Risk Management Policy & Framework
Guiding principles and risk appetite
- We recognise that risk management is an essential element of our Governance Framework and fundamental to the sustainable operation of our academies.
- Our Risk Framework is developed in the context of our mission: to gather and motivate inspirational people committed to delivering an excellent education that launches children into remarkable lives. Our long-term sustainability as a charitable trust depends upon meeting the strategic objectives relating to our mission. This includes our relationships and reputation with our beneficiaries i.e. our pupils, parents and guardians, and the local communities served by our academies.
- In general, we have a low risk appetite, and we endeavour to minimise risks to all our beneficiaries, and especially to the physical, mental, emotional and educational welfare of our pupils.
- Providers of educational services inevitably face some risks that cannot be practically eliminated completely, or not without raising other risks. Similarly, sometimes higher risks have to be accepted to deliver the changes required to achieve our strategic objectives. Finite resources must be intelligently and responsibly allocated across competing priorities, and for this reason we use a methodology which identifies and evaluates risks and ensures that we have measures in place to reduce all risks to an acceptable level.
The Risk Framework
There are many ways in which organisations can categorise risks, for example: strategic, financial, operational, reputational and legal. At AET we have developed a helpful framework which establishes four conceptual or 'meta-risk' categories where risk is articulated as the possibility of failure to meet the following expectations:
- Duty to stakeholders, including to parents and guardians, for the safety and welfare of children, and for their educational outcomes
- Trust viability, including the strategic, financial and structural integrity of the Trust, and its ability to deliver added-value to its academies
- Organisational effectiveness, including the ability to attract, develop and retain staff of the right calibre, and to achieve efficiency in organisational management processes across a range of administrative functions and services
- Compliance with a wide range of laws and statutory guidelines
Across these four meta-risk categories we have developed 10 risk headings, to which executive ownership and trustee scrutiny are delegated:
Risk management procedures and the risk register
In order to identify, evaluate and manage risk, we have developed a risk register. Within the register, each of the 10 risk headings listed in the Risk Framework has a separate section. In these sections, more specific details of risks are articulated and evaluated using a scoring system which takes account of:
- the hypothetical probability of the risk materialising
- the potential impact it would have
- the risk-mitigating measures and controls currently in place across the Trust
This then gives a 'net residual risk' score which is deemed either acceptable or not acceptable. If not acceptable, then details of further risk-mitigating measures are included in the risk register, including when they will be implemented. Where the need for further risk-mitigating measures have been thus identified, these are included in the annual objectives of the relevant executive, and subject to annual review and appraisal.
The risk register is a 'living document' and is updated by each risk owner as and when required (at least twice per year) and reviewed cyclically by the Executive Committee. Scores may be adjusted and risks added or removed. The register is administered by AET's Head of Governance, Risk and Compliance.
Compliance risk and policy management
The development of clear well-communicated policies, along with appropriate levels of awareness-raising and training, are fundamental elements of the risk management process.
In addition to general organisational laws covering topics such as employment, equality, health & safety, data protection and financial reporting, the education sector is subject to extensive statutory guidance and regulation in specific areas, such as:
- safeguarding and child protection
- Special Educational Needs and Disabilities (SEND) and Accessibility
- relationship and sex education
- admissions and exclusions
We have developed a complete set of trustwide policies which are published both on the Trust website and on each academy website via a centrally-developed and monitored 'Statutory Information page' (link here to an academy exemplar) based on a template which also contains locally developed or adapted statutory information.
Each academy (or cluster) has a designated Statutory Information Administrator (SIA) to act as a single point of contact with the central AET governance team to ensure that policies and other statutory information are consistently updated and published according to our central trustwide guidance.
Each trustwide statutory policy has an executive-level owner and a primary editor. A schedule is maintained for review and trustee approval of these policies at an appropriate frequency. This schedule also summarises the measures in place to ensure staff understanding and compliance in practice.
Staff awareness of policies is managed in a number of ways, including:
- inset days
- AET bulletins and other internal communications
- online and face-to face training (e.g. safeguarding, data protection)
- the annual electronic staff affirmation of the AET Code of Conduct (from September 2019), which promotes staff awareness and expectations regarding policies and compliance
Whilst each academy Principal is ultimately responsible for policy compliance within their academies, the AET School Support Service function employs specialist dedicated trustwide resources to support academies meet their compliance obligations in specific areas such as safeguarding, health and safety, offsite trips and visits, SEND, and careers and employability skills, as well as more generally in HR and finance.
The academy governance framework (see below) also contains aspects of policy compliance within its scope, via centrally-controlled agenda items for local Governing Boards.
Finally, and though we aim not to have to rely on external inspections, the recommendations arising from the compliance aspects of Ofsted inspections also contribute to this aspect of risk management.
The academy Governance Framework
Our professionalised model of academy governance is an essential element of our approach to risk management. To learn more, follow the link to an overview of the Governance Framework.
Trustee oversight and assurance
As illustrated in the Risk Framework table above, the AET Board of Trustees delegate the review of sections of the risk register to an appropriate sub-committee who then present their findings to the main Board at least once per year. Review of the effectiveness of the Risk Framework itself (i.e. quality assurance of risk management processes rather than risk register content) is the responsibility of the Audit and Risk committee. Internal Audit resources are directed by this committee to provide assurance regarding the operation of this risk management policy and framework.