Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
RiskMate Implementing a solution that drives effective governance
Content
Introducing risk appetite through effectively defining risk.
Using a Board Assurance Framework
Riskmate – web hosted delivery of what matters most
Key facilities
Risk reporting essentials
- The executive dashboard
- Risk profiling, management and action prompts
- Project risk
Management of associated risk information
- Incident reporting
- Whistle-blowing
- Freedom of Information requests
Repositories for Policy, Procedures and Sources of Assurance
The concept
Real time information
Focused on what matters
Structured identification of risk appetite
Risk reporting above risk appetite
Direct presentation into a meeting
No more ‘clunky’ spreadsheets
Administrative efficiency
Active engagement with risk
Enabled risk management
embedded throughout the
organisation
Assurance?
The link to risk appetite of the organisation.
IMP
AC
T O
N B
US
INE
SS
Critical
4 4 8 12 16
9+: Unacceptable level of risk
exposure, which requires extensive
management
Major
3 3 6 9 12
Moderate
2 2 4 6 8
6 – 8: Risk management measures
need to be put in place and monitored
Minor
1 1 2 3 4
3 - 4: Acceptable level of risk subject
to regular monitoring
Almost
Never
1
Unlikely
2
Likely
3
Almost
Certain
4
1 – 2 Acceptable level of risk subject
to regular monitoring
LIKELIHOOD OF OCCURING
RISK APPETITE
Corporate Risk Rating must reflect a transparent
understanding of the risk appetite of the Board
A
B
The basis for risk appetite - a common
understanding and therefore definition is
fundamental.
Rating/
Category
High Medium Low
Description Potential catastrophe or disaster with major implications for continuity of
business
Potential incident which will distract management in
the shorter term
Disturbance which if it were to occur would be dealt with through
established operational procedures
Health and Safety Loss of human life Serious injury May lead to increase in total reportable accidents or injuries
Environment Contained contamination off client site Complaint within client
Customers/Public High profile incident that causes loss of confidence in client by effected
groups
Incident that has a detrimental effect on a single
customer or small group of interested parties
Incident that can be handled quite satisfactorily by standard
complaints procedures
Organisational Incident causes senior management to divert from Corporate Plan and
may lead to re-structuring of organisation
Incident may lead to dismissal of staff member(s) Incident leads to rewriting of procedures to ensure that incident
should not re-occur
People (staff) Incident causes major loss of staff satisfaction that could result in low
morale that impacts on achievement of clients business objectives or
significant increase in staff turnover
Incident is of nature that leads to insurance claim or
potential employment tribunal
Incident leads to staff complaint that can be handled within
standard complaints procedures
Reputation Incident leads to significant negative publicity in national/international
media that may have implications for non executive directors or
stakeholders
Incident leads to negative publicity in local media
which is of a short term nature
Incident will cause short term embarrassment to or dissatisfaction
with Chief Executive or members of the senior management team
Financial Additional costs incurred or loss of income that would cause client to
take action beyond use of existing reserves or planned approved
borrowing
Additional costs incurred or loss of income that
causes in year performance issues to be raised in
relation to annual report and accounts
Additional costs or loss of income less than 1% of individual
budget head or £10k
Resources Action plan to deal with circumstances will require significant new
investment in premises, equipment or staff ( impact not just financial)
Action plan to deal with circumstances will require
short term lease or hire of premises, equipment or
staff
Action plan will require temporary reassignment of existing
resources which in unlikely to cause greater than low risk issues
in any of the above categories
Operational Activity Specific to sector Specific to sector Specific to sector
Board Assurance Framework
Strategic Objectives
Key inherent risks to non achievement of corporate objectives
Identification of ‘Never Events’
Primary Controls to manage risks and ensure achievement of objectives
Residual risks <=>risk appetite
Sources of Assurance
Gaps in control
Management actions to close gap, by when and by who
The need for independent assurance
Focus on “What really matters!”
The link to RiskMate
Aligned with BAF
Line of defence – policies and key controls, assurance sources and independent
advice.
Corporate
objective
PRINCIPAL
Inherent
Risk
Inherent
Risk rating
Policies,
Procedures
and
Controls
Residual
Risk
rating
Assurance Gaps, Action,
Responsibility
and timescale
Independent
assurance
Imp
act
Likeliho
od
Imp
act
Likeliho
od
Financial
stability
Budget
overspend
Approved
procedures
Management
Accounts
None Internal Audit?
Health and
safety
Gas explosion System of
routine gas
inspection
Data on Board
intranet to
confirm 100%
Cases noted of out
of date inspection
(Risk tolerance)
Independent
review of gas
safety contract?
The Executive Dashboard
Current position view
Trend analysis
Change profiling
Control valuation to target
critical risk profile
Extreme risks
Outstanding actions
At a glance awareness
With ‘click’ functionality
- which risk
- ratings
Trend analysis
- movers?
- profile
Movement tracking
- inherent level
- residual level
Alignment with other Risk Management
information sources
Project risk
Management of associated risk
information
- Incident reporting
- Whistle-blowing
- Freedom of Information requests
Repositories for Policy,
Procedures and
Sources of Assurance
Aligned reporting linked to action
management and risk definitions
User management
Structured use and control
- Administrator
- Risk Manager
- Risk Owner
Flexible inclusion for all
levels of management
Department and user
based functionality
Real time access
E mail prompts
- Risk review
- Action management
Focused reporting to support
management need
Flexible reporting
- Period
- Business Unit
- Category
- Risk owner
Daily trend analysis
Information transfer
Additional key features
Project risk management
Incident reporting
Complaints handling
Freedom of Information request tracking and reporting
Repository and administration for all policies and procedures
Web hosted technology
Web hosted technology
Graded pricing mechanism
Annual licence fee
- Automatic software updates
- User Group
- Technical support
Monthly user fee
- Relative to size of business
and users
London and Home Counties
MCH House
Gillingham Business Park
Gillingham
Kent
ME8 0PZ
T: 01634 334697
Gateway Assure is a social enterprise which provides a range of assurance based services to organisations throughout
the UK economy. With an ethos of adding value through the deployment of experienced professionals we can contribute
to your organisations success through providing the following services:
Internal Audit Business Consulting Programme/Project Management
Risk Consulting Governance Facilitation Training Executive Coaching
Anti Fraud advice and investigations EQA for internal audit IT Audit
Contact Gateway Assure through our website - www.gatewayassure.com
Place effective risk management at the centre of your organisations governance processes – using RiskMateTM will make risk awareness a reality and contribute to your success. A free one month trial is available through the firm’s website or go to www.riskmate.uk
.