RiskMate Implementing a solution that drives effective governance

Content

Introducing risk appetite through effectively defining risk.

Using a Board Assurance Framework

Riskmate – web hosted delivery of what matters most

Key facilities

Risk reporting essentials

- The executive dashboard

- Risk profiling, management and action prompts

- Project risk

Management of associated risk information

- Incident reporting

- Whistle-blowing

- Freedom of Information requests

Repositories for Policy, Procedures and Sources of Assurance

The concept

Real time information

Focused on what matters

Structured identification of risk appetite

Risk reporting above risk appetite

Direct presentation into a meeting

No more ‘clunky’ spreadsheets

Administrative efficiency

Active engagement with risk

Enabled risk management

embedded throughout the

organisation

Assurance?

The link to risk appetite of the organisation.

IMP

AC

T O

N B

US

INE

SS

Critical

4 4 8 12 16

9+: Unacceptable level of risk

exposure, which requires extensive

management

Major

3 3 6 9 12

Moderate

2 2 4 6 8

6 – 8: Risk management measures

need to be put in place and monitored

Minor

1 1 2 3 4

3 - 4: Acceptable level of risk subject

to regular monitoring

Almost

Never

1

Unlikely

2

Likely

3

Almost

Certain

4

1 – 2 Acceptable level of risk subject

to regular monitoring

LIKELIHOOD OF OCCURING

RISK APPETITE

Corporate Risk Rating must reflect a transparent

understanding of the risk appetite of the Board

A

B

The basis for risk appetite - a common

understanding and therefore definition is

fundamental.

Rating/

Category

High Medium Low

Description Potential catastrophe or disaster with major implications for continuity of

business

Potential incident which will distract management in

the shorter term

Disturbance which if it were to occur would be dealt with through

established operational procedures

Health and Safety Loss of human life Serious injury May lead to increase in total reportable accidents or injuries

Environment Contained contamination off client site Complaint within client

Customers/Public High profile incident that causes loss of confidence in client by effected

groups

Incident that has a detrimental effect on a single

customer or small group of interested parties

Incident that can be handled quite satisfactorily by standard

complaints procedures

Organisational Incident causes senior management to divert from Corporate Plan and

may lead to re-structuring of organisation

Incident may lead to dismissal of staff member(s) Incident leads to rewriting of procedures to ensure that incident

should not re-occur

People (staff) Incident causes major loss of staff satisfaction that could result in low

morale that impacts on achievement of clients business objectives or

significant increase in staff turnover

Incident is of nature that leads to insurance claim or

potential employment tribunal

Incident leads to staff complaint that can be handled within

standard complaints procedures

Reputation Incident leads to significant negative publicity in national/international

media that may have implications for non executive directors or

stakeholders

Incident leads to negative publicity in local media

which is of a short term nature

Incident will cause short term embarrassment to or dissatisfaction

with Chief Executive or members of the senior management team

Financial Additional costs incurred or loss of income that would cause client to

take action beyond use of existing reserves or planned approved

borrowing

Additional costs incurred or loss of income that

causes in year performance issues to be raised in

relation to annual report and accounts

Additional costs or loss of income less than 1% of individual

budget head or £10k

Resources Action plan to deal with circumstances will require significant new

investment in premises, equipment or staff ( impact not just financial)

Action plan to deal with circumstances will require

short term lease or hire of premises, equipment or

staff

Action plan will require temporary reassignment of existing

resources which in unlikely to cause greater than low risk issues

in any of the above categories

Operational Activity Specific to sector Specific to sector Specific to sector

Board Assurance Framework

Strategic Objectives

Key inherent risks to non achievement of corporate objectives

Identification of ‘Never Events’

Primary Controls to manage risks and ensure achievement of objectives

Residual risks <=>risk appetite

Sources of Assurance

Gaps in control

Management actions to close gap, by when and by who

The need for independent assurance

Focus on “What really matters!”

The link to RiskMate

Aligned with BAF

Line of defence – policies and key controls, assurance sources and independent

advice.

Corporate

objective

PRINCIPAL

Inherent

Risk

Inherent

Risk rating

Policies,

Procedures

and

Controls

Residual

Risk

rating

Assurance Gaps, Action,

Responsibility

and timescale

Independent

assurance

Imp

act

Likeliho

od

Imp

act

Likeliho

od

Financial

stability

Budget

overspend

Approved

procedures

Management

Accounts

None Internal Audit?

Health and

safety

Gas explosion System of

routine gas

inspection

Data on Board

intranet to

confirm 100%

Cases noted of out

of date inspection

(Risk tolerance)

Independent

review of gas

safety contract?

The Executive Dashboard

Current position view

Trend analysis

Change profiling

Control valuation to target

critical risk profile

Extreme risks

Outstanding actions

At a glance awareness

With ‘click’ functionality

- which risk

- ratings

Trend analysis

- movers?

- profile

Movement tracking

- inherent level

- residual level

Alignment with other Risk Management

information sources

Project risk

Management of associated risk

information

- Incident reporting

- Whistle-blowing

- Freedom of Information requests

Repositories for Policy,

Procedures and

Sources of Assurance

Aligned reporting linked to action

management and risk definitions

User management

Structured use and control

- Administrator

- Risk Manager

- Risk Owner

Flexible inclusion for all

levels of management

Department and user

based functionality

Real time access

E mail prompts

- Risk review

- Action management

Focused reporting to support

management need

Flexible reporting

- Period

- Business Unit

- Category

- Risk owner

Daily trend analysis

Information transfer

Additional key features

Project risk management

Incident reporting

Complaints handling

Freedom of Information request tracking and reporting

Repository and administration for all policies and procedures

Web hosted technology

Web hosted technology

Graded pricing mechanism

Annual licence fee

- Automatic software updates

- User Group

- Technical support

Monthly user fee

- Relative to size of business

and users

London and Home Counties

MCH House

Gillingham Business Park

Gillingham

Kent

ME8 0PZ

T: 01634 334697

Gateway Assure is a social enterprise which provides a range of assurance based services to organisations throughout

the UK economy. With an ethos of adding value through the deployment of experienced professionals we can contribute

to your organisations success through providing the following services:

Internal Audit Business Consulting Programme/Project Management

Risk Consulting Governance Facilitation Training Executive Coaching

Anti Fraud advice and investigations EQA for internal audit IT Audit

Contact Gateway Assure through our website - www.gatewayassure.com

Place effective risk management at the centre of your organisations governance processes – using RiskMateTM will make risk awareness a reality and contribute to your success. A free one month trial is available through the firm’s website or go to www.riskmate.uk

.