PURPOSE AND SCOPE
This policy is a key document, essential for guiding the board’s strategic decisions and informing the day-to-day operations of Skills Insight. It outlines Skills Insight’s risk management process and sets out the responsibilities of the Board, the CEO, and the Executive and others within the organisation in managing risks effectively.
Where necessary, more detailed risk management procedures will be developed to cover specific areas of Skills Insight operations.
This policy has been established on the foundation of Skills Insight values, behaviours, and strategies and all actions must be consistent with them. In the event of any conflict between this policy and the values, behaviours and strategies of Skills Insight, we request that you promptly notify the CEO for resolution.
UNDERSTANDING RISK MANAGEMENT
Risks have been described in terms of combination of the consequences of an event occurring and its likelihood of occurring. Risk is the chance of something happening that will harm Skills Insight, its staff or stakeholders, opportunities, plans and strategies. Risk management is described as the culture, processes and structures that are directed towards reducing risk whilst realising potential opportunities.
Skills Insight risk management system is designed to identify the risks it faces and to describe the measures in place to keep those risks to an acceptable minimum. All operations and opportunities carry some degree of risk, and this risk needs to be recognised and mitigated to the extent reasonable possible consistent with the risk appetite of the organisation.
Skills Insight’s risk assessment matrix (below)is used as the benchmark in planning and implementing the risk management measures. It takes into consideration the nature, scale and complexity of the initiatives that carry risk. The risk management process consists of the following main elements:
Identify: identify and document risks associated with existing or planned activities.
Assess: the primary goal is to document the effect of all identified risks and to assess them by assessing:
Plan: preparation of management responses to mitigate risks.
Implement: risk responses are actioned.
Monitor and review: monitor and review the performance of the risk management system and changes to business activities and initiatives.
Communicate: provide regular reports to the board of directors.
Risks are effectively managed by Skills Insight through the effective implementation of various controls, which include:
RISK MANAGEMENT PROCESS
Compliance measures are used as a tool to address identified risks. The risk management system is based on a structured and systemic process which takes into account Skills Insight’s internal and external risks.
The main elements of the risk management process are as follows:
Skills Insight’s risks may come from any internal or external event which, if it occurs, may affect the ability to operate efficiently and effectively.
Risks are effectively managed by Skills Insight through the effective implementation of various controls, which include:
RISK MANAGEMENT METHODOLOGY
The methodology adopted by Skills Insight for managing and treating its risks can be defined as follows:
- Document a risk management framework (i.e., the context)
- Identify the general activities involved in running the organisation (i.e., risk categories)
- Identify the risks involved in undertaking the specific business activity by asking the questions: a) What could happen? b) How and why could it happen?
- Rate the likelihood of the organisations activity not being properly performed. Likelihood is assessed to the assumption that there are no existing risk management and compliance processes in place. It is assessed as either Almost Certain, Likely, Possible, Unlikely and Rare.
- Rate the consequence of not properly performing the business activity. It is assessed as Catastrophic, Major, Medium, Minor, and Insignificant
- Assign the inherent risk rating based on a combination of the risk rating. Low and medium risks may be considered acceptable and therefore minimal further work on these risks may be required. The rating may be assessed as Very High, High, Moderate and Low.
RISK ASSESSMENT MATRIX
The following risk assessment matrix has been applied to each identified risk.
RESPONSIBILITY
Board
The Board of Skills Insight has responsibility to:
Chief Executive Officer
The CEO of Skills Insight has responsibility under this policy for:
General responsibilities
All staff members are responsible for effective management of risk including the identification of potential risks. Management is responsible for the development of risk mitigation plans and the implementation of risk reduction strategies. Risk management processes are integrated with planning processes and management activities.
Where there is legislation in place for the management of specific risks (such as Occupational Health and Safety) this Risk Management policy does not relieve Skills Insight of its responsibility to comply with that legislation. Managers are accountable for strategic risk management within areas under their control, including the promotion and training of risk management processes to staff.
RELATIONSHIP TO OTHER POLICIES
This policy should be read in conjunction with the following codes, policies and guidelines: