Risk Assurance Framework
Approach to risk and assurance
settle exists to help people who are struggling to find a place to live. We help our customers to stay in their homes comfortably, so that they can live the life they choose. We have values and behaviours in place which shape us and guide the decisions we make to achieve our purpose. While our purpose and values haven’t changed, our ambition continues to grow and it is therefore crucial that we have an effective risk management framework in place that provides a structured and coherent approach to identifying, assessing and managing risk.
Our approach to risk management
settle’s approach to risk is governed by its risk appetite statement. Risk appetite is best defined as the level of risk that we are prepared to accept in pursuit of our strategic objectives and before action is deemed necessary to reduce the risk. The Board reviews the risk appetite statement at least annually. A framework is in place to manage both strategic and operational risks across the business, which is highlighted in the diagram below:
This framework is designed to create a cascade of risk, creating a more live framework and more regular conversations about risk management throughout the business. To assist with this there are a series of rules to apply when considering where a risk sits.
Directorate Operational Risk Log
The risk is held here if it is relevant to the activity of that directorate and, were it to occur, would have a material effect on the day to day running of the directorate, its customers, systems or colleagues. This is managed at a directorate level and is reviewed on a monthly basis.
Leadership Operational Risk Log
A directorate risk will move to a leadership risk on the basis of at least one of the following two factors:
- The emergence of the risk is such that it would affect more than one directorate if it were to occur.
- The scale of the risk is such that it would require substantial resource to mitigate from across directorates which would result in other work having to be reprioritised.
Leadership Risk log is reviewed on a monthly basis at settle’s leadership team meetings.
Risk Assurance Framework
A risk is registered on the strategic framework if its occurrence would cause one or more of the strategic themes to miss the agreed target.
Risks will be logged on the assurance framework in the following circumstances:
- A single operational risk may move to the strategic framework if the impact would result in a strategic theme going off-course.
- A series of connected operational risks may, together, form a strategic level risk due to their combined effect on the achievement of a strategic theme.
As at 31st March 2022, the key risks on settle’s risk assurance framework, together with the principal controls we have in place to mitigate these risks are shown in the table below.
The Group risk heat map summarised below shows the residual risk rating as at 31st March 2022 after mitigating actions have been taken. All risks are kept under regular review by settle’s Executive Team, the Audit and Risk Committee and the Board.
Risk Management of Rowan Homes (NHH) Ltd
The same approach to risk management is in place for our subsidiary Rowan Homes (NHH). As at 31st March 2022, the key risks on Rowan Homes (NHH)’s risk assurance framework, together with the principal controls we have in place to mitigate these risks are shown in the table below.
The Group risk heat map summarised below shows the residual risk rating as at 31st March 2022 after mitigating actions have been taken.
Statement on Internal Controls Assurance
The Board acknowledges its responsibility for ensuring that settle has in place a system of internal control that is appropriate for its operations and for reviewing its effectiveness. The system of internal control is designed to manage risk and to provide reasonable, but not absolute, assurance that key business objectives and expected outcomes will be achieved. It also exists to give reasonable assurance about the preparation and reliability of financial information and the safeguarding of assets.
In meeting its responsibilities, the Board has adopted a risk-based approach to internal controls, which is embedded within normal management and governance processes. This approach includes the regular evaluation of the nature and extent of risks.
Key elements of our internal control framework include:
- Board-approved terms of reference and delegated authorities to the Group’s Committees;
- An annual review of compliance with the NHF Code of Governance;
- Formal board evaluation and appraisal procedures; this included an external board effectiveness review in the spring of 2021;
- Clear responsibilities for the identification, evaluation and control of risk. The Executive Team and the Audit and Risk Committee consider risks throughout the year. The Chief Executive and the Audit and Risk Committee are responsible for reporting any significant changes to the Board;
- Committee approved internal audit plan and internal audit reporting at Committee meetings;
- Regular reporting by the appropriate committee or the Board of risk information;
- Key health and safety issues reported to the Health, Safety and Wellbeing Board, the Audit and Risk Committee and the Board;
- Financial reporting procedures that include detailed budgets and forecasts for the year ahead;
- The Board regularly reviews key performance indicators to assess progress towards the achievement of key business issues, objectives, targets and outcomes;
- A detailed approach to treasury management and stress testing;
- Regular monitoring of loan covenants and loan facilities;
- Chief Executive’s assurance to the Audit and Risk Committee and the Board;
- Review and assessment of compliance with the Regulator for Social Housing regulatory standards at least twice a year to the Board;
- Regular updates and reporting by the external auditors; and
- Policies and procedures to reduce the risk of fraud, bribery and money laundering.
Our work on Data Governance has continued throughout the year with a focus on analysis of business critical data, and mapping of the flow of data across the organisation. We have successfully implemented a programme of annual data reviews across the business and made significant progress on the mapping of data journeys for our key performance data. This is a multi-year project and stage 1 of this will be completed during the first quarter of 2021/22.
The Board has delegated to the Audit and Risk Committee the regular review of the effectiveness of the system of internal controls, whilst maintaining ultimate responsibility for the system of internal control.
The Audit and Risk Committee reviewed the effectiveness of the system of internal control from the period commencing 1 April 2021 up to the date of approval of the financial statements, and the annual report of the internal auditor, and reported to the Board that it found no significant weaknesses in the system of internal control.
Governance and Financial Viability Standard
The Board confirms that an assessment of settle’s compliance with the Governance and Financial Viability Standard has been completed and certifies that settle is compliant with the Governance and Financial Viability Standard.