Group Risk Control
Risk Grouping / Risk Category / Ref / Sources of Risk / Risk Control / Resp / ImpactL/M/H / Likelihood
L/M/H / Rate / Documentation /
Overall Group Risks and Mitigation / Group Management System / 1 / Docs unclear / ambiguous
Docs erroneous / incomplete
Docs out of date
Docs not easily accessible
Docs – version control / All Docs on Group mgmt System to have been reviewed and been though approval process
All Docs on Group Mgmt System
External & Internal Audits ISO 9001 / 14001
BRE Global Management System Audits
Accreditation and associated Standards / Grp Mgmt System Team
(Carol Atkinson) / H / L / D
People - Quality & Skills of employees / 2 / Employee unaware / untrained / Responsibility of HR Manger and Line Managers to ensure appropriate training and recruitment processes in place / HR / Line Mgrs
(Rose Smith) / M / L / G
Law and Regulations
Employment / Workplace Law
Pension Law
Data Protection Law
Health and Safety Law
Environmental Law
Company Law
Accounting and Tax Law
Charity Law
Shops & Offices Act
Bribery Act / 3 / Law not adhered
Do not update laws and regulations / Group Management System and People (see above) / HR Mgr (RS)
FD (RH)
IT Dir (KE)
H&S Mgr (RJ)
H&S Mgr (RJ)
FD (RH)
FD (RH)
FD (RH)
FD (RH)
FD (RH) / H / L / D
Infrastructure / Site / Buildings / Utilities / 4
5
6
7
8
9
10
11 / Fire
Explosion
Structural Failure
Terrorist Attack
Loss of heating
Loss of power
Loss of gas
Loss of water supply
Loss of telephony
Loss of Internet
Loss of email
Loss of site access
Loss of Motorway Bridge that holds all services to site / Comply with Fire Regs
Inspection routines in place
Fire detection system
Fire Training
Insurance
Regular Insurance inspection of pressure systems
Micro powders
Insurance
Regular review H&S reviews of all buildings
Facilities involved in all building services and fabric alterations Weekly Monday afternoon H,S & E Director site walks
Insurance
24hr Security
External supplier contracts – 24 hr facilities cover – Service Level Agreements
External supplier contracts – Service Level agreements
2 entrance site
External supplier contracts – 24 hr facilities cover – Service Level Agreements / Facilities
(Keith Symonds)
Facilities
(Keith Symonds)
Facilities
(Keith Symonds)
Facilities
(Keith Symonds)
Facilities
(Keith Symonds)
IT
(Karim Esmail)
Facilities
(Keith Symonds)
Facilities / IT
(Keith Symonds / Karim Esmail) / H
H
H
H
M
M
L
H / L
L
L
L
M
M
M
L / D
D
D
D
E
E
H
D / BRE Group Premises Fire Safety Strategy / Fire Safety for managers / Fire Contingency measures
BRE Garston Emergency response team Training
Dangerous Substances and Explosive Atmospheres Regulations 2.OP.182 – Specialist Risk Assessment sin place
BRE Garston Emergency response team Training
Health & Safety Tracker
BRE Garston Emergency response team Training
Information Systems back-up procedures
BRE Garston Emergency response team Training
BRE Garston Emergency response team Training
Critical IT Equipment e.g. Servers / 12 / No available alternative / Critical Equipment Register maintained – Service level agreements in place / IT
(Karim Esmail) / H / L / D / Information Systems back-up procedures
Critical Physical Equipment e.g. Burn hall fan motors / 13 / No available alternative / Critical Equipment Register maintained – Service level agreements in place / Facilities
(Keith Symonds) / H / L / D / Critical Equipment Register
Crisis Management / 14 / Lack of planning / Business Continuity Plan in place with regular updates and scenario planning / H&S
(Ray Jeffrey) / H / L / D / BRE Garston Emergency response team Training
Access Protocols / 15 / Disaffected member of staff / bad leavers / Policies and procedures in place for removal from system - looking to align polices with ISO27001 (information security)) & ISO27001 (tangible assets) / IT
(Karim Esmail) / M / M / E / ISO 9001 Quality management System
Accounts control and Account Mgmt Policy
Information Security Awareness Training Policy
Information Security Management Policy
Use of Computer Systems Policy
Human resources / Recruitment / 16 / Unclear person / job specification
Inappropriate person / job specification
Poor recruitment process
Non-compliant recruitment process
Inappropriate recruit selected
Inappropriate remuneration
Equal Opportunities
Wrong mix of skills recruited. Too many scientists and not enough construction skills meaning we become ‘detached’ from the real world / Group HR Manager employed with responsibility and accountability for appropriate and compliant Recruitment Process, Procedures, Guidance and Forms
All HR Documentation to be on Group mgmt System to have been reviewed and been though approval process / HR Mgr
(Rose Smith) / M / L / G / Recruitment Guidelines (5.RC.3)
Recruitment Guidelines (5.RC.3)
Recruitment Guidelines (5.RC.3)
Recruitment Guidelines (5.RC.3)
Recruitment Guidelines (5.RC.3)
Recruitment Guidelines (5.RC.3)
BRE’s Equal Opportunities Policy (5.PP.21)
Resource plans in place that require common format across Group – Recruitment needs matched to PDR’s
Management & Retention / 17
18
19 / Below market salary
Insufficient development / responsibility
Critical Staff lost / Annual review of pay
Robust PDR Process
Clear succession planning and more than one person with ability / knowledge to carry out the role (part of new HR Strategy year 2) / HR
(Rose Smith)
Line Mgrs / HR
(Rose Smith)
HR
(Rose Smith) / L
L
H / L
L
M / I
I
C / Guidance on end of year Performance and Development Review
Resource plans in place that require common format across Group
Matching business needs / 20 / Over recruitment
Too few Associates / Robust Business Planning Process / HR
Dirs
(Peter Bonfield / Rose Smith) / L / L / I / Business Planning Procedures
Underutilised Talent / 21 / Poorly managed / Robust PDR Process / Line Mgrs/ HR
(Rose Smith) / L / L / I / Guidance on end of year Performance and Development Review
Ethics / 22 / BRE does not protect participants from harm, to preserve their rights, to provide reassurance to the BRE Executive and the public that all necessary protective measures are in place to maintain the highest ethical standards in BRE research where such research involves human/animal studies or risk to the environment. / Agreement being sort for Ethics committee with clear statement. This should be absorbed into the code of conduct and Globals’s conflict of interest committee / HR
(Rose Smith) / H / L / D / Work in Progress
Commercial Delivery / Business Units / 23 / Poor quality people
Insufficient people
Unreliable equipment
Poor calibration
Poor planning
Low utilisation
Poor Performance / Up to date and relevant Group Mgmt System that cover sources of risk.
UKAS standards adhered to
ISO 19001 standards adhered to
Regular internal and external auditing of systems
Good Project Management Training
Strong continual improvement loop built into management systems through customer feedback
Clear responsibilities and Accountabilities for Mangers
Annual PDR Review / Dir’s / Operations
(James Pogmore / Mike Grant) / L / L / I / BRE Group Mgmt System
ISO 9001 Quality management System
BRE Global Quality manual
Project Management Course
Guidance on end of year Performance and Development Review
Client Contracts / 24 / Inherent project risks
Brief unclear / failure to understand client requirements
Under-pricing
Under estimate of time to delivery
No contract in place
Resources unavailable
Poor project execution
Poor quality outputs
Wrong staff mix
Over delivery
Variations not agreed
Disputed outputs
Wrong T&C’s
Customer imposed terms / Up to date and relevant Group Mgmt System that cover sources of risk.
UKAS standards adhered to
ISO 19001 standards adhered to
Regular internal and external auditing of systems
Good Project Management
Training
Strong continual improvement loop through Customer feedback / Dir’s / Operations
(James Pogmore / Mike Grant) / M / L / G / BRE Group Mgmt System
ISO 9001 Quality management System
BRE Global Quality manual
Requirements for Proposals (1.RQ.2)
Requirements for Projects (1.RQ.3)
Competition / 25 / Lack of understanding of competition strategies, strengths and offerings / Regular review of competition.
Controls in place as outlined in the Management System when entering new Business areas / Dirs / H / M / B / Business Case
Market Audi Checklist
Corporate Commercial / Cash / 26 / Over spending
Creditor terms & execution
Fraud / Finance process for debt collection and escalation of action
Credit Check Process in place
Purchasing Authorisation levels in place
Finance adherence to standardisation of segregation of duties ie the same person does not carry out the complete process / Fin
(Mike McCall) / M / M / E
Commercial Terms & Conditions / 27 / Inadequate
Inappropriate usage / Regular review of T&C’s by finance to assess their adequacy and changes made and communicated where appropriate
Commercial Training in place to ensure appropriate T&C’s are used / Fin
(Russell Heusch) / M / M / E / Requirements for Proposals (1.RQ.2)
Requirements for Projects (1.RQ.3)
Purchases / 28 / Purchase control / Responsibility of Purchasing manager to ensure appropriate procedures in place eg Purchase of goods and services / Purchasing
(Keith Symonds) / M / L / G / Requirements for Purchase and Expense approval (1.RQ.5)
Structural / 29 / Inappropriate usage or construction of commercial contracts such as JV’s / Dedicated and trained staff member in place to review all contracts for appropriateness and adequacy
Requires Board / Trustee sign off / Dirs
(Peter Bonfield) / H / L / D / BRE Group Mgmt System
ISO 9001 Quality management System
BRE Global Quality manual
Accounting & Tax / 30 / Withholding Tax / Withholding tax recovered by finance where uk Govt has reciprocal arrangements with foreign Govts
Withholding Tax to be understood in advance of issuing proposal - better process required / Finance
(Mike McCall) / M / L / G
Pension Deficit / 31 / Plans Unachievable / Unrealistic / Professional Pension advisors in place to advise on appropriate management of risk and return / Group Board / Finance Dir
(Russell Heusch) / H / L / D
Brand & Reputation / Reputation / 32 / Integrity questioned
Poor science / outputs
Bad leavers / Competency based sign off process in place.
All leavers carry out exit interviews / Dir / Chief Scientist
HR Mgt
(Rsoe Smith / H / L / D
Brand / 33 / Unprotected marks
Miss-use / Passing off
Market Confusion
Not following brand rules / New Brand ‘look’ created with clear brand guidelines to be adhered to.
Process in place to reduce any misuse/ passing off of our marks / brands / All
(Niall Trafford)
Dir’s / Operations
(James Pogmore / Mike Grant) / M / L / G / Brand Guidelines
Accreditations & Licences / Failure to maintain licences / 34 / Inadequate management of licences / Quality management system in place to manage to Licence Process / Operations
(James Pogmore / Mike Grant) / M / L / G / BRE Global Quality Management System
Data Protection Act / Data Management / 35 / Inappropriate data retained
Failure in data access controls
Failure of backup / retrieval
Not kept / miss filed / too early disposal / Clear Data Protection Policies, Procedures and Guidelines in place to be adhered to.
Information back-up procedures in place / IT / relevant PM’s
(Karim Esmail) / H / L / D / Data Protection Act
Information Back-up Procedures
IPR Management / IPR / 36 / IPR not recognised
IPR released before protection
IPR not protected
No clear Management of Non Disclosure agreements / IPR included in Standard Terms and Conditions
BRE Ventures
Standard NDA’s to be created and controlled
List of Staff with security clearance required / Dir BRE
Ventures
(Guy Hammersley)
Fin / H / L / D / BRE Standard Terms and Conditions
Copyright / 37 / Copyright not protected / Quality management Systems adhered to
Copyright licence / Conf agreements in place
Web terms in place for Web / Dir’s / Operations (James Pogmore / Mike Grant) / M / L / G
1
Group Risk Control