This strategy came into effect in March 2011 by HM Inspectorate of Education after consideration by HMIE Senior Management Group. It supersedes all previous versions. HMIE Risk Management Strategy 1. Risk Management is widely recognised as an essential element of corporate governance. This policy aims to support successful achievement of HMIE’s core purpose and three strategic objectives: providing public assurance and accountability; informing national policy; and promoting effective practice 2. To maximise the likelihood of success of this strategy, all risks must be identified and managed and where possible exploited as opportunities for innovation and improvement. Risk management principles 3. HMIE will promote a positive risk management culture within the Inspectorate and endeavour to ensure that all staff are aware of the nature and type of risk associated with their particular areas of work. To achieve this, risk management activities will: be fully integrated into our business planning processes and undertaken in accordance with good practice principles; enable the identification, evaluation and management of risks to ensure that they are reduced to an acceptable level or responded to constructively; anticipate and respond, wherever possible, to changing social, environmental, financial, political and legislative requirements, realising the opportunities these afford; be monitored and reviewed on a regular basis; enable a preparedness to respond quickly and effectively to opportunities for improvement or when things go wrong. Risk classification 4. Risks will be classified in one of four ways: Corporate level: overarching, high level risks which could impact on most or all of the organisation; Directorate owned corporate level: risks related to a specific Directorate which could impact on most or all of the organisation; Directorate specific: risks related to a specific Directorate generally related to their sectoral or cross-cutting responsibilities; or Task specific: risks associated with a particular task. Corporate responsibility 5. The Corporate Services Director has overall responsibility for risk management. The Business Management and Communications Team Manager Version 1.4 3 Mar 11 to MB This strategy came into effect in March 2011 by HM Inspectorate of Education after consideration by HMIE Senior Management Group. It supersedes all previous versions. (BMCT Manager) will chair the Risk Management Group which is responsible for the formulation, implementation and review of the risk management policy and strategy. Operational responsibilities 6. Annex B sets out the operational reporting mechanisms for all risks. The mechanisms should use the following principles: Responsibility for identifying and managing risks will be a key aspect of leadership and management at all levels. All staff need to have a heightened awareness of risk as part of their day-to-day working. Distributed leadership entails that risks are managed at the lowest level at which an individual member of staff has the authority, responsibility and resources to take action. All staff in identified leadership and/or management roles will be responsible for encouraging openness and honesty in the reporting and escalation of risks and in good risk management practice within their directorates. Executive groups, are responsible for identifying, managing and reviewing risks related to their work and the effectiveness of actions to control these risks. Task Managers are responsible for identifying and managing task specific risks on an ongoing basis. Directorate HMACIs and Business Managers will oversee this process. Implementation, quality assurance and reporting procedures 7. The Risk Management Group will: oversee risk management processes and provide an advisory role accessible to all staff; monitor and review the effectiveness of the Risk Management Policy and strategy; formally report to SMG and the Audit and Risk Committee on the outcomes of the review of corporate level risks three times per year. 8. Members of the Risk Management Group (BMCT Manager, ACI/OSD, Directorate Business Managers) will undertake regular sample reviews of risk entries in the Business Planning Tool as part of the business planning process. 9. HMSCI/HMCI business planning/update meetings will include a review of Corporate and Directorate level risks by exception. 10. Where a Directorate level risk occurs that is not able to be managed by that Directorate, the matter will be raised with SMG. Likewise, where a risk occurs within a task that is not able to be managed by the Task Manager or Directorate HMACI, the matter will be reported to the relevant HMCI, who, if unable to manage, will report to SMG for consideration. Version 1.4 3 Mar 11 to MB This strategy came into effect in March 2011 by HM Inspectorate of Education after consideration by HMIE Senior Management Group. It supersedes all previous versions. Review arrangements for policy, including date of next formal review 11. This policy will be reviewed in insert date two years after strategy has been approved.. Contact arrangements to enable feedback 12. Any comments or queries on this policy should be addressed to: Business Management and Communications Team, HM Inspectorate of Education, 2nd Floor, Denholm House, Almondvale Business Park, Almondvale Way, Livingston EH54 6GA. Telephone 01506 600265 Email: PS/HMI@hmie.gsi.gov.uk Version 1.4 3 Mar 11 to MB This strategy came into effect in March 2011 by HM Inspectorate of Education after consideration by HMIE Senior Management Group. It supersedes all previous versions. Annex A HMIE Risk Management Group Membership Membership of the Group will normally comprise: Business Management and Communications Team Manager (BMCT Manager) (Chair) Two HMI advisors Directorate representatives (Business Managers for all Directorates and SMG) ISU Manager Finance Manager Frequency of meetings Normally three meetings a year. These meetings will be held in advance of the HMIE Audit and Risk Committee meetings. Any other business between these meetings will be considered by email or an additional meeting can be arranged if required. Annex B sets out the suggested agenda for each meeting. Quorum A minimum of 5 members must be present for a meeting to be quorate. Secretariat Finance Manager Version 1.4 3 Mar 11 to MB This strategy came into effect in March 2011 by HM Inspectorate of Education after consideration by HMIE Senior Management Group. It supersedes all previous versions. Annex B Risk Management Group – objectives and remit The HMIE Risk Management Group exists to support the Accountable Officer and Audit and Risk Committee in these activities. It leads on the formulation, implementation and review of the risk management policy and strategy. The Group’s objectives are to: provide support and comfort to the Accountable Officer on risk-related matters; support the integration of risk management into the culture of the Inspectorate; and evaluate the effectiveness of strategies to manage risk. To achieve these objectives, the Group will: act as risk management champions in their own directorate; maintain and oversee risk management processes and provide an advisory role accessible to all staff; establish monitoring arrangements and appropriate review procedures; and provide Senior Management Group and Audit and Risk Committee with progress reports on risk management performance. Meetings will therefore require to consider the appropriateness and adequacy of the Inspectorate’s risk management policy; review overall performance in relation to risk management; discuss risk management performance following completion of the annual business planning round; and confirm appropriate report content for Senior Management Group and Audit and Risk Committee. Examples of material that may be provided for meetings: Risk management policy Risk register – Corporate, Directorate and task level Risk register completion guidelines HMIE intranet material Reporting outcome of meetings The Group will provide: regular reports to the Senior Management Group and Audit and Risk Committee on the organisation’s performance relating to risk management Version 1.4 3 Mar 11 to MB This strategy came into effect in March 2011 by HM Inspectorate of Education after consideration by HMIE Senior Management Group. It supersedes all previous versions. Annex D Risk Management Group: Agenda Planner Block 1 Review the Inspectorate’s Corporate level risk management performance for the previous year and consider proposals for the coming year. Directorate Business Managers, in consultation with CIs, to provide a report on the performance of the directorate on how well risks have been managed for the previous business planning year and provide a brief on the tasks/risks for the coming year. Review risk management policy and guidance. Review risk management group entry on intranet. Agree report content for SMG and Audit and Risk Committee. Block 3 Corporate level risks – SMG BM to provide the group with a overview of corporate level risks, including changes and management of risks. Directorate/task level risks – Directorate Business Managers, in consultation with CIs, to provide an overview of the risks so far in the year. Particularly focusing on the management of risks so far. Good practice should be identified and shared. Agree report content for SMG and Audit and Risk Committee. Certificates of Assurance to be discussed. Block 4 Corporate level risks – SMG BM to provide the group with a overview of corporate level risks, including changes and management of risks. Directorate/task level risks – Directorate Business Managers, in consultation with CIs, to provide an overview of the risks so far in the year. Particularly focusing on the management of risks so far. Good practice should be identified and shared. Consider any required changes to risk management guidance. Certificates of Assurance to be finalised in advance of submission to Audit and Risk Committee. Agree report content for SMG and Audit and Risk Committee. Version 1.4 3 Mar 11 to MB This strategy came into effect in March 2011 by HM Inspectorate of Education after consideration by HMIE Senior Management Group. It supersedes all previous versions. Directorate owned Corporate and Directorate Corporate Reported to CS Director SMG Exceptions Overdue milestones CIs Overdue performance measures CIs Task manage rs Task Quarterly report BPMT Reports used Reviewed by CS Team Leaders How? When? Managed by Level of risk Annex D – operational reporting mechanisms for risks Directorate Executive Groups (DEGs) Directorate Executive Groups (DEGs) SCI SCI At SCI All reports update meeting At SCI All reports update meeting Comments Content report/meeting CS Team Leaders to review relevant risks and amend where necessary. Review the Inspectorate’s corporate level risk management performance for the previous year and consider proposals for the coming year. CIs who own corporate level risks including those owned by the directorate to review relevant risks and amend where necessary. SMG BM to review all corporate level risks and prepare a quarterly/block report for SMG. Chief Inspectors to discuss the Directorate Level risks with the DEG. Alert SMG to any changes to risks. Changes to risks Management of risks CI will then discuss exceptions with SCI at end of block meeting. BMs to collate information on the progress being made against each task and prepare full report for DEG. DEG will then discuss the risks and amend if appropriate. CI will then discuss exceptions with SCI at end of block meeting. Version 1.4 3 Mar 11 to MB of Exceptions Changes to risks Management of risks Exceptions