equity housing group

Equity Housing Group

Risk Management

05 August 2002 © Mazars Equity Housing Group: Risk Management2

Agenda

• Introduction: what is Risk Management?

• The Building Blocks

• Practicalities: Who does what?

• Feedback and conclusions

Introduction

What is Risk Management?


Risk - Definition

RISK is :

“…..the chance of something happening that will have an impact on objectives.”

Risks may be

• events with the potential for adverse effects (e.g. risk of fire)• events which provide opportunity to achieve better

outcomes (e.g. risk of not changing the way things are done to be more efficient)


Wrong assumptions about Risk

• Something for finance and insurance to worry about

• Risk is an annual compliance issue

• Just another corporate initiative

• Risk Management is about downside (i.e. bad things), not

creation of value


Why bother with Risk Management?

• Compliance with law and regulations

• Helps with the business planning process

• Reduced “fire-fighting”


There are two types of Risk

• STRATEGIC RISK– Risks which need to be taken into account in

judgments about the medium to long term goals and objectives of the organisation

– BOARD FOCUS SHOULD BE ON THESE RISKS

• OPERATIONAL RISK– Hazards and risks which managers and staff will

encounter in their daily course of work


What is Risk Management?

Risk Management is about asking three questions:

• What might stop Equity from achieving its objectives (i.e

what is the risk?)

• How big is the risk?

• What are we doing about the risk, and what else should

we be doing about the risk?


Basic Steps towards Risk Management

Risk

Identification

Risk

Identification

Risk

Quantification

Risk

Quantification

Risk

Management

Risk

Management


Step 1 - Risk Identification

There are many different ways of categorising risks...

Types of Risk

Governance and mgmt

People

Financial

OperationsHsg/ Maint

I.T.

External


Step 2 - Risk Quantification

• Impact - a measure of the potential impact or damage a risk will cause.

• Likelihood - a measure of the likelihood of a risk occurring.


Step 2 - Risk Quantification

Housekeeping risks -

Highly likely to happen, little impact. Require routine management

Primary risks -

Highly likely to happen and high severity. These require primary attention

Non threatening Contingency risks -

Unlikely to happen but serious if they do happen. ‘Catastrophic events’.

HIGH

LOW

LOW HIGH

Likelihood

Impact


Step 3 - Risk Management

The Building Blocks


The Building Blocks

• Risk management strategy

• Risk register

• On-going review of risks


Risk Management Strategy

• Board’s policy on risk

• Considers what the organisation is doing to manage risk

• Considers responsibilities for risk

• Requirements to review risk assessment by relevant groups


Risk Register

• This is used to document:

– Identified risks, and their effect on Equity– how the risks are controlled– responsibility for each risk– actions required– progress

Practicalities: Who does what?


Three Lines of Defence Model

Businessoperations

Internal and External Audit

1st line of Defence

2nd lineof Defence

3rd line of Defence

Risk

Risk

Risk

Divisional, CorporateOversight Functions

Operational processes, project risk and control activity, business level monitoring

Business planning, policy and procedure setting, functional oversight - Finance, Environment, Health & Safety, IT

Monitor compliance and provide independent challenge and assurance

Executive Managers

Audit Committe

e

Board



• First line – day to day

• Second line – oversight functions

• Third line – independent assurance



• First line

– Rests with the business operations which perform the day-to-day risk management activity

– Control through established processes and project management controls



• Second line

– Provided by oversight functions for Equity, currently at corporate level, e.g. Standards and Innovation, Finance, HR…

– They provide assurance by ensuring that policies or procedures issued are followed.



• Third line

– Internal Audit and External Audit

– Offering independent challenge to assurance provided by business operations and oversight functions



• Role of the Board:

– Overall responsibility

• Role of Audit and Risk Committee

– Review strategic risk regularly– Receive report on risk action plans– Question the executive team– Provide assurance to Board



• Head of Risk (David Fisher):

– Oversight of maintenance of risk map– Produce updates for Board on strategic risks– Other as per his role??

• Risk owners (operational management):

– Discuss risk register and progress on action regularly at team meetings

Feedback and conclusions

equity housing group

Documents