An Introduction To RiskMate
The management of risk represents a focus for management at all levels, but the degree to which each organisation invests in a logical and formal system for its effective administration and integration with other governance arrangement varies considerably.
At one extreme there are those that say “I can manage risk and I don’t need anything to tell me what can go wrong yet”, and at the other end of the scale organisations have developed sophisticated and complex reporting tools that monitor every aspect of the organisations activity – some almost to the extent of stifling initiative and risk taking.
Hence RiskMate which provides just one step up from using a spreadsheet but which allows integration with other reporting tools regarding complaints, whistle-blowing, serious incident reporting and Freedom of Information Act enquiries.
Its key purpose though is focused on providing your Board with the assurances they need to communicate with stakeholders regarding the likelihood that corporate objectives and operational targets will be achieved through the effective identification of inherent risk, and its mitigation and management against an established risk appetite.
Ultimately, this provides the Directors with the confidence to sign off a governance statement that is underpinned by a proven methodology that provides confidence that things are as expected and if not, remedial action is taking place.
System specification and functionality
RiskMate is fully hosted in a secure environment, allowing remote user access to your designated staff and therefore enabling real time integration with other governance information. The system includes a flexible structure to meet the requirements of different organisations in terms of both management hierarchy and reporting expectations.
The system has been designed to encourage participation from both internal and external stakeholders through the creation of clear and easy to use sections which respond to a wide range of information gathering and reporting needs, using intranet and internet based portals.
Our approach reflects the latest innovative thinking in terms of integrating assurance with “what really matters” within each client.
Whilst we understand that formal recognition of risk has been developing since the last century, however it appears that there has been little attempt to integrate the various assurance sources available to Board in order to provide continuous timely information regarding events that are beyond an established risk appetite.
RiskMate is designed to reflect traditional three lines of defence theory by identifying what threatens the achievement of corporate objectives using Board approved definitions of risk impact and likelihood in order to identify:-
- Policies and procedures that manage, mitigate and monitor inherent risks to the organisation
- Assurance sources available to the Board and Executive Team which demonstrate that risk is managed at a residual level within the established risk appetite of the Board – and recognition of the “Never Events” scenario
- Potential sources of independent assurance that are available
As a result the software can assist the Board and Executive Team to reflect upon potential worst case scenarios or “never events” as the extreme risks beyond risk appetite in relation to your specific strategic objectives. It enables real time access to organisational events and as such represents an addition to governance that:-
- Drives the need for key performance indicators at the appropriate level within the organisation
- Stimulates the most appropriate discussion for agendas at both a strategic and operational level, enabling time to be focused on what really matters
- Represents a logical and informed platform for the basis of structuring and commissioning independent assurance relating to:
- Quality and performance review
- Clinical audit
- Academic audit
- Internal audit
- Counter fraud
- Security management
- Other specialist assurance sources of a consultancy nature including VAT, estate maintenance, cyber security and project management
- Allows immediate access to authorised Directors and staff to a dashboard of what matters most in relation to risk, project management, incident reporting and complaints handling using the Board approved risk ratings as a common platform
- Underpins governance reporting in the Annual Report and Accounts through demonstrating a robust and formal risk management process
- Supports external reporting requirements – for example in the NHS in relation to NRLS (National Reporting and Learning System), KO41 (Department of Health’s reference to the national collection of complaints data reconfigured from April 2015, and collected by HSCIC – Health and Social Care Information Centre), STEIS (Strategic Executive Information System), SIRS (Security Incidents Reporting System) and future iterations thereof