ICSH Guidance Document: Preparing a Risk Register/ Risk Management Plan

Similar documents
RISK MANAGEMENT MATRIX FOR ACADEMIES. Contents. Introduction. Mission/objectives. Law and regulation. Governance and management.

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

A guide for members APES 325 Risk Management for Firms

APPLICABLE TO: Flow Systems Group and all employees. Risk Management

Risk assessment. made simple

Risk assessment. made simple. sayer vincent consultants and auditors. Introduction 3. step1 Identifying the risks 4. step2 Assessing the risks 7

Shepway District Council Risk Management Policy

RISK MANAGEMENT STRATEGY

Certificate IV in Property Services (Real Estate) CPP Unit Descriptions & Evidence Required to Demonstrate Competency

Risk Management Policy and Framework

How To Ensure That Sovini Is A Successful Business

Charities & Not for Profit Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

The Lowitja Institute Risk Management Plan

PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE INTRODUCTION. 1 What is Risk?

RISK MANAGEMENT. Authors: Phil McNaull / Lorraine Loy Approved By: PME and Court Date: December 2008 Version: 4.0 1

Risk Management. Risk Policy and Procedures. Risk Management Framework

Published by the National Regulatory System for Community Housing Directorate. Document Identification: /NRSD. Publication date: January 2014

Guidance notes: Financial Planning & Managing Risk

Bridgend County Borough Council. Corporate Risk Management Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Pillar 3 Disclosures:

Risk Management Programme Guidelines

RISK MANAGEMENT STRATEGY

Risks and uncertainties

Approved by Management Committee 24/03/11 Strategy Document

Core Infrastructure Risk Management Plan

The PNC Financial Services Group, Inc. Business Continuity Program

RISK MANAGEMENT AND COMPLIANCE

Risk Management Policy

OSCR CASE STUDY. One Plus: One Parent Families

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

The Risk Management strategy sets out the framework that the Council has established.

Reputation, Brand & Communications

Data Protection Act. Conducting privacy impact assessments code of practice

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Principal risks and uncertainties

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

LHT S ASSET MANAGEMENT STRATEGY It s My Home

AFTRS Health and Safety Risk Management Policy

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Risk Methodology. Contents. Introduction The Risk Management Structure The Risk Management Cycle Methodology...

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

The Trust. Debt Write off Policy. Neighbourhood Management Team. Draft: Final. Effective Date: July Affected Teams: All

Risk Management Guide

Business Continuity Policy and Business Continuity Management System

Operational Risk Management Policy

Northern Ireland Blood Transfusion Service

Health, Safety and Environment Management System

Best Practices module

Queensland State Emergency Service Operations Doctrine

APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1

RISK MANAGEMENT PLAN APRIL M:\MAPPS\RiskManagementPlanApr10.doc Page 1 of 5

Any business relationship between a bank and another entity, by contract or otherwise

Bedford Group of Drainage Boards

Procurement of Goods, Services and Works Policy

Litigation schemes and proof of debt schemes: Managing conflicts of interest

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

Risk Management Framework

Risk Management How to manage your brand & build business resilience to improve your bottom line

Risk Management Strategy

Contract Management Guideline

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

COMPLIANCE CHARTER 1

Risk Policy and Risk Management Procedures

Operational Risk Publication Date: May Operational Risk... 3

BARRAMUNDI L IMITED RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Guide to Business Planning

INFORMATION TECHNOLOGY SECURITY STANDARDS

Glossary 2. About this chapter About risk management 7

Charities and Risk Management

Council Policy Business Continuity Management

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

Operational Risk. Corporate governance. Contents

JOB DESCRIPTION ASSET STRATEGY OFFICER (COMPLIANCE) This post is covered by National Joint Council {NJC} conditions of service.

Housing Association Regulatory Assessment

Integrated Risk Management Policy

Page 1 of 24. To present the Asset Management Policy 2014 for Council adoption.

Business Continuity and Disaster Planning

CONSULTATION PAPER Proposed Prudential Risk-based Supervisory Framework for Insurers

The PNC Financial Services Group, Inc. Business Continuity Program

Regulatory Standards of Governance and Financial Management

Risk Management Framework

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

ASTRAZENECA GLOBAL POLICY SAFETY, HEALTH AND ENVIRONMENT (SHE)

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team

Position Description

ERM Program. Enterprise Risk Management Guideline

Cernach Housing Association Factoring Policy

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK

Operational Risk. The new FSA requirements. Contents. February 2004

Council Meeting Agenda 27/07/15

Internal controls Guidance for trustees

Consequence Management

Business Continuity Plan Toolkit

RISK MANAGEMENT POLICY

Business Continuity Planning Manual. Version 1

Title: Rio Tinto management system

RISK MANAGEMENT STRATEGY AND FRAMEWORK

POLICY : CORPORATE RISK MANAGEMENT

Transcription:

ICSH Guidance Document: Preparing a Risk Register/ Risk Management Plan What is a Risk Register? A Risk Register is a document which outlines the potential threats to the ongoing operation of an organisation, and what mitigation measures are in place to minimise the likely occurrence of these threats. Why do we need a Risk Register? The purpose of a Risk Register is to allow a housing association identify, record and attempt to mitigate any potential risks to the organisation. It also allows them to assign ownership of that risk to individuals within the organisation to develop and track mitigation strategies. How do we prepare a Risk Register? Housing Associations should assess risks that can occur at regular intervals, and these should be discussed to ensure that proper mitigation measures are taken. In general the process for preparing a risk register is as follows: 1 2 3 4 5 Establish the context What are the most likely threats to the operation of the Association? Identify the risks What can happen and how can it happen? Analyse the risks What is the likelihood and consequences of the risk occurring? Evaluate the risks Assess the major and minor risks for mitigation measures Treeat the risks Develop mitigation measures where risks can be treated When the Board is satisfied that a comprehensive risk assessment has taken place, a Risk Register should be finalised. This contains the naming (categorisation) of the risk itself, as well as recording the likelihood of its occurrence, possible consequences (ranked low to high), possible mitigation strategies and finally, where the risk is deemed of material threat to the Association, assigning ownership of the risk to an individual within the organisation.

Sample headings for a risk register are contained below and each is explained in turn over the following pages. Category of Risk Actual Risk Likelihood of occurrence Potential Impact Mitigation measures Person responsible Category of Risk Categorisation of risk involves the clustering of risks into standard, meaningful and actionable groupings. Risks relate to both the internal structures, operations and governance of the organisation as well as the external interaction with stakeholders and susceptibility to events outside of the control of the organisation. Risk categories should support the initial identification and presentation of risks. The following risk categories are an example which could be used. Actual Risk Governance and Compliance Strategic Advancement Finance & Funding Human Resources Operational Management Actual risk refers to any specific threat that could occur in an area of the organisation. These can relate to both the internal and the external environment, and can also relate to those that can be mitigated against and those that cannot. Depending on the size of your organisation, risks may be identified in some or all of the following areas: Internal Financial management, for example: Viability / liquidity Fraud control Reducing / insufficient income streams Income loss Poor cost control Insurances not kept up to date Human Resources, for example: Succession planning Poor staff supervision and performance appraisal Staff turnover/ headhunted by competitor Excessive work load and poor staff morale / staff burn-out Difficulties in recruiting suitable staff Property management, for example: Inappropriate stock External Funding, for example: Changes in funding agreement Shortfalls in funding programs Regulatory environment, for example: Changes in regulatory framework Negative registration reports No internal systems to proactively manage all the factors that drive the performance of the organisation Reputation, for example: Public and community perception of the Association

Contractors fail to perform maintenance contract / Poor response time by contractors Stock transfer liabilities Asbestos Aging / poor quality stock Legislation compliance, for example: Privacy Act- Corporations Act / relevant Incorporation legislation Anti-discrimination / Disability Services Act OHS Meeting tax requirements Corporate governance, for example: Lack of appropriately skilled board members Volunteer / board member burn out Board turnover Board fails to appraise CEO performance Conflict on the board Conflicts of interest not managed effectively Difficulty recruiting to the board Director s insurance not kept up to date Policies and procedures not reviewed Board lacks a value based framework Housing management, for example: Poor arrears control Increasing proportion of tenants with complex needs Duty of care to tenants is not met Tenants / Applicants grievances and appeals Tenants mix unbalanced Information technology, for example: IT not sufficient for expanded organisation IT not able to produce registration monitoring data IT performance date disaster recovery plan Negative comments from press or politicians Competition, for example: Losing opportunities to grow Other providers Unexpected rapid growth Partnerships, for example: Risks from failed partnership arrangements Risk of conflict with partners Natural disasters, for example: Flood, hail storms etc Lacks a business continuity plan Likelihood of Occurrence This refers to how likely the risk is to actually materialise, and is a value judgement based on assessing any information available regarding the risk. For example this might it include whether it occurred in similar organisations before, or whether other organisations are planning for its occurrence. This can be quantified on a scale of one to five whereby one signifies that it is highly unlikely to occur and five signifies it is very likely to occur. 1 2 3 4 5 Highly unlikely to Unlikely to occur Neutral Likely to occur Very likely to occur occur

Potential impact This relates to how serious the impact would be if the threat did actually occur. Risks that are potentially more damaging to the organisation will have to be monitored more closely with mitigation measures/ contingency plans in place for their occurrence if the risk s deemed to have a credible likelihood of occurring. 1 2 3 4 5 Superficial Limited damage Neutral Damaging Extremely damage damaging Mitigation Measures A risk rating can be developed which adds (or multiplies) the likelihood of occurrence and the potential impact, with scores over a certain number being assigned to individuals for monitoring and the development of mitigation measures where possible. Mitigation measures refer to any strategies/ plans that are in place in the event of a risk to the organisation occurring. While organisations will never be able to totally eliminate all risks relating to its operation, it can develop certain strategies in the event of certain threats occurring, particularly if they would be particularly damaging to the operation. Person Responsible This refers to the assigning of the risk to an individual (or group) within the organisation to monitor the risk. How often does it have to be renewed? The plan should be updated whenever is necessary, as additional risks are identified or where changes to the level/ likelihood of existing risks occur. Sample Completed Risk Register Template Category of Risk Compliance and Governance Actual Risk Noncompliance with requirement s under CRO, VRC, Charities Regulator Reputationa l as a result of removal from Likelihood of occurrence Potential Impact 2 More severe oversight; auditing; loss of funding; reputational damage; loss of approved status. Damage to organisations image: Loss of funds Mitigation measures Keep up to date with all developments; Ensure administrative requirements for compliance are dealt with in a timely manner. ABC Housing depends on its good reputation to access donations, and any damage to this Person responsible Staff Board

websites, registers etc could severely impact this. Strategic Advancement Damage to public image as a result of negative publicity Fundraising decrease Damage to public image of the organisation Impact on services and development plans Ensure that relationships with local papers etc are proactive and showcase the good work of the Association. Building of relationships with those who donate i.e. Thank You cards. Continuous development of new fund-raising initiatives. Finance and Funding Operational Management Viability Insufficient sinking fund Units fall into disrepair Damage caused by tenants Closure of Association due to unsustainabilit y. Failure to carry out planned maintenance Higher cost of maintenance Higher maintenance cost Periodic review of spending and auditing of accounts. Although we can be impacted by external changes in the operating environment, robust internal reporting structures mean that there is little risk of a sudden liquidity issue. Review and build up sinking fund over time Inspections; Caretaker working with tenants; Tenants have been encouraged to take ownership of their space and as a result they are generally kept in an excellent state of repair. The main mitigation measures here are the tenant-landlord relationships in place which mean Caretaker

Human Resources Rent arrears Excessive void periods Staff turnover results in loss of skills/ knowledge Loss of revenue and deterioration of landlordtenant relations Loss of revenue Loss of knowhow effects the running of the organisation. that tenants feel part of the Association and would not intentionally damage it. We also have a repairs policy which assigns responsibility of repairs depending on their nature. Each tenant is issued with a rent book. Rent collection policy in place and tenants aware of their responsibilities. Due to demand for services this is a low risk, but one that needs to be monitored given potential impact to revenue. Keep written policies. Succession planning: younger staff taking more control and responsibility for day-to-day running of Association.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information