Risk Management Policy May 2021
Risk Management Policy
Approach to risk management
Role of the Board of Trustees
System of internal control
Annual review of effectiveness
The Risk Management Policy explains Summercroft Primary School (The Trust) underlying approach to risk management. It gives key aspects of the risk management process and identifies the main reporting procedures. The policy is reviewed and amended, if appropriate, every three years by the Board of Trustees.
This Risk Management Policy forms part of The Trust’s internal control and governance arrangements.
It describes the process the Board of Governors (The Full Governing Body or FGB) will use to evaluate the effectiveness of the Academy's internal control procedures.
3.0 Approach to risk management
The following key principles outline the approach to risk management:
- The FGB have ultimate overall responsibility for risk management within The Trust.
- The FGB are responsible for maintaining a sound system of internal control that supports the achievement of policies, aims and objectives, while safeguarding the public and other funds and assets for which it is responsible, in accordance with the Funding Agreement, the Academies Financial Handbook issued by the Department for Education and any other statutory guidance that is relevant.
- There should be an open and receptive approach to resolving risk issues.
- The FGB (or any committee the FGB may decide to delegate to) will have risk management as a standard agenda item. If delegated to a committee that committee will report via the minutes to the FGB on risk management.
- The Trust makes prudent recognition and disclosure of the financial and non-financial implications of risks.
- All members of the FGB and the Academy Leadership & Management Team are responsible for encouraging and implementing good risk management practice.
- Early warning mechanisms will be put in place and monitored to alert the FGB to any risk events or near misses so that suitable remedial action can be taken to manage such risk positions.
4.0 Role of the board of trustees
The FGB’s role in the management of risk is to:
- Set the tone and influence the culture of risk management within The Trust. This includes:
- Determining whether The Trust is 'risk taking' or 'risk averse' as a whole or on any relevant individual issue
- Determining what types of risk are acceptable and which are not
- Setting the standards and expectations of employees with respect to conduct and probity
- Determine the appropriate risk appetite or level of exposure for The Trust
- Determine the Academy Trust’s risk prioritisation protocol
- Approve major decisions affecting The Trust’s risk profile or exposure
- Monitor the management of fundamental risks
- To be satisfied that the less fundamental risks are being actively managed, with the appropriate level of controls in place and operating effectively
- Review annually the Academy Trust’s approach to risk management and approve changes or improvements to key elements of its processes and procedures
5.0 System of Internal control
The system of internal control incorporates risk management. It encompasses a number of elements that together facilitate an effective and efficient operation, enabling The Trust to respond to a variety of risks. These elements include:
5.1 Policies and Procedures
Attached to fundamental risks are a series of policies that underpin the internal control process. These policies are set by the FGB. Written procedures support the policies where appropriate.
5.2 Development Planning and Budgeting
The development planning and budgeting process is used to set objectives, agree action plans, and allocate resources. Progress towards meeting development plan objectives is monitored regularly.
5.3 Risk & Control Framework
This framework is compiled and helps to identify, assess and monitor risks significant to the Academy. The Risk Register is formally reviewed as a minimum termly but emerging risks are added as required and improvement actions and risk indicators are monitored regularly.
5.4 External Audit
External audit informs the Finance and Audit Committee on the operation of the internal financial controls reviewed as part of the annual audit.
5.5 Internal Audit
The Trust Board will ensure that internal auditing work is carried out every year. The programme of works will be agreed by the Finance, Audit and Risk Committee and will be informed by external audit reports, the risk register, other external consultant reports, any changes to systems or procedures, information for the School Business Manager and government guidance on internal scrutiny in academy trusts.
6.0 Annual review of effectiveness
The FGB (or a committee if the FGB decides to delegate this function) will undertake an Annual Review to consider:
- Whether risk management continues to be linked to the achievement of The Trust’s objectives
- The appropriate risk appetite or level of exposure for The Trust as a whole
- Whether risk review procedures cover fundamental strategic and reputational, operational, compliance, financial and other risks to achieving The Trust’s objectives
- Whether risk assessment and risk-based internal control are embedded in ongoing operations and form part of its culture
- Changes in the nature and extent of fundamental risks and The Trust’s ability to respond to changes in its internal and external environment since the last assessment
- The scope and quality of management's on-going process of monitoring the system of internal control including such elements as the effectiveness of assurance functions
- The extent and frequency of reports on internal control to the FGB and whether this is sufficient for the FGB to build up a cumulative assessment of the state of control and effectiveness of risk management
- The incidence of any fundamental control failings (risk events) or weaknesses identified at any point within the year (near misses) and the impact that they have had or could have on financial results
- The effectiveness of The Trust’s public reporting processes
- The effectiveness of the overall approach and policy to risk management and whether changes or improvements to processes and procedures are necessary.