Risk Management Within an Organisation

Similar documents
Confident in our Future, Risk Management Policy Statement and Strategy

Bridgend County Borough Council. Corporate Risk Management Policy

The Risk Management strategy sets out the framework that the Council has established.

Avondale College Limited Enterprise Risk Management Framework

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Risk Management Policy

Business Continuity Management Framework

Risk Management & Business Continuity Manual

How To Ensure That Sovini Is A Successful Business

POLICY : CORPORATE RISK MANAGEMENT

Corporate Risk Management Policy

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Risk Management Policy and Process Guide

The Lowitja Institute Risk Management Plan

Risk Management Policy

Business Continuity Management Policy

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

ENGINEERING COUNCIL. Guidance on Risk for the Engineering Profession.

CORP RISK MANAGEMENT POLICY & METHODOLOGY

RISK MANAGEMENT POLICY

Emergency Management and Business Continuity Policy

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Compliance Policy AGL Energy Limited

Risk Management Plan

RISK MANAGEMENT FRAMEWORK

1.0 Policy Statement / Intentions (FOIA - Open)

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

BUSINESS CONTINUITY POLICY

Risk Management Strategy and Guidelines

A Risk Management Standard

1.20 Appendix A Generic Risk Management Process and Tasks

Annual Governance Statement 2013/14

Performance Management Unit. Performance Management Framework

Strategic Alliance. Business Continuity Policy

Risk Management Policy Adopted by:

Risk Management Policy

Revised Risk Management Policy and Framework. Report by Head of Finance

Shepway District Council Risk Management Policy

Enterprise Risk Management Framework Strengthening our commitment to risk management

Solvency II Detailed guidance notes

Risk Management Policy. Corporate Governance Risk Management Policy

Following up recommendations/management actions

Risk Management Strategy

Risk Management. Group Standard

A guide for members APES 325 Risk Management for Firms

IFAD Policy on Enterprise Risk Management

Information Governance Strategy

ENTERPRISE RISK MANAGEMENT POLICY

Business Continuity Management Policy

Risk Management. National Occupational Standards February 2014

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

Guidance notes: Financial Planning & Managing Risk

People Strategy 2013/17

WFP ENTERPRISE RISK MANAGEMENT POLICY

States of Jersey Comptroller & Auditor General

Group Risk Management Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Risk Management Framework

Business Continuity Management. Policy Statement and Strategy

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

University of Sunderland Business Assurance Information Security Policy

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

NZ Transport Agency Page 1 of 23

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

V1.0 - Eurojuris ISO 9001:2008 Certified

Bedford Group of Drainage Boards

Risk Management Strategy

Update on Programme Management Controls & Risks

TRUST SECURITY MANAGEMENT POLICY

Northern Ireland Blood Transfusion Service

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Business Continuity Policy and Business Continuity Management System

Module 4. Risk assessment for your AML/CTF program

PART B INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)

Risk Management. Policy

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Compliance Management Framework. Managing Compliance at the University

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Project, Programme and Portfolio Management Delivery Plan 6

APPENDIX 50. Enterprise risk management - Risk management overview

I attach the following documents in response:

Transcription:

COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority provide services to a diverse range of people and organisations, in an ever changing environment. In these circumstances the potential for disruption to services or loss/damage to assets from a vast range of risks is inherent. It is therefore essential that the Authority takes appropriate action to minimise the potential for loss or damage through effective risk management. 1.2 The Authority recognises that risk management is an essential component of effective corporate governance. The process should be continual, embedded within the culture of the Service and provide a focus for the whole of the organisation. 2. POLICY STATEMENT 2.1 Risk management is the process of identifying significant risks to the achievement of the organisations strategic and operational objectives, evaluating their potential consequences, and implementing the most effective way of controlling them. 2.2 The Authority is committed to embedding risk management through effective leadership and the development of a risk aware culture. 3. OBJECTIVES 3.1 Effective risk management will assist the Authority to deliver on its objectives and will ultimately enable the Authority to Have increased confidence in achieving its desired outcomes; Manage threats to acceptable levels; Make informed judgements about embracing new challenges and opportunities; Page 1 of 7

Anticipate and respond to changing social, cultural, environmental, and legislative requirements; (e) Safeguard the employees, the public and others affected by the Authority s activities by preventing injuries, damage and loss. 3.2 These objectives will be achieved by Raising the awareness and integrating risk management into the culture of the organisation; Incorporating risk management into the decision making, business planning and performance management processes; Allocating roles and responsibilities with clear reporting lines; Monitoring risk management and corresponding control arrangements on a regular basis. 4. RISK APPETITE AND RISK TOLERANCE 4.1 The Authority s corporate aims and objectives are influenced strongly by our risk appetite. Risk appetites and tolerances dictate the nature and level of risks that are acceptable. 4.2 Risk appetite represents the risks that we are prepared to take in the delivery of our corporate objectives and fulfilment of our vision 4.3 Risk tolerance represents the threshold of risk that is acceptable based on the capabilities and resources to manage the identified risks. 5. DEFINITIONS 5.1 Risk is the uncertainty of an event occurring that could have an impact on the achievement of objectives. 5.2 Qualitatively, risk is defined as being proportional to the expected impact which can be caused by an event and to the probability of this event occurring. The greater the impact and the more likely the event, then the higher the overall risk. 5.3 Risk = Likelihood of an event x Impact when it occurs 5.4 Residual risk is defined as the exposure arising from a specific risk after action has been taken to manage it and making the assumption that the action is effective Page 2 of 7

6. ROLES AND RESPONSIBILITIES 6.1 Duties of the Combined Fire Authority Appoint a member champion who will act as the advocate to the Authority for effective risk management; Hold the Service Leadership Team (SLT) accountable for the effective management of risk; To ensure that funds and facilities are available to meet the requirements of the risk management policy. 6.2 The Chief Executive has the overall responsibility for County Durham and Darlington Fire and Rescue Service with regard to the implementation of the Service s Risk Management policy, including reference to the following main responsibilities To lead by personal example in their actions and decision making at work, in order to reinforce the principles of effective risk management; To monitor the administration of the policy; To advise the Combined Fire Authority of the development and priorities of significant risks, particularly the allocation of resources required, preventative measures undertaken and any other relevant matters. 6.3 Duties of the Service Leadership Team (e) (f) Ensure the adequate level of resources to implement this policy and any procedures that support its implementation; Monitor and Review the Corporate Risk on a regular basis including the scrutiny of mitigating actions; Take responsibility for risks in their area of responsibility; Identify areas of emerging risk from a local, regional and national perspective; taking cognisance of the National Risk and the Community Risk for County Durham and Darlington; Carry out a full review of review of the Corporate Risk on an annual basis; Ensure corporate risks are focussed on strategic priorities and managed through the IRMP. Page 3 of 7

6.4 Duties of the Service Management Team (Performance) Report to SLT periodically on updates to the Corporate Risk ; Report to SLT on risks that have been elevated from Section Risk s to the Corporate Risk, including patterns of risk, estimated cost to the Service if the risk was realised and the proximity (i.e. the timing of the risk, when it may happen and when its threat will cease); Scrutinise the mitigating actions to address risks; reporting on these actions to SLT on an exception basis; Scrutinise and determine which risks from Section Risk s should be elevated to the Corporate Risk and periodically notifying SLT of any risks that are added to, or removed from, the Corporate Risk. 6.5 Duties of Section Heads Identify and manage risks in their own section; Escalate perceived strategic risks to their Head of Service or SMT (P) for further assessment. 6.6 Duties of the Risk Audit Manager Periodically request the status of each risk from the Risk Owner (or appointed holder). Notification of the change of status of a risk shall be accompanied with information relating to the amended impact on the Service, any changes to the delivery mechanism, mitigating actions, proximity and the residual risk score. The day to day management of the Corporate Risk to ensure all data remains valid. Producing reports to all relevant stakeholders 6.7 Duties of all employees Identify risks in their own area of work Escalate perceived risks to their line manager for further assessment. Page 4 of 7

7. RISK REGISTERS 7.1 Four types of risk register are maintained by the Service: The Corporate Risk is the main register used to control and monitor the strategic risks facing the Service. Risks that are contained within the Corporate Risk are those risks that are identified as Key Business Risks, which comprise circumstances or factors which would have a negative impact on the operation of the Service if they were to occur. The Section Risk maintains risks that have been identified and which can be managed at a section level. Risks managed within each section risk register are not identified as Key Business Risks that need to be monitored through the Corporate Risk. Project Risk s maintain the risks associated with the completion of individual projects that the Service is progressing. Risks at this level are usually managed as part of the ongoing project risk management. If a project risk is deemed to be significant, then it will be escalated to the Section Risk and ultimately the Corporate Risk if required. The Community Risk is maintained by the Joint Emergency Liaison Group. The nature of the Community Risk may result in risks being included within Section Risk s and the Corporate Risk. 8. THE HIERARCHY OF RISK REGISTERS 8.1 Risks within the risk registers can flow vertically between each register as risks are reviewed, identified and re-scored. Risk Management within the Service is dynamic and risks within each register will change as the risk profile changes over time through implementation of mitigating actions or as the environment changes. Section Risk Corporate Risk Project Risk Page 5 of 7

9. IDENTIFICATION AND REVIEW OF RISKS 9.1 The identification of risks to the organisation is a fundamental aspect of the corporate planning cycle. On an annual basis, as part of the Authority s review of strategic priorities, existing risks are reviewed by the SLT and any new risks are identified. 9.2 Whilst the identification of risks by SLT is a fundamental component of risk management, ongoing risk management and risk identification by all managers is essential to the ongoing management of the process. 9.3 The process of risk management will identify significant risks to the Service and communities of County Durham and Darlington, and will help to identify the IRMP projects required to mitigate corporate risks. Corporate Risk New Risks Identified through assessment of Strengths, Weaknesses, Opportunities and Threats to the Service Risk Review Exercise (Part of strategic priority review) Revised Corporate Risk Delivery mechanism of mitigating actions (E.g. Corporate Plan, Integrated Risk Management Plan, etc) Page 6 of 7

10. AUDIT AND REVIEW 10.1 This Policy will be subject to an annual review to ensure that procedures highlighted within, continue to remain current and appropriate. Any recommendations resulting from such reviews will be implemented into the existing policy by a member of the Risk Reduction Section. Risk Audit Manager July 2010 Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information