more than one of the major benefits 6 to 12 months Failure to deliver one of the major benefits 3 Descriptors relate mostly to threats unless specifically included in [ ] for opportunities; otherwise, for opportunities the descriptors should be interpreted as preventing the stated threat (e.g. bring project forward by x weeks) 4 Relates primarily to significant projects or change programmes Page 10 of 15

11 Scale Description Strategy and Policy Medium Moderate Restricts ability to achieve one or more strategic priorities requiring some modification to parts of strategy. Low Minor Impacts on some aspects of one or more strategic priority but not significant enough to require modifying the strategy. Financial Impact on budget or additional expenditure / [income]: Capital 0.5m - 1m Revenue 100k - 500k recurrent Impact on budget or additional expenditure / [income]: Capital 100k - 500k Revenue 25k - 100k Operational Performance / Business Continuity Loss of minor customer / contract / partnership / bid. Moderate disruption to some services resulting in temporary loss of performance affecting some programmes. Interruption of critical services > 6 hours. Unhappy customer / partner. Loss of potential new customer / contract / bid. Manageable disruption to some services resulting in no loss of performance but requiring additional staff and interim working arrangements. Criteria Student Experience Moderate impact affecting local programme area which will have a material impact on the programme level NSS scores and/or retention. Minor impact affecting several programmes / large group of students but which is unlikely to have a material impact on NSS scores or retention. Reputation University criticised / [praised] in local press. Medium term impact on student recruitment, relationship with funding bodies or partners. Recoverable within 1 month. Programme / discipline area criticised / [praised] in local press. Short term disruption to student recruitment, relationships with funding bodies or partners. Recoverable within 1 week. Legal / Regulatory Compliance / Governance / Health & Safety Significant legislative breach resulting in investigation. Major reversible injury to staff, student or member of public. Not life threatening. Moderate impact leading to warning. Some minor reversible injuries. Programme / Projects (Time / Benefits) 4 1 to 6 months Significant reduction in more than one benefit 1 to 4 weeks Significant reduction in one of the benefits Interruption of critical services > 3 hours. Page 11 of 15

12 Scale Very Low Description Insignificant Strategy and Policy Impacts on minor part of one strategic priority but not significant enough to require modifying the strategy. Financial Impact on budget or additional expenditure / [income]: Capital < 100k Revenue < 25k recurrent Operational Performance / Business Continuity Disruption to potential customer / contract / bid. Manageable disruption to minor services resulting in no obvious loss of performance. Interruption of critical services > 1 hour. Criteria Student Experience Minor impact affecting single programme but which is unlikely to have a material impact on NSS scores or retention. Reputation Negligible criticism / [praise] in specialist local press. Negligible impact on student recruitment, relationship with funding bodies or partners. Fully recoverable within 1 day. Legal / Regulatory Compliance / Governance / Health & Safety Minor impact. No reprimand, sanction or legal action. Some superficial injuries. Programme / Projects (Time / Benefits) 4 < 1 week Minor reduction in one of the benefits Page 12 of 15

13 PROBABILITY University of Salford Risk Management Policy V2.1 APPENDIX 5 - Probability Impact Matrix (and Risk Scores) [Opportunities] [Critical] [High] [Medium] [Low] Low Medium High Critical Threats Very High High Medium Low Very Low [Very High] [High] [Medium] [Low] [Very Low] Very Low Low Medium High Very High IMPACT / [OPPORTUNITIES] IMPACT / THREATS Notes Area to top right of bold line indicates those risks with a net risk score of 9 or more and which should be escalated to Executive Of those, the top 10 risks should be escalated to Council Page 13 of 15

14 APPENDIX 6 - Risk Governance Body / Role Responsibilities Review of Risks Council Audit and Risk Committee Vice- Chancellor Overall responsibility for risk management within the University, specifically: Endorses the University s Risk Management Policy; Determines the institutional risk appetite; Provides a strategic focus to the management of risk, ensuring that the identification of risk is integrated and aligned to the key strategic objectives; Endorses major decisions affecting the University s risk profile or exposure; Satisfies itself that less significant risks are being effectively managed and controlled; Annually reviews the University s approach to risk management and approve changes or improvements to its process. On behalf of Council, keeps under review the integrity and effectiveness of the University s risk management framework, alerting Council to any emerging issues. Produces an annual report for Council on the adequacy and effectiveness of the institution's risk management, control and governance arrangements in advance of Council approving the audited financial statements. The Vice-Chancellor has delegated responsibility from Council for implementing the Risk Management Policy, specifically: Review the most significant risks (approx. top 10) Frequency: quarterly Review the most significant risks (approx. top 10) Frequency: each meeting Reviews the full risk register annually 5 As required To implement the policies on risk management and internal control. To identify, evaluate and control risks within the Institution, including emerging risks, and allocate responsibility for the control mechanisms. To ensure that the procedures are embedded within the day-to-day management of the University. To ensure that there is ownership of risk management and internal controls throughout the University. To ensure that there is adequate training and resources to ensure that the policy can be implemented. To report to the Council on significant and emerging risks during the year. To ensure that the process of day-to-day risk management is adequately documented, including disaster recovery plans. To oversee regular reviews of the University's approach to risk management and its effectiveness. 5 The annual review of the full risk register is to provide assurances of the breadth of risks covered and to mitigate any surprises if there is escalation of a known risk to the top 10. Page 14 of 15

15 University Management Team (UMT) Supports the Vice-Chancellor in discharging his/her responsibility for the implementation of the Policy. Responsible for escalating risks to Council as appropriate. Review the most significant risks (approx. top 10) Frequency: approximately 6 times a year prior to submission to Council and Audit and Risk Committee Sub-strategy owners Schools; Professional Services Risk Champion Planning Directorate External Assurance Providers Responsible for identifying, managing and reporting the strategic risks associated with University objectives specific to their portfolios. Management of the risks is to be undertaken in consultation with the relevant Deans, Heads of Schools and Directors of Professional Services impacted by the risks. The substrategy owners also provide a level of functional oversight for the operational risks in the business areas that impact on their portfolios. The Deans / Heads of School and Directors of Professional Services are responsible for identifying, managing and reporting the strategic and operational risks specific to their areas. Risk reporting of the most significant risks will take place as an integral part of the quarterly performance review cycle. Nominated individual within each School / Professional Service with the authority and responsibility to maintain the area s risk register on behalf of the Dean / Head of School / Director and ensure procedures are in place to enable effective capture of new risks on a timely basis. The risk champion will liaise with relevant staff and use appropriate methods defined by the Planning Directorate as the custodian of the University Risk Register. To lead on the management and governance of the corporate risk management strategy, including the development of associated policy and procedure, and the monitoring of its implementation. Custodian of the University Risk Register. Facilitate a moderation meeting as a minimum annually to review all local risk registers to ensure that they are being maintained to the expected quality and share good practice. Internal Audit; External Audit: Provide independent challenge, audit of key controls, and formal reporting on assurance including the effectiveness of the Risk Management Policy. Regulatory Bodies: Provide assurance in relation to specific areas of interest, often backed up by a specific audit (e.g. the appropriate use of specific sources of funding) Review the full risk register annually prior to submission to Audit and Risk Committee 5 As required School/PS Executive (or equivalent) to review their risk register and agree any items to be escalated Frequency: quarterly (minimum) As required and specifically in advance of each quarterly review Review risks as required and specifically in advance of each submission to the University Management Team, Audit and Risk Committee and Council As required Page 15 of 15

RISK MANAGEMENT POLICY (Revised October 2015)

RISK MANAGEMENT POLICY (Revised October 2015) UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

RISK MANAGEMENT POLICY & FRAMEWORK. \\vmfileserver02\company\council\judy\risk Management\Risk Management Framework 2013 (2).

RISK MANAGEMENT POLICY & FRAMEWORK. \\vmfileserver02\company\council\judy\risk Management\Risk Management Framework 2013 (2). RISK MANAGEMENT POLICY & FRAMEWORK \\vmfileserver02\company\council\judy\risk Management\Risk Management Framework 2013 (2).doc 20 Page 1 of Table of Contents Risk Management Policy...3 Risk Management

More information

INTERNAL AUDIT SERVICE

INTERNAL AUDIT SERVICE Risk Management Policy INTERNAL AUDIT SERVICE Purpose of this document 1. This risk management policy forms part of the University s internal control and corporate governance arrangements. 2. The policy

More information

V1.0 - Eurojuris ISO 9001:2008 Certified

V1.0 - Eurojuris ISO 9001:2008 Certified Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation

More information

Risk Management Policy

Risk Management Policy 1 Purpose Risk management relates to the culture, processes and structures directed towards the effective management of potential opportunities and adverse effects within the University s environment.

More information

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise 4. Embedding

More information

Risk Management Policy and Procedures

Risk Management Policy and Procedures Risk Management Policy and Procedures Trust Board Approval Date 17 September 2014 Effective Date 17 September 2014 Planned Review Date July 2015 Web Access Intranet Owner Director of Finance, Business

More information

IFoA Risk Management Framework 29 February 2016

IFoA Risk Management Framework 29 February 2016 IFoA Risk Management Framework 29 February 2016 1.0 Introduction The IFoA has developed a new Risk Management Framework which was implemented in early 2015-16 and which brings together the management of

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management: Coordinated activities to direct and control an organisation with regard to risk. POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

Risk Management. Policy, Strategy and Methodology

Risk Management. Policy, Strategy and Methodology Risk Management Policy, Strategy and Methodology Contents Page Number Foreword by Paul Orders, Chief Executive... 2 Foreword by Councillor Graham Hinchey, Cabinet Member for Corporate Services and Performance...

More information

South Oxfordshire District Council and Vale of White Horse District Council Risk Management Strategy

South Oxfordshire District Council and Vale of White Horse District Council Risk Management Strategy 2013 2016 South Oxfordshire District Council and Vale of White Horse District Council Risk Management Strategy 2013-2016 1 1 Context 3 SCOPE 3 WHAT IS RISK MANAGEMENT? 3 LOCAL AND NATIONAL DRIVERS 3 Business

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

Risk & Opportunity Management Framework

Risk & Opportunity Management Framework Risk & Opportunity Management Framework January 2010 Version 1.0 Table of Contents 1 Preface... 14 1.1 Risk and Opportunity Management What is it?... 14 1.2 Purpose... 15 2 Risk Management Process... 15

More information

Group Risk Management Policy

Group Risk Management Policy Group Risk Management Policy Originator: Approval date: Policy and Strategy Team Sovini Board PCHA Board OVH Board/EMT 6 th December 2013 31 st October 2013 14 th October 2013 Review date: December 2014

More information

Bedford Group of Drainage Boards

Bedford Group of Drainage Boards Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 2014-15 April 2014 Page 1 of 17 CONTENTS 1. Introduction 2. What is risk management? 3. Risk Management Policy Statement 4. Risk Management process 5. Roles and responsibilities

More information

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K

R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K R I S K M A N A G E M E N T S Y S T E M F R A M E W O R K VERSION REV 4.0 OWNER VP OPS AND ENG EFFECTIVE DATE MARCH 2014 REVIEW DATE MARCH 2014 1. PURPOSE, APPLICATION AND SCOPE This Management System

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Corporate Risk Management Policy

Corporate Risk Management Policy Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction

More information

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology...

Risk Methodology. Contents. Introduction... 2. The Risk Management Structure... 2. The Risk Management Cycle... 2. Methodology... Risk Methodology Contents Introduction... 2 The Risk Management Structure... 2 The Risk Management Cycle... 2 Methodology... 3 Appendix 1...5 Definition of Controls... 5 Appendix 2...6 Definition of Impact...

More information

The Risk Management strategy sets out the framework that the Council has established.

The Risk Management strategy sets out the framework that the Council has established. Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management

More information

Risk Management Policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

Risk Management Policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope... Risk Management Policy Board library reference Document author Assured by Review cycle P136 Interim Head of Risk and Legal Services Audit and Risk Committee 3 Years This document is version controlled.

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Issue Date: February 2010 Reviewed: July 2011 Contents Scope...3 Key Points...3 Background...3 Roles and Responsibilities...3 Classification of Risks...4 Risk Evaluation...4 Risk

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

RISK MANAGEMENT POLICY AND PROCEDURE

RISK MANAGEMENT POLICY AND PROCEDURE RISK MANAGEMENT POLICY AND PROCEDURE SCOPE CONTEXT PURPOSE RISK MANAGEMENT FRAMEWORK Governance and Reporting Risk Statement RISK MANAGEMENT PROCESS Communicate and Consult Establish the Context Risk Identification

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

Shepway District Council Risk Management Policy

Shepway District Council Risk Management Policy Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk

More information

RISK MANAGEMENT STRATEGY

RISK MANAGEMENT STRATEGY RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

Risk Policy and Risk Management Procedures

Risk Policy and Risk Management Procedures Risk Policy and Risk Management Procedures Preface The University s Risk Policy sets out The University s approach to risk and its management together with the means for identifying, analysing and managing

More information

Risk Management Framework

Risk Management Framework Risk Management Framework Category or Type Originally approved by, and date Administration and Management Vice Chancellor at VCAG on December 2008 Last approved revision October 2011 Sponsor Chief Operating

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Originator name: Department: Implementation date: Ruth Anderson Finance 1 August 2013 Date of next review: 1 August 2016 Related policies: Health & Safety Policy, Equality & Diversity

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

Risk Management Policy

Risk Management Policy Risk Management Policy June 2015 1 2 Contents 1. Policy Objectives and Background... 4 1.1. Policy Background... 4 1.2. Policy Objective... 4 1.3. Policy Sponsor and Maintenance... 4 2. Risk Types and

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Nuffield College s Risk Management Policy defines the College's approach to risk and how risk management should be embedded into management processes to ensure that the major risks

More information

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Management Policy. Corporate Governance Risk Management Policy Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance

More information

Isle of Wight Council Risk Management Practical Guide. DIRECTORATE OF RESOURCES Strategic Director: Dave Burbage

Isle of Wight Council Risk Management Practical Guide. DIRECTORATE OF RESOURCES Strategic Director: Dave Burbage Isle of Wight Council Risk Management Practical Guide DIRECTORATE OF RESOURCES Strategic Director: Dave Burbage Contents: 1 Introduction 3 2 What is Risk Management? 3 3 Approach to Improving Managing

More information

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management

More information

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE

More information

UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2

UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2 UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT Purpose of the guide... 2 Risk Management The Basics... 2 What is Risk Management?... 2 Applying Risk Management... 2 The Use of Risk Registers in Risk Management...

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Integrated Risk Management Framework

Integrated Risk Management Framework Integrated Risk Management Framework Number: THCCGCG1 Version: 2 This document provides an overview of the risk management process utilised by NHS Tower Hamlets CCG. The Board Assurance Framework provides

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

(Insert company name)

(Insert company name) (Insert company name) Risk Management Plan Note: This template has been developed as a guide for developing a risk management plan. Further assistance can be provided by the Special Purpose Vehicle Unit,

More information

Title: Rio Tinto management system

Title: Rio Tinto management system Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information

ERM Program. Enterprise Risk Management Guideline

ERM Program. Enterprise Risk Management Guideline ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible

More information

Agency Board Meeting 28 July 2015

Agency Board Meeting 28 July 2015 SEPA 22/15 Agency Board Meeting 28 July 2015 Report Number: SEPA 22/15 Audit Committee Annual Performance Report 2014-2015 Summary: Risks: Resource and Staffing Implications Equalities: Environmental and

More information

Audit & Scrutiny Committee

Audit & Scrutiny Committee Page 1 Annual Risk Management Report Audit & Scrutiny Committee Agenda Item: 09 Date of Meeting 23 February 2016 Officer Chief Executive Subject of Report Annual Risk Management Report Executive Summary

More information

Risk Management Strategy 2014-2017

Risk Management Strategy 2014-2017 Management Strategy 2014-2017 1. Policy Statement 2. Statement of Commitment 3. Our Approach 4. Management Principles 5. Appetite Statement 6. Maturity 7. Management Levels 8. Escalation 9. Management

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Terms of Reference - Board Risk Committee

Terms of Reference - Board Risk Committee Terms of Reference - Board Risk Committee The Board Risk Committee is authorised by the Board to oversee the Group s risk management arrangements. It ensures that the overarching risk appetite is appropriate

More information

Risk Management. Policy

Risk Management. Policy Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our

More information

Safety Management Systems (SMS) guidance for organisations

Safety Management Systems (SMS) guidance for organisations Safety and Airspace Regulation Group Safety Management Systems (SMS) guidance for organisations CAP 795 Published by the Civil Aviation Authority, 2014 Civil Aviation Authority, CAA House, 45-59 Kingsway,

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY B A R R A M U N D I L I M I T E D RISK MANAGEMENT POLICY 22 August 2016 THE OBJECTIVES OF RISK MANAGEMENT Risk management is the systematic process of managing an organisation's risk exposures to achieve

More information

Council Meeting Agenda 27/07/15

Council Meeting Agenda 27/07/15 3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities

More information

London Legacy Development Corporation s Statement of Risk Appetite September 2015

London Legacy Development Corporation s Statement of Risk Appetite September 2015 London Legacy Development Corporation s Statement of Risk Appetite September 2015 Appendix 1 1. INTRODUCTION 1.1 Her Majesty s Treasury uses the Orange Book definition of risk management The amount of

More information

RISK MANAGEMENT POLICY. Version 3

RISK MANAGEMENT POLICY. Version 3 RISK MANAGEMENT POLICY Version 3 Version: Version 3 Version 3 Authors: Liz Hollman, Mary Klaus, Sarah Langan-Hart Approved by: Healthcare Governance Committee Trust Board Approved date: May 2009 Review

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization

POLICY. Number: 7311-10-005 Title: Enterprise Risk Management. Authorization POLICY Number: 7311-10-005 Title: Enterprise Risk Management Authorization [ ] President and CEO [ X] Vice President, Finance and Corporate Services Source: Director, Enterprise Risk Management Cross Index:

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014

RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 Version 1.0 October 2013 Not protectively marked INDEX PAGE NO TITLE 3 Executive Summary 4 Our Shared Vision and Priorities 5 Outline of the Risk and

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1 RISK MANAGEMENT 1 Contents Introduction 2 Corporate Governance 2 Purpose of this policy 2 Policy Objectives 2 Policy Statement 3 Scope of the policy 3 What is Risk? 4 The University s Approach 4 Description

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

Review of Risk Management and Insurance. Public Accounts Committee

Review of Risk Management and Insurance. Public Accounts Committee Review of Risk Management and Insurance Public Accounts Committee April 2012 Contents Executive Summary 1 Maturity Model 6 Understanding the Causes and the Way Forward 7 Risk Management Recommendations

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES GOVERNMENT ACCOUNTING SECTION DEPARTMENT OF FINANCE MARCH 2004 Risk Management Guidance CONTENTS Pages List of guidelines on risk management

More information

RISK MANAGEMENT POLICY FOR DIOCESAN SYSTEMIC SCHOOLS

RISK MANAGEMENT POLICY FOR DIOCESAN SYSTEMIC SCHOOLS RISK MANAGEMENT POLICY FOR DIOCESAN SYSTEMIC SCHOOLS February 2014 Risk Management Policy Page 1 1. PURPOSE This policy is a formal acknowledgement of the commitment of the Diocesan Schools System to risk

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards. Aurora Energy Risk Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 0 19/11/98 Risk Management Policy Prepared by: Manager Internal Audit 1 March 2007 Risk Management Policy

More information

Risk Management Policy

Risk Management Policy Principles Through a process of Risk Management, the University seeks to reduce the frequency and impact of Adverse Events that may affect the achievement of its objectives. In particular, Risk Management

More information

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14 For North Simcoe Muskoka LHIN Health Service Providers Table of Contents Purpose of this document... 2 Introduction... 3 What is Risk?... 4 What

More information

Insurance Act These rules may be cited as the Insurance (Risk Management) Rules "affiliated corporation" means a corporation which

Insurance Act These rules may be cited as the Insurance (Risk Management) Rules affiliated corporation means a corporation which Government Notice No... of 2016 Insurance Act 2005 Rules made by the Financial Services Commission under section 130 of the Insurance Act and section 93 of the Financial Services Act 1. Citation These

More information

OVERBERG DISTRICT MUNICIPALITY

OVERBERG DISTRICT MUNICIPALITY OVERBERG DISTRICT MUNICIPALITY ENTERPRISE RISK MANAGEMENT STRATEGY Contents 1. Introduction.2 2. Legislative mandate... 2 3. Background... 3 3.1 What is risk?... 3 3.2 Enterprise-wide Risk Management...

More information

Risk Management Guide

Risk Management Guide Risk Management Guide Page(s) Introduction 3 The 5 steps to identifying risk 4 Risk Management Process - Step 1 5 Identify - Step 2 Assess Step 3 5-6 6 Control - Step 4 6 Monitor and Review -Step 5 6 Risk

More information

IT Services Risk Management Strategy

IT Services Risk Management Strategy Prepared by: DOCUMENT CONTROL Change Control Table Version Amendment Description Release Date 1.00 Initial Draft Reviewed by DIB 16.01.14 Updated by 1.00 Approved by IT Lead

More information

Sound Practices for the Management of Operational Risk

Sound Practices for the Management of Operational Risk 1 Sound Practices for the Management of Operational Risk Authority 1.1 Section 316 (4) of the International Business Corporations Act (IBC Act) requires the Commission to take any necessary action required

More information

Revised Risk Management Policy and Framework. Report by Head of Finance

Revised Risk Management Policy and Framework. Report by Head of Finance Audit Committee 29 April 2010 Item No 7 Revised Risk Management Policy and Framework Report by Head of Finance Summary A substantial review of our current Risk Management Strategy has been carried out.

More information

KENYA NATIONAL BUREAU OF STATISTICS RISK MANAGEMENT POLICY

KENYA NATIONAL BUREAU OF STATISTICS RISK MANAGEMENT POLICY KENYA NATIONAL BUREAU OF STATISTICS RISK MANAGEMENT POLICY SEPTEMBER 2009 Table of Contents Pg No. FOREWARD... ii PREFACE...iii CHAPTER ONE... 1 INTRODUCTION... 1 1.0 Background... 1 1.1 KNBS policy statement...

More information

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April 2008 1

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April 2008 1 Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS April 2008 1 Contents 1 Introduction 3 2 Management Systems 2.1 Management Systems Introduction 3 2.2 Quality Management System

More information

Project Risk Analysis toolkit

Project Risk Analysis toolkit Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,

More information

PART A: OVERVIEW...1 1. Introduction...1. 2. Applicability...2. 3. Legal Provisions...2. 4. Effective Date...2

PART A: OVERVIEW...1 1. Introduction...1. 2. Applicability...2. 3. Legal Provisions...2. 4. Effective Date...2 PART A: OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provisions...2 4. Effective Date...2 PART B: INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS...3 5. Overview of ICAAP...3 6. Board and

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Risk Management Procedure

Risk Management Procedure Purpose of this document Develop and document procedures and work instructions for Risk Management to cover the project Stages set out in the Project Process Map. The purpose of this procedure is to identify

More information

ORDINANCE 22 UNIVERSITY OF LONDON RISK MANAGEMENT POLICY

ORDINANCE 22 UNIVERSITY OF LONDON RISK MANAGEMENT POLICY UNIVERSITY OF LONDON RISK MANAGEMENT POLICY Introduction 2 Guide to Risk Management 2 Underlying approach to Risk Management 2 Components of the Risk Management Framework 3 Role and Responsibilities of

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

Risk Management Policy Adopted by:

Risk Management Policy Adopted by: Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY 1. POLICY STATEMENT Having regard to AS/NZS ISO 31000 Risk Management, it shall be the Policy of SRW to manage risk to protect public safety, quality

More information

Risk Management Policy and Assurance Framework

Risk Management Policy and Assurance Framework Risk Management Policy and Assurance Framework March 2015 Author: Responsibility: Janet Young, Governance & Risk Manager All Staff should adhere to this policy Effective Date: March 2015 Review Date: April

More information