1.0 Policy Statement
Effective risk management is a crucial tool in achieving the mission of the Trust to ‘create remarkable schools where no child is left behind.’ It is fundamental to every aspect of running our Trust and the schools within it and it is central to keeping children safe, improving attainment and all outcomes, working effectively with colleagues, ensuring financial sustainability, and managing the physical environment. Risk management takes place at all levels of the organisation and is inherent in all decision-making and in the day-to-day operation and the strategic management of our Trust.
The Trust Board are accountable for risk management and for ensuring that there is a sound system of internal control that supports the achievement of policies aims and objectives, whilst safeguarding public funds and assets for which it is responsible.
2.0 Scope and Purpose
2.1 This policy sets out how Beckfoot Trust manages risk in a balanced and objective way to allow appropriate control as well as the flexibility to allow intelligent opportunity-taking to further the objectives of the Trust.
The policy explains how the risk register is created and how the Trust uses the risk register to identify, measure, manage, monitor, and report risk. It explains the key roles and responsibilities in relation to risk and sets out how the Board ensures appropriate oversight of risk.
2.2 Linked documents
- Emergency Plans
- Trust Risk Register
- School Risk Register
3.0 Overarching Principles
The objectives for manging risk across the Trust are:
- To ensure risks facing the Trust and the individual schools are identified and appropriately and consistently documented
- To provide assurance to the Trust Board that risks are being controlled
- To ensure that there is clarity and appropriate management of risk
- To comply with risk management best practice and guidance
4.0 Responsibilities and Arrangements
4.1 Risk Management
4.1.1 Identify
Risks are all potential events that are a threat to the safety of individuals and/or the achievement of the Trusts objectives. Risk management is informally considered with every decision. The Executive Leadership Team formally reviews the risk register, at least once a half-term. Risks are framed in the context of the Trust’s Corporate strategy and risks identified on the individual school risk registers. All risks are categorised using the below table.
Headteachers review their own risk register termly and in relation to the Trust risk register. This is considered in Executive Headteacher line-management meetings and training is provided annually from the internal auditors and other specialist providers in relation to specific risks that need to be managed on an ongoing basis. The specific school risk register may or may not inform the trust risk register and vice versa.
Category | Definition |
Governance | Risks related to the direction and control of the Trust |
Educational | Risks related to the educational outcomes |
Safeguarding | Risks related to the safety of pupils |
Financial | Risks to the financial stability and sustainability of the Trust |
Operational | Risks to the day to day running of the Trust |
External | Risks external to the Trust that pose a threat |
Compliance with law and regulation | Risks created by compliance issues |
Strategic | Inherent risk in Trust wide decision making |
Reputational | Risk to the reputation of the Trust |
4.1.2 Measure
To understand each specific risk and allow for prioritisation, each one is assessed according to its likelihood and the impact if it did occur. The descriptors of impact and likelihood are detailed in Appendix 1. Once impact and likelihood are determined, the risk is then given an overall risk score by calculating Impact x Likelihood. The score then determines how actively the risk is reviewed according to the below table.
4.1.3 Manage
Once the risk is identified and understood, action is determined. The action will consider:
- Risk appetite – the amount of risk the Trust is willing to accept in the pursuit of our strategic objectives
- Risk capacity – the resources (financial, human, etc) which the Trust can put in place to manage the risk
The following are the actions which may be taken:
Action | Explanation |
Tolerate | No action taken Controls not deemed cost effective Risk impact so low it is considered acceptable |
Treat | Control measures put in place to minimise likelihood of occurrence or of impact Potential identification of contingency measures in case of occurrence Demonstrable assurance identified in controlling the risk Risk re-assessed for residual risk score and rating |
Transfer | Risk transferred to third party Usually via insurance or payment Risk re-assessed for residual risk score and rating |
Terminate | Remove the risk Effective where there is no material effect on operations Considered when risk is highly ranked and other actions are impractical or too expensive Risk re-assessed for residual risk score and rating |
Take Advantage | Considered when potential benefits of intelligent risk taking outweigh the potential negatives Intelligent risk taking may strategically advantage the Trust |
4.1.4 Monitoring
Monitoring of risks is ongoing and continuous and provides assurance on the extent to which the actions and controls are working as intended and whether risks are managed to an acceptable level. The Trust Risk Register is the tool which allows effective monitoring of risk.
The executive leadership team are responsible for monitoring risk and the risk owner is responsible for providing appropriate assurance to the board that the risk is well-managed. Assurance may be provided in diverse ways depending on the level of the risk, the higher the risk the more likely it is that a higher level of assurance is needed.
4.1.4 Reporting and Review
The risk register is reviewed by the Audit and Risk committee three times a year and is recommended for approval to the Trust Board as set out in the Scheme of Delegation. The review process is flexible and, in all cases, allows for targeted focus on the highest priority risks.
4.2 Roles and Responsibilities
4.2.1 Trust Board
- Set the tone and culture of risk management within the Trust
- Determine the risk appetite at any given time and in relation to specific risks and the capacity of the Trust
- Approve and review the framework for managing risk
- Oversee major decisions affecting the Trusts risk profile or exposure
- Monitor risks through the Audit and Risk Committee and seeks appropriate assurance that risks are well managed with clear lines of accountability
4.2.2 Audit and Risk Committee
- Understand the Trust’s business strategy, mission and operating environment and associated risks and opportunities
- Understand the framework for managing risk and critically challenge and review this framework
- Work with the executive in identifying an appropriate cycle of internal scrutiny which is risk driven and provides appropriate assurance
4.2.3 CEO/Accounting Officer
- Oversees the strategic management of risk throughout the Trust
- Sets the tone and culture for the risk environment with the Trust Board
- Ensures that the audit committee and board receive accurate and timely reports to allow appropriate governance of risk
4.2.4 DCEO/Deputy Chief Executive Officer
- Accountable for the risk management framework
- Supports the work of the Risk and Compliance Manager in leading the reviews of the risk register
4.2.5 Executive Leadership Team
- Identify risks by gathering information from teams within the Trust, including Headteachers, members of the central team, external agencies and contacts and other Trusts
4.2.6 Headteachers
- Implement policies on risk management and ensure internal control in their school
- Identify and evaluate the fundamental risks in their own organisation and notify the CEO of any potential risks that may affect others
- Works with the CEO, DCEO, Risk and Compliance Manager and internal and external auditors to undertake any review of risk and to assess the effectiveness of internal systems of control
- Informs the CEO immediately of any potential risk (including reputational)
4.2.7 Person Accountable for Named Risk (e.g. Cluster Business Managers or DCEO)
- Monitors the risk within teams or an organisation
- Provides assurance to ELT that controls that are in place to reduce the risk are suitably designed, consistently applied and effective
4.2.8 Risk and Compliance Manager
- Leads a half-termly review of the risk register ensuring that risks are appropriately recorded and monitored
- Supports risk owners in monitoring and reducing risk
- Oversees the internal scrutiny cycle, providing risk driven assurance to the CEO
- Prepares 4 risk management board reports annually allowing scrutiny of the top risks currently being managed and including the risk register and heat map
- Advises the CEO and other risk owners when potential risks are encountered
- Is the responsible officer for Health and Safety
5.0 Review of Policy
This policy is reviewed and amended annually.
Appendix 1: Likelihood and Impact Descriptors
Likelihood Descriptor | Score | Example |
Remote | 1 | May only occur in exceptional circumstances |
Unlikely | 2 | Expected to occur in a few circumstances |
Possible | 3 | Expected to occur in some circumstances |
Probable | 4 | Expected to occur in many circumstances |
Highly Probable | 5 | Expected to occur frequently in most circumstances |
Impact Descriptor | Score | Impact on Trust |
Insignificant | 1 | No Impact on service No Impact on reputation Complaint unlikely Litigation risk remote |
Minor | 2 | Slight impact on service Slight impact on reputation Complaint possible Litigation possible |
Moderate | 3 | Some service disruption Potential for adverse publicity – avoidable with careful handling Complaint probable Litigation probable |
Major | 4 | Service disrupted Adverse publicity not avoidable Complaint probable Litigation probable |
Extreme/Catastrophic | 5 | Service interrupted for significant time Major adverse publicity not avoidable (National media) Major litigation expected Resignation of senior management and board Loss of stakeholder confidence |