JOB ALERT! We have some Job Opportunities

Learn More

JOB ALERT! We have some Job Opportunities

Learn More

RISK MANAGEMENT POLICY

1.  INTRODUCTION

This Risk Management Policy forms part of Brainwave Career’s governance and control arrangements.

Risk management is not an isolated activity. It is one element together with planning, project and performance management of effective governance and management. The focus is on those risks that could disrupt the achievement of Brainwave career’s strategy.

The purpose of this policy and the supporting guidance is to establish Brainwave career’s underlying approach to risk management by clarifying the roles and responsibilities of the Board of Directors, the Finance and Audit Office, Senior Management and other staff.  It also describes the context for risk management as part of the overall system of internal controls and arrangements for periodic review. It aims to support those staff with particular involvement in anticipating, assessing and managing risks so that they can take timely and well-founded risk-informed decisions.

2.  DEFINITIONS

A risk is commonly defined as an effect of uncertainty on the achievement of objectives. In other words, risks are various events that can affect the achievement of objectives.  Risk can have both negative and positive outcomes. Our aim is to manage the adverse effects and turn the risk into value.

Risks are an everyday part of our activities. Our operations involve multiple partnerships, challenging environmental, organizational contexts and extensive geographic scope. The realization of our mission and strategy depends on our ability to recognize risks and to define suitable measures for their treatment. Effective risk management is about effective decision making, not compliance. It is not limited to the identification and mitigation of negative risks, but also enables opportunities to be recognized that may involve some level of risk where they also have the potential to lead to positive outcomes, supporting the overall strategy.

Risk management refers to all activities performed by Brainwave Careers to anticipate, identify, assess and control the uncertainties which may impact on Brainwave’s ability to achieve its aims, objectives and opportunities. These will range from organization-wide to specific projects or programs, to the individual.

The risk management policy aims to demonstrate that Brainwave Career is acting appropriately to anticipate risks; to assess risks; to avoid excessive risk; to embrace necessary or desirable risks with appropriate safeguards; that its response to risk, whether by insurance, control measures or avoidance, is proportionate and effective; that responsible staff are equipped to take risk-based decisions with confidence; and that we are intelligent in applying our risk appetite.

3.  THE POLICY STATEMENT

In our work to achieve our ambition, four risks stand out. The first concerns our reputation. Our Mission centers on creating and sharing knowledge and delivering projects that have a real impact. So we must undertake research and knowledge work of the highest quality and secure maximum impact and influence for our activities. As such, our reputation for the quality of our work, our autonomy and ethical and intellectual integrity are of paramount importance. We will be bold in the nature of our work, in our technical thinking, in our methodologies and we will be innovative in how we seek to impact and influence. We will do everything we can to mitigate risks to our reputation.

The second concerns our people. Much of our work takes place in Uganda in locations that are inherently risky. We are responsible for the well-being of our staff. We, therefore, seek to ensure that work with partners within Uganda and in particular, outside country travel for our own staff, is informed by robust risk assessments and that travelling staff are trained and supported in their individual journeys. We will not require staff to travel or work in areas where we assess the risks to be excessive.

The third concerns our financial position. As an independent company, we are dependent on securing externally funded projects and programs from a range of funders and we do so in an increasingly competitive environment. We will manage our income and control our costs, remain competitive whilst delivering well-managed projects and programs on time and on budget. We will seek to minimize our financial exposure. We will not compromise our ethical standards to secure funding. We will not undertake work that compromises our financial solvency.

The fourth concerns the impact of our projects and programs. We are entrusted with funding to generate positive change in the lives of vulnerable people in resource-constrained environments. Because we work on complex problems, that is far from guaranteed. Many of our programs involve partners and collaborators often based in Uganda and/or operating in challenging environments. To do this well, we need to anticipate and manage all project and programme risks at the pre-proposal, proposal and inception stages. We need to make decisions about when to bid for funding and with whom, in good time but often on the basis of imperfect information. We need to be prepared to decide when we will take well-judged risks. when we will support responsible risk-taking and when we will not submit a funding proposal because of the risks. When we do, we must use relevant management information to track progress and identify difficulties. We will support our staff to do this well. We will not undertake work where we assess the financial or delivery risks to be too high. We will not compromise our ethical standards in delivering our work.

4.  PRINCIPLES AND GOVERNANCE

Our risk management approach will reflect the following principles:

  • Addressing both value protection and value creation;             
  • Ensuring that roles and responsibilities are explicit and clear;           
  • Ensuring that the process for managing risk is fit for purpose;            
  • Establishing legal compliance as a minimum standard. 

And will be embedded in our governance structures as follows: 

  • As the Managing Director and policy-making body of Brainwave Careers Uganda, the Board of Directors is responsible for the risk management policy and for assuring itself of the policy’s implementation.
  • The Board is also responsible for defining our risk appetite and risk tolerance, ensuring that a sound system of internal control is in place that supports the achievement of policies, aims and objectives while safeguarding the public and other funds and assets for which it is responsible.

5.  RISK MANAGEMENT OBJECTIVES

Brainwave Career’s objectives in relation to risk management are to: 

  • Develop an appropriate risk appetite.
  • Adopt good practice in the anticipation, timely identification, evaluation and cost-effective control of risk in carrying out both normal and extraordinary business activities.
  • Ensure that adverse risks are either avoided, reduced to an acceptable level, or managed and contained; and to do so in good time and on a continuous basis.
  • Support individual members of staff and teams to take appropriate risk-based decisions, encouraging responsible intellectual risk-taking, informed by an understanding of risk and reward and supported by senior colleagues where necessary.
  • Ensure business continuity wherever possible and respond effectively when this is threatened.
  • Enable a robust audit trail to demonstrate that we are capable of managing risk.
  • Focus risk assessment and management on the highest level of threats to our ability to achieve our strategic objectives; and opportunities to promote them.
  • Assure funders/investors that there is a robust approach in place to assess and manage risk.

6.  ASSESSING RISKS

Effective risk management requires risks to be anticipated, identified and assessed regularly, and actions are taken to manage the risks, whether these are positive or negative. To support risk assessment and actions to be identified, Brainwave will develop documentation about each project/program specifying the area of operation, partner exposure, any key risks (e.g. foreign exchange). It will also develop training and communications tools to support project managers to manage risk.

We face specific operating risks that inform our approach to assessing risks as follows:

  • We hold investments and a minimum financial reserve to enable us to manage cash flow and other uncertainties. We will not undertake activities that compromise these.
  • We work with and through partners. The quality of our work and our reputation can be affected adversely or positively by the activities of our partners. We will, therefore, select our partners carefully and we will develop a set of partnership principles and criteria to assist in this.
  • We work in areas with different regulatory and accounting requirements for the sector. We will always ensure that we understand these requirements in order to maintain our license to operate to the benefit of our ultimate beneficiaries. 

Details of Brainwave Career’s approach to assessing risks are set out in the Appendix.

7.   RISK MANAGEMENT FRAMEWORK 

Our approach to risk management reflects sector guidance and aims to clearly locate responsibility for identifying and managing different levels and types of risk in a structured way.

In each case, the “owner” of the risk should have in place early warning mechanisms to alert Brainwave Careers so that remedial action can be taken to manage any potential hazards.

8.  MANAGING RISKS

Risks regarded as high or very high in impact and probability should be identified in advance and a decision taken about whether to continue with the activity and if so, how to manage it to either realize the potential benefits or avoid the potential downsides. Risks change and evolve as projects develop, before bidding and throughout their funded life. Different risks will be managed with a particular focus. Some will be addressed through routine management, supported by Brainwave’s systems, procedures and policies. The team has a particular role to play here in providing the management for regular review of project implementation, including emerging issues that threaten successful delivery.

9.  MONITORING AND LEARNING

We will monitor the risks on the Strategic Risk Register, especially those with a “High” risk score.

Clusters/units and departments will be asked to review the operational risks captured in their Registers termly. The Strategic Risk List is kept under review by the Finance and Audit team, which meets regularly. It is reported to the Board.

We will learn from our experience of risk management and seek to share issues and ideas with staff to enable them to work effectively in a risk-based manner. This will include learning from those risks that we take on knowingly, where we believe that we could secure significant benefits if the risks are handled responsibly.

10. ROLES AND RESPONSIBILITIES

The Board is responsible for overseeing risk management with a scheme of delegation to the Finance Resources and Audit Team and policy implementation by the Managing Director and senior staff.  All senior staff are responsible for encouraging good risk management practice within their areas of responsibility and all project managers (Trainers and facilitators

) will need to have regard to risk for the projects that they lead or support.

The Board will:

  • Approve the overall policy statement;
  • Offer periodic advice on risk appetite and risk tolerance;
  • Satisfy itself about the assessment of strategic risks via annual consideration of the Strategic Risk List;
  • Monitor the management of significant risks to ensure that appropriate controls are in place;
  • Identify any strategic risks that require inclusion or updating in the Strategic Risk List to ensure that it reflects Brainwave’s overall strategy and operating context;
  • Approve major decisions, taking into account Brainwaves risk profile or exposure;
  • Satisfy itself that less significant risks are being actively managed, and that appropriate controls are in place and working effectively to ensure the implementation of policies approved by the Board;
  • Review regularly the Company’s approach to risk management and approve changes where necessary to key elements of its processes and procedures. 

The Finance and Audit Team will:

  • Ensure the implementation of the risk management policy and advise on any modifications to the policy; 
  • Receive advice from the Board on the need for inclusion or amendment of strategic risks in the Strategic Risk List; 
  • Ensure that adequate information is provided for the Board and its team, as appropriate, on the status of risks and controls; 
  • Ensure that an annual report is provided to the Board on the effectiveness of the system of internal controls; 
  • Ensure that local risk registers in the country offices are reviewed regularly. 

The Strategic Management Team will: 

  • Regularly review the Strategic Risk List and submit this to the F&A Team quarterly and thence bi-annually, to the Board; 
  • Advise on modifications to the policy; 
  • Assess the adequacy of internal controls and advise the Board as necessary; 
  • Decide on risk mitigation where Board action is not required; 
  • Advise on Brainwave’s appetite for risk and its tolerance of risk; 
  • Inform all its strategic decisions with considerations of risk; 
  • Ensure other Sub Committees take appropriate steps in respect of risk; 
  • Keep the overall Strategic framework under review; 
  • Advise on thresholds for risk assessment in proposals and projects;
  • Engage with the Institute’s internal and external auditors on internal controls;
  • Ensure appropriate training is available for staff; 
  • Advise on any supporting policies; 
  • Advise on thresholds for risk-based decisions;
  • Ensure appropriate insurance cover is in place to mitigate risks.

 Directors, Managing Directors and Heads of Teams Function will: 

  • Implement policies on risk management; 
  • Identify particular risks that arise in their area of responsibility e.g. a data protection breach; an employment relations challenge;
  • Develop and maintain a local Risk Register and forward a copy of the Register annually to the Auditors and Head of Finance; 
  • Support their staff to develop and apply risk management principles and tools for individual projects; 
  • Regularly view risks with their staff and help Project Managers identify and manage risks appropriately. 

Project Managers will: 

  • Identify and manage risks in individual projects; 
  • Provide input to the local Risk Register and report on progress; 
  • Support their staff to apply good risk management principles. 

Individual members of staff will: 

  • Take care to apply good risk management practice in their day-to-day work; 
  • Follow the principles and objectives set out in this policy; 
  • Follow other policies that contribute to managing risks such as the Social Media Policy and Travel Policy;
  • Draw on the guidance from the work process when development project proposals; 
  • Take part in relevant training where this will help with confidence and capacity in risk management.

11. INTERNAL CONTROLS

Internal controls encompass a review of the risks inherent in each activity. The Finance and Audit

Team reports to the Board on the adequacy of internal controls.  As part of its remit, the

Team reviews the work of the Internal and External Auditors and of Brainwave’s management. The Committee is therefore well placed to advise the Board on the effectiveness of the internal control system.

Currently Brainwave has an external consultant which it contracts to review and report the effectiveness and reliability of the internal control system. 

As part of the annual audit, Brainwave’s External Auditors will advise the Finance and Audit Team on the operation of the internal financial controls.

12. PERIODIC REVIEW

The Board will periodically review its risk appetite and risk tolerance. 

The Board will also periodically review the effectiveness of the internal control system and in doing so will: 

  • Review the previous year and examine the Company’s track record on risk management; 
  • Consider whether Brainwave has made the right decisions on risks that are value enhancing and value protecting; 
  • Consider the internal and external risk profiles of the coming year; 
  • Consider whether the current internal control arrangements are likely to be effective. 

As part of its review, the Board will consider: 

  • Brainwave’s objectives and its financial and non-financial targets; 
  • Brainwave’s strategic ambitions and progress towards them; 
  • The management approach to risk; 
  • The appropriateness of the level of delegation of authority; 
  • Public reporting; 
  • Prioritization of risks; 
  • Timely identification and assessment of risks; 
  • The ability of Brainwave careers to learn from its problems and apply its learning.

APPENDIX

ASSESSING RISKS

  1. Most relevant authorities on risk management advocate two main parameters for assessing risks. The parameters are: 

Likelihood, i.e. how likely is it to happen 

Impact, i.e. how significant might the consequences be

  • These almost always focus on risk mitigation and management of the possible/likely “downsides” rather than of the possible/likely “upsides” although the idea of focusing resources on the most
  • risky can apply to risks to be embraced as well as to those to be managed/mitigated.
  • Brainwave will use a traffic light system as illustrated below to assess risk.
I   m p a c t      
     
     
     
     
 Likelihood 

 Impact:

  • Very low – no significant disruption, adverse publicity unlikely, litigation unlikely financial loss modest; funder/partner relations unaffected.
  • Low – short term disruption; careful PR required; litigation unlikely; moderate financial loss; funder/partner relations unaffected.
  • Moderate – short term disruption; reputational damage; litigation possible; significant financial loss; funder/partner relations may be affected.
  • High – medium-term disruption; adverse publicity; probable litigation and difficult to defend; significant financial loss; funder/partner relations affected.
  • Very high – sustained disruption; significant reputational damage; litigation highly likely and costly; significant financial loss; funder/partner relations seriously affected.

 Likelihood:

vl       very low

 l         low 

m        moderate 

 h        high 

 vh       very high (as likely as not) 

Read other policies