An infographic showing the risk and control framework and capacity to handle risk.
At the top of the graphic is the HRA Board. They conduct high level risk assessments as part of the annual business planning activities. They ensure that risk controls and contingencies are implemented, review the strategic risk register quarterly and sets and reviews the risk appetite statement annually.
Below the Board is the HRA Audit and Risk Committee. This sub committee of the Board that oversees and ensures that the appropriate systems and activities are taking place to ensure effective risk management. They also review the strategic risk register quarterly.
Next is the DHSC Sponsor who hold quarterly accountability meetings with the strategic risk register reviewed.
Below this is the Executive Committee. They conduct high level risk assessments as part of the annual business planning activities. They ensure that risk controls and contingencies are implemented and review the strategic risk register quarterly. The Executive Committee agrees those risks which require escalation to the strategic risk register.
Below the Executive Committee is the directorate and programme level risks. These risks are owned by a director. Directorate and other team meetings are held on a regular basis where risks are reviewed regularly. A risk engagement framework is in place which supports discussions regarding risk identification, risk appetite and risk assurance to take place regularly alongside training and sharing of best practice. All risks with a combined impact and likelihood risk score of 12 and above are escalated to the Executive Committee.
At the bottom of the graphic is a continuous circle which includes: identify, investigate, evaluate, manage and monitor. This process then repeats.