Risk Management Policy

In this document

1.0 Policy statement

Effective risk management is a crucial tool in achieving the mission of the Trust to ‘create remarkable schools where no child is left behind.’ It is fundamental to every aspect of running our Trust and the schools within it and it is central to keeping children safe, improving attainment and all outcomes, working effectively with colleagues, ensuring financial sustainability, and managing the physical environment. Risk management takes place at all levels of the organisation and is inherent in all decision-making and in the day-to-day operation and the strategic management of our Trust.

The Trust Board members and Directors (Trustees) of Beckfoot Trust (our Trust or the Trust) are accountable for risk management and for ensuring that there is a sound system of internal control that supports the achievement of policies aims and objectives, whilst safeguarding public funds and assets for which it is responsible.

2.0 Scope and purpose

2.1 This policy sets out how Beckfoot Trust manages risk in a balanced and objective way to allow appropriate control as well as the flexibility to allow intelligent opportunity-taking to further the objectives of the Trust.

The policy explains how the risk register is created and how the Trust uses the risk register to identify, measure, manage, monitor, and report risk. It explains the key roles and responsibilities in relation to risk and sets out how the Board ensures appropriate oversight of risk.

2.2 Linked documents

  • Emergency Plans
  • Trust Risk Register
  • School Risk Register

3.0 Overarching principles

The objectives for managing risk across the Trust are:

  • To ensure risks facing the Trust and the individual schools are identified and appropriately and consistently documented
  • To provide assurance to the Trust Board that risks are being controlled
  • To ensure that there is clarity and appropriate management of risk
  • To comply with risk management best practice and guidance

4.0 Responsibilities and arrangements

4.1 Risk management

4.1.1 Identify

Risks are all potential events that are a threat to the safety of individuals and/or the achievement of the Trusts objectives. Risk management is informally considered with every decision. The Executive Leadership Team formally reviews the risk register, at least once a half-term. Risks are framed in the context of the Trust’s Corporate strategy and risks identified on the individual school risk registers. All risks are categorised using the below table.

Headteachers review their own risk register termly and in relation to the Trust risk register. This is considered in Executive Headteacher line-management meetings and training is provided annually from the internal auditors and other specialist providers in relation to specific risks that need to be managed on an ongoing basis. The specific school risk register may or may not inform the trust risk register and vice versa.

CategoryDefinition
GovernanceRisks related to the direction and control of the Trust
Educational Risks related to the educational outcomes
SafeguardingRisks related to the safety of pupils
Financial Risks to the financial stability and sustainability of the Trust
OperationalRisks to the day to day running of the Trust
External Risks external to the Trust that pose a threat
Compliance with law and regulationRisks created by compliance issues
StrategicInherent risk in Trust wide decision making
ReputationalRisk to the reputation of the Trust

4.1.2 Measure

To understand each specific risk and allow for prioritisation, each one is assessed according to its likelihood and the impact if it did occur. The descriptors of impact and likelihood are detailed in Appendix 1. Once impact and likelihood are determined, the risk is then given an overall risk score by calculating Impact x Likelihood. The score then determines how actively the risk is reviewed according to the below table.

4.1.3 Manage

Once the risk is identified and understood, action is determined. The action will consider:

  • Risk appetite – the amount of risk the Trust is willing to accept in the pursuit of our strategic objectives
  • Risk capacity – the resources (financial, human, etc) which the Trust can put in place to manage the risk

The following are the actions which may be taken:

ActionExplanation
TolerateNo action taken
Controls not deemed cost effective
Risk impact so low it is considered acceptable
Treat Control measures put in place to minimise likelihood of occurrence or of
impact
Potential identification of contingency measures in case of occurrence
Demonstrable assurance identified in controlling the risk
Risk re-assessed for residual risk score and rating
TransferRisk transferred to third party
Usually via insurance or payment
Risk re-assessed for residual risk score and rating
TerminateRemove the risk
Effective where there is no material effect on operations
Considered when risk is highly ranked and other actions are impractical or too
expensive
Risk re-assessed for residual risk score and rating
Take advantageConsidered when potential benefits of intelligent risk taking outweigh the
potential negatives
Intelligent risk taking may strategically advantage the Trust

4.1.4 Monitoring

Monitoring of risks is ongoing and continuous and provides assurance on the extent to which the actions and controls are working as intended and whether risks are managed to an acceptable level. The Trust Risk Register is the tool which allows effective monitoring of risk.

The executive leadership team are responsible for monitoring risk and the risk owner is responsible for providing appropriate assurance to the board that the risk is well-managed. Assurance may be provided in diverse ways depending on the level of the risk, the higher the risk the more likely it is that a higher level of assurance is needed.

4.1.4 Reporting and Review

The risk register is reviewed by the Audit and Risk committee three times a year and is recommended for approval to the Trust Board as set out in the Scheme of Delegation. The review process is flexible and, in all cases, allows for targeted focus on the highest priority risks.

4.2 Roles and responsibilities

4.2.1 Trust Board

  • Set the tone and culture of risk management within the Trust
  • Determine the risk appetite at any given time and in relation to specific risks and the capacity of the Trust
  • Approve and review the framework for managing risk
  • Oversee major decisions affecting the Trusts risk profile or exposure
  • Monitor risks through the Audit and Risk Committee and seeks appropriate assurance that risks are well managed with clear lines of accountability

4.2.2 Audit and Risk Committee

  • Understand the Trust’s business strategy, mission and operating environment and associated risks and opportunities
  • Understand the framework for managing risk and critically challenge and review this framework
  • Work with the executive in identifying an appropriate cycle of internal scrutiny which is risk driven and provides appropriate assurance

4.2.3 CEO/Accounting Officer

  • Oversees the strategic management of risk throughout the Trust
  • Sets the tone and culture for the risk environment with the Trust Board
  • Ensures that the audit committee and board receive accurate and timely reports to allow appropriate governance of risk

4.2.4 COO/Chief Operating Officer

  • Accountable for the risk management framework
  • Supports the work of the Risk and Compliance Manager in leading the reviews of the risk register

4.2.5 Executive Leadership Team

  • Identify risks by gathering information from teams within the Trust, including Headteachers, members of the central team, external agencies and contacts and other Trusts

4.2.6 Headteachers

  • Implement policies on risk management and ensure internal control in their school
  • Identify and evaluate the fundamental risks in their own organisation and notify the CEO of any potential risks that may affect others
  • Works with the COO, CEO, Risk and Compliance Manager and internal and external auditors to undertake any review of risk and to assess the effectiveness of internal systems of control
  • Informs the CEO immediately of any potential risk (including reputational)

4.2.7 Person Accountable for Named Risk (e.g. Directors, Cluster Business Managers, COO)

  • Monitors the risk within teams or an organisation
  • Provides assurance to ELT that controls that are in place to reduce the risk are suitably designed, consistently applied and effective

4.2.8 Risk and Compliance Manager

  • Leads a half-termly review of the risk register ensuring that risks are appropriately recorded and monitored
  • Supports risk owners in monitoring and reducing risk
  • Oversees the internal scrutiny cycle, providing risk driven assurance to the CEO
  • Prepares risk management board reports annually allowing scrutiny of the top risks currently being managed and including the risk register and heat map
  • Advises the CEO and other risk owners when potential risks are encountered • Is the responsible officer for Health and Safety

5.0 Review of policy

This policy is reviewed and amended annually.

Appendix 1: Likelihood and impact descriptors

Likelihood descriptor ScoreExample
Remote1May only occur in exceptional circumstances
Unlikely2Expected to occur in a few circumstances
Possible3Expected to occur in some circumstances
Probable4Expected to occur in many circumstances
Highly probable5Expected to occur frequently in most circumstances
Impact descriptorScoreImpact on Trust
Insignificant1No Impact on service
No Impact on reputation
Complaint unlikely
Litigation risk remote
Minor2Slight impact on service
Slight impact on reputation
Complaint possible
Litigation possible
Moderate3Some service disruption
Potential for adverse publicity – avoidable with careful handling
Complaint probable
Litigation probable
Major4Service disrupted
Adverse publicity not avoidable
Complaint probable
Litigation probable
Extreme/catastrophic 5Service interrupted for significant time
Major adverse publicity not avoidable (National media)
Major litigation expected
Resignation of senior management and board
Loss of stakeholder confidence