As school leaders, risk is something that we are incredibly familiar with. We have processes in place to ensure safety on school trips, that our site is secure and that the staff who work for us are screened in accordance with safeguarding legislation.
These systems are woven into the fabric of school life, often without issue or incident.
However, there are other types of risks to our schools – beyond the operational – that require more consideration and focus to allow us to mitigate them appropriately.
By taking a strategic approach to risk management, your school can be proactive and make well-informed and timely decisions.
What does risk management involve?
The process of risk management involves six steps; identification, assessment, measurement, management response, monitoring and reporting.
As an organisation, you should have a process that outlines how you follow these steps to ensure that the management of risk is clearly articulated, understood and implemented by key stakeholders.
At a strategic level, risk management should be linked to your school development plan and its objectives; specifically the risks that will impede you from implementing your plan effectively.
What types of risk are there?
It’s easy to fall into the mindset that everything is a risk i.e. an accident on a school trip or a break-in at school. While these are all risks, as outlined above, they will likely already have comprehensive mitigation measures in place.
Unless you have reason to believe that your measures are not working or are out of date, an audit identifies areas of concern or some other variable factor has changed, then these types of risk need not feature on your strategic and ‘live’ risk register (or similar document).
Risk management does not equate to voiding risk altogether as this is often not possible. It’s about forward thinking, taking appropriate action at the right time and ensuring that you’ve done all that you can to reduce the impact of any risk.
If your management actions are effective and the risk can be deemed ‘low’ then you are managing risk effectively.
Strategic risks usually fall into five main categories; governance, educational, financial, external and compliance.
Operational risks, as outlined above, may be incorporated into your risk management process but only if there is a significant impact upon your progress towards your strategic objectives.
Chances are, serious operational risks would be covered under one of the other five types of risk. Here are some examples of risk for each category:
Governance
Constitution or structure of your LGB (numbers, attendance, committees), capacity of the LGB in terms of skillset and time, conflicts of interest.
Educational
Outcomes, Ofsted, curriculum, provision, staffing etc.
Financial
Limited income, insurances, procurement, internal controls, cash flow, inadequate information or reporting, asset management.
External
Reputational, demographic changes, pupil numbers, community, changes in government policy.
Compliance
Failure to meet legislative requirements, poor knowledge of responsibilities and regulations, audit issues.
How do we manage risk?
Where a risk has been identified, you need to be able to quantify both its probability of occurrence and the relative impact if it does occur.
When you have identified the measures you are going to put in place to mitigate the risk, you should then assess what effect these measures will have on both the likelihood and impact.
You should expect a lower probability of it happening or a lesser impact if it does after you have taken management action.
In the academy sector, this risk assessment process is documented on a risk register. In the maintained sector, you may have an LA risk register template that you use or you may record it in another way.
There are four main approaches to risk; tolerating (accepting and managing), treating (controlling or reducing), transferring (contracting out or insuring) and terminating (avoiding). The approach you choose to manage each risk will depend on your context and your resources.
To be clear on accountability and responsibility, you should determine who ‘owns’ each risk. This will likely be the person who is responsible for implementing the mitigating actions. While we know that the ‘buck’ stops with the headteacher, risk management is everyone’s responsibility. Line management and reporting to your LGB should incorporate the risk management process, ensuring that the accountability chain is robust.
how can we make sure our risk management process is fit for purpose?
When a risk has been successfully mitigated to what you determine to be an ‘acceptable’ level, there should be a point where this risk is removed from the risk register.
This means that the focus of risk management is not diluted and that priority is given to current and ‘live’ risks. In the future, it may be that some risks ‘return’ and at that point, they can be revisited.
When it comes to managing strategic risk, it’s important that the process is integrated into existing structures and systems. This ensures that it is a regular topic of discussion.
The more people that are involved in the identification, assessment and management of risk, the less likely it is that the process will become subjective or overlooked.
Risk management may appear to be an onerous administrative process but when it’s well implemented, it can help you to protect your school, staff and students as well as save money, provide stability and help you to make smart decisions about the use of time and resources.
Risk management: self-evaluation
- Do we have a formal risk management process?
- Is it explicitly linked to our strategic objectives?
- How do we categorise risk?
- Is our assessment of risk robust?
- What is our approach to risk?
- Are accountability lines clear in terms of risk management?
- How do we communicate management action in terms of addressing risk?
- How does our governance structure support risk management in terms of scrutiny and challenge?
- How do we keep our risk management process objective?
- How do we determine whether a risk should be removed from the risk register?
Laura Williams is an executive coach and trainer working with headteachers, SBLs and CEOs.