1
RISK MANAGEMENT POLICY
CONTENTS
1 – STATEMENT OF PURPOSE ... 2
2 – DEFINITIONS ... 2
3 – RISK TOLERANCE ... 3
4 – RISK MANAGEMENT ... 3
5 – RISK IDENTIFICATION & ASSESSMENT ... 3
6 – RISK MONITORING & CONTROL ... 3
7 – RISK RESPONSE ... 4
8 – RISK AVOIDANCE ... 4
9 – RISK RETENTION ... 4
10 – RESPONSIBILITIES ... 4
11 – PROCEDURE ... 5
12 – IMPLEMENTATION AND REVIEW ... 6
13 – RISK MANAGEMENT CHECKLIST ... 7
Drafted by Denis McEvoy Approved by Board on November 2014Responsible person Station Manager Scheduled review date May 2015 Version Version 1
1 – STATEMENT OF PURPOSE
92.5 Phoenix FM, hereafter referred to as ‘the Station’, will endeavour to minimise the risk any particular operation poses to our organisation, our staff, our volunteers, our clients, or the general public. Risks are inherent in all projects. They can be transferred, accepted, managed, minimised or shared, but must not be ignored.
There is no shortage of publications about risk, nor is there any shortage of software for risk analysis and risk assessment. Risk management needs a structured approach for
identifying, assessing, managing, tracking, reporting, and allocating risk across a business at corporate, operational and project levels – it is a tool, not a solution. The technique used with common sense linked to knowledge, expertise, and information, should enable the delivery of services with greater certainty.
Risk management is not a process for avoiding risk; when used effectively it can allow an organisation to take on activities that have a higher level of risk, and therefore could deliver greater benefit, because the risks have been identified, understood, and managed; the residual risk is thereby lower.
Risk management is not just negative (ensuring that bad things are less likely to happen), but also positive (making it more likely that good things will happen); the basis of business is to balance.
Once a risk is identified and defined, it ceases to be a risk; instead it becomes a management problem.
Decisions about risk need to be balanced so that the potential benefits are worth more to the organisation than it costs to address the risk.
The purpose of this document is to identify applicable risks and to enable risk management procedures to be satisfactorily identified, organised and maintained.
2 – DEFINITIONS
Riskis the probability that an occasion will arise that presents a danger to our organisation, our staff, our volunteers, our clients, or the general public. It includes, but is not limited to,
Physical hazards Financial hazards Reputational hazards Legal hazards
3 3 – RISK TOLERANCE
The amount of risk the Station is prepared to tolerate, or ‘risk appetite’ will vary according to the risks, the timing, the risk attitude, the potential reward. The Station may be prepared to take comparatively large risks in some areas and none in others.
Each project the Station undertakes will have a risk tolerance, for example if the contingency allowance for a project has been spent and the project is only half complete, then the
tolerance level will be low.
4 – RISK MANAGEMENT
The aim of risk management is to ensure that risks are identified at project inception, their potential impacts allowed for and where possible, the risks or their impacts minimised. Risk management is a planned and systematic process consisting of:
• Identification to determine what the risks are
• Assessment: to determine the likelihood of the risks occurring and their potential impacts, and
• Monitoring and control: to identify options for dealing with risks or their impacts and monitor implementation of the preferred options.
5 – RISK IDENTIFICATION & ASSESSMENT
Successful risk management depends on accurate risk identification. The purpose of risk assessment is to understand and quantify the likelihood of occurrence and the potential impacts on the Station. Various analytical techniques are available, but the key features are: • Qualitative assessment – to describe and understand each risk and gain an early indication of the more significant risks, and
• Quantitative assessment – to quantify the probability of each risk occurring and its potential impact in terms of cost, time and performance.
6 – RISK MONITORING & CONTROL
Care will be taken when considering the management actions available to ensure that the potential impact of each risk is not outweighed by the direct costs to the Station from: • The cost of reducing the risk
• All management and administrative time, consultants’ fees and other charges associated with managing and dealing with the risk.
7 – RISK RESPONSE
A risk response will only be decided after its possible causes and effects have been considered and fully understood. It will take the form of one or more of the following management actions:
• avoidance;
• reduction (including elimination); • transfer; or
• retention (including sharing).
Risks will be allocated to those best placed to manage them.
8 – RISK AVOIDANCE
Where risks have such serious consequences on the project outcome that make them totally unacceptable in the context of the Station’s objectives, risk avoidance measures might include a review of the project objectives and a re-appraisal of the project, perhaps leading to the replacement of the project, or its cancellation.
9 – RISK RETENTION
Risks that are not transferred or avoided are retained by the Station although they may have been reduced or shared.
These risks must continue to be managed by the Station to minimise their potential impact.
10 – RESPONSIBILITIES
92.5 Phoenix FM has a duty to provide a safe workplace for its staff and volunteers, a safe environment for its clients, and a reliable development path for the organisation. 92.5 Phoenix FM will put procedures in place that will as far as possible ensure that risks are minimised and their consequences averted.
It is the responsibility of the Board, with the assistance of the Station Manager, to carry out risk management analyses of the organisation, and to take appropriate measures.
It is the responsibility of the Station Manager to ensure that:
5 effective risk management procedures are in place, applicable to all relevant areas; risk management procedures are reviewed regularly;
recommendations arising out of the risk management process are evaluated and, if necessary, implemented; and
employees and volunteers are aware of all applicable risks and familiar with the organisation’s risk management procedures.
It is the responsibility of the Risk Management Officer to ensure that:
risk management analyses are carried out for all relevant sectors of the organisation’s work;
risk management checklists are prepared;
risk management checklists are reviewed regularly by relevant staff with the assistance of the Risk Management Officer to ensure that no risks have been overlooked;
risk management checklists are reviewed at least once a year to ensure that procedures are in place to avert the risk or, if that is not possible, to mitigate its impact; and
copies of up-to-date risk management checklists are kept in a central Risk Management Register.
It is the responsibility of all employees and volunteers to ensure that:
they are familiar with the organisation’s risk management procedures; they observe those risk management procedures; and
they inform their supervisor if they become aware of any risk not covered by existing procedures.
11 – PROCEDURE
The Risk Management Officer shall carry out risk assessment exercises; this should involve: identifying the risks attached to every element of the operation and the likelihood of
that risk eventuating;
identifying practices to avert those risks;
identifying practices to mitigate the effects of those risks; and
recording those risks, those precautions and those remedies in the form of deliverable checklists.
The Risk Management Officer shall ensure consistency of approach by ensuring that: each employee, Board member and volunteer of the organisation has available to
them all relevant risk management checklists;
risk management checklists are reviewed by the organisation at least once a year to ensure that no risks have been overlooked;
organisation’s Risk Management Register.
12 – IMPLEMENTATION AND REVIEW
12.1 Phoenix FM will ensure that this Policy and appropriate procedures are implemented, disseminated and kept under review.
12.2 The Board of Management or its delegated authority will review this Policy and related Procedures on a three-yearly basis from the time of full implementation1, or when required by changes in law. The Board or its delegated authority must satisfy itself that this Policy and the Procedures are fit for purpose.
1
Full implementation occurs after a policy has been trialled over an initial six month period. A full review is carried out by the Board before the policy is fully implemented.
13 – RISK MANAGEMENT CHECKLIST
Step 1: Risk Identification Step 2:
Risk Assessment
Step 3:
Risk Management
List of Possible Risks Likelihood
H/M/L
Impact H/M/L
What are we already doing
about it? (mitigating factors)
What more can we
do about it? Timescale
Person Resp.
Reviewed Level of
Risk Breaching BAI contract L H Monitoring compliance to the
contract and codes through regular staff meetings, review meetings and quarterly volunteer meetings. The subject is also discussed each month at the Programming, Training & Outreach Subcommittee as a standing item. Possible breaches are forwarded to the Board.
Further increase awareness of the BAI contract and codes amongst all Station stakeholders to ensure everyone complies both individually and as a whole.
Review monthly
DM, IOC
Fire or flood in offices/studios L H Ensuring that all staff and
volunteers are aware of potential risk. Liaising with building
management to ensure that potential risks are identified and managed.
Continue to liaise with building management. Ensure that we are properly insured. Review risk quarterly, review insurance annually DM, EM
Properties. Christmas adverts are provided to the centre free of charge each year as is
promotion of events.
property management company and increase public
acknowledgement of the help the company provides to the Station.
quarterly
IT infrastructure is
compromised. Email, social media platforms are ‘hacked’
L M Circulate Social Media Policy to all staff and volunteers. Ensure they have a disclaimer on any account they use for Station activities.
Regularly monitor social media sites for damaging comments about the Station
Ensure IT infrastructure is secure. Conduct regular security audits.
Ensure that regular monitoring becomes the norm and is not
dropped off the agenda.
Review risk quarterly
DM, AM
Funding (Pobal, Sound & Vision, Community Foundation, ITB Training, etc.) are
cancelled/withdrawn
M H Ensure all reports are provided in a timely manner.
Maintain good relationships with all our statutory funders
Aim to broaden the sources of income, ensuring that there is a diversity of income streams Review risk quarterly DM, EM, SD, RD
Fail to complete a project for which funding has been received
L M A project manager is assigned to lead each project and coordinate the work of other staff members who are working on the project. The project manager provides status updates to the Station Manager and monthly updates to the relevant Subcommittee through their reports.
Stringent risk
assessment of each project before entering into a contract. Review risk at the beginning, mid-point and scheduled end of each project. DM, IOC, FH, EM, RD
The Station is sued for defamation
L H Train volunteer programme makers in how to identify and avoid possible defamatory material. Monitor Station output.
Make defamation training a mandatory part of the Station’s Induction training for volunteers.
Review risk annually
DM, IOC
A staff member brings a
wrongful/constructive dismissal claim
L M A full suite of HR policies are in place and training has been provided to each staff member on their contents and
implications. Each policy is reviewed regularly and as needed. Job descriptions, contracts, work plans and timekeeping records are also in place for all staff members.
Continue to review the documentation already in place to ensure it is effective. Send relevant staff members on HR training sessions and refreshers courses as necessary. Keep up-to-date with publish material in this area.
Review risk quarterly
DM, EM, RD
A staff member, Board member, volunteer or third party injures themselves on Station property or in the course of Station work
L M A Health & Safety policy has been adopted which includes a H&S Statement. Potential hazards in all Station premises have been identified and training has been provided to staff on awareness and avoidance of hazardous work practices.
Ensure that all staff members and other Station stakeholders have bought into the idea of a safe working environment and are responsible for its maintenance.
Review risk annually
DM, EM
AIB/IMRO/PPI bring legal action against Station to reclaim money owed
L H Communication is maintained with all bodies and in the case of AIB & PPI the Station has entered into a sustainable payment plan.
Continue to pay off the AIB loan and PPI fees and communicate with IMRO through the national CR body, Craol to achieve a reduction in the disputed level of the outstanding licence fees. Review risk quarterly DM, EM, SD Date Drafted 10 09 2014 Date to be Reviewed 10 05 2015