The essentials of risk management

17 January 2017

In our recent publications we focused extensively on the risk management and assurance process; and what you need to do to create a risk register or assurance map.

Process is a necessity but there is more to be done if your academy trust is to create an environment in which the board, local governing bodies, senior management and staff fully engage with, and make effective use of the risk management and assurance arrangements.

Based on our experiences across many sectors and business types, we have identified some of the key components that are conducive for a more dynamic risk managed setting, helping improve your whole academy trust risk maturity and outlook. Most importantly as multi academy trusts grow (and they will), it is even more appropriate to ensure these essentials are established.  

The essentials of embedding risk management

  • Support from the accounting officer and senior executive team in the academy trust
  • A clear message on how your academy approaches risk management through the adoption, approval and communication of a risk management policy and strategy is integral.

  • Regular updates
  • Regular updates of risk registers, you academy trust risk profile and/or risk management information systems by those who are accountable for their management are key. For some academy trusts this may mean a more frequent review of some critical issues; for others, a less regular review may be adequate. Either way, the results of this update should be communicated to your academy trust senior executive team and accounting officer.

  • Open forum for discussion
  • There should be a functioning mechanism for an open forum within which your academy trust board, governors, management and staff feel safe to discuss risks that are not being managed in an effective and efficient manner. A blame free or learning' culture is essential for this to work properly. Openness is a key pillar in good governance and ensuring active dialogue is happening on risks and risk management across the academy trust. 

  • Communication channel 
  • Your academy trust should consider having a central process for highlighting instances of actual or potential risk materialisation and control failures or near misses. This will help ensure that this knowledge can be shared across the trust, and will also assist with root cause analysis, instigation of remedial actions and avoid the possibility of repetition.

  • Review framework
  • Risks and their management should be reviewed within your academy trust’s operational and governance hierarchy such as senior management teams, local governing body meetings, regional and area meetings, and by specific committees or boards with a particular focus. There should be a clear structure for risk escalation through to the accounting officer and the board. The Audit (and Risk) Committee should have a particular interest in ensuring that the risk review and reporting arrangements are sufficiently integrated and effective. Your board should undertake (an independent) review of their academy trust risk management and governance arrangements at least annually. 

Download the full report to discover the other six essential areas to consider when implementing risk management. 

We hope that you have put in place the arrangements that will bring the risk register to life and add value to the way in which your academy trust plans for the future as well as monitors risk and control.

Governance, risk and compliance

Please do visit our Insight4GRC page where you can find out more about the RSM governance, risk and compliance software.