Mid Suffolk District Council. Risk Management Strategy
|
|
- Barbra Holt
- 8 years ago
- Views:
Transcription
1 Mid Suffolk District Council Risk Management Strategy uthor Claire Reynolds and udit Officer (Lead for Risk Management) Version Control V1 30 October 2006 pproved by Executive Committee V2 October/ November 2007 Reviewed V3 February 2009 Revised approved by Executive Committee V4 March 2010 Revised - 1 -
2 Contents 1 Background 1.1 What is Risk Management? 1.2 Why is it important? 2 How Risk Management will be effectively achieved 2.1 Leadership, roles and responsibilities 2.2 Risk Management objectives 2.3 The Risk Management Framework 3 guide to Risk Management 3.1 The four steps of Risk Management 3.2 Step 1 Identify the risks & opportunities 3.3 Step 2 ssess the risks & opportunities 3.4 Step 3 Manage and control the risks & opportunities 3.5 Step 4 Recording and reviewing the risks & opportunities 4 The relationship with Internal udit and Management and Finance 4.1 The connection between Risk Management and Internal udit 4.2 The connection between Risk Management and Management and Finance 5 Risk and Partnerships 5.1 Managing risks within Partnerships 6 Opportunity Risk (positive risks) 6.1 Managing opportunities - 2 -
3 1 Background s a result of financial scandals in the 1980s and 1990s a series of reports recommended that Corporate Governance, of which Risk Management is an integral part, be introduced in large private sector organisations. Following reports from the udit Commission (Worth the Risk) this expectation extended to the public sector. The Society of Local uthority Chief Executives (SOLCE) and CIPF recognised the importance of Risk Management to the Modernising genda. uthorities were required to develop a Code of Corporate Governance and Risk Management was included within this Code. Risk Management is also one of the areas assessed by the udit Commission as part of the Use of Resources ssessment within the Comprehensive rea ssessment. 1.1 What is Risk Management? Risk Management is the process of identifying those significant risks that will affect the achievement of the Council s corporate and operational objectives, and also identifying risks arising from new opportunities, and then finding an appropriate method of managing those risks. Risk Management is not about eliminating all risks and it is not about avoiding change Risk Management is exactly that, taking risks, but managing them appropriately. 1.2 Why is it important? Effective Risk Management means that many of the foreseen risks to the Council can be controlled before they happen, by tolerating, treating, terminating or transferring the risk. By using Risk Management, positive opportunities can be identified for the Council, for example, taking slightly more risk to achieve more outcomes. Some of the benefits that can be expected from effective Risk Management are: - Improved performance; - chievement of objectives through a structured system; - Enhanced reputation and public confidence; - Early warning of problems; - Prioritisation of resources; - Making the most of new opportunities as know how to manage the risks involved; - Savings preventing costly mistakes before they happen. 2 How Risk Management will be effectively achieved? Risk Management will be achieved by ensuring that there is buy in from top to bottom i.e. from Members down to staff everyone has a role to play. It will be ensured that there is an effective Risk Management Strategy and that it is embedded within the culture of the Council. Risk Management can be embedded by having a clear direction and process, which is explained in more detail in the following sections. MSDC has a specific lead for Risk Management within and udit, who can provide guidance, advice and training
4 2.1 Leadership, Roles & Responsibilities Members - To have regard to Risk Management implications in decision-making. - To appoint a Risk Management Champion. Executive Committee - To approve the Risk Management Strategy. - To ensure that the Risk Management Strategy is implemented to ensure that risks are appropriately managed. - To have regard to Risk Management implications in decision-making. - Receive six-monthly reports on the corporate risks to the Council. (These will be integrated with performance and financial information). Scrutiny Committee - Receive an annual corporate risk report. Management Board - Review progress on identification and management of corporate risks through quarterly reports from and udit. - Identify corporate risks and ensure there is ownership and that these risks are tolerated, treated, terminated or transferred. - Demonstrate a commitment to embedding Risk Management across the Council. and udit / Risk Management Lead - Review the Risk Management process / strategy annually and obtain approval from Executive Committee. - Provide facilitation, training and support to promote and embed a Risk Management culture throughout the Council. - ssist management in identifying, analysing and controlling the risks they encounter. - Liaise with other internal and external bodies (including key partners) to highlight further risks to the Council and obtain best practice. - Review the Risk Register. - Provide reports to Management Board and Executive Committee as required. - To highlight to Heads of Service where risks are not being appropriately managed and to escalate to Management Board where concerns continue. - To submit evidence to the udit Commission, on the management of risks and the respective outcomes. - Notify the Insurance Officer of any issues that may affect the insurance policies and levels of cover. - Monitor risk implications of all committee reports/policies. Heads of Service - Monitor risks for their Service rea. - Identify new risks within the Service rea, including those risks arising from new opportunities or partnerships. - Decide whether to terminate, transfer, treat or tolerate the risks within their service area (see pages 9/10 for further clarification). If treating, to instigate controls and allocate responsibility for control to staff. - Include significant risks highlighted during risk assessments in the Risk Register. - Ensure compliance with the Risk Management Strategy. - Ensure that staff are made aware of Risk Management and their role in the process. Promote Risk Management in the workplace. - Nominate appropriate staff for Risk Management training. - Ensure that any risks are included within reports going to Council / Committees to allow Members / Management Board to make informed decisions
5 ll Employees - Have an understanding of Risk Management, including the identification and reporting of risks. - ssist the Service in putting controls in place where it has been decided to treat the risk. - ssist with risk assessments. - ttend Risk Management training and support Risk Management where required. - Ensure that any risks are included within reports going to Council / Committee to allow members / Management Board to make informed decisions. and udit / Internal udit Lead - Have an awareness of the Risk Management process. - Inform the and udit Officer with a lead for Risk Management of newly issued audit reports and associated risks. - Consult the Risk Register when creating the annual udit Plan. and udit / Management Lead - Have an awareness of the Risk Management process. - Inform the and udit Officer with a lead for Risk Management of significant risks resulting from poor performance. 2.2 Risk Management Objectives - Embed Risk Management into the culture of the Council. - Manage risk in accordance with best practice. - Be responsive to changing social, environmental and legislative requirements whilst effectively managing the related risks and opportunities. - Reduce the impact and cost of risk by either terminating, treating, tolerating or transferring the risk (see pages 9/10 for further clarification). - Enhance opportunity where possible by weighing up the risk and what can be gained. 2.3 The Risk Management Framework - Risks are identified from a number of sources (Members, Management, Partners, udit Reports, monitoring etc). Service areas have a responsibility to identify the risks associated with service delivery, new initiatives etc any corporate risks should be reported to the Risk Management Lead within and udit who will identify the risk owner and then the following process will apply; - Identify the risk owners, give a risk score using the matrix and identify control for the risks i.e. a task aimed to reduce or eliminate the risk (unless to be tolerated); - Enter the risks into the Risk Register within Excel; - Update the risk register according to work progress and re-score using the matrix; - and udit will overview and monitor the Risk Register on a regular basis and provide guidance
6 3 Guide to Risk Management There are four basic steps to Risk Management, which are explained in more detail below. Risk Registers are maintained in the form of Excel spreadsheets (see ppendix 1 for an example). 3.1 The four steps to Risk Management There are four simple steps to achieve effective Risk Management, Step 1 identify the risk, Step 2 assess the risk, Step 3 Manage or control the risk, Step 4 Review and report on the risk. The diagram below illustrates this cycle:- Step 1 - Identify the Risk Step 4 - Review & Report on the Risk Step 3 - Manage and Control the Risk Step 2 - ssess the Risk Step 1 Identify the Risk Highlight those risks that will prevent the Council / Service meeting its objectives (including any risks that may arise from new opportunities). This can be done thorough any number of ways e.g. risk assessments, service planning, working groups etc. Risks can be identified as Corporate or Operational. Corporate risks are those risks that affect the Council as a whole and prevent the Council from meeting its objectives, particularly those objectives within the corporate or strategic plans. Operational risks are those risks that prevent the services within the Council from meeting their objectives and every day working practices
7 Operational risks will mainly be those risks that are highlighted by service areas and corporate risks will mainly be highlighted by those overall factors that affect us as a whole Council. Internal and external functions / factors can influence the risks that we face. Dedicated and udit Officers meet quarterly with their respective Heads of Service to update their operational risk registers. The and udit Officer leading Risk Management will collate the information and is responsible for updating the corporate risks. It is possible for risks to be highlighted by any means, for example: - New legislation / guidance; - Training / more aware of issues; - Risk assessments either being reviewed or carried out on new processes; - Information from the public; - Partnerships; - New ventures, or opportunities; - udit reports; - Committee papers These give just a few ideas of where risks could be highlighted (please see the Risk Checklist in ppendix 2 for prompts to help identify new risks). Once highlighted these risks must be fed into the Risk Register. The organisation must be open to new and changing risks at all times as these can appear in any number of places. Risks involving partnerships and contracts must also be considered. Has a partnership / contract considered the risk environment in the same way that the Council would? Has this been discussed and resolved with risks being allocated to either side of the party? When venturing into a new partnership these are some of the questions that should be considered. It is important to ensure that the actual risk has been identified, not just the consequence or the impact. The risk is what will happen if the objective is not achieved. Examples:- Objective Ensure that lone workers are supported and are safe Cause Not having a sufficient lone working policy in place. Risk ttack on lone workers. Consequence Staff are hurt / traumatised and the Council could be liable. (Fictitious risk) Or, Use the alternative way of thinking about identifying the risk - Loss to Failure of Failure to Lack of Partnership with - 7 -
8 Development of. Leads to. Resulting in. s per the example above:- Failure to have a sufficient lone working policy in place leads to a possible attack on lone workers resulting in staff being hurt / traumatised and the Council possibly being liable. Step 2 ssess the Risk - Rate each risk according to its impact and probability to enable risks to be prioritised. Once risks have been identified they must be rated based on the impact and probability of the risk occurring. There is no exact science to this, but it does give an indication of what the higher risks are to allow prioritisation. The following matrix gives the risk scoring:- Impact Disaster 4 4 (Medium) 8 (High) 12 (very High) Bad 3 3 (Low) 6 (Medium) 9 (High) Noticeabl e 16 (Very High) 12 (Very High) 2 2 (Low) 4 (Medium) 6 (Medium) 8 (High) Minimal 1 1 (Low) 2 (Low) 3 (Low) 4 (Medium) Rare or Occasional never Often Frequent Probability / Frequency ction to be taken: Very High Risk = Controls must be put in place immediately High Risk = Controls must be in place as a priority Medium Risk = Controls must be put in place as quickly as possible Low Risk = Controls to be put in place if / when have resources
9 The following descriptions of the impact and probability may help with determining where the risks lies (please note that this is only a guide):- Impact Disaster - Loss of service delivery for more than 7 days or MSDC unable to continue business; - Loss of life; - Serious injury; - Extensive media coverage. Bad - Disruption to MSDC, affecting the public (loss of service between 48 hours and 7 days); - Serious injury; - Local and national press coverage; Noticeable - Disruption to MSDC, affecting the public (for no more than 48 hours); - Serious injury; - Local press coverage; Minimal - Some disruption to internal business (no loss of public service); - Minor or no injuries; - Minimal / no reputational damage; Frequency Frequent - Occurs on a regular basis i.e. monthly, bi-monthly, has a regular pattern. Often - Occurs several times throughout the year. Occasional - Happens once or twice throughout the year. Rare or never - Sporadic, no pattern can be determined. Step 3 Manage and Control ssess what is already in place to manage the risk and planning to put further controls in place if required (use the 4 T s to determine if will tolerate, terminate, transfer or treat the risk). This would also include maximising any positive opportunities. Identify how the risk is currently controlled and then what gaps there are, how these can be addressed and who by. Risks can be managed in the following ways:- - Tolerating The benefits gained by undertaking the process causing the risk, outweigh the costs involved to mitigate the risk entirely, or there is no justification of the expense involved in introducing measures to control the risk, therefore it is simply accepted that there is a risk. The level at which a risk is tolerated is called the risk appetite. Even though risk may be tolerated, it should continue to be recorded and monitored. - Treating Control the risk as much as possible to bring it back to an acceptable level that can be tolerated
10 - Terminating To get rid of the risk altogether by either controlling it fully or not doing the task causing the risk, so that there is no risk. - Transferring Transfer the risk to another party so that they become responsible, for example insurance. If insurance is an option this should be discussed with the Risk Lead, who will in turn seek the expertise of the Insurance Officer (CSD). - Remember more risk can be taken if it is felt that the benefits in doing so would outweigh the risk itself. The idea of Risk Management is not to become risk adverse, but to ensure that risks are managed i.e. Risk Management. Step 4 Review and Report Ensuring that control measures remain appropriate and also incorporating new risks into the Risk Register. Reporting on the progress of the risk and any significant changes to management. It is important that risks to the Council are recorded to ensure that they are managed and reviewed effectively. Risk Management is an ongoing process and corporate risks should be reported to the Risk Lead promptly. and udit Officers will work with Heads of Service and Management to review their risks on a quarterly basis and reassess the scoring to determine if the risk has increased or decreased. The Risk Management Lead within and udit will review this process and also review the Corporate Risk Register. To note that any tasks that are associated with a corporate risk must have the approval of Management Board prior to being extended. ny operational risks that escalate to become corporate risks should be reported to and udit. The most up-to-date Operational and Corporate Risk Registers are available on the Council s shared Collaboration drive, which is accessible to all. The publicity of these registers enables the sharing of best practice and common awareness of all risks facing the authority. There is also a step 5 Risk Management is an ongoing process. lthough risks have been identified they are not just left in the register, the Service / allocated person should monitor progress against the action to be taken to address the risk and the risk should be re-scored where the action to be taken has been started / finished. ny risks removed from the Risk Register are archived and therefore remain in the system to provide a complete audit trail. Risk Management is an ongoing process to help identify those risks that will stop the Council from meeting objectives and to help do something to control those risks and do so in a structured manner. This is the purpose of Risk Management
11 4 The relationship with Internal udit and Management 4.1 The connection between Risk Management and Internal udit There is a clear connection between the management of risks and the Internal udit function. Internal udit assess risks as part of their work and if they discover control or system weaknesses that are not being sufficiently dealt with then they will feed these risks into the Risk Register under that Service area and the Service area will then be expected to monitor and report on these added risks along with those highlighted by themselves. Internal udit will also consider the Risk Register when the annual udit Plan is produced. 4.2 The connection between Risk Management, Management and Finance There is an obvious link between Risk Management, and Finance and reporting of these areas is aligned to provide the bigger picture whilst also ensuring resources are directed to key priorities and objectives. 5 Risks and Partnerships 5.1 Managing risks within partnerships Risk management should consider risks relating to significant partnerships requiring assurances about the management of those risks. The Council aims to consider those risks associated with partnership working; organisational risks regarding partnership activities as well as risks in the partnership itself are added to the appropriate risk registers to monitor and review. 6 Opportunity risk (positive risks) 6.1 Managing opportunities Good risk management also means considering opportunities (positive risks), i.e. an uncertainty that could enhance the Council s ability to achieve its objectives. The Council aims to consider opportunity risks. n example of opportunity risk could be the national performance indicator NI 188 Climate change adaptation. Obviously climate change presents many risks but on the flip side, opportunities can be found, for example taking advantage of tourism with longer summers, less call-outs for maintenance teams to frozen pipes etc.. By managing opportunities and the risks that come with it, the Council is in a better position to improve services and provide better value for money
12 ppendix 1 Operational Risk Register Key = good = fair = poor Tolerated = risk accepted & udit Risk Description Risk Owner ssociated Task(s) Task Owner Task Target Date Scoring (1-4) Rating (1-16) December 2008 Comments 1. Perception by MSDC or SCC that audit work does not meet required standard, resulting in breakdown of partnership & udit 1. Regular meetings between SCC & MSDC & udit Ongoing Impact 2 Probability Failure to address new National Indicator requirements, could lead to non compliance & udit 1.Coordinate with Heads of Service to ensure resource is input to meet new Nis 2.Ensure new processes in place to monitor new Nis & udit & udit Ongoing Mar 09 Impact 2 Probability
13 Risk Description Risk Owner ssociated Task(s) 3. Failure to embed C throughout LGR restructure could lead to poor C risk assessments & udit Corporate Risks linked to Service rea 1. Great liaison with Organisational Development re: LSP etc 2.Regular dialogue re: arrangements for LGR authorities Task Owner Task Target Date & udit & udit Ongoing Ongoing Scoring (1-4) Impact 2 Probability 3 Rating (1-16) 6 December 2008 Comments Failure to have a Business Continuity Plan leads to lack of preparedness if services are disrupted Chief Executive 1. The BC group to review BC plan and cards 2. Participate in test exercises & udit & udit Ongoing Ongoing 4 Plans and cards reviewed. nnual review due again 09/10. Exercise Prometheus successfully carried out Oct rchived risks/tasks 1. Lack of buy in from officers could lead to difficulty embedding key disciplines & udit 1. Embed dedicated officer roles & udit Ongoing There has been considerable progress during the past year. The use of dedicated officers and rotating roles has aided this. rchived Jan
14 The Register is split into the following headings; Risk Description Description of the risk Risk Owner Owner of the risk ssociated Task(s) ny tasks assigned to the risk with the aim of managing/reducing the risk Task Owner Person responsible for managing the task Task Target Date Date task is aimed to be completed by Scoring Each risk is given a rating for impact and probability Rating The rating is calculated by multiplying the impact by probability (see matrix for further info) This field indicates progress against the task: = poor the task is behind target = fair the task is on target = good the task is ahead of target Tolerated = risk accepted Comments Comments detailing the current status of the task Operational registers also show details of any risks detailed on the corporate register, which are linked to the service area, and also details of any archived risks/tasks. Risks change over time new ones emerge or existing risks become more or less significant as a result of external or internal factors. The Risk Registers are living documents which will be regularly reviewed, monitored and updated with Management consideration on a quarterly basis
15 Quarterly Risk Checklist ppendix 2 Consider if your Service rea is facing any new risks think about the following: Have you entered into any new partnerships? Do any current partnerships have risks attached?; Have you ventured into any new opportunities/ projects recently? Do any current projects present any risks (positive/negative)? Have you had any audits recently that have raised significant issues? Have you had any other inspections that have raised significant issues? Have you had any health & safety issues / completed any risk assessments recently?; Have you issued any committee reports recently? Think on existing contracts / partnerships any issues there?; Budget / financial issues?; Legal / legislative issues?; ny staff / managerial issues?; From your performance management, are there any issues or concerns?; re there any risks that you can think of that could be transferred through insurance?; Have there been any insurance claims recently in your area? Does this insurance claim prompt possible lack of controls / high-risk areas? re there any risks emanating from your service plan? re there any risks emanating from a Strategic Forum that you attend?
Confident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationRisk Management Within an Organisation
COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority
More informationRISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014
RISK AND OPPORTUNITY MANAGEMENT STRATEGY 2013-2014 Version 1.0 October 2013 Not protectively marked INDEX PAGE NO TITLE 3 Executive Summary 4 Our Shared Vision and Priorities 5 Outline of the Risk and
More informationRISK MANAGEMENT STRATEGY
RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate
More informationThe Risk Management strategy sets out the framework that the Council has established.
Derbyshire County Council Management Policy Statement The Authority adopts a proactive approach to Management to achieve Best Value and continuous improvement and is committed to the effective management
More informationCouncil Meeting Agenda 27/07/15
3 Risk Management Framework Abstract Council s Risk Management Framework ( the Framework ) was adopted by Council in 2012. The Framework provides structure and guidance to Council s risk management activities
More informationMARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc
MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till
More informationBridgend County Borough Council. Corporate Risk Management Policy
Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk
More informationShepway District Council Risk Management Policy
Shepway District Council Risk Management Policy Contents Section 1 Risk Management Policy... 3 1. Updates and amendments... 3 2. Definition... 3 3. Policy statement... 3 4. Objectives... 3 Section 2 Risk
More informationRisk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7
Risk assessment made simple Introduction 3 step1 Identifying the risks 4 step2 Assessing the risks 7 step3 Establishing action points 11 step4 Developing a risk register 13 Monitoring and assessment 14
More informationCENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT
Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning
More informationWaveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy
Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise
More informationHARLOW COUNCIL PERFORMANCE MANAGEMENT FRAMEWORK
HARLOW COUNCIL PERFORMANCE MANAGEMENT FRAMEWORK July 2013 1 P age Contents Page 1.0 Definition 3 2.0 Context 3 3.0 Purpose and aim of the policy 4 4.0 Policy Statement 4 5.0 Framework for Performance Management
More informationRiver Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy
River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise 4. Embedding
More informationRisk assessment. made simple
Risk assessment made simple July 2015 1 Sayer Vincent LLP Chartered accountants and statutory auditors Invicta House 108 114 Golden Lane London EC1Y 0TL Offices in London, Bristol and Birmingham 020 7841
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
More informationRisk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC
Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationData Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality...
Data Quality Policy Appendix A Updated August 2011 Contents 1. Why do we need a Data Quality Policy?... 2 2 Scope of this Policy... 2 3 Principles of data quality... 3 4 Applying the policy... 4 5. Roles
More informationMerthyr Tydfil County Borough Council
Merthyr Tydfil County Borough Council DRAFT Risk Management Policy & Strategy April 2014 Prepared by: Kerry O Donovan Page 1 of 47 Contents Page Numbers Foreword 3 Merthyr Tydfil County Borough Council
More informationRisk Management. Group Standard
Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS
More informationTRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT
AGENDA ITEM 4 TRANSPORT FOR LONDON AUDIT COMMITTEE SUBJECT: STRATEGIC RISK MANAGEMENT PROGRESS REPORT DATE: 3 MARCH 2009 1 PURPOSE AND DECISION REQUIRED 1.1 The purpose of this paper is to update the Audit
More informationRisk Management Policy and Process Guide
Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including
More informationRisk Management Policy Adopted by:
Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009
More informationRisk Management. A guide to help you manage events or circumstances that have a negative effect on your business
Risk Management A guide to help you manage events or circumstances that have a negative effect on your business This guide describes the risk management process, defines a risk, identifies some common
More informationRisk Management Policy and Framework
Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationRisk Management: Coordinated activities to direct and control an organisation with regard to risk.
POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic
More informationBedford Group of Drainage Boards
Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationRisk Management Strategy
Risk Management Strategy 2010 RISK MANAGEMENT STRATEGY 1 INTRODUCTION 1.1 What is Risk Management? 1.1.1 Risk can be defined as uncertainty of outcome (whether positive opportunity or negative threat).
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationThe report rated this area Substantial Assurance and made 2 housekeeping recommendations.
Audit Committee 21 June 2012 Internal audit report Risk Management review Executive summary and recommendations Introduction Mazars have undertaken a review of Risk Management, in accordance with the internal
More informationRisk Management Policy
Risk Management Policy DOCUMENT CONTROL Developed by: Date: Origination: Quality, Systems & Shared s March 2014 Authorised by: Colette Kelleher April 2014 DOCUMENT REVIEW HISTORY Original Circulation date:
More informationAvondale College Limited Enterprise Risk Management Framework 2014 2017
Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.
More informationThe Lowitja Institute Risk Management Plan
The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute
More informationCorporate Risk Management Policy
Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction
More informationBusiness Continuity Business Continuity Management Policy
Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version
More informationRevised Risk Management Policy and Framework. Report by Head of Finance
Audit Committee 29 April 2010 Item No 7 Revised Risk Management Policy and Framework Report by Head of Finance Summary A substantial review of our current Risk Management Strategy has been carried out.
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationRisk Management Policy
Principles Through a process of Risk Management, the University seeks to reduce the frequency and impact of Adverse Events that may affect the achievement of its objectives. In particular, Risk Management
More informationRisk Management Strategy
Risk Management Strategy A Summary for Patients & Visitors This leaflet has been designed to provide information on the Trust s Risk Management Strategy and how we involve patients and the public in reducing
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationGood Practice Guidelines for Management Development & Succession in the Public Service
OCCASIONAL PAPER No. 2 The key to a high performance public service organisation lies in well-qualified and professional staff at all levels. Good Practice Guidelines for Management Development & Succession
More informationRISK MANAGEMENT FRAMEWORK
RISK MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational Development
More informationV1.0 - Eurojuris ISO 9001:2008 Certified
Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation
More informationNorthern Ireland Blood Transfusion Service
Northern Ireland Blood Transfusion Service Risk Management Strategy Northern Ireland Blood Transfusion Service Lisburn Road Belfast BT9 7TS Telephone No. 028 9032 1414 www.nibts.org Page 1 of 12 CONTENTS
More informationA Risk Management Standard
A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management
More informationHow To Manage An In House Legal Team
December 2014 A Guide for General Counsel Structuring your legal team contents: THE TEAM 03 THE STRUCTURE 04 RISK AND COMPLIANCE 07 LEVEL AND NATURE OF OUTSOURCING 08 FUNCTIONS 09 SUPPORT SERVICES 10 CONCLUSION
More informationGood Governance Guide. www.accs.ie. Risk Management in Community and Comprehensive Schools
www.accs.ie Cumann na Scoileanna Pobail is Cuimsitheacha Association of Community and Comprehensive Schools Risk Management in Community and Comprehensive Schools Good Governance Guide 2013 Association
More informationBABERGH DISTRICT COUNCIL. To: Strategy Committee Date of meeting: 6 October 2011
BABERGH DISTRICT COUNCIL From: Strategic and Financial Planning Task Group Report Number: L77 To: Strategy Committee Date of meeting: 6 October 2011 STRATEGIC AND FINANCIAL PLANNING PROCESS 1. Purpose
More informationWFP ENTERPRISE RISK MANAGEMENT POLICY
WFP ENTERPRISE RISK MANAGEMENT POLICY Informal Consultation 3 March 2015 World Food Programme Rome, Italy EXECUTIVE SUMMARY For many organizations, risk management is about minimizing the risk to achievement
More informationRichmond-upon-Thames Performance Management Framework
Richmond-upon-Thames Performance Management Framework Introduction Everyone at the Council has a role in Performance Management. It is therefore important that we all understand what is involved. This
More informationContractor Performance Report Scoring Guide
Report Main Roads Western Australia Table of Contents CONTRACTOR PERFORMANCE REPORT SCORING GUIDE... 3 1. APPLICATION... 3 2. REPORTING... 3 2.1 Objectives... 3 2.2 Frequency... 3 2.3 Responsibility...
More informationPaper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING. 10 February 2015. Governance How we manage our business
Paper J WEST LEICESTERSHIRE CLINICAL COMMISSIONING GROUP BOARD MEETING 10 February 2015 Title of the report: Section: Report by: Presented by: Risk Management Strategy & Policy Governance How we manage
More informationRisk Management Strategy and Guidelines
Swale Borough Council Risk Management Strategy and Guidelines Status: Final Originating Date: January 2008 Date Ratified: February 2008 (Audit Committee) Next Review Date: January 2009 Accountable Member:
More informationDisability ACT. Policy Management Framework
Disability ACT Policy Management Framework OCT 2012 Disability ACT Policy Management Framework Version October 2012 Page 1 of 19 1. Context... 3 1.1 Purpose... 3 1.2 Scope... 3 1.3 Background... 3 1.4
More informationProject Risk Analysis toolkit
Risk Analysis toolkit MMU has a corporate Risk Management framework that describes the standard for risk management within the university. However projects are different from business as usual activities,
More informationVersion No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy
Version No: 2 Date: 27 July 2015 Data Quality Policy Assistant Chief Executive Planning & Performance Data Quality Policy Contents 1. Summary Statement 2. Context 3. Purpose 4. Scope 5. Detail of the policy
More informationERM Program. Enterprise Risk Management Guideline
ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible
More informationRelationship Manager (Banking) Assessment Plan
1. Introduction and Overview Relationship Manager (Banking) Assessment Plan The Relationship Manager (Banking) is an apprenticeship that takes 3-4 years to complete and is at a Level 6. It forms a key
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationRisk Management Framework
4 November 2013 Performance and Resources Board 15 To consider Risk Management Framework Issue 1 To consider a draft revised Risk Management Framework as requested by Council at its meeting on 7 February
More informationRisk Management Policy. Corporate Governance Risk Management Policy
Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance
More informationChapter 1 Developing a healthy appetite for risk [DTI] 3. Chapter 2 Getting the best bang per buck [DEFRA] 5
CONTENTS Page Chapter 1 Developing a healthy appetite for risk [DTI] 3 Chapter 2 Getting the best bang per buck [DEFRA] 5 Chapter 3 Getting your house in order [Companies House] 9 Thinking About Risk -
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationSAI GLOBAL LIMITED Risk Management Policy
SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...
More informationMANAGING DIGITAL CONTINUITY
MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance
More informationPERFORMANCE DATA QUALITY POLICY
PERFORMANCE DATA QUALITY POLICY 2007 / 08 Improvement Service May 10 th 2007 Data Quality Policy V7 10.05.07 1 INTRODUCTION / BACKGROUND Good quality performance data is accurate, valid, reliable, timely,
More informationIntegrated Risk Management:
Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)
More informationFollowing up recommendations/management actions
09 May 2016 Following up recommendations/management actions Chartered Institute of Internal Auditors At the conclusion of an audit, findings and proposed recommendations are discussed with management and
More informationCompliance Management Framework. Managing Compliance at the University
Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance
More informationUniversity of Glasgow. Policy for. Business Continuity Management
University of Glasgow Policy for Business Continuity Management 1 Policy Statement The University of Glasgow is committed to delivering the highest possible quality of service to our students, and the
More informationRISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES
RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES GOVERNMENT ACCOUNTING SECTION DEPARTMENT OF FINANCE MARCH 2004 Risk Management Guidance CONTENTS Pages List of guidelines on risk management
More informationMaintenance Strategy 2015 Owner: Kevin Bullimore Head of Infrastructure Next review 2020
Maintenance Strategy 2015 Owner: Kevin Bullimore Head of Infrastructure Next review 2020 Page 1 of 7 Maintenance Strategy Introduction The requirement for maintenance of premises, plant and equipment arises
More informationChange Management for Digital Continuity SROs
Change Management for Digital Continuity SROs This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and address risks to digital continuity
More informationThe Asset Management Landscape
The Asset Management Landscape ISBN 978-0-9871799-1-3 Issued November 2011 www.gfmam.org The Asset Management Landscape www.gfmam.org ISBN 978-0-9871799-1-3 Published November 2011 This version replaces
More informationDATA QUALITY POLICY PORTFOLIO RESPONSIBILITY: CORPORATE, CUSTOMER SERVICES AND HUMAN RESOURCES CABINET 10 APRIL 2008
DATA QUALITY POLICY PORTFOLIO RESPONSIBILITY: CORPORATE, CUSTOMER SERVICES AND HUMAN RESOURCES CABINET 10 APRIL 2008 Wards Affected County-wide Purpose To approve the data quality policy. Key Decision
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationHazard Identification, Risk Assessment and Management Procedure. Documentation Control
Hazard Identification, Risk Assessment and Management Procedure Reference: Date approved: Approving Body: Implementation Date: Version: 3 Documentation Control GG/CM/007 Trust Board Supersedes: Version
More informationInformation Commissioner's Office
Information Commissioner's Office IT Procurement Review Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Last updated 18 June 2012 Will Simpson Senior Manager T: 0161 953 6486 E: will.g.simpson@uk.gt.com
More informationPerformance Management and Service Improvement Framework
Performance Management and Service Improvement Framework Author Marcus Evans, Operational Director - Performance and Customer Insight Date: September 2014 Contents Page 1. Introduction 3 2. Strategic ning
More informationMaturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce
Maturity Model March 2006 Version 1.0 P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value Added product which is outside the scope of the HMSO
More informationThe University of Adelaide RISK MANAGEMENT HANDBOOK
The University of Adelaide RISK MANAGEMENT HANDBOOK CONTENTS PART A: Introduction 2 1. Risk Management Standard 3 2. Risk management - in general 4 3. Risk management - in the University context 5 PART
More informationGroup Risk Management Policy
Group Risk Management Policy Our Commitment Argyll Community Housing Association is committed to provide equal opportunities across all services and avoid discrimination. This policy is intended to assist
More informationHertsmere Borough Council. Data Quality Strategy. December 2009 1
Hertsmere Borough Council Data Quality Strategy December 2009 1 INTRODUCTION Public services need reliable, accurate and timely information with which to manage services, inform users and account for performance.
More informationESSEX FIRE AUTHORITY Essex County Fire & Rescue Service
ESSEX FIRE AUTHORITY Essex County Fire & Rescue Service MEETING Essex Fire Authority AGENDA ITEM 14 MEETING DATE 5 September 2012 REPORT NUMBER SUBJECT REPORT BY Risk and Business Continuity Department
More informationCorporate Health and Safety Policy
Corporate Health and Safety Policy November 2013 Ref: HSP/V01/13 EALING COUNCIL Table of Contents PART 1: POLICY STATEMENT... 3 PART 2: ORGANISATION... 4 2.1 THE COUNCIL:... 4 2.2 ALLOCATION OF RESPONSIBILITY...
More informationRisk Management. National Occupational Standards February 2014
Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills
More informationBusiness Continuity Management. Policy Statement and Strategy
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
More information7 Directorate Performance Managers. 7 Performance Reporting and Data Quality Officer. 8 Responsible Officers
Contents Page 1 Introduction 2 2 Objectives of the Strategy 2 3 Data Quality Standards 3 4 The National Indicator Set 3 5 Structure of this Strategy 3 5.1 Awareness 4 5.2 Definitions 4 5.3 Recording 4
More informationPerformance Management Framework
Purpose of the framework: To explain how we manage in Poole. It applies to all directly managed services of the Council. Introduction: Effective management at the council will: Ensure our goals are prioritised
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationUNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2
UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT Purpose of the guide... 2 Risk Management The Basics... 2 What is Risk Management?... 2 Applying Risk Management... 2 The Use of Risk Registers in Risk Management...
More informationChapter 1: Health & Safety Management Systems (SMS) Leadership and Organisational Safety Culture
Chapter 1: Health & Safety Management Systems (SMS) Leadership and Organisational Safety Culture 3 29 Safety Matters! A Guide to Health & Safety at Work Chapter outline Leadership and Organisational Safety
More informationManaging ICT contracts in central government. An update
Managing ICT contracts in central government An update Prepared by Audit Scotland June 2015 Auditor General for Scotland The Auditor General s role is to: appoint auditors to Scotland s central government
More information