Systematising a Trust’s approach to risk management

Matthew Deere
March 25, 2022

“Management of corporate risks is one of the non-negotiables of leading and managing a Trust.” In our organisation we rapidly outgrew our initial Excel-based solution and recognised the need for a risk approach that was more sophisticated to align with the maturation of our Trust.

Not that there is anything wrong with Excel...

But we had an aspiration that maintenance would be easy, Trust leaders could be distributed categorised risks to own, Trustees could login and be familiar with risks and the register, we could change the profile of risks, categorise them, rationalise them, and create a risk management approach that was class-leading but didn’t cost us an inordinate amount of time. We wanted to go from cottage industry to blue chip.

Following research we came across the ideal partner. A blend of professional support and guidance and a platform to migrate our risks to that was fit-for-purpose without being overengineered. At a reasonable price too! The support we received allowed us to truly focus our bloated risk register and make it accessible, agile and then drive deeper understanding of it across our Trust. The Business Risk Solutions team that produce RiskMate were second to none with helping to deliver this vision.

The key to successfully systematising our approach to risk came from doing the following when migrating our risk register away from Excel:

Rationalising our risks. We reduced the number of risks on our register to focus on what really matters

More precise risk scoring. We adopted a 4x4 matrix to avoid sitting in the middle and rating risks as a 3 in a 5x5. This moved us away from the fence and caused us to be decisive.

Categorising risks. We clustered our risks in the RiskMate platform into directorates and then departments which allowed a tiered approach to ownership and oversight. As COO I can oversee the ‘Corporate Services’ directorate risks, but my CFO owns and manages the risks in the ‘Finance’ department. This gives greater ownership through distributed leadership.

Risk Training. We wanted to deepen the understanding of risk at all levels and how it is fundamental to our strategy. Running training for the Trustees, Governing Bodies, Headteachers and Business Managers has been well received and brought about a common level of awareness across our Trust.

Audit. Our new platform has a comprehensive audit trail. We no longer have any issues discussing changing risk profiles or recalling who changed what on a collaborative Excel tool. Trustees are well informed when a risk profile changes and why.

Giving accessibility. With a cloud-based platform our Risk Register is now accessible to all 24/7 and we have given read-only access to our Trustees. They are now no longer bound to periodic committee paper updates and can be across risk whenever it is convenient to them, alongside their regular reports.

Focusing on the important stuff. Our risk platform has a dashboard view that means the days of us reproducing the whole register for Trustee meetings are long gone. They can easily see the top ten risks, any risks that have changed scoring in the last 30 days, and any risks that are due for routine review by the executive. Empowering them to challenge and understand confidently is key to a fully joined-up approach across the organisation.

We could not imagine going back to the one-dimensional world of a spreadsheet, owned by one person and with all the cumbersome characteristics that went with it. And the added value with the solution we have migrated to is there are other modules included that will enhance our Trust approach in a number of other areas, such as complaints, FOI requests and projects. In terms of value for money, this has been one of the best decisions we have made in the development of our Trust.