Risk Assurance Framework
Approach to risk and assurance
We have a clear purpose at settle, underpinned by values and behaviours which shape us and guide us in achieving our priorities.
The external environment continues to present challenges for all businesses, including housing associations and it therefore crucial that we have an effective risk management framework in place that provides a structured and coherent approach to identifying, assessing and managing risk and ensures settle remains a well governed and financially resilient organisation.
Our approach to risk management
Our approach to risk is governed by our risk appetite statement and risk assurance framework.
- Risk appetite is best defined as the level of risk that we are prepared to accept in pursuit of our strategic objectives and before action is deemed necessary to reduce the risk. The Board reviews the risk appetite statement at least annually.
- Risk Assurance Framework – our framework helps us manage both strategic, operational and emerging risks across the business. This framework is designed to create a cascade of risk, creating a more live framework and more regular conversations about risk management throughout the business. To assist with this there are a series of rules to apply when considering where a risk sits.
The Board and Executive team regularly review our risk management approach and the processes in place to identify, mitigate and manage risk to the achievement of settles purpose and objectives.
Risk Management
A risk is registered on the strategic framework if its occurrence would cause one or more of the strategic themes to miss the agreed target. Risks will be logged on the assurance framework in the following circumstances:
- A single operational risk may move to the strategic framework if the impact would result in a strategic theme going off-course.
- A series of connected operational risks may, together, form a strategic level risk due to their combined effect on the achievement of a strategic theme.
Each risk within the Strategic Risk Register is regularly analysed and prioritised. The register identifies the existing controls and mitigations and further controls in development for each risk. Our assurance is based on the three lines of defence model. All risk and risk movements are reported monthly to the Executive Team and quarterly to the Audit and Risk committee for assessment and monitored, then onward to the Board.
As at 31 March 2024, the key risks on settle’s risk assurance framework, together with the principal controls we have in place to mitigate these risks are shown in the table below:

Strategic Risks

Group Risk Heat Map 31 March 2024
The Group risk heat map summarised here shows the residual risk rating as at 31 March 2024 after mitigating actions have been taken. All risks are kept under regular review by settle’s Executive Team, the Audit and Risk Committee and the Board.