Skip to content
Please be aware the content below has been generated by an AI model from a source PDF.

231124ARCPaper7StrategicriskManagement

Audit and Risk Com­mit­tee — Paper 7

24 Novem­ber 2023

Page 1 of 2

For decision

Title: Stra­tegic risk management

Pre­pared by: Louise Allen, Head of fin­ance and cor­por­ate operations

Pur­pose

Fol­low­ing the review of risk man­age­ment car­ried out by Intern­al Audit we have recon­sidered our approach to the man­age­ment of risk and taken the oppor­tun­ity to build on the recom­mend­a­tions made by the Intern­al Auditor.

Recom­mend­a­tions

The Audit and Risk Com­mit­tee is asked to:

a) Con­sider the revised risk man­age­ment policy, togeth­er with the new format of the risk register. b) Advise on their suit­ab­il­ity for our refreshed approach to risk management.

Over­view

  1. The Intern­al Audit report Risk Man­age­ment’, presen­ted to the com­mit­tee at its last meet­ing in Septem­ber, con­tained recom­mend­a­tions designed to improve our approach to the man­age­ment of risk, including:

a) Refresh the strategy to include the pro­ced­ures regard­ing oper­a­tion­al risks, includ­ing how these should be iden­ti­fied, recor­ded, and repor­ted on and the pro­cess for the escal­a­tion and de-escal­a­tion of risks. b) Imple­ment oper­a­tion­al risk registers to ensure that oper­a­tion­al risks related to the day-to-day activ­it­ies of the organ­isa­tion are recor­ded and mon­itored on a reg­u­lar basis. c) The Stra­tegic Risk Register tem­plate should be updated to include the fol­low­ing areas:

  • Risk Cat­egory
  • Risk Appet­ite
  • Cur­rent Score
  • Tar­get Score
  • Due date for mit­ig­at­ing actions

Page 2 of 2

d) A form­al risk scor­ing mat­rix should be doc­u­mented and util­ised to score the risks on stra­tegic and oper­a­tion­al risk registers, with a cur­rent and tar­get risk score doc­u­mented along with a trend ana­lys­is for the risk. This scor­ing should align to the risk appet­ite rel­ev­ant to the area. e) Man­age­ment should ensure the Stra­tegic Risk Register is reviewed bi-annu­ally in line with the Risk Man­age­ment Policy. f) The Risk Register Tem­plate should be updated to dif­fer­en­ti­ate between imple­men­ted actions and those which still require imple­ment­a­tion, and the due date these actions are planned to be in place by.

  1. The draft risk man­age­ment policy, togeth­er with the revised risk register, seek to address these issues.

Resources

  1. The draft risk man­age­ment policy is provided at Appendix 1.
  2. A down­load from the Risk Register is provided at Appendix 2.
  3. The func­tion­al­ity of the Risk Register will be demon­strated in the meeting.

Con­clu­sion

  1. The draft Risk Man­age­ment Strategy, includ­ing the risk register tem­plate, has been developed to out­line the prin­ciples and pro­ced­ures of our risk man­age­ment approach, and to facil­it­ate the reg­u­lar mon­it­or­ing and review of risk.
  2. Under­ly­ing this approach is the require­ment to keep the pro­cess live and relevant.

Louise Allen louiseallen@​cairngorms.​co.​uk

×

We want your feedback

Thank you for visiting our new website. We'd appreciate any feedback using our quick feedback form. Your thoughts make a big difference.

Thank you!

Give feedback