Great Places acknowledges that risk management – whether concerning positive risks (opportunities) or negative risks (threats) – is not only a regulatory obligation, but also a fundamental aspect of day-to-day operations.
Our Code of Governance assigns the Board ultimate responsibility for establishing, overseeing and reviewing internal control systems, as well as for setting and maintaining a risk management framework. This includes approving our Risk and Assurance Strategy, agreeing the Risk Appetite Statement and ensuring that all decisions align with this statement. The Audit and Assurance Committee is tasked with detailed scrutiny and evaluation of the risk management and internal control framework. Its terms of reference reflect this responsibility and are closely linked to both internal and external audit functions, as well as to assurance provided by relevant internal and external experts.
Risk management and assurance are interrelated processes that underpin effective governance. Risk management offers the Board assurance that all significant threats to the organisation have been identified, assessed and addressed. Mitigation strategies may include reducing the likelihood or impact of a risk, accepting it as unavoidable, transferring it to a third party expert or ceasing the activity that gives rise to the risk. Assurance mechanisms provide confidence that controls are robust and effective, and that mitigation plans are proportionate and represent good value for money.
Our approach to risk management has evolved considerably in recent years, with the Board and the Audit and Assurance Committee playing a central role in its advancement. This approach is structured around the three lines of assurance model and consolidated through our Assurance Map. The risk management process itself is built around three core stages: risk identification, risk assessment and risk mitigation. Given the financial challenges posed by the current operating and political climate, a robust and strategic approach to risk management is essential. We continue to employ sensitivity and stress testing, including multi-variable scenarios, to explore situations that may exceed our tolerance thresholds or challenge our financial “golden rules.” These are supported by control measures and mitigation activities. The Board plays a key role in these discussions and in shaping the financial mitigation strategies adopted.
n relation to ESG-related risk management, any risks falling under the ESG umbrella are included in our corporate risk register and are monitored monthly by the leadership team. These risks are assigned to Directors, and the Board is kept informed at every meeting regarding the control framework and any planned mitigation measures. Where appropriate, ESG risks are also addressed through our “three lines of defence” assurance model and may be incorporated into the internal audit programme.
ESG risks are embedded within the risk register, which is reviewed by the Board at each meeting. The register outlines the control measures currently in place to manage these risks, along with any additional actions planned to reduce either the likelihood of the risk materialising or the potential impact on the organisation should it occur.
