RISK MANAGEMENT STRATEGY

Introduction

It is normal good business practice to have risk management, control and review processes in place;
Which are appropriate to the circumstances and business of the organisational body.

Risks can, in their nature, be:

• Strategic - those risks that arise from being within a particular sector and geographical area.
• Operational - risks that arise from the various operational and administrative procedures that
Sundance Renewables uses to implement its strategy.
• Financial – risks that arise from the financial structure of the business, from transactions with
third parties and from the financial systems in place.
• Compliance - risks that derive from the necessity to ensure compliance with laws, regulations
and other less formal expectations.
• Environmental - risks to the organisation from the natural environment and risks to the natural
environment to which Sundance Renewables need to respond.

Risk management is about identifying risks and assessing the probability of their occurrence and
impact on the business should they happen. Then reducing the incidence of risks happening and
reducing the impact on Sundance Renewables should they materialise to an acceptable and
manageable level, through the existence of a control framework.

The recognition of risks is often associated with emerging opportunities for business benefits and
both risk and opportunity need to be considered in the context of business improvement.

Risk management is of benefit to Sundance Renewables by:

o Enabling business continuity, no matter what adverse events occur.

o Allowing new opportunities to be developed in a controlled manner.
 o Reducing, or eliminating, unproductive time spent in problem fighting.
o Protecting the assets of the organisation including staff, reputation and standing,
intellectual assets as well as the physical assets.
o Avoiding penalties from failure of compliance or statutory requirement.
o Avoiding adverse publicity from business or operational failure.
o Optimising the use of funds and ensuring value for money.
o Reducing employee stress and turnover.

Risk Management and internal control are firmly linked with Sundance Renewables’ ability to fulfil
clear business objectives.

This Risk Management Strategy sets out to:

o Describe Sundance Renewables’ attitude to risk.

o Define the structures for the management and ownership of risk.
o Specify the way in which risk issues are to be considered at each level of the business.
o Specify how new activities will be assessed for risk and incorporated into risk
management structures.
o Define the structures for gaining assurance about the management of risk.
o Define the criteria which will inform the assessment of risk and the definition of specific
risks as ‘key’.
o Define the way in which the risk register and risk evaluation criteria will be regularly
reviewed.

Attitude to Risk

As a third sector company we have a duty to spend our funds wisely, ensuring the efficient and
effective use of resources. However, a risk adverse approach would run counter to the need for
Sundance Renewables to be innovative. Therefore it is recognised that the aim is to manage and
control risk appropriately rather than eliminate it and in fact, that properly planned and managed
risk taking can promote innovation and lead to improved value for money.

The right balance needs to be struck between the associated cost of controls established to minimise,
or at best eliminate, the risk and the risk itself. Clearly judgements need to be taken on the risk
appetite – the amount of risk Sundance Renewables is prepared to accept before it judges action to
be necessary, and this will vary according to the perceived importance of particular risks.
 Risks are considered both in terms of the likelihood of the risk occurring and the impact that would
result if the risk did occur. Factors considered in assessing whether the impact is high, medium or
low are the potential impact on the organisation, on shareholders, on partners and other stakeholders,
on operational procedures and on the external environment. Factors considered in assessing whether
the likelihood is high, medium or low are the past condition, the likely future condition and the
control procedures in place. A higher weighting is given to impact than to likelihood and an impact
to the external environment is deemed greater than an impact to the corporate body.

There are a number of potential approaches to risk management and reduction:

o Transfer the risk by paying a third party to take the risk

o Tolerate/Accept the risk either because the ability to do anything is limited or because
the cost of action far outweighs the benefits
o Treat by way of internal controls to reduce or contain the risk. This is the response to
the majority of risks.
o Terminate the activity which generates the risk

Effective risk management is the appropriate selection from these options. There will usually be an
element of residual risk – the objective is to reduce the risk as low as reasonably practicable. Once
risks have been evaluated and an appropriate course of action determined, those measures need to be
put in place.

In managing risks, it is the Members view that Sundance Renewables should not adopt an attitude of
being risk averse but rather that risks are evaluated against potential benefits and appropriately dealt
with. Business opportunities should not be discarded simply because there are associated risks.

Structures for the management and ownership of risk

The roles and responsibilities of various groups, teams and individuals are set out below:

• Operating as A Workers' Co-operative

It is each Member’s individual responsibility:

 o To ensure that Sundance Renewables’ statutory duties are discharged within the
framework of the Strategic Development Plan and that strategies are developed to
achieve Sundance Renewables' objectives.
o To be satisfied that there is proper and effective management of the organisation.

Members maintain control over the work and working practices of the organisation through its
ongoing review of achievements against targets and in setting policies, which further its aims.

Co-operative Members also provide additional assurances from their wider experience, often of
specialist areas.

The Directors of Sundance Renewables have the overall responsibility for ensuring that there an
effective system of control is maintained and operated within Sundance Renewables.

o An essential part of that overall system of internal control is the management of risk.

As part of the Annual Accounts, the Directors and the Company Secretary are required to make a
Statement of Internal Control. The aim of the statement is to give assurance that there is an
adequate system of internal controls to support the achievement of Sundance Renewables’s aims and
objectives and to safeguard public funds and Sundance Renewables’s assets.

Consideration of risks within Sundance Renewables

It is essential that risk is considered at all levels of Sundance Renewables and that the consideration
of risk is embedded into the way Sundance Renewables operates.

Sundance Renewables will assess, on a regular basis, the main areas of risk to organisational aims
and objectives. This will link to the Strategic Development Plan.

These will be recorded in a Key Risk Register, which will

o Record a list of the key risks

o Assess the respective likelihood and impact of each risk
o Assess the risk rating of each risk
 o Assess the existing control(s) that manages each risk
o Assess the adequacy of the control(s)
o Identify a lead owner of each risk

The Key Risk Register will be reviewed at least annually in conjunction with the SWOT review.

Most risks are managed within the organisation through some form of action/control. The controls
seek to minimise, or at best, eliminate the risk. Controls can be

o Detective – the control identifies the undesirable outcome once it has happened e.g.
reconciliations
o Directive – the control ensures that a particular outcome is achieved. This is particularly
relevant to Health & Safety
o Preventative – seeks to limit the possibility of an undesirable outcome e.g. separation of
duties. The extent of the preventative control will depend on the extent of the potential
impact of the risk.
o Corrective – corrects the undesirable outcome after they have been realised by seeking a
route of recourse of recovery against loss or damage e.g. insurance.

As the control environment changes so the risk registers need to be updated to reflect those changes
and to reassess the adequacy of the controls in managing the risks.

The current controls in place to manage the risk are given a control rating in the key and local risk
registers. The rating being:

o Good - where the control fully addresses the potential risk and operates effectively
o Satisfactory – where the control manages the risk but there are instances of non
compliance with certain system procedures
o Inadequate – where the control is ineffective and needs to be improved if the risk is to
be managed
New Activities

New areas of work will be subject to a risk evaluation. The risk evaluation will consider the risks
that may jeopardise and threaten the required outcomes of the new piece of work including issues of
internal and external communication and its impact of existing areas of work being done within
Sundance Renewables e.g. will the new area of work conflict in some way with existing work and
therefore change the risk assessment of that.

Conclusion

Risk Management is a key part of managing Sundance Renewables’s ability to deliver its aims and
objectives.

It is essential that this process continues to be embedded into the organisation and that risks are not
just identified but actively and effectively managed.

1
 notes

1
The above document is derived from a Risk Management Strategy compiled by the Countryside
Council for Wales in 2008. - We believe the sharing of Best Practice in Policy and Procedure between
the Public, Private and Third Sector is essential to achieving Sustainable Development.