Getting to grips with A6 Identification and management of risks

It’s interesting to see and hear about AO’s different responses to A6. There are two things I always look for on A6: a risk management policy and how risk is managed in practice; and the contingency plan. For me understanding and practices vary widely in terms of these two things; and the Ofqual guidance isn’t that helpful on the subject.

In managing risk: some look at risk Condition by Condition and do their risk rating against each Condition, others focus on the individual risk and don’t link it to the Conditions. Plus more variations in between including some complex maths or risks grouped together. I like to see that individual risks are identified and then written down with indicators of their likelihood and impact that gives you a RAG (red/amber/green) rating, plus identified mitigating action(s), who the risk owner is and next review date.

Ideally everyone is involved in identifying risks. Management can’t always see what the admin team see, and unless the admin team understand what risk is, what to look for and their input sought their support in identifying a potential adverse effect in the making is not going to be so good.  

Too many risk registers and risks recorded

Sometimes AOs want separate risk registers for different management/leadership levels or business areas. Making something workable is the best advice I’d give on these kinds of choices. Too many registers and they don’t get looked at, or don’t get seen by the people who need to know. The same applies for the number of risks recorded – too many and it becomes a chore to review. I also find long risk registers are the result of not spending proper time on the evaluation of what really needs to be on there.

Make it a team session

I always enjoyed risk management sessions with my team. There would be plenty of outlandish ideas as to what risks were present and some absolute nuggets of learning about where things could, or might go wrong, also what would come out would be efficiencies or benefits. Of course, risks can be positive as well as negative. The early attempts at writing down risks is always a challenge. Initially on writing down risks I would go back later and wonder, what exactly is the risk? Time and practice really helps hone the writing down and evaluating of risks.

Contingency plans

The other widely interpreted area is the contingency plan. Is it a business continuity plan? Well yes, it’s the plan B when something major fails, like your IT system, website, or building where the organisation is based. It could be a major power-out, the building is damaged or not fit for work due to fire, flood, or other reason. Management also need to carefully consider whether they are at risk of a terror attack, maybe due to location or some other reason and what emergency provision needs to be put in place.

Plans are best to be business wide and not solely focused upon the awarding function. Though plans should be checked to make sure the actions to address those contingencies do not inadvertently contribute to a potential adverse effect, for example a decision that might delay a scheduled assessment occurring. 

Communication tree 

An important bit of the plan is the communication tree. The escalation of information - who should be informed first, and who does that person then contact, and so on. The contact information needs to be readily available too, maybe it’s important that people don’t make their way into work so you need to contact them at home, or on their mobile?

Think about where that emergency contact information is held and who by, to protect personal information - a must for data protection reasons. What if it’s your IT system, including backup (which happens when organisations rely on on-site servers only) that is not accessible, where is the information then accessible from? On a traditional paper system, or maybe on memory sticks but saying that makes me cautious of the risks those formats bring unless protected in a lockable place maybe? Also, how is that emergency contact information ket up to date?

Finally, don’t forget the contractors. Those people who may be carrying out their EQA visit unaware of the problems at the office. They are likely to need to know about anything untoward too, to react in a positive way to the centre and learners. Lots of things to think about.

Service suppliers and contractors 

The plan needs to include contact information for those important service suppliers too. If the power is out and you don’t know who provides your electricity supply, that is a problem. Also the bank details and contact, you don’t want staff pay not to happen! Oh yes and the insurers you use for various things!

 

If you would like some support with putting in place an effective risk management system, or contingency plan get in touch.

 

Heather Venis

Principal, Awarding First

 

E: Heather@awardingfirst.co.uk

T: 0789 479 6262

23/06/2017

← Back to Latest News

cock

Quick links

Legal bits

Write to us

  • Awarding First
    Curscote,
    Priest Weston,
    Montgomery,
    Shropshire,
    SY15 6DF

Get in contact