Policy Statement
The Trustee Board of 1st St Helens (YMCA) Scout Group recognise that risk management is essential to our governance and to the sustainable operation of the Group. Our risk management is designed to ensure:
- The identification, assessment and management of risk is linked to the achievement of our purpose and objectives.
- All areas of risk are covered – for example, financial, governance, operational and reputational.
- A risk exposure profile can be created that reflects the Group and Trustees views as to what levels of risk are acceptable.
- The principal results of risk identification, evaluation and management are reviewed and considered
- Risk management is ongoing and embedded in our management and operational procedures.
We will regularly review and assess the risks we could face in all areas of our work and plan for the management of those risks.
Identifying our risks
As part of our planning process, we hold a risk register. This register is a ‘living document’ and forms the baseline for further risk identification. We recognise that new risks will appear, and other risks will become less or more severe or may disappear over the lifetime of our planning.
Risk identification is therefore an ongoing process. When a trustee or volunteer identifies new risks, these will be referred to the Group Lead Volunteer who in consultation with the Group Chair will inform the members of the Group Trustee Board and update the risk register accordingly. We will also annually review the risk register at the Group Trustee Board’s first meeting following our annual general meeting.
In developing our risk register, trustees and leaders will identify/update risks in the following areas:
- Operational;
- Governance;
- Legal and regulatory;
- Financial;
- External.
Assessing, monitoring and evaluating risk
Identified risks need to be put into perspective in terms of the potential severity of their impact and likelihood of their occurrence. Assessing and categorising risks helps in prioritising and filtering them, and in establishing whether any further action is required.
When a new risk arises, the Group Lead Volunteer in consultation with the Group Chair will then assess the risks identified by our leaders and/or trustees based on how likely they are to occur and how severe their impact using the methodology set out in our risk assessment methodology (appendix 1).
They will identify those risks that are major and propose appropriate actions to mitigate these risks. This will update our risk register and will be approved by the chair and/or treasurer (if a financial risk).
Where a trustee subsequently has a concern about the risk register, they should initially seek agreement to amendment via email and if they are still not satisfied raise the issue at the next Group Trustee Board meeting. Examples of possible actions to mitigate risks are set out in appendix 2.
Appendix 1
Our risk management process and methodology
Risk management within the Group is the responsibility of the Group Trustees (the Group Trustee Board). The trustees will consider the risks affecting the Group and its activities on an ongoing basis.
Each risk will either be “accepted” or require a “fix”. Accepted risks are where the trustees have confirmed that they are happy with the level of risk and the controls to mitigate the risk occurring. These are therefore within their risk appetite. Where trustees are uncomfortable with the level of risk and/or the current controls they will deem that the risk needs a “fix”. The assessments will be based on an impact/likelihood basis.
Every risk will have a “risk owner”. This will either be our Group Lead Volunteer, Group Chair or one of their direct reportees. Risks that require a “fix” will, in addition, have an “action owner” who is responsible to the “risk owner” for developing and implementing the new controls that will, once operational, bring the risk within the trustee’s risk appetite.
If an “action owner” is unable to meet the “action delivery date” this must be reported to the trustees via the “risk owner” at the earliest opportunity in order that the situation can be considered. Each risk will be re-assessed by the trustees on at least an annual basis.
Impact
Descriptor | Score | Impact on service and reputation |
Minor | 1 | No impact on our meetings/eventsNo impact on reputationComplaint unlikelyLegal action unlikely |
Important | 2 | Some impact on our meetings/eventsPotential for negative publicity – avoidable with careful handlingComplaint probableLegal action possible |
Moderate | 3 | Meetings/events disruptedNegative publicity unavoidableComplaint probableLegal action probable |
Major | 4 | Meetings/events disrupted for significant timeMajor negative publicity unavoidableMajor complaint expectedMajor legal action expected |
Likelihood
Descriptor | Score | Impact on service and reputation |
Unlikely | 1 | Not expected to occur within two years |
Possible | 2 | May occur within 12 to 24 months |
Likely | 3 | Could occur within 12 months |
Highly likely | 4 | Expected to occur within 12 months |
Appendix 2
Actions that could be taken to mitigate risks
The following are examples of possible actions:
- the risk may need to be avoided by ending that activity
- the risk could be transferred to a third party (e.g. outsourcing or other contractual arrangements with third parties)
- the risk could be shared with others (e.g. a joint venture project)
- the group’s exposure to the risk can be limited (e.g. establishment of reserves against loss of income, phased commitment to projects)
- the risk can be reduced or eliminated by establishing or improving control procedures (e.g. internal financial controls, controls on recruitment, personnel policies);
- the risk may need to be insured against (e.g. event cancelation)
In assessing the actions to be taken, the costs of management or control should be considered in the context of the potential impact or likely cost that the control seeks to prevent or mitigate. It is possible that the process may identify areas where the current or proposed control processes are disproportionately costly or onerous compared to the risk they are there to manage. A balance will need to be struck between the cost of further action to manage the risk and the potential impact of the residual risk.
END OF POLICY
Policy approval and review
Policy prepared by: | Gavin Jones-Verity |
Approved by board / management on: | |
Policy became operational on: | |
Next review date: |
Review history
Version # | Date of review | Reviewed by |
1.0 | 01 November 2024 | Gavin Jones-Verity |
Who to contact?
If you have any queries relating to this Privacy Notice or our use of your personal data, please contact Gavin Jones-Verity, Section Leader (Scouts) (info@firstymcascouts.org,uk).