Search

Already renting from us?

Sign up to connect

Adactus Housing Association

If this is not what you're looking for, click here for related information.

Last updated 22/02/2018

View a printable version of this document

Group Risk Management Policy

  • Introduction

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        6 + 2 = ?:

    Risk is defined as an event that can have a negative impact. Conversely an event that can have a positive impact is an opportunity. Risks and opportunities are inevitably intertwined. In general, risks involving people and organizations occur because an opportunity is being sought. There are risks and opportunities associated with current activities together with anything new and untried. The Group wants to embrace new opportunities and recognises that it will rarely be possible to remove risk associated with new opportunities completely.

    The Group's aim is to identify, manage and minimise, rather than eliminate, risks which may prevent the organisation achieving its objectives. The identification and management of risk is on-going and occurs as changes are made to how the Group operates and to the external environment in which it works.

    This Risk Management Strategy articulates how the Group manages risk and reflects the evolution of its approach, in line with that of the sector and takes into account the principles outlined by the sector’s Regulator.

    Central to the Group's strategic approach is its processes and framework for risk management. The Group is committed to embedding risk management throughout the organisation and its systems and controls are designed to ensure that exposure to significant risk is properly managed. The Group Board sets internal policy on risk (via this document) and other internal controls. Additionally it has responsibility for determining the strategic direction and via its committees providing oversight of risk management.

    The management of risk is a continuous process that is linked to the Group’s annual business planning cycle and is designed to identify and prioritise the risks to the achievement of policies, aims and objectives.

    This Risk Management Strategy outlines in detail the arrangements and processes by which the Group identifies, categorises, assesses and addresses risks. Under it, the key risks facing each part of the Group are regularly reviewed and assessed, together with the steps to avoid or mitigate those risks.

    Whilst this strategy document sets out defined processes for managing risk, the Group recognises that successful risk management can only be accomplished on a day-to-day basis by staff at all levels.

  • Overview

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        8 + 10 = ?:

    The Group’s approach is to assess risk in respect of the combination of likelihood of something happening and the impact that arises if it does happen. 

    The resources available for managing risk are finite and so it is the aim of the Group to achieve an optimum response to risk and to identify priorities in accordance with the evaluation of the risks.  The term ‘risk appetite’ is used to refer to the amount of risk which the organisation is prepared to accept, tolerate, or be exposed to at any point in time.

    Risk management is the process by which:

    • risks are identified in relation to the achievement of objectives;
    • risks are assessed by reference to  their relative likelihood and impact;
    • the identified risks are responded to, taking into account the organization’s assessment and tolerance; and
    • risks are reviewed and reported – to ensure the risk register is up to date, to gain assurance that responses are effective, and identify when further action is necessary.

    The goals of risk management are:

    • to take a proactive approach, anticipating and influencing events before they happen;
    • to facilitate better informed decision making; and
    • to improve contingency planning.

    The Group’s approach to risk management is based around assessment, evaluation, management and measurement, as follows:

    • Assess – identify important parts of the business – service, staff, finance
    • Evaluate – consider what risks each of these face and are they operational or external, set out in a risk register.
    • Manage – what can we do to minimise the risk
    • Measure – score the risk.

    It is essential that the risk management process is intertwined with other operating activities and permeates the Group’s management and operations.

     

  • Categorising Risk

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        5 + 6 = ?:

    The risk categories are intended to provide a means of grouping related risks within the risk register, as risks are commonly not entirely independent from each other.

    The main risk categories are:

    • External - arising from the external environment, not wholly within the Group’s control but where action can be taken to mitigate the risk;
    • Operational - relating to the successful execution of existing operations – both current delivery and building and maintaining capacity and capability; and
    • Change - risks created by decisions to pursue new endeavours beyond current capacity.

    Examples of categories:

    • External: Political, Economic, Social Cultural, Technological, Legal, Environmental Regulation.
    • Operational : Delivery, Capacity, Capability
    • Change : New projects, Policies, Change programmes
  • Assessing Risks

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        2 + 4 = ?:

    There are three important principles for assessing risks:

    • ensure that there is a clear structure to the process so that both likelihood and impact are considered for each risk;
    • record the assessment of risk in a way which facilitates monitoring and the identification of risk priorities; and
    • be clear about the difference between inherent and residual risk.

    To evaluate risks, all risks are scored in terms of their likelihood and potential impact using the following scale.

    The score for the likelihood and impact are then multiplied to give an overall risk assessment. 

      Likelihood

      Impact

      Score 

     

      Score 

     

      5

      Almost Certain  

      5

      Catastrophic 

      4

      Likely

      4

      Major

      3

      Possible

      3

      Moderate

      2

      Unlikely

      2

      Minor

      1

      Rare

      1

      Insignificant

  • Risk Appetite

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        6 + 10 = ?:

    The aim of the Risk Management Strategy is not to remove all risk but to recognise that some level of risk will always exist. It is recognised that taking risks in a controlled manner is fundamental to innovation and the building of a can-do culture which is fundamental to the continued success of the Group.

    Risk appetite is the amount of risk that the organisation is prepared to accept, tolerate or be exposed to at any point in time. Risk appetite can be expressed as a boundary, above which the organization will not tolerate the level of risk and further actions must be taken:

     Impact Severity

     Impact

     multiplier

    Assessment of risk

    Impact multiplier x Likelihood multiplier (see below)

     Catastrophic

     5

     5

     10

     15

     20

     25

     Major

     4

     4

     8

     12

     16

     20

     Moderate

     3

     3

     6

     9

     12

     15

     Minor

     2

     2

     4

     6

     8

     10

     Insignificant

     1

     1

     2

     3

     4

     5

     

     Multiplier

     1

     2

     3

     4

     5

     Likelihood

     Rare

     Unlikely

     Possibly

     Likely

     Almost Certain

     

     Key

     Severe

     20-  25  

     Unacceptable level or risk exposure which requires immediate corrective action to be taken.

    Major

     16-
     20

     Unacceptable level or risk exposure which requires constant active monitoring and measures to be put in place to reduce  exposure.

     Moderate

     11-
     15

     Acceptable level or risk exposure subject to regular active monitoring measures.

     Minor

     6-
     10

     Acceptable level of risk subject to regular passive monitoring measures.

     Insignificant  

     1- 
     5

     Acceptable level of risk subject to periodic passive monitoring measures.

     

    The risk appetite is monitored by the inherent and residual risk assessment figures. Generally the Group's policy is to manage closely all residual risks scoring 16+ and it will not wish to tolerate risks scoring 20+.

    The Group’s risk appetite is not necessarily static. The Board may vary the amount of risk which it is prepared to take depending on the circumstances.

    The Board has agreed to focus on monitoring of risks with a score of 16 or more and have delegated to Performance, Scrutiny and Audit Committee the review and monitoring of the whole risk register on a quarterly basis.

  • Risk Roles and Responsibilities

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        8 + 5 = ?:

    Responsibility for each risk must be assigned to an owner who is responsible for ensuring the risk is managed and monitored over time.

    Risk Register/Corporate Risk Map

    The Risk Register documents the risk assessment in order to: 

    • facilitate the identification of risk priorities;
    • capture the reasons for decision made about what is and is not tolerable exposure;
    • record the way in which it is decided to address risk;
    • allow all those concerned with risk management to see the overall risk profile and how their areas of particular responsibility fit into it; and
    • facilitate the review and monitoring of risks

    In order to provide the Board with clarity with respect to the level of inherent risk, the output from the risk register has been represented in tree-map form as a Corporate Risk Map to ensure risks are well understood and to encourage focus on those risks with a high risk score.  This Corporate Risk Map is published on quarterly basis to board members and is also available to tenants and other stakeholders via the web as a dynamic, interactive document.

    The Corporate Risk Map themes risks to enable Board to view the cumulative risk associated with a business activity.  Current themes are as follows:

    • Contractual
    • Development
    • Financial
    • Governance
    • Grant income
    • Legal
    • Regulatory
    • Rental income
    • Reputational
    • Safety
    • Service delivery
    • Strategic
    • Treasury

     

    For major change projects, the risks identified, their assessment, the response to each and the risk owner is documented on the risk register.

    Reviewing and reporting risks

    The management of risks has to be reviewed and reported on for two reasons: 

    • to monitor whether or not the risk profile is changing; and
    • to gain assurance that risk management is effective, and to identify when further action is necessary. 

    The review process will: 

    • ensure that all aspects of the risk management process are reviewed at least once a year;
    • ensure that identified risks themselves are subject to review at least quarterly; and
    • identify new risks and changes in already identified risks so that the change can be appropriately addressed.
       

    The Risk Management Strategy will be reviewed once a year, initially by the Senior Management Team, followed by the Board.

    The Risk Register is a live document.  Staff and Board members are encouraged to notify the Senior Management Team at any stage of potential changes to the register.

    The register will be formally reviewed and updated quarterly by the Senior Management Team.  The updated register will then be reviewed quarterly by the Performance, Scrutiny and Audit Committee with key changes reported to Board.

    The risk management processes described in this document operates in the context of a wider assurance framework within the Group. 

    Each risk is assessed twice.  Firstly the ‘INHERENT’ risk which is the exposure arising from a specific risk therefore mitigating action has been take to manage it.

    Secondly the ‘RESIDUAL’ risk which is the exposure arising from a specific risk after action has been taken to manage it and making the assumption that the action is effective.

    Evaluation of risk

    When evaluating risk, the following criteria need to be considered: 

    • Financial and value for money issues;
    • Human resource issues – capacity, relations and others;
    • Service delivery and quality of service issues;
    • Public concern, trust or confidence issues;
    • Degree and nature of risks to the public;
    • Reversibility or otherwise of realisation of risks;
    • The impact of the risk on the Group (including its reputation), stakeholders and the public; and
    • Defensibility of realisation of the risk.

    The impact descriptors are only an indication of the probable effect on the Group if the risk occurs; they are not hard and fast rules.  It is essential that staff use their knowledge and judgement when deciding on the score for impact.

    In particular when assessing financial impact staff and Board members should take account of the potential cumulative effect of what might be considered smaller sums on the overall resource constraints of the organisation.

    A summary of the likelihood descriptors is as follows:

    Almost certain:  Likelihood greater than 75%

     

    Very likely

     

    The event is expected to occur in most circumstances

     

    There could be a history of regular occurrences, i.e. on an annual basis; and

     

    If new event, likelihood of occurrence regarded as almost in evitable

     

     

    Likely:   Likelihood greater than 50%

     

    There is a strong possibility the event or risk will occur

     

    There may be a history of frequent occurrences

     

    Everyone with knowledge of issues in this area knows this could happen

     

    No or little effective measures to reduce likelihood can be and /or have been taken; and

     

    Will probably occur in most circumstances

     

     

    Possible:  Likelihood between 10% and 50%

     

    The event might occur at some time

     

    There could be a history of casual occurrence

     

    Most of the team know that the risk might occur; and

     

    Measures that reduce likelihood have been taken but are not fully effective

     

     

    Unlikely:   Likelihood between 1% and 10%

     

    Not expected, but there’s a slight possibility it could occur at some time

     

    Some of the team consider this a risk that might occur

     

    Conditions exist for this loss to occur; and

     

    Probably requires more than two coincident events

     

     

    Rare:  Likelihood less than 1% likelihood

     

    Highly unlikely, but may occur in exceptional circumstances

     

    It could happen, but probably never will

     

    No experience of a similar failure

     

    Probably requires three or more coincident events; and

     

    • If it has happened, sufficient controls now in place

  • Impact Descriptors

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        8 + 6 = ?:

     Description

     Financial  Impact

     Health & Safety

     Asset  Loss

     Business  Interruption

     Reputation and image

     Corporate  Objectives/Performance

     Intervention

     Insignificant

     <£50k

     No or only minor  personal injury.  First Aid needed,  but no days lost

     Little or  no  impact  on  assets

     Interruption  negligible;  less than ½  day. Critical  systems  unavailable  for less than  one hour

     Minor article in local media or  lobby group website (story  unsubstantiated)

     Workaround required,  within Group resources,  to deliver objective. Up  to 5% variation in  achievement of  corporate targets.

    Relevant  Manager   intervenes

     Minor

     <£100k

     Minor injury,  medical treatment    and some days lost

     Minor  loss or  damage  to assets

     Interruption  inconvenient;  ½ -1 day.  Critical  systems  unavailable  for several  hours

     Headline article in local media  or  housing press, minor article  in  national media  (Substantiated  story)

     Additional resources  requiring Senior Team  authorisation or delay in  achieving part of  objective Minor shortfall  in several categories or  major shortfall in one  category 5 – 10 %  variation in achievement  of corporate targets

    Assistant  Director  intervenes,

    Director informed

     Moderate

     <£300k

     Serious Medical  treatment  hospitalisation and  numerous days lost

     Major  damage  to assets

     Interruption 1  day – 1 week  Client  dissatisfaction;  Critical  systems  unavailable for  up to 1 day

     Headline article in national  media (story substantiated and  publicly embarrassing)

     Major compromise in  objectives. Major shortfall  in several categories 10  – 25% variation in  achievement of corporate  targets

    Director  intervenes,

    Chief Executive informed

     Major

    <£1m

     Single death or  extensive injuries  or long term illness

     Significant  loss of  assets

     1 week – 1  month Critical  systems  unavailable for  1 day or a  series of  prolonged  outages.

     Short term campaign in national  media (story substantiated,  publicly embarrassing with third  party actions)

     Elements of objective  abandoned fail to meet  needs of a housing need  category 25 – 50%  variation in achievement  of corporate targets

    Chief  Executive  intervenes, 

    Board informed

     Catastrophic

     >£1m

     Multiple deaths or  severe permanent  disabilities

     Complete  loss of  assets

     Interruption  more than 1  month.  Critical  systems  unavailable  for more than  a day (at a  crucial time)

     Prolonged national media  campaign or lobby group  campaign Story substantiated,  publicly embarrassment, with  third party action and  widespread news profile

     Unable to deliver  objective Widespread  failure to meet housing  needs more than 50%  variation in achievement  of corporate targets

    Board  intervenes

     

  • Addressing Risks

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        7 + 4 = ?:

    The purpose of addressing risks is to turn uncertainty to the Group’s benefit by constraining threats and taking advantage of opportunities.

    The appropriate response to each risk will depend on its nature and the outcome of the risk assessment.

    There are five key aspects of addressing risks

    TOLERATE:  The exposure may be tolerable without any further action being taken.  Even if it is not tolerable, the ability to do anything about some risks may be limited, or the cost of taken such action may be disproportional to the potential benefit gained. In these cases the response may be to tolerate the existing level of risk. 

    TREAT:  by far the greatest number of risks will be addressed in this way.  The purpose of treatment is that whilst continuing within the Group with the activity giving rise to risk, action (control) is taken to constrain the risk to an acceptable level. 

    TRANSFER:  for some risks the best response may be to transfer them.  This might be done by conventional insurance, or it might be done by paying a third party to take the risk in another way.  This option is particularly good for mitigating financial risks to assets. 

    TERMINATE:  some risks will only be treatable, or confinable to acceptable levels, by terminating the activities. 

    TAKE THE OPPORTUNITY:  his option is not an alternative to those above: rather it is an option which should be considered whenever tolerating, transferring or treating a risk. 

    Risk management – roles and responsibilities

    Board

    The Board has responsibility for ensuring that the Group fulfils the aims and objectives and for promoting the efficient and effective use of staff and other resources by the Group. 

    The Board shall demonstrate high standards of corporate governance at all times, including using the Performance, Scrutiny and Audit Committee to help the Board to address the key financial and other risks facing the Group. 

    The Board has responsibility for ensuring that the Group’s financial plans are sufficiently robust to manage potential scenarios that would increase cumulative risk to the business and shall demonstrate this through stress testing of annual 30 year financial plan. 

    Only risks with a residual level of 16 or more on the register are highlighted to the Board on a routine basis.

    Performance, Scrutiny and Audit Committee 

    The Performance, Scrutiny and Audit Committee is responsible for ensuring proper arrangements exist for risk management and internal control.  It considers and advises the Board on: 

    • The strategic processes and policies for risk, control and governance and Statement of Compliance, prior to endorsement by the Board;
    • The promotion, co-ordination and monitoring of risk management activities, including regular review and input to the corporate risk profile; and
    • Assurances relating to the adequacy and governance processes for the organisation, with particular reference to the management of key risks to the achievement of objectives and targets. 

    The Performance, Scrutiny and Audit Committee will be provided with: 

    • A report summarising and significant changes to the Group’s risk register for each meeting; and
    • The Group’s Risk Management Strategy and risk register and proposals for continuous improvement of the risk management process and culture as appropriate.

    Senior Management Team 

    In managing risk the Senior Management Team are responsible for ensuring that:

    •  A system of risk management is maintained to inform decisions on financial and operational planning and to assist in achieving objectives and targets;
    • The Board are involved in the risk management system; and
    •  The risk register. 

    This includes:

    • Setting and communicating the risk management strategy;
    • Providing leadership and direction over the risk register; and
    • Conducting an annual review of the effectiveness of the system of internal control in support of the Statement of Compliance. 

    The Senior Management Team is responsible for developing and implementing the process and maintaining the risk register document. 

    The Senior Management Team will facilitate discussion of risk with local and cross functional management teams as an integral part of the business plan process.

    Other directors, managers, and staff 

    Everyone with a line or project management role is responsible for assessing and communicating risks within their sphere of responsibility, including judging when a risk should considered for inclusion in the corporate risk register. 

    Risk Owners 

    Risk owners are responsible for ensuring that each risk assigned to her/him is managed and monitored over time. 

    All staff 

    Whilst this strategy document sets out defined processes for managing risk, successful risk management can only be accomplished on a day-to-day basis by staff. 

    At all levels through their working practices; it does not simply lie inert in corporate policies and management structures.  Risk management is part of every member of staff’s responsibilities and virtually everyone has a role in carrying out appropriate risk management by supporting risk identification and assessment, and designing and implementing risk responses.  This will be achieved through core briefings, team meetings and one to one sessions, etc.

    Internal Audit 

    Internal Audit plays a key role in evaluation the effectiveness of, and recommending improvements to, the risk management process.  This is based on the systematic review and evaluation of the policies, procedures and operations in place to: 

    • establish and monitor the achievement of the organisation’s objectives;
    •  identify, assess and manage the risks to achieving the organisation’s objectives;
    • advise on, formulate, and evaluate policy;
    • ensure the economical, effective and efficient use of resources;
    • ensure compliance with established policies (including behavioural and ethical expectations), procedures, laws and regulations;
    • safeguard the organisation’s assets and interests from losses of all kings, including fraud, irregularity or corruption; and
    • ensure the integrity and reliability of information, accounts and data, including internal and external reporting and accountability processes. 

    In addition, Internal Audit aims to add value through: 

    • supporting and facilitating the identification of risks and the development of processes and procedures to assess and effectively respond to risks;
    •  the identification and recommendation of potential process improvements;
    • the provision of advice to manage risks in developing systems, processes, projects and procedures and
    •  the provision of best practice advice to all sections of the Group; and encouraging best practice and engendering continuous improvement.
  • Glossary of Key Terms

    • print chapter
    • feedback
      • Please send Feedback

        Name:
        Email:
        Comment:
        8 + 10 = ?:

     Assurance

     An evaluated opinion, based on evidence gained from review, on the organisation’s governance, risk management and  internal control framework. 

     Exposure

     The consequences, as a combination of impact and likelihood, which may be experienced by the organisation if a specific  risks realised. 

     Impact

     The probable effect on the organisation if the risk occurs.

    Inherent risk

     The exposure arising from a specific risk before any action has been taken to manage it.

     Likelihood     

     The probability or chance of the risk occurring.

    Opportunity

     An event that can have a positive impact.

     Residual  risk                

     The exposure arising from a specific risk after action has been taken to manage it and making the assumption that the  action is effective. 

     Risk   

     Risk is defined as an event that can have a negative impact. 

     Risk  appetite            

     The amount of risk that an organisation is prepared to accept, tolerate, or be exposed to at any point in time. 

     Risk assessment

     The evaluation of risk with regard to the impact if the risk is realised, and the likelihood of the risk being realised progress.

     Risk  Management

     All the processes involved identifying, assessing and judging risks, assigning ownership, taking actions to mitigate or  anticipate them, and monitoring and reviewing progress. 

     Risk Register

     The documented and prioritised overall assessment of the range of specific risks faced by the organisation. 

Please send Feedback

Name:
Email:
Comment:
5 + 8 = ?:
  • 22/02/2018

    Updated by Sam Ryan on 22/02/2018 10:56:41

    Comment: edit document

    Details: (show)

    Chapter titled "Introduction" content changed.
    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Risk Appetite " content changed.
    Chapter titled "Assessing Risks " deleted.

    View Latest >
  • 22/02/2018

    Updated by Sam Ryan on 22/02/2018 10:51:36

    Comment: edit document

    Details: (show)

    Chapter titled "Introduction" content changed.
    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Risk Appetite " content changed.
    Chapter titled "Assessing Risks " deleted.

    Look back >
  • 18/03/2016

    Updated by Elesh Makwana on 18/03/2016 09:53:54

    Comment: Added 'Staff' tag.

    Details: (show)

    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Assessing Risks " deleted.
    New Tag assigned "Staff".

    Look back >
  • 14/03/2016

    Updated by Athanasios Protopapas on 14/03/2016 09:26:55

    Comment: Updated policy with changes approved at the February 2016 Board Meeting

    Details: (show)

    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Risk Roles and Responsibilities " content changed.
    Chapter titled "Impact Descriptors " content changed.
    Chapter titled "Assessing Risks " deleted.

    Look back >
  • 01/04/2015

    Updated by Sam Ryan on 01/04/2015 14:49:50

    Comment: table formatting

    Details: (show)

    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Assessing Risks" content changed.
    Chapter titled "Risk Appetite " content changed.
    Chapter titled "Risk Roles and Responsibilities " content changed.
    Chapter titled "Impact Descriptors " content changed.
    Chapter titled "Glossary of Key Terms " content changed.
    Chapter titled "Assessing Risks " deleted.

    Look back >
  • 01/04/2015

    Updated by Sam Ryan on 01/04/2015 13:41:23

    Comment: formatting tables

    Details: (show)

    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Assessing Risks" content changed.
    Chapter titled "Assessing Risks " deleted.

    Look back >
  • 01/04/2015

    Updated by Sam Ryan on 01/04/2015 13:31:27

    Comment: formatting text

    Details: (show)

    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Assessing Risks" content changed.
    Chapter titled "Risk Appetite " content changed.
    Chapter titled "Risk Roles and Responsibilities " content changed.
    Chapter titled "Impact Descriptors " content changed.
    Chapter titled "Assessing Risks " deleted.

    Look back >
  • 01/04/2015

    Updated by Sam Ryan on 01/04/2015 13:12:39

    Comment: formatting text

    Details: (show)

    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Assessing Risks" content changed.
    Chapter titled "Risk Appetite " content changed.
    Chapter titled "Risk Roles and Responsibilities " content changed.
    Chapter titled "Impact Descriptors " content changed.
    Chapter titled "Addressing Risks " content changed.
    Chapter titled "Glossary of Key Terms " content changed.
    Chapter titled "Assessing Risks " deleted.

    Look back >
  • 01/04/2015

    Updated by Sam Ryan on 01/04/2015 12:26:21

    Comment: updated text

    Details: (show)

    Chapter title changed from "Introduction" to "Overview".
    Chapter titled "Overview" order changed from "1" to "2".
    Chapter titled "Overview" content changed.
    Chapter title changed from "Introduction" to "Categorising Risk ".
    Chapter titled "Categorising Risk " order changed from "1" to "3".
    Chapter titled "Categorising Risk " content changed.
    Chapter titled "Risk Roles and Responsibilities " content changed.
    Chapter titled "Impact Descriptors " content changed.
    Chapter titled "Addressing Risks " content changed.
    Chapter titled "Glossary of Key Terms " content changed.
    Chapter titled "Assessing Risks " deleted.

    Look back >