The Health Research Authority website uses essential cookies

This site uses session cookies and persistent cookies to improve the content and structure of the site.

By clicking “Accept All Cookies”, you agree to the storing of cookies on this device to enhance site navigation and content, analyse site usage, and assist in our marketing efforts.

By clicking 'See cookie policy' you can review and change your cookie preferences and enable the ones you agree to.

By dismissing this banner, you are rejecting all cookies and therefore we will not store any cookies on this device.

See cookie policy

The risk and control framework and capacity to handle risk - text description

Last updated on 25 Jul 2024

An infographic showing the risk and control framework and capacity to handle risk.

At the top of the graphic is the HRA Board. They conduct high level risk assessments as part of the annual business planning activities. They ensure that risk controls and contingencies are implemented, review the strategic risk register quarterly and sets and reviews the risk appetite statement annually.

Below the Board is the HRA Audit and Risk Committee. This sub committee of the Board that oversees and ensures that the appropriate systems and activities are taking place to ensure effective risk management. They also review the strategic and corporate (significant) risk registers quarterly.

Below is the Strategic Risk Register pointing toward DHSC Sponsor who hold quarterly accountability meetings with the strategic risk register reviewed.

Below this is the Executive Committee. They conduct high level risk assessments as part of the annual business planning activities. They ensure that risk controls and contingencies are implemented, review the strategic risk register quarterly and reviews the corporate (significant) risk register every month. The Executive Committee agrees those risks which require escalation to the strategic risk register. All risks with a combined impact and likelihood risk score of 12 and above are captured in the corporate (significant) risk register.

Below the Executive Committee is the directorate and programme level risks. These risks are owned by a director. Directorate and other team meetings are held on a regular basis where risks are reviewed regularly. A risk engagement framework is in place which supports discussions regarding risk identification, risk appetite and risk assurance to take place regularly alongside training and sharing of best practice. All risks with a combined impact and likelihood risk score of 12 and above are escalated to the Executive Committee.

At the bottom left of the graphic is a square which includes: risk treatment, risk monitoring, risk identification and assessment and risk reporting.

At the bottom right of the graphic is a square which includes: there are four categories of HRA risk: strategic, internal, external, and main project / programme.

Back to accountability report 2023-24
© Copyright HRA 2024
Site by Big Blue Door