Risk-management policy and guidelines

Summary

Daily we manage risk without describing this as ‘risk-management’. We consider what might go wrong and take steps to reduce the impact if things do go wrong. However, Estyn cannot rely on informal processes alone. Also, as a public body, we must provide assurance to Estyn’s Accounting Officer, auditors, Audit Committee and stakeholders that we are managing risk appropriately. We do need to identify key risks and mitigating actions formally.

Download EnglishDownload Welsh Print this page

This risk-management policy forms part of Estyn’s internal control and corporate governance arrangements and provides a framework to identify, assess and manage potential risks and opportunities. It provides the guidance for workers at all levels within Estyn to make informed management decisions.

Business operations and projects are inevitably subject to uncertainty arising from a multiplicity of sources (Circumstances, Actions, Situations and Events). These uncertainties can come from within an organisation (internal) or from external source. Uncertainty can be detrimental to the achievement of an organisation’s objectives.

In the above respects, Estyn is like any other organisation. In trying to achieve our key objectives there are going to be threats and opportunities. By and large, evaluating and controlling risks effectively will ensure that opportunities are not lost and less management time is spent fire-fighting. This should increase our ability to meet our objectives efficiently.