Equity Housing Group Risk Management

05 August 2002 © MazarsEquity Housing Group: Risk Management 2 Agenda Introduction: what is Risk Management? The Building Blocks Practicalities: Who does what? Feedback and conclusions

Introduction What is Risk Management?

05 August 2002 © MazarsEquity Housing Group: Risk Management 4 Risk - Definition RISK is : “…..the chance of something happening that will have an impact on objectives.” Risks may be events with the potential for adverse effects (e.g. risk of fire) events which provide opportunity to achieve better outcomes (e.g. risk of not changing the way things are done to be more efficient)

05 August 2002 © MazarsEquity Housing Group: Risk Management 5 Wrong assumptions about Risk Something for finance and insurance to worry about Risk is an annual compliance issue Just another corporate initiative Risk Management is about downside (i.e. bad things), not creation of value

05 August 2002 © MazarsEquity Housing Group: Risk Management 6 Why bother with Risk Management? Compliance with law and regulations Helps with the business planning process Reduced “fire-fighting”

05 August 2002 © MazarsEquity Housing Group: Risk Management 7 There are two types of Risk STRATEGIC RISK – Risks which need to be taken into account in judgments about the medium to long term goals and objectives of the organisation – BOARD FOCUS SHOULD BE ON THESE RISKS OPERATIONAL RISK – Hazards and risks which managers and staff will encounter in their daily course of work

05 August 2002 © MazarsEquity Housing Group: Risk Management 8 What is Risk Management? Risk Management is about asking three questions: What might stop Equity from achieving its objectives (i.e what is the risk?) How big is the risk? What are we doing about the risk, and what else should we be doing about the risk?

05 August 2002 © MazarsEquity Housing Group: Risk Management 9 Basic Steps towards Risk Management Risk Identification Risk Identification Risk Quantification Risk Quantification Risk Management Risk Management

05 August 2002 © MazarsEquity Housing Group: Risk Management 10 Step 1 - Risk Identification There are many different ways of categorising risks... Types of Risk Governance and mgmt People Financial Operations Hsg/ Maint I.T. External

05 August 2002 © MazarsEquity Housing Group: Risk Management 11 Step 2 - Risk Quantification Impact - a measure of the potential impact or damage a risk will cause. Likelihood - a measure of the likelihood of a risk occurring.

05 August 2002 © MazarsEquity Housing Group: Risk Management 12 Step 2 - Risk Quantification Housekeeping risks - Highly likely to happen, little impact. Require routine management Primary risks - Highly likely to happen and high severity. These require primary attention Non threateningContingency risks - Unlikely to happen but serious if they do happen. ‘Catastrophic events’. HIGH LOW HIGH Likelihood Impact

05 August 2002 © MazarsEquity Housing Group: Risk Management 13 Step 3 - Risk Management

The Building Blocks

05 August 2002 © MazarsEquity Housing Group: Risk Management 15 The Building Blocks Risk management strategy Risk register On-going review of risks

05 August 2002 © MazarsEquity Housing Group: Risk Management 16 Risk Management Strategy Board’s policy on risk Considers what the organisation is doing to manage risk Considers responsibilities for risk Requirements to review risk assessment by relevant groups

05 August 2002 © MazarsEquity Housing Group: Risk Management 17 Risk Register This is used to document: –Identified risks, and their effect on Equity –how the risks are controlled –responsibility for each risk –actions required –progress

Practicalities: Who does what?

05 August 2002 © MazarsEquity Housing Group: Risk Management 19 Three Lines of Defence Model Business operations Internal and External Audit 1 st line of Defence 2 nd line of Defence 3 rd line of Defence Risk Divisional, Corporate Oversight Functions Operational processes, project risk and control activity, business level monitoring Business planning, policy and procedure setting, functional oversight - Finance, Environment, Health & Safety, IT Monitor compliance and provide independent challenge and assurance Executive Managers Audit Committee Board

05 August 2002 © MazarsEquity Housing Group: Risk Management 20 Practicalities: Who does what? First line – day to day Second line – oversight functions Third line – independent assurance

05 August 2002 © MazarsEquity Housing Group: Risk Management 21 Practicalities: Who does what? First line –Rests with the business operations which perform the day-to-day risk management activity –Control through established processes and project management controls

05 August 2002 © MazarsEquity Housing Group: Risk Management 22 Practicalities: Who does what? Second line –Provided by oversight functions for Equity, currently at corporate level, e.g. Standards and Innovation, Finance, HR… –They provide assurance by ensuring that policies or procedures issued are followed.

05 August 2002 © MazarsEquity Housing Group: Risk Management 23 Practicalities: Who does what? Third line –Internal Audit and External Audit –Offering independent challenge to assurance provided by business operations and oversight functions

05 August 2002 © MazarsEquity Housing Group: Risk Management 24 Practicalities: Who does what? Role of the Board: –Overall responsibility Role of Audit and Risk Committee –Review strategic risk regularly –Receive report on risk action plans –Question the executive team –Provide assurance to Board

05 August 2002 © MazarsEquity Housing Group: Risk Management 25 Practicalities: Who does what? Head of Risk (David Fisher): –Oversight of maintenance of risk map –Produce updates for Board on strategic risks –Other as per his role?? Risk owners (operational management): –Discuss risk register and progress on action regularly at team meetings

Feedback and conclusions