RISK MANAGEMENT POLICY



Similar documents
Bridgend County Borough Council. Corporate Risk Management Policy

Risk Management Policy. Corporate Governance Risk Management Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Risk Management Policy

RISK MANAGEMENT POLICY. Version 3

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

RISK MANAGEMENT STRATEGY

Shepway District Council Risk Management Policy

Bedford Group of Drainage Boards

Project Risk Analysis toolkit

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Business Continuity Management Policy

Confident in our Future, Risk Management Policy Statement and Strategy

Risk Management Policy and Framework

POLICY. Number: Title: Enterprise Risk Management. Authorization

EEA Grants Norway Grants Risk management. Alex Stimpson and Trine Eriksen Results and Evaluation, FMO Vilnius 11 December 2013

Group Risk Management Policy

Core Infrastructure Risk Management Plan

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

Version: 3.0. Effective From: 19/06/2014

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

RISK MANAGEMENT POLICY

The Risk Management strategy sets out the framework that the Council has established.

POLICY : CORPORATE RISK MANAGEMENT

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1

WFP ENTERPRISE RISK MANAGEMENT POLICY

Risk Management Framework

How To Ensure That Sovini Is A Successful Business

Risk Management Policy

A Risk Management Standard

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

The Lowitja Institute Risk Management Plan

Charities Toolkit. A toolkit for effective risk management

Risk Management Policy and Process Guide

Risk Management Guide

Good Governance Guide. Risk Management in Community and Comprehensive Schools

Northern Ireland Blood Transfusion Service

CORP RISK MANAGEMENT POLICY & METHODOLOGY

ERM Program. Enterprise Risk Management Guideline

1.20 Appendix A Generic Risk Management Process and Tasks

Risk Management Procedure

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

Risk assessment. made simple

RISK MANAGEMENT GUIDANCE FOR GOVERNMENT DEPARTMENTS AND OFFICES

Policy and Procedure Statement

Risk Management Statement, Strategy and Policy. Index. Risk Management Statement page 2. Risk Management Strategy page 2

Council Meeting Agenda 27/07/15

Network Risk Assessment Guideline

V1.0 - Eurojuris ISO 9001:2008 Certified

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

London Legacy Development Corporation s Statement of Risk Appetite September 2015

Eclipx Group Limited Risk Management Policy

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

AfDB New Procurement Policy: Training Program for the Bank s Procurement Staff. Risk-based design of Procurement Arrangements - Introduction

Risk Methodology. Contents. Introduction The Risk Management Structure The Risk Management Cycle Methodology...

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Compliance Management Framework. Managing Compliance at the University

Maintenance Strategy 2015 Owner: Kevin Bullimore Head of Infrastructure Next review 2020

Audit, Risk and Compliance Committee Charter

COMPLIANCE CHARTER 1

Audit Committee, 28 November. HCPC Project Risk Management. Executive summary and recommendations. Introduction

Complaints Policy. Controlled Document Number: Version Number: 6 Controlled Document Sponsor: Controlled Document Lead: Approved By:

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Risk Management Strategy EEA & Norway Grants Adopted by the Financial Mechanism Committee on 27 February 2013.

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Revised Risk Management Policy and Framework. Report by Head of Finance

How To Manage Risk In Ancient Health Trust

Integrated Risk Management:

Strategic Risk Management for School Board Trustees

Risk Management Within an Organisation

UF Risk IT Assessment Guidelines

Risk/Issue Management Plan

Risk Management & Business Continuity Manual

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

Xavier Catholic College Risk Management - Policy & Procedure

How to Assess Legal Risk Management Practices

IT Project Management Methodology. Project Risk Management Guide. Version 0.3

Risk Management Policy Adopted by:

Business Continuity Management; Guidance for Policy Implementation

Risk Assessment Tool and Guidance (Including guidance on application)

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

BARRAMUNDI L IMITED RISK MANAGEMENT POLICY

Introduction to Risk Management

A guide for members APES 325 Risk Management for Firms

Transcription:

RISK MANAGEMENT POLICY Nuffield College s Risk Management Policy defines the College's approach to risk and how risk management should be embedded into management processes to ensure that the major risks are being effectively managed. The Risk Management Policy is a management tool with the purpose of helping the College in achieving its objectives as set out in the Statutes. Risk management involves a planned and systematic approach to the identification, assessment and mitigation of the risks which could hinder the achievement of strategic objectives. It involves the following main steps: 1. Identifying risk; 2. Assigning ownership; 3. Assessing risk; 4. Evaluating what action needs to be taken on the risks; 5. Periodic monitoring and assessment. 1. Risk identification Risks are identified by looking at key aspects of the College, focusing initially on factors significant in the achievement of its objectives and its overall mission and aims. Further factors considered in the process are: The College s operation structure; External factors that might affect the College such as legislation and regulation. The College s reputation; Problems faced in the past. The College has adopted the framework recommended by the Charity Commission (CC26, Annex 2), where risks are classified under the following categories: i. Governance; ii. Operational; iii. Financial; iv. Environmental or external; v. Compliance (law or regulation). 1

2. Assigning ownership Whilst the trustees retain the ultimate responsibility for the risk management process, due to the nature of the College s operation, risks are delegated to the relevant committee within the College. 3. Risk assessment Identified risks are then put into perspective in terms of the potential severity of their impact and likelihood of their occurrence. Assessing and categorising risks helps in prioritising and filtering them, and in establishing whether any further action is required. The 'heat map' below shows the method adopted by the College, which incorporates increased weighting of impact. It works on a scoring of xy+y, where x is likelihood and y is impact. This formula multiplies impact with likelihood and then adds a weighting again for impact. In interpreting the risk heat map the colour codes are: Red - major or extreme/catastrophic risks that score 15 or more; Yellow - moderate or major risks that score between 8 and 14; Blue or Green - minor or insignificant risks scoring 7 or less. 2

The following tables are used in the risk scoring: Likelihood Descriptor Score Example Remote 1 may only occur in exceptional circumstances Unlikely 2 expected to occur in a few circumstances Possible 3 expected to occur in some circumstances Probable 4 expected to occur in many circumstances Highly probable 5 expected to occur frequently and in most circumstances Impact Descriptor Score Impact on service and reputation Insignificant 1 no impact on service no impact on reputation complaint unlikely litigation risk remote no financial impact Minor 2 slight impact on service slight impact on reputation complaint possible litigation possible low financial impact Moderate 3 some service disruption potential for adverse publicity - avoidable with careful handling complaint probable litigation probable moderate financial impact Major 4 service disrupted adverse publicity not avoidable (local media) complaint probable litigation probable high financial impact Extreme/Catastrophic 5 service interrupted for significant time major adverse publicity not avoidable (national media) major litigation expected 3

resignation of senior management and board loss of beneficiary confidence severe financial impact Risk scoring often involves a degree of judgment or subjectivity; where data or information on past events or patterns is available more evidence-based judgments are applied. 4. Evaluating what action needs to be taken on the risks Where major risks are identified a consideration is given to any additional action that needs to be taken to manage the risk, either by lessening the likelihood of the event occurring, or lessening its impact if it does. Examples of possible actions are: Risk may need to be avoided by ending the activity; The risk could be transferred to a third party; The risk could be shared with others; The exposure to the risk can be limited; The risk can be reduced or eliminated by establishing or improving control procedures; The risk may need to be insured against; The risk may be accepted as being unlikely to occur and/or of low impact and therefore will just be reviewed annually. In assessing additional action to be taken, the cost of management or control will generally be considered in the context of the potential impact or likely cost that identify areas where the control seeks to prevent or mitigate. A balance will need to be struck between the cost of further action to manage the risk and the potential impact of the residual risk. 5. Periodic monitoring and assessment The College s monitoring and assessment of the risk management process involves the following: i. New risks are reported and evaluated; ii. Risk aspects of significant new projects are considered as part of project appraisal; iii. Any significant failures of control systems are reported and actioned; 4

iv. Any further actions required are identified; v. Trustees consider and review the annual process; vi. Trustees are provided with relevant and timely interim reports. The College has employed the above approach through the use of a Risk Register which follows the prescribed format in CC26, Annex 1 (Appendix 1). Risk tolerance The level of the acceptable net risk of each activity is considered individually and as part of the College s overall risk profile. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information