St Andrew’s Psalter Lane Church
Risk Management Policy and Procedure
1. Purpose of this document
The policy supports the Church’s arrangements for risk management and organisation, including an explanation of the approach to minimising risks to its operations and well being. A definition of risk and how it is assessed are provided, along with a description of the risk assessment process.
2. Definition of risk
Risk is the uncertainty surrounding events and their outcomes that may have a significant effect on Church activities. All activities are liable to entail risk of damaging impacts arising either from potential threats and unexpected consequences or because an action which would have removed or reduced a threat was not taken. Risks are evaluated by carrying out a qualitative and quantitative assessment of the risk to St Andrew’s Psalter Lane Church (SAPLC) objectives. This is based upon estimates of the importance of issues or events to SAPLC aims and functions as well as the likelihood of the event or outcome occurring.
Having identified the presence of risks to SAPLC operations and well-being, the intention is to minimise these risks to ensure they are reduced to acceptable levels. Risk management is inclusive of the risk assessment process, and uses the results of risk assessments to make decisions on the acceptance of risks or on actions to reduce any risks.
3. Risk appetite
The level of risk associated with the attainment of SAPLC objectives and operations is reviewed by the Property and Finance Committee. Tolerable risk varies across the range of activities undertaken in and by SAPLC, so for instance a greater level of risk may be acceptable in a single act of kindness, for example a loan that might not be repaid, than would be attached to an issue that would cause the ethical standing of the Church to be questioned. Low tolerable risk would apply to threats to the safety of users of, or visitors to, the Church, particularly children and other vulnerable persons and to issues that threaten the Church's continued existence, such as unsustainable financial losses.
Risks are categorised as being Governance, Operational, Financial, Environmental and External, and Compliance based. Low tolerance applies to Operational and Financial risks, whereas the others are regarded as moderate tolerance, where it is accepted that a degree of risk must be tolerated for the church to fulfil its mission.
It is important to appreciate that risk management is a continuous process involving risk identification, risk assessment, identification of measures to reduce risk and consideration of the residual risks after controls have been implemented. Tolerance of risk level may also change, depending on circumstances and experience, as well as external factors such as the extent to which insurance cover cushions the impact of a risk. As noted below, the Risk Assessment will be reviewed annually but, where necessary, changes may be made immediately the need for change is identified.
4. Risk Assessment Procedure
Significant risks to the operations and well-being of SAPLC will be identified and quantified on the The Risk Assessment Table. The Property and Finance Committee is responsible for doing this in consultation with others, as necessary. Risks are categorised according to their potential impact if left unmitigated and likelihood of occurrence using the scoring system below.
The Ecumenical Church Council (ECC) has ultimate responsibility for Risk Management, including risk appetite and mitigation. The ECC should satisfy itself that risks are being actively managed with the appropriate controls in place and that they are working effectively.
5. Risk scoring and categorisation
The following scoring system will be used:
- 1 Very unlikely May only occur in exceptional circumstances
- 2 Unlikely Could occur at some time but unlikely
- 3 Possible May occur at some time
- 4 Likely Will probably occur/re-occur at some point
- 5 Very likely Almost certain to occur/re-occur
- 1 Insignificant No financial loss; disruption to day to day work manageable within existing systems
- 2 Minor Minor financial loss / disruption to systems; procedures require review but manageable; limited slippage in work activity
- 3 Moderate Disruption to financial systems and losses; significant slippage in activities and delays to operations
- 4 Major Major financial loss; large scale disruption to activities; objectives and ethos severely undermined; poor quality guidance leading to loss of confidence in SAPLC
- 5 Catastrophic Huge financial loss; significant threat to viability of SAPLC in total or in part; huge disruption to activities; almost total lack of confidence in SAPLC
The “Factor” is derived by multiplying the value for Risk (x) against Impact (y) and then adding the value for Impact i.e. xy+y.
Risks are then categorised, as follows
4 to 6
Activity managed by existing procedures
8 to 12
Action required to reduce risk
15 to 30
Immediate intervention required to reduce risk
This version agreed and accepted by the Ecumenical Church Council, 25th July 2023.