Stay up to date
If you have a specific query, why not contact a member of our office team directly? We will be pleased to assist you - whatever your question.
Monday 26 April 2021
Effective risk management is critical to ensure an organisation maintains its services, progresses towards achieving its strategic aims, and provides assurance it is operating on sound corporate governance principles.
In accordance with the Account and Audit (Amended) Regulations 2015, part of an internal control framework is a system for managing risk.
A public service organisation must identify, analyse and prioritise risks, as well as manage and control risks in a cost-effective manner to maximise the quality and efficiency of its service provision and protect its reputation.
Risk management is about being risk aware and finding ways to do something that best minimises threats and maximises opportunities. The key is to identify what those risks might be and how to accommodate them in our activities. A risk management policy outlines how this will be done.
The aims of a risk management policy are to:
The Authorised Professional Practice (APP) National Decision Model (NDM) and Risk APP used in policing has a default decision making tool and framework for managing risk. It is informed by the College of Policing’s ten risk principles.
Intelligence, performance, risk, environmental scanning, and consultation all inform the strategic assessment to identify threats, harm and risk facing an organisation. Tactical plans can be developed from this assessment.
Strategic MoRiLE (Management of Risk in Law Enforcement) is used for risk assessment of thematic areas such as child sexual exploitation and abuse (CSEA). Tactical MoRiLE is used for specific operations and investigations.
Establish an infrastructure to support effective risk management.
Information on risks should be gathered, acted on, and escalated where appropriate, consistently and efficiently to respond to new emerging issues and threats.
Risk management should be an integral part of a performance management framework by gathering information and taking appropriate management decisions based on our interpretation of our risk controls.
Deliver a programme of training to the level of skills and expertise necessary to manage risk and ensure risk management is embedded into induction courses and other relevant training.
Everyone has a responsibility to manage risk and ensure it is discussed and if appropriate, recorded in the most appropriate place. However, several individuals and groups have some key accountabilities. Their roles and responsibilities should be defined within the policy, along with an escalation of risks infographic.
Your policy should also refer to and comply with other risk management standards and legislation, including:
It should also link to other related policies to show the golden thread. These can include an organisation’s business continuity policy, and information sharing and information security policy.
Risk management supporting guidance can be linked to the policy to give an explanation of definitions and hints and tips in the practical application of the risk management policy.
Guidance is not mandatory but supports staff coaching, learning and development. Typically this includes:
The policy and supporting guidance should be reviewed regularly to ensure it is fit for purpose. This would normally be done by the organisation’s risk management group and completed at least annually.
Beverley Nichol-Culff (beverley.nichol-culff@alarmrisk.com) is Head of Risk Management and Insurance at West Yorkshire Police, and a Board Director and the Blue Light Lead for ALARM.
If you have a specific query, why not contact a member of our office team directly? We will be pleased to assist you - whatever your question.