RISK MANAGEMENT STRATEGY AND POLICY

Transcription

1 NEWPORT COMMUNITY SCHOOL PRIMARY ACADEMY Date Adopted: 12 th July 2012 Author/owner: Resources Committee Anticipated Review: Ongoing RISK MANAGEMENT STRATEGY AND POLICY Risk Management Strategy The Governing Body first approved the Risk Management Strategy in July 2012; it explains how the Academy plans to achieve compliance with the requirements of Academies Financial Handbook. The strategy is reviewed and amended, if appropriate, on an annual basis by the Governing Body Risk Strategy Objective The Academy follows good practice in Risk Management as given in the Academies Financial Handbook, and is endeavouring to fully comply with DfE and EFA requirements. Risk is the threat or opportunity that an action or event will adversely or beneficially affect the Academy's ability to meet its objectives. The Academy's view of acceptable risk is based on a balanced view of all the risks in its operating environment. It aims to ensure an appropriate balance between risk aversion and opportunity and gains. Risks are prioritised drawing on qualitative and quantitative measures. The strategy to achieve this is: A Resources Committee has been established to oversee the Risk Management process as a whole, on behalf of the Governing Body. A Risk Policy has been approved in July 2012 and will be reviewed annually. It will be communicated and applied throughout the Academy. O Drive / Academy Policies / Risk Management Strategy and Policy 1

2 The fundamental risks affecting the Academy have been identified and quantified in July 2012 ensuring that the full scope of the Academy's activities are covered. The extent and categories of the risks that the Academy regards as acceptable have been reviewed. Arrangements to manage fundamental risks have been put in place and the effectiveness of those arrangements has been examined. Where risk management is judged weak or limited in effect, controls have been and will be enhanced. Responsibility for the management of risks has been allocated. The review of risks and their management has been and will continue to be carried out at least annually. Risk Management will continue to be embedded in the operation of the Academy and be part of its culture by action such: as raising awareness through workshops, training and communications: documentation of risk assessment in decision-making; review of risk management arrangements; monitoring and independent assurance by internal audit; anticipation of risks by early warning mechanisms; promoting at high level; and so on. O Drive / Academy Policies / Risk Management Strategy and Policy 2

3 Risk Management Policy The Governing Body first approved the Risk Management Policy in July 2012; it explains the Academy's underlying approach to risk management. It gives key aspects of the risk management process, and identifies the main reporting procedures. The policy is reviewed and amended, if appropriate, on an annual basis by the Resources Committee Purpose 1. This risk management policy (the policy) forms part of the Academy's internal control and governance arrangements. 2. The policy explains the Academy's underlying approach to risk management. It gives key aspects of the risk management process, and identifies the main reporting procedures. 3. It describes the process the Governing Body will use to evaluate the effectiveness of the Academy's internal control procedures. Approach to Risk Management 4. The following key principles outline the Academy's approach to risk management: As the principal executive and policy-making body of the Academy the Governing Body are responsible for risk management The Governing Body are responsible for maintaining a sound system of internal control that supports the achievement of policies, aims and objectives, while safeguarding the public and other funds and assets for which it is responsible, in accordance with the Statutes and the Financial Memorandum with the DfE. There should be an open and receptive approach to solving risk problems The Resources Committee advises the Governing Body on risk management The School makes conservative and prudent recognition and disclosure of the financial and non-financial implications of risks The Head is responsible for encouraging and implementing good risk management practice within the Academy Early warning mechanisms will be put in place and monitored to alert the Academy so that remedial action can be taken to manage any potential hazards Role of the Governing Body 5. The Governing Body has a significant role to play in the management of risk. Its role is to: Set the tone and influence the culture of risk management within the Academy. This includes: o determining whether the Academy is 'risk taking' or 'risk averse' as a whole or on any relevant individual issue o determining what types of risk are acceptable and which are not o setting the standards and expectations of staff with respect to conduct and probity Determine the appropriate risk appetite or level of exposure for the Academy Determine the Academy's risk prioritisation protocol Approve major decisions affecting the institution's risk profile or exposure Monitor the management of fundamental risks Satisfy itself that the less fundamental risks are being actively managed, with the appropriate controls in place and effective Review annually the Academy's approach to risk management and approve changes or improvements to key elements of its processes and procedures Role of Head Teacher and Senior Leadership Team 6. Key roles of Head Teacher and Senior Leadership are to: Implement policies on risk management and internal control. Identify and evaluate the fundamental risks faced by the Academy for consideration by the Resources Committee Provide adequate information in a timely manner to the Resources Committee on the status of risks and controls. Assist the Resources Committee to undertake an annual review of risk management and the effectiveness of the system of internal control. O Drive / Academy Policies / Risk Management Strategy and Policy 3

4 Embedding Risk Management as Part of the System of Internal Control 7. The system of internal control incorporates risk management. It encompasses a number of elements that together facilitate an effective and efficient operation, enabling the Academy to respond to a variety of risks. These elements include: Policies and Procedures Attached to fundamental risks are a series of policies that underpin the internal control process. The policies are set by Governing Body. Written procedures support the policies where appropriate. Strategic Planning and Budgeting The strategic planning and budgeting process is used to set objectives, agree action plans, and allocate resources. Progress towards meeting strategic plan objectives is monitored regularly. High Level Risk Framework (fundamental risks only) This framework is compiled by the Governing Body and helps to identify, asses, and monitor risks significant to the Academy. The risk register is revised formally annually but emerging risks are added as required, and improvement actions and risk indicators are monitored regularly. School and Department Risk ffameworks The Resources Committee and Head Teacher develop and use this framework to ensure that risks in Academy are identified, assessed and monitored. The risk register is revised formally annually but emerging risks are added as required, and improvement actions and risk indicators are monitored regularly. Resources Committee The Resources Committee reports to Governing Body on internal controls and alerts Governing Body on any emerging issues. In addition, the Resources Committee oversees internal audit, external audit and management as required in its review of internal controls. The Resource Committee should provide advice to the Governing Body on the effectiveness of the internal control system, including the Academy's system for the management of risk. Internal Audit Programme Internal audit is responsible for aspects of the annual review of the effectiveness of the internal control system within the Academy. The internal audit strategy will be developed around the Academy's objectives and use the assessment of the fundamental risks. The work programme should include an assessment of the effectiveness of the risk management process. External Audit External audit informs the Resources Committee on the operation of the internal financial controls reviewed as part of the annual audit. Third party reports From time to time, the use of external consultants may be appropriate in areas such as health and safety, and human resources etc. The use of specialist third parties for consulting and reporting can increase the reliability of the internal control system. 8. Governing Body's Annual Review of Effectiveness The Governing Body, advised by the Resources Committee, will undertake an annual review to consider: whether risk management continues to be linked to the achievement of the Academy's objectives; the appropriate risk appetite or level of exposure for the Academy as a whole; whether risk review procedures cover fundamental reputational, governance, staff, teaching, operational, compliance, pupil experience, property, financial and other risks to achieving the Academy's objectives; whether risk assessment and risk-based internal control are embedded in ongoing operations and form part of its culture; changes in the nature and extent of fundamental risks and the Academy's ability to respond to changes in its internal and external environment since the last assessment; the scope and quality of management's on-going process of monitoring the system of internal control including such elements as the effectiveness of internal audit and other assurance functions; the extent and frequency of reports on internal control to Governing Body and whether this is sufficient for Governing Body to build up a cumulative assessment of the state of control and effectiveness of risk management; the incidence of any fundamental control failings or weaknesses identified at any point within the year and the impact that they have had or could have on financial results; the effectiveness of the Academy's public reporting processes; O Drive / Academy Policies / Risk Management Strategy and Policy 4

5 the effectiveness of the overall approach and policy to risk management and whether changes or improvements to processes and procedures are necessary. 9. Risk Management Scoring & Risk Register The Resources Committee and Senior Leadership Team will use the guidance in Appendix 1 when assessing the impact and likelihood of risks. The guidance will be reviewed annually to ensure the Governing Body are setting the appropriate level of risk appetite. The Governors consider risks with a Score of 9 or above should be acted upon by putting additional control measures in place if it is cost effective to do so. If it is deemed not to be cost effective to put certain control measures in place, the reasons should be recorded on the risk register In some instances if, the overall score is lower than 9, the Senior Leadership Team or Resources Committee may wish to put in place additional controls where for example the risk is to health and safety which has a high impact but a low likelihood of taking place. The Risk Register will be kept on the Leadership Drive The Risk Register will be saved with the month & year of amendment stated in the file name The Risk Register will be electronically archived and a new version with current date saved to ensure there is a complete audit trail of changes. O Drive / Academy Policies / Risk Management Strategy and Policy 5

6 Appendix 1 1 Negligible NEWPORT COMMUNITY SCHOOL PRIMARY ACADEMY RISK SCORING GUIDE Guidance for assessing impact and likelihood of risks Assessment of Impact / Severity Financial Reputation Stakeholders Customers Contained within the individual service area Affects only 1 group of stakeholders Minimal impact or service disruption to customers. Contained within service area 2 Minor 1,000 10,000 Affects significant number of the service areas but with transient impact Affects more than 1 group of stakeholders Minor impact to customers and customer dissatisfaction. Limited service disruption 3 Moderate 10,000 50,000 Receives significant attention from within the organisation with potential to reach the public domain Affects 2-3 groups of stakeholders Moderate impact to customers and customer dissatisfaction. Moderate service disruption 4 Major 50, ,000 Receives local press attention with immediate but not sustained impact Affects 4-5 groups of stakeholders Significant service disruption and customer opposition. Threat of legal action 5 Catastrophic Over 200,000 Receives national / international attention with potential for persisting impact Affects more than 5 groups of stakeholders Major service disruption. Significant customer opposition. Legal action. Long term public memory Assessment of Likelihood 1 Very unlikely Unlikely to occur but not impossible 2 Possible Less likely to occur than not to occur 3 Possible/Probable Equally as likely to occur as not to occur 4 Probably More likely to occur than not to occur 5 Very likely Very likely though not certain to occur O Drive / Academy Policies / Risk Management Strategy and Policy 6