Risk Management Statement, Strategy and Policy. Index. Risk Management Statement page 2. Risk Management Strategy page 2



Similar documents
Group Risk Management Policy

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Risk Management Policy. Corporate Governance Risk Management Policy

The Risk Management strategy sets out the framework that the Council has established.

How To Ensure That Sovini Is A Successful Business

V1.0 - Eurojuris ISO 9001:2008 Certified

Risk Management Policy

CORP RISK MANAGEMENT POLICY & METHODOLOGY

Risk Management Within an Organisation

MARCH Strategic Risk Policy Update March 2012 v1.10.doc

Risk Management Basics - ISO Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company

RISK MANAGEMENT POLICY

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Risk Management Policy and Framework

RISK MANAGEMENT STRATEGY

Communications Strategy

TRANSPORT FOR LONDON AUDIT COMMITTEE STRATEGIC RISK MANAGEMENT PROGRESS REPORT

RISK AND OPPORTUNITY MANAGEMENT STRATEGY

Risk Management Policy

RISK MANAGEMENT POLICY

Confident in our Future, Risk Management Policy Statement and Strategy

Asset Management Strategy ( )

Relationship Manager (Banking) Assessment Plan

Bedford Group of Drainage Boards

U & D COAL LIMITED A.C.N BOARD CHARTER

PROCESS FOR RISK ASSESSMENT

a) raises the funds required by the Council to meet approved service levels in the most effective manner;

The Gateway Review Process

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

DRAFT V5. PFSC 16/05/2014 Appendix 1. Outline Plan to deliver the County Council s investment property Strategy

University of Sunderland Business Assurance Information Security Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

Project Risk Analysis toolkit

Northern Ireland Blood Transfusion Service

Risk Management Strategy and Guidelines

Annual Governance Statement 2013/14

Risk Management Policy Adopted by:

Audit Committee, 28 November. HCPC Project Risk Management. Executive summary and recommendations. Introduction

Reporting The Project Board shall report to the sponsoring Department political board.

London Legacy Development Corporation s Statement of Risk Appetite September 2015

Corporate Risk Management Policy

ERM Program. Enterprise Risk Management Guideline

Risk Management Policy and Process Guide

Shepway District Council Risk Management Policy

Appendix 15 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

Internal Audit Division

Managing Risk in Procurement Guideline

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Information Security: Business Assurance Guidelines

International Diploma in Risk Management Syllabus

Quality Manual ISO 9001:2015 Quality Management System

Housing Association Regulatory Assessment

Version: 3.0. Effective From: 19/06/2014

The Lowitja Institute Risk Management Plan

POLICY. Number: Title: Enterprise Risk Management. Authorization

Council Meeting Agenda 27/07/15

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

The Trust. Tenancy Management Policy Statement. Version number: 1. Effective Date: April Page 1 of 5

BOARD OF DIRECTORS MANDATE

1.2 The main types of tenancies that the Council can grant are secure tenancies, flexible (secure) tenancies and introductory tenancies.

Wales Procurement Policy Statement

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

University of New England Compliance Management Framework and Procedures

Business Continuity Business Continuity Management Policy

The Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment

Flag A GUIDELINES FOR PREPARING A STRATEGIC PLAN DOCUMENT. 1. Purpose of the Guidelines. 2. Strategy and Results- Framework Document (RFD)

RISK MANAGEMENT POLICY

Information Management Policy London Borough of Barnet

Business Continuity Policy

BUSINESS CONTINUITY POLICY

UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2

Information Governance Policy

The Department for Business, Innovation and Skills IMA Action Plan PRIORITY RECOMMENDATIONS

Governance, Risk and Best Value Committee

IMPLEMENTATION DETAILS

RCT HOMES HOUSING ASSOCIATION JOB DESCRIPTION

Procurement of Goods, Services and Works Policy

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

1.2 To propose governance arrangements and a procedure to allow timely decision making on LEP loans, when there is a lengthy gap between meetings.

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

Programme Governance and Management Plan Version 2

Business Continuity Policy and Business Continuity Management System

Reporting Service Performance Information

Risk Management & Business Continuity Manual

Aberdeen City Council

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Central bank corporate governance, financial management, and transparency

Information Governance Management Framework

A Risk Management Standard

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Information Security Management System (ISMS) Policy

1. Trustees annual report

Eclipx Group Limited Risk Management Policy

HIGH PEAK BOROUGH COUNCIL. Report to the Corporate Select Committee. 19th January 2016

LEVEL 5. Advanced Diploma in Purchasing and Supply. Senior Assessor s Report. July Risk Management and Supply Chain Vulnerability L5-02

Risk Management Guide

Transcription:

Index Risk Management Statement page 2 Risk Management Strategy page 2 Principles of Risk Management Policy page 3 Risk Management in Planning page 3 Scope of Risk Management page 3 Practical Application of Risk Management page 4 Appendix A Risk Mapping Exercise: S.W.O.T page 6 P.E.S.T page 7 Appendix B Definitions of Categories of Risk page 8 Appendix C Likelihood of Risks page 9 Appendix D Response to Risk page 10 Appendix E Risk Register page11 Matrix page 12 HRCS_64_Risk Management Statement, Strategy & Policy Page 1 Approved by Management Board 19/01/07, amendments approved by Board 9/10/08, 10/6/10

1 Risk Management Statement 1.1 ACHA will ensure that risk management plays an integral part in the governance and management of the association at a strategic and operational level. The purpose of a risk management policy is designed to ensure that it achieves its stated business plan aims and objectives. 2 Risk Management Strategy 2.1 ACHA has developed a framework of risk management to identify those risks that will hinder the achievement of its strategic and operational objectives. 2.2 Risks are defined as, uncertain future events that might prevent an organisation from achieving its business objectives. 2.3 Risk Management is however defined as, the culture, processes and structures that are implemented by an organisation to manage potential risks and their adverse effects. 2.4 ACHA will therefore ensure that it has in place the means to identify, analyse, control and monitor the strategic and operational risks it faces using a risk management policy based on good practice in the social housing sector. 2.5 ACHA will ensure that the risk management strategy and policy are reviewed regularly and ACHA s internal audit function will be responsible for ensuring; the risk management policy is applied to all areas of ACHA s business the policy and its operational application are regularly reviewed non compliance with the policy is reported to the Finance and Audit Committee, Chief Executive and Chair of ACHA`s Board of Management. 2.6 ACHA recognises that the Board of Management Members are responsible for the overarching framework of risk management. However, the implementation of the risk management policy is the responsibility of all employees of ACHA. ACHA is therefore committed to the involvement of all staff in the process of risk identification, analysis and control and monitoring. 2.7 ACHA will develop a culture of risk management within the organisation through the inclusion of staff in the process but also the regular provision of training, guidance and communication on risk management. Page 2

3 Principles of the Risk Management Policy 3.1 Risk management should be established and integrated within existing management processes, including corporate planning, performance management and project management. 3.2 Risk management will be used as a tool to ensure that ACHA can respond to the best of its abilities to changing demands, improve its performance and make most effective use of its resources. ACHA also aspires to be an innovative organisation taking calculated risks, which have been identified and evaluated. 3.3 Principles of best practice in risk management will be used to develop ACHA s systems and processes of risk management. 4 Risk Management in planning 4.1 Risk Management will be an integral part of ACHA s corporate planning and decisionmaking processes. Strategic and major operational risks will be identified as part of the Departmental Operational Plans. For new initiatives and projects risk management will be used to inform the decision-making process and also to ensure that approved projects are delivered successfully. 4.2 The identification of risks should be considered at the planning stage so that decisions on future priorities and projects are made with knowledge of the potential risks. 4.3 For approved projects risk management should be included in the implementation plan and post implementation evaluation. The use of risk management at these stages will assist in ensuring effective delivery of the project or service and lessons learned. 5 Scope of Risk Management 5.1 Risks that could affect the medium to long-term goals of ACHA should be considered strategic risks. Risks that will be encountered in the day-to-day delivery of services should be considered operational risks. 5.2 The process of risk management should apply to strategic risks and operational risks, however, ACHA s risk management systems and processes will need to be targeted to achieve maximum benefit without increasing the bureaucratic burden and ultimately affecting service delivery to its tenants. 5.3 ACHA will therefore consider the materiality of risk in developing systems and processes to manage risk through the statement of its appetite or threshold for risk. Page 3

6 Practical Application of Risk Management 6.1 ACHA has developed a standard format for use in the identification of risks, their classification and evaluation. This format is based on a Risk Mapping exercise using a SWOT and PEST analysis. Details are in `Appendix A`. 6.2 Risks although specific to each individual and their role may be grouped into similar generic risks for ease of analysis and management. 6.3 Some risks are within the control of the Association whilst others may be only to a lesser degree. ACHA will therefore take an approach that will identify those risks and classify the risks according to the following categories: Legal Political Reputational Economic/Financial Environmental & Sustainability Impact on People Organisational capacity Definitions of each of these categories are included at `Appendix B` 6.4 Each risk will be assessed as to its likelihood and impact. Both impact and likelihood can be assessed as High, or Low, using the definitions at `Appendix C`. 6.5 An annual operational risk identification exercise using the approach detailed in 6.1 to 6.3 will be carried out by the Senior Management Team and staff prior to revision of the annual strategic plan and business plan. 6.6 ACHA s Board of Management will carry out an annual strategic risk identification exercise using the same approach based on the output of the operational risk identification exercise in 6.4. 6.7 The Board of Management will communicate the strategic risk profile and their threshold to risk to all staff. 6.8 The Chief Executive and Directors will maintain the Risk Map record and propose a risk management response for all risks identified from the Risk Mapping exercise. Existing arrangements to manage risk will be identified and then, depending on the likelihood and impact, a number of responses may be employed: Page 4

Modify, ACHA may take actions or employ strategies to reduce the risk. Accept, ACHA may decide to accept and monitor the risk at the present time. This may be necessary for some risks that arise from external events. Transfer, ACHA may decide to pass the risk on to another party. For example contractual terms may be agreed to ensure that the risk is not borne by ACHA or insurance may be appropriate for protection against financial loss. Eliminate, the risk may be such that ACHA could decide to cease the activity or to change it in such a way as to end the risk. Guidance to the likely responses to risks is defined in `Appendix D`. 6.8 Risk register`s will be established to record all strategic and operational risks that are above ACHA s risk threshold. As part of the register the classification and evaluation of the risk will be recorded, together with the risk management actions proposed and taken and the monitoring mechanism. Each risk will also have a nominated person stated who is responsible for implementing the proposed action, as well as monitoring and managing that risk. A sample form risk register and matrix is at `Appendix E`. Page 5

ACHA SWOT Analysis (strengths, weaknesses, opportunities and threats) Appendix A How can ACHA cope with its operating environment? Do our capabilities internally allow us to tackle external influences effectively? Forward plans should proceed on a sound knowledge of balancing opportunities with the skills we have available to grasp them. Strengths (internal) Weaknesses (internal) Criteria examples Level of competition Presence in the sector Relative and absolute rent levels Cost base Relationship management Financial strength Customer service levels Services provided Quality of governing body members Management team Staff skills and competencies Location and condition of housing stock Information systems Quality of infrastructure Criteria examples Opportunities (external) Threats (external) Changes in legislation Pension cost increases for staff Pressure on HAG availability Availability of private sector lending Regulatory changes Technological change Increased maintenance costs (2015) Changes in interest/inflation rates Increased new build activity involvement Availability of development sites Partnering arrangements Increased lettings choices Diverse customer base Environmental obligations Diversification into new services HRCS_64_Risk Management Statement, Strategy & Policy Page 6 Approved by Management Board 19/01/07, amendments approved by Board 9/10/08, 10/6/10

ACHA PEST Analysis (political / legal, environmental, socio-cultural and technological Appendix B To consider and understand external influences that may affect the organisation, in order that the business strategy can remain on track and is responsive to changes in the environment. (This provides a summary framework of receiving, quantifying and analysing the flow of external information. Identify criteria appropriate to your own PEST situation.) Criteria examples Change in governments Change to housing legislation Change to housing benefit system Change to RTB rules Change to investment/development SHQS Rent influencing Brownfield sites Equality and diversity agenda Environmental stewardship Sustainability Value for money Criteria examples Demographic change Migration People s expectations Consumerism Rural services Crime and Anti social behaviour Training and education Abandonment Political/Legal Economic Criteria examples Flexibility of Labour market Performance of stock market Need to fund pension costs Interest rate fluctuations Inflation/deflation Unemployment levels Competition for funding/hag/ private Stability of private funders Availability and stability of contractors Comparative tenure costs Diversification Poverty and deprivation Socio-cultural Technological Criteria examples Energy efficiency requirements ICT dependency Building standards Partnering Shared services E-government Accessibility of information to diverse groups Systems development and complexity Page 7

Definitions of Categories of Risk Appendix B Legal Legal risks are the risks associated with changes in legislation affecting the business operations of ACHA. Political Political risks are the risks arising from changes in the Political environment both local and national affecting ACHA s business. Reputational Reputational risks are the risks to the reputation or standing of ACHA in the local or national community and the wider Social Housing sector. Economic/Financial Economic or financial risks are risks that may impact on the finances of ACHA, in terms of either income or expenditure. Environmental & Sustainability Environmental and sustainability risks are those that might impact on the local economy or the local environment. Impact on People People risks are risks arising that could affect individuals or communities. This includes: Tenants Owner-occupiers Members Staff. This includes health & safety. Operational capability risks are risks that might impact on ACHA s ability to deliver its services to the required standards. This could include matters relating to assets and technology. HRCS_64_Risk Management Statement, Strategy & Policy Page 8 Approved by Management Board 19/01/07, amendments approved by Board 9/10/08, 10/6/10

Likelihood of Risks Appendix C For each risk the likelihood needs to be identified. Whether the likelihood is High, or Low will influence the risk management response. The following definitions should be applied. Note that an appropriate timescale needs to be considered, depending on the function to which the risk relates. For example, for annual plans & strategies it is likely to be most appropriate to consider the likelihood of risks occurring in the year. For projects extending over different time periods it is appropriate to consider likelihood over the lifetime of the project. For very long-term projects it is probably best consider likelihood over the different phases of the project. Where there is base data to identify the likelihood of risk then this should be used. The following definitions are based on the Risk Management Standard issued by ALARM (The Public Management Association), AIRMIC (Association of Insurance and Risk Managers) and IRM (Institute of Risk Management). High Likelihood Probable - Likely to occur each year, or during the lifetime of the project. Likelihood Possible Likely to occur in a ten-year time period. Low Likelihood Remote not likely to occur in a ten-year period. HRCS_64_Risk Management Statement, Strategy & Policy Page 9 Approved by Management Board 19/01/07, amendments approved by Board 9/10/08, 10/6/10

Response to Risk Appendix D Once risks have been identified as `High, or Low` for both Impact and Likelihood, a risk management response needs to be planned. The level and type of response will be determined by: the level of risk, the ease and cost of mitigation strategies, and the nature of the risk. The following table is based upon ACHA s appetite for risk `. Impact Likelihood Risk Management Response Impact Likelihood Risk Management response High High High High Modify, Transfer, Eliminate High Low Low Modify, Accept, Transfer or Eliminate Low High Low Accept Low Low Note: This guide sets out ACHA s overall appetite for risk. In each case there will need to be a judgment made by management whether this is appropriate. HRCS_64_Risk Management Statement, Strategy & Policy Page 10 Approved by Management Board 19/01/07, amendments approved by Board 9/10/08, 10/6/10

Risk Register and Matrix Appendix E Risk areas/risk identified Likelihood of occur. (score) Severity of impact (score) Overall or "gross" risk Control procedure Revised Likelihoo d of occur. (score) Revised Severity of impact (score) Retained or "net" risk score Monitoring process Resp. Further action required Date of review 1 Factoring Service - Engagement with Owners a particularly difficult, issue as owner consensus required as opposed to enforcement. (3) High (4) High (7) Continue to review policy & Procedure, comply with requirements and report to SMT & Board (3) (3) (9) Performance indicators & financial checks Finance Department Continue to review policy & Procedure and reporting to SMT & Board Annually 2 Reputational Damage - From time to time, business decisions will require to be taken which may have a reputational impact to the association. High (4) High (4) High (8) Open communication and transparency (3) (2) (6) All media liaison through CE or delegated representative SMT / Board of Management Continue to provide press updates and publish good news stories Monthly Risk Matrix HRCS_64_Risk Management Statement, Strategy & Policy Page 11 Approved by Management Board 19/01/07, amendments approved by Board 9/10/08, 10/6/10

catastrophic major 1 2 Impact moderate minor Line of Tolerance insignificant insignificant minor moderate major catastrophic Likelihood Page 12

Page 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information