231124ARCPaper7StrategicriskManagement
Audit and Risk Committee — Paper 7
24 November 2023
Page 1 of 2
For decision
Title: Strategic risk management
Prepared by: Louise Allen, Head of finance and corporate operations
Purpose
Following the review of risk management carried out by Internal Audit we have reconsidered our approach to the management of risk and taken the opportunity to build on the recommendations made by the Internal Auditor.
Recommendations
The Audit and Risk Committee is asked to:
a) Consider the revised risk management policy, together with the new format of the risk register. b) Advise on their suitability for our refreshed approach to risk management.
Overview
- The Internal Audit report ‘Risk Management’, presented to the committee at its last meeting in September, contained recommendations designed to improve our approach to the management of risk, including:
a) Refresh the strategy to include the procedures regarding operational risks, including how these should be identified, recorded, and reported on and the process for the escalation and de-escalation of risks. b) Implement operational risk registers to ensure that operational risks related to the day-to-day activities of the organisation are recorded and monitored on a regular basis. c) The Strategic Risk Register template should be updated to include the following areas:
- Risk Category
- Risk Appetite
- Current Score
- Target Score
- Due date for mitigating actions
Page 2 of 2
d) A formal risk scoring matrix should be documented and utilised to score the risks on strategic and operational risk registers, with a current and target risk score documented along with a trend analysis for the risk. This scoring should align to the risk appetite relevant to the area. e) Management should ensure the Strategic Risk Register is reviewed bi-annually in line with the Risk Management Policy. f) The Risk Register Template should be updated to differentiate between implemented actions and those which still require implementation, and the due date these actions are planned to be in place by.
- The draft risk management policy, together with the revised risk register, seek to address these issues.
Resources
- The draft risk management policy is provided at Appendix 1.
- A download from the Risk Register is provided at Appendix 2.
- The functionality of the Risk Register will be demonstrated in the meeting.
Conclusion
- The draft Risk Management Strategy, including the risk register template, has been developed to outline the principles and procedures of our risk management approach, and to facilitate the regular monitoring and review of risk.
- Underlying this approach is the requirement to keep the process live and relevant.
Louise Allen louiseallen@cairngorms.co.uk