1st Wimborne Scout Group
Risk Management Policy
- We recognise that risk management is essential to our governance and to the sustainable operation of our scout group. Our risk management is designed to ensure:
- the identification, assessment and management of risk is linked to the achievement of our purpose and objectives
- all areas of risk are covered – for example, financial, governance, operational and reputational
- a risk exposure profile can be created that reflects the groups’ and executive members’ (our trustees), views as to what levels of risk are acceptable
- the principal results of risk identification, evaluation and management are reviewed and considered
- risk management is ongoing and embedded in our management and operational procedures
We will regularly review and assess the risks we could face in all areas of our work and plans for the management of those risks.
Identifying our Risks
As part of our planning process we hold a risk register. This register is a ‘living document’ and forms the baseline for further risk identification. We recognise that new risks will appear, and other risks will become less or more severe or may disappear over the lifetime of our planning.
Risk identification is therefore an ongoing process. When new risks are identified by a trustee or volunteer, these will be referred to the group lead volunteer who in consultation with the group chair will inform the members of the group trustee board and update the risk register accordingly. We will also annually review the risk register at the group trustee board’s first meeting following our annual general meeting.
In developing our risk register, trustees and leaders will identify/update risks in the following areas
- Operational
- Governance
- Legal and regulatory
- Financial
- External
Assessing, monitoring and evaluating risk
Identified risks need to be put into perspective in terms of the potential severity of their impact and likelihood of their occurrence. Assessing and categorising risks helps in prioritising and filtering them, and in establishing whether any further action is required.
When a new risk arises, the group lead volunteer in consultation with the group chair will then assess the risks identified by our leaders and/or trustees based on how likely they are to occur and how severe their impact using the methodology set out in our risk assessment methodology (appendix 1).
They will identify those risks that are major and propose appropriate actions to mitigate these risks. This will update our risk register and will be approved by the chair and/or treasurer (if a financial risk).
Where a trustee subsequently has a concern about the risk register, they should initially seek agreement to amendment via email and if they are still not satisfied raise the issue at the next group trustee board meeting.
Examples of possible actions to mitigate risks are set out in appendix 2.
APPENDIX 1
Our risk management process and methodology
Risk management within the group is the responsibility of the group trustees (the group trustee board). The trustees will consider the risks affecting the group and its activities on an ongoing basis.
Each risk will either be “accepted” or require a “fix”. Accepted risks are where the trustees have confirmed that they are happy with the level of risk and the controls to mitigate the risk occurring. These are therefore within their risk appetite. Where trustees are uncomfortable with the level of risk and/or the current controls they will deem that the risk needs a “fix”. The assessments will be based on an impact/likelihood basis.
Every risk will have a “risk owner”. This will either be our Group Lead Volunteer, Group Chair or one of their direct reportees. Risks that require a “fix” will, in addition, have an “action owner” who is responsible to the “risk owner” for developing and implementing the new controls that will, once operational, bring the risk within the trustee’s risk appetite.
If an “action owner” is unable to meet the “action delivery date” this must be reported to the trustees via the “risk owner” at the earliest opportunity in order that the situation can be considered. Each risk will be re-assessed by the trustees on at least an annual basis.
Impact
| Descriptor | Score | Impact on service and reputation |
| Insignificant | 1 | no impact on our meetings / events no impact on reputation complaint unlikely litigation risk remote |
| Minor | 2 | slight impact on our meeting / events slight impact on reputation complaint possible litigation possible |
| Moderate | 3 | some disruption to our meeting / events potential for adverse publicity – avoidable with careful handling complaint probable litigation probable |
| Major | 4 | our meeting / events disrupted adverse publicity not avoidable (local media) complaint probable litigation probable Sudden loss of funding |
| Extreme | 5 | our meeting / events interrupted for significant time major adverse publicity not avoidable (national media) major litigation expected resignation of senior management/leadership resignation of executive committee major premises related issue loss of members confidence |
Likelihood
| Descriptor | Score | Example |
| Remote | 1 | may only occur in exceptional circumstances (Rarely, if ever) |
| Unlikely | 2 | expected to occur in a few circumstances (Possible) |
| Possible | 3 | expected to occur in some circumstances (Likely) |
| Probable | 4 | expected to occur in many circumstances (Very likely) |
| Guaranteed | 5 | Will happen or is happening (Unavoidable / already occurring) |
Appendix 2
Actions that could be taken to mitigate risks
The following are examples of possible actions:
- the risk may need to be avoided by ending that activity
- the risk could be transferred to a third party
(e.g. outsourcing or other contractual arrangements with third parties)
- the risk could be shared with others (e.g. a joint venture project)
- the group’s exposure to the risk can be limited
(e.g. establishment of reserves against loss of income, phased commitment to projects)
- the risk can be reduced or eliminated by establishing or improving control procedures
(e.g. internal financial controls, controls on recruitment, personnel policies);
- the risk may need to be insured against (e.g. event cancelation)
In assessing the actions to be taken, the costs of management or control should be considered in the context of the potential impact or likely cost that the control seeks to prevent or mitigate. It is possible that the process may identify areas where the current or proposed control processes are disproportionately costly or onerous compared to the risk they are there to manage. A balance will need to be struck between the cost of further action to manage the risk and the potential impact of the residual risk.
Version number:
Creation date:
Date of last review:
Date of next review:
1st Wimborne Scouting 