11. Managing risks and opportunities in Wales

Managing risks and opportunities

We have designed our risk management processes to:

  • maintain a clear framework across the organisation within which risks are identified, assessed, managed and regularly reviewed
  • assign specific responsibility for managing risks in their areas of responsibility to individual Executive Team members (including managing risks to significant projects)
  • ensure that the likelihood and impact of risks are assessed on a consistent basis
  • ensure that existing risks are regularly reviewed and that new risks are identified and managed
  • provide the Chief Executive, the Audit and Risk Committee and the Board with assurance that the risks are being managed appropriately

We identify and evaluate risks by:

  • taking key decisions following consideration of opportunities, risks and associated mitigations, which are separately identified in papers for the Board and those taking delegated decisions
  • considering whether new risks should be added to the organisational risk register, and whether the existing risks’ profiles need to be changed, both as changes are identified and as part of our quarterly review of risk
  • completing a review of risk at the start of each year, to ensure that the organisational risk register captures risk to the delivery of objectives in our Corporate Plan
  • presenting a risk report to each meeting of the Audit and Risk Committee and also annually to the Board
  • identifying risk through our planning process, audit, review of operations and training activities
  • assigning owners to risks who formally review the likelihood, potential impact and the mitigations in place for all risks each quarter subject to review by the Audit and Risk Committee

We are committed to continuously improving our risk management processes and are currently reviewing our procedures to ensure they remain in line with good practice and match our ambitions for this Corporate Plan period.