by Hayley Dunn
, ASCL Business Leadership Specialist
Risk is and always will be present. There is a risk in everything we do and managing day-to-day risks and personal safety is everyone’s responsibility.
From a school or college leader’s point of view, there are two ways to look at managing risk strategically: the risk of stopping or reducing the number of bad things happening and the reward of making good and better things happen. What is your approach to managing risk? Could it be better?
A risk is the potential of a situation or event to impact on the achievement of specific objectives. Risk is inherent in everything, and the level of risk increases for managing projects with lots of moving parts, such as building a new site or bringing another school into a trust.
You will never be able to anticipate everything that could potentially go wrong in your school or college, but by undertaking due diligence, your organisation will be able to have a plan in place to respond quickly before risks become real problems.
A risk management process needs to be tailored to the circumstances of each part of the organisation, for example, some risks within the central team will differ to those in a constituent primary school. There are several different approaches you could take when considering your risk management process, however I will focus on these three questions, how robust is your organisation’s risk management? Which type of risks do you have covered in your Emergency Response Plan? And how robust is your risk register?
A risk register is the primary tool used to identify and track potential risks. It is used to fulfil regulatory compliance but also to stay ahead of potential issues that can disrupt intended outcomes. A document is static, but your risk management process, including your risk register, needs to be agile and a constant work in progress.
A risk register is one of the essential control documents that schools and trusts use for strategic planning and monitoring. Think about how core documents are compiled, monitored, and stored because this in itself carries an inherent risk. For example, what software do you use for writing and storing documents? If you are using Microsoft Word without tracking and password protection, it would be easier for someone with malicious intent to make changes or corrupt the file. In a more extreme example, if your school or college were subjected to a cyber-attack, would you know what to do? Is the organisation’s planned response to such an event in the Emergency Response Plan? Where is the plan stored?
The first thing to do is identify the risks. Experience and utilising insights from across the team should guide you. There may be historical data to review to help identify common risks. Additionally, you can anticipate some risks based on sector, national and local information, or based on common staffing or personnel issues, or even the weather.
Not all risks are created equally. As a leadership team you will decide what goes to the top of the priority list and which can be further down. Time, resources, measures, and likelihood of realisation of the risk are all judgement factors. You will determine the level of risk and this way, you can filter your register and then prioritise.
When compiling a risk register, the next step to managing risk is to work strategically to control the potential issues most likely to occur. Therefore, you should have an approach and mechanism in place to collect potential risks and map out a path to get things back on track, should those risks become realities.
is ASCL Business Leadership Specialist.
Hayley and ASCL Funding Specialist Julia Harnden
are leading a new three-part Leading On webinar Managing risk and reward from February 2021.
They will lead you through identifying risks, how to assess risks, approaches to risk management, embedding practice, examples of potential risks, accountability, potential interventions, and the ESFAs approach and assurance work. Find out more here