We have designed our risk management processes to:
maintain a clear framework across the organisation within which risks are identified, assessed, managed and regularly reviewed
assign specific responsibility for managing risks in their areas of responsibility to individual Executive Team members (including managing risks to significant projects)
ensure that the likelihood and impact of risks are assessed on a consistent basis
ensure that existing risks are regularly reviewed and that new risks are identified and managed
provide the Chief Executive, the Audit and Risk Committee and the Board with assurance that the risks are being managed appropriately
We identify and evaluate risks by:
taking key decisions following consideration of opportunities, risks and associated mitigations, which are separately identified in papers for the Board and those taking delegated decisions
considering whether new risks should be added to the organisational risk register, and whether the existing risks’ profiles need to be changed, both as changes are identified and as part of our quarterly review of risk
completing a review of risk at the start of each year, to ensure that the organisational risk register captures risk to the delivery of objectives in our Corporate Plan
presenting a risk report to each meeting of the Audit and Risk Committee and also annually to the Board
identifying risk through our planning process, audit, review of operations and training activities
assigning owners to risks who formally review the likelihood, potential impact and the mitigations in place for all risks each quarter subject to review by the Audit and Risk Committee
We are committed to continuously improving our risk management processes and are currently reviewing our procedures to ensure they remain in line with good practice and match our ambitions for this Corporate Plan period.