|
Assurance Framework
The Assurance Framework within Safeguard Risk formalises the identification
of corporate objectives. These are defined at a high level, and broken
down into their constituent sub-objectives. Risks and threats at all levels
are managed within the Risk Register, relating directly back to the Objective
that is threatened.
Risk Registers
The Risk Register is where Risks, once identified either through the Assurance
Framework, via an audit, or directly within the directorate or department,
are managed on a day to day basis.
Directorates and departments have their "view" of the Register
and manage their own risks and action plans. However, where the risk cannot
be managed at that level, it can be flagged as a corporate risk and managed
by the Organisation's Board.
There is full version control for each Risk, so the organisation can
track the initial and subsequent changes in risk rate, identifying the
Actions with costs that led to improvements.
Departments and directorates manage their own registers
using Safeguard Web.
Whilst each directorate or department prioritise and
manage their own risks, the Risk Management Group has the "Organisation
wide" view of the Register. This enables the organisation to see
the potential problems building up through the risk frequency or severity
across all departments. Such Risks can be reprioritised or managed at
a higher level if required.
Safeguard gives a hierarchical view of the registers
according to the rating of each individual risk. An entry automatically
appears on the Corporate Register if above a user defined score, and on
directorate as well as departmental registers according to its risk score.
Therefore risks can be seen to move up and down the Corporate and Directorate
registers.
Key Controls
The key controls for risks are identified, with a statement of effectiveness
of each individual control, and a statement of the level of overall controls
and gaps in controls are highlighted.
Assurances
The assurances, both external and internal ensure that these controls
will continue to be checked and monitored are recorded. A statement of
the adequacy and quality of those assurances and any gaps is specified.
Action Planning
The comprehensive Action Planning module enables Actions to be managed
and reviewed as part of the organisation's Action Plan, whilst also linking
to the individual risk record.
|
|
Safeguard Web
Corporate, Departmental and Directorate registers can be managed and maintained
via Safeguard Web allowing risks to be handled at a local level and giving
control and access at all levels. The organisation can opt to allow any
member of staff to raise a risk entry, to be checked by their Manager
or the Risk Manager before it is authorised onto the Risk Register. Email
notification is generated giving access to the risk information, and actions
that need to be completed. The email notification rules are set by the
user, so that several Managers, dependent on any combination of information
entered, will be included in the notification list.
Potential Risks
Safeguard "Potential" Risks is a process whereby potential risks
and opportunities can be identified at a corporate level. Once the risk
has been identified, the Risk Management Group confirms the risk and proposes
possible solutions with costs. The preferred solution is identified, and
Actions set up to achieve that solution. The PNR is an additional tool
that feeds into the Risk Register and can be used at Organisation Board
Level.
Standards Module
Government lead standards, designed to promote best practice and formal
procedures, can be read into Safeguard allowing the organisation to follow
a structured and formal audit. Elements of these standards can also be
associated with the Assurance Framework, so that a key strategic objective
could be to meet Government Targets.
Where the organisation is not performing.
"What if" scenarios may be set up to test how to best use resources.
Safeguard Risk sits at the heart of Corporate Governance
with Planning, Performance, Monitoring and Assurance.
Statement of Control
Together with the Risk Register, this provides the Organisation's Board
with a comprehensive Assurance Framework that supports the Board in making
a fully informed declaration of control.
Usability
Safeguard is intuitive and interactive, guiding the user through the process.
It is designed for use by all levels of staff including Risk Managers
and Directors of Corporate Governance, Performance and Planning. Staff
at managerial and directorial level can easily update themselves on progress
and find out
Where the organisation is not performing. "What
if" scenarios may be set up to test how to best use resources.
Safeguard Risk sits at the heart of Corporate Governance
with Planning, Performance, Monitoring and Assurance.
Reminders
Reminders are automatically generated from the system based on Target
Dates and Responsibility/Owner. The format of the reminders is defined
by the Organisation so the users can select from a template list.
|
