An infographic showing the risk and control framework and capacity to handle risk.
At the top of the graphic is the HRA Board. They conduct high level risk assessments as part of the annual business planning activities. They ensure that risk controls and contingencies are implemented, review the strategic risk register quarterly and sets and reviews the risk appetite statement annually.
Below the Board is the HRA Audit and Risk Committee. This sub committee of the Board that oversees and ensures that the appropriate systems and activities are taking place to ensure effective risk management. They also review the strategic and corporate (significant) risk registers quarterly.
Below is the Strategic Risk Register pointing toward DHSC Sponsor who hold quarterly accountability meetings with the strategic risk register reviewed.
Below this is the Executive Committee. They conduct high level risk assessments as part of the annual business planning activities. They ensure that risk controls and contingencies are implemented, review the strategic risk register quarterly and reviews the corporate (significant) risk register every month. The Executive Committee agrees those risks which require escalation to the strategic risk register. All risks with a combined impact and likelihood risk score of 12 and above are captured in the corporate (significant) risk register.
Below the Executive Committee is the directorate and programme level risks. These risks are owned by a director. Directorate and other team meetings are held on a regular basis where risks are reviewed regularly. A risk engagement framework is in place which supports discussions regarding risk identification, risk appetite and risk assurance to take place regularly alongside training and sharing of best practice. All risks with a combined impact and likelihood risk score of 12 and above are escalated to the Executive Committee.
At the bottom left of the graphic is a square which includes: risk treatment, risk monitoring, risk identification and assessment and risk reporting.
At the bottom right of the graphic is a square which includes: there are four categories of HRA risk: strategic, internal, external, and main project / programme.
The risk and control framework and capacity to handle risk - text description
Last updated on 25 Jul 2024