Image: Istock
How live is your risk register?
What risks are your organisation ignoring?
RISK & ASSURANCE
Catherine Romney
Policy and Research Officer, Campbell Tickell
Sue Harvey
Director, Campbell Tickell
Issue 72 | July 2024
A live strategic risk register is crucial for informed decision-making and organisational resilience. Regular revisions facilitate the reassessment of known and emerging risks, the adjustment of risk scores, the accountability of control owners, and the focus of the Audit Committee. Rebuilding the register from scratch every one to two years helps prevents groupthink and promotes a fresh perspective, fostering a dynamic approach to risk management.
Establishing the risk universe – where to begin…
Campbell Tickell suggests that rebuilding the risk register(s) should start by identifying a comprehensive risk universe. This long list of potential risks can then be filtered to match the organisation’s structures and activities, before the remaining risks are evaluated for likelihood and impact.
Regulatory intelligence
For building the risk universe in the housing association sector the regulators annual Sector Risk Profile (SRP) is a valuable resource.
The 2023 SRP highlighted concerns including:
- competing pressures and trade-offs;
- economy: cost inflation, tight labour markets, interest rates, housing market;
- supply chain issues, contractor failures;
- reduced financial capacity and resilience;
- ensuring robust stock condition data;
- implications of net zero and revised Decent Homes Standard;
- tenant safety;
- assurance on compliance with new consumer standards; and
- cyber security.
Campbell Tickell's Analysis
In order to help our clients develop comprehensive risk universes, we track what might be termed ‘the misfortunes of others’, by analysing the themes and triggers for recent post-IDA regulatory downgrades, and these include:
- outdated and incomplete stock condition data;
- poor internal controls;
- no recent external governance review;
- weak board skills and appraisals;
- poor board oversight of financial planning; and
- poor performance reporting to board.
Viability regrades
Viability regrades also provide valuable insights into housing association risks, with 75 moves from V1 to V2 in the last two years. Our analysis of those regrades highlights familiar risks including:
- inflation;
- stock investment;
- interest rates;
- financial performance and covenant challenges;
- developmental programme risks, and
- housing market fluctuations.
Inside Housing
Inside Housing’s January 2024 analysis of strategic risks also provides valuable input for crafting risk registers. By scrutinising the risk reports in the financial statements of the top 100 housing associations, the article identifies increasing concerns around as cyber security, health and safety, economic conditions, and development.
Other sources
We urge our clients not to overlook two other valuable sources for risk identification: the views of frontline staff and of non-executive directors. Operational colleagues will spot early signs of service delivery and resourcing challenges and near-misses, emphasising the need for effective escalation channels. Non-executives bring diverse sector experience, offering fresh perspectives and lessons from past failures elsewhere.
CT’s expert team reveal what risks you might be overlooking
We asked our team of in-house experts for their sense of risks that may not be receiving sufficient attention across sectors and they highlighted:
- Cyber security: despite the issue being highlighted in financial statements, and by the regulator, many organisations underestimate its importance as well as the impact of new technologies such as AI and cloud-based solutions.
- Recruitment and retention: slow acceptance of alternative working methods has resulted in talent loss, while there is a growing need to develop future talent to address widening gaps between executive job levels.
- Climate change: progress remains slow amid ‘more pressing’ concerns over fire safety and consumer standards.
- Regulatory compliance: the challenges of responding to the rapidly changing regulatory environment include increased headcounts and other costs, as well as distraction from service delivery.
- Social care and mental health crises: risk to staff and customers’ safety amid limited resources.
- Reduced financial resilience: over recent years compounding pressures have ‘consumed’ both financial and operational contingencies, leading to increased sensitivity to changes in assumptions and other shocks.
