Latest
A47 Norfolk | Eastbound | Accident, road closed   ...   A47 Norfolk | Westbound | Accident, road closed   ...   M271 Hampshire | Northbound | Incident, 1 lane closed   ...   M25 Essex | Clockwise | Heavy traffic   ...   M60 Greater Manchester | Clockwise | Heavy traffic   ...   M25 Surrey | Clockwise | Accident, road closed   ...   A12 Essex | Northbound | Heavy traffic   ...   M6 Warwickshire | Northbound | Heavy traffic   ...   M1 Nottinghamshire | Southbound | Heavy traffic | Clear   ...   M25 Surrey | Anticlockwise | Heavy traffic   ...   A34 Hampshire | Southbound | Heavy traffic   ...   A12 Essex | Southbound | Heavy traffic   ...   A20 Kent | Westbound | Accident, 1 lane closed   ...   A20 Kent | Eastbound | Incident, 1 lane closed   ...   M271 Hampshire | Southbound | Overturned vehicle, road closed   ...   M6 Cumbria | Southbound | Vehicle recovery, 2 lanes closed   ...   M25 Hertfordshire | Anticlockwise | Heavy traffic   ...   A66 County Durham | Westbound | Broken down vehicle | Clear   ...   A74 Cumbria | Northbound | Heavy traffic   ...   M4 Wiltshire | Eastbound | Broken down vehicle, 1 lane closed   ...   M6 West Midlands | Northbound | Broken down vehicle | Clear   ...   A404 Buckinghamshire | Southbound | Heavy traffic   ...   A52 Derbyshire | Eastbound | Heavy traffic   ...   M5 South Gloucestershire | Southbound | Heavy traffic   ...   A13 Essex | Westbound | Broken down vehicle   ...   A46 Leicestershire | Southbound | Broken down vehicle | Clear   ...   A5036 Merseyside | Northbound | Heavy traffic   ...   A49 Herefordshire | Southbound | Heavy traffic   ...   M1 Nottinghamshire | Northbound | Heavy traffic | Clear   ...   M60 Greater Manchester | Anticlockwise | Flooding, 1 lane closed   ...   M25 Buckinghamshire | Clockwise | Accident, 1 lane closed   ...   M25 Surrey | Clockwise | Incident, road closed   ...   A38 Devon | Northbound | Accident, 1 lane closed   ...   
Home » About Us » Corporate Documents » Highways Agency Framework for Business Risk Management » Highways Agency Framework for Business Risk Management
Contact us

by phone or email

Register for
email alerts

On information that's important to you

Feature

Better information for your journey

The National Traffic Control Centre collects real-time information on road conditions.

Quick Links

See when traffic will be lightest

Our traffic forecaster can help get you there quicker

« Previous
Next »

Highways Agency Framework for Business Risk Management

3 REVIEW AND ASSURANCE

THE REPORTING FRAMEWORK

3.1 Few risks remain static and new risks emerge as external and internal circumstance change. Ongoing review is essential to ensure that factors, which may give rise to a new risk or affect the likelihood and consequence of an existing risk outcome, are identified and an appropriate response made.

3.2 The principle of 'Corporate Governance' requirements is to ensure that the Risk Management arrangements embedded into the organisation are subjected to review by senior management.

3.3 The objectives of Risk Management reporting are:

  • To provide the Chief Executive, as Accounting Officer, with information on the effectiveness with which risks are identified, managed and monitored throughout the Agency; and
  • To support the Chief Executive's Annual Statement on Internal Control.

3.4 To achieve this, a structure of reporting the results of risk review and management activities will be established in the Agency. Annex B flowcharts the reporting process.

SCOPE AND CONTENT OF RISK MANAGEMENT REPORTS

3.5 Quarterly Risk Management reports, prepared by Board Directors, cover:

What are the major categories of risk?

3.6 The Audit Committee will be provided with periodic reports on those risks assessed as critical in the initial risk assessments undertaken by Directorates. These reports include updates on progress against action plans, re-assessment of the current risk level and forecasting of the post action plan risk level.

Which business areas have the most critical risks?

3.7 Periodic reports are appropriate on specific business areas where the risks are regarded as critical.

Are there any single risks that could have a critical impact?

3.8 If there are, the Audit Committee needs to know how action plans are progressing and how the level of risk is being reduced.

Are inter-dependencies being monitored?

3.9 Inter-dependencies will change continuously as the Agency changes. These are to be reported on periodically and will help to ensure that risks are also looked at from an Agency wide viewpoint (reducing the 'silo' mentality).

RISK REPORTING - ROLES AND RESPONSIBILITIES

3.10 Additional to the roles and responsibilities outlined in paras. 2.8 to 2.17, there are a number of key players in the Agency's risk reporting arrangements i.e.

Corporate Risk Management Advisor (CRMA)

3.11 The CRMA will:

  • Provide guidance and advice on the operation of the reporting procedures;
  • Bring together the periodic reports from Board Directors, consolidating them in reports to the Chief Executive and Audit Committee;
  • Arrange for reports to be analysed and provide a synopsis of key issues; and
  • Feedback any issues raised by the Audit Committee for inclusion in Directorate/Divisional risk registers.
Audit Committee

3.12 The Audit Committee considers "issues which affect the adequacy and effectiveness of the Agency's arrangements for identifying and managing risk at all levels in the Agency".

3.13 The Audit Committee will review:

  • Quarterly reports produced by the Agency Board Directors and the CRMA;
  • An annual report that brings together the issues reviewed throughout the year identifies the significant risks and describes the actions being taken to manage those risks. This report is produced by the CRMA; and
  • The annual statement on the adequacy of Risk Management arrangements adopted by the Agency (the Statement on Internal Control).
Performance Monitoring Action Group (PMAG)

3.14 PMAG provide a means of ensuring compliance with the currently accepted principles of Corporate Governance, paying particular attention to identification, management and reporting of all risks associated with the business issues placed before them.

3.15 They are also responsible for the identification of risks and Risk Management strategies of sufficient impact to be reported in the Corporate Governance section of the Agency's Annual Report.

Internal Audit (part of Audit, Inspection and Consultancy Division)

3.16 Internal Audit work provides an important assurance about the adequacy of management's embedded risk and control mechanism. As part of this role, Internal Audit will periodically review the reporting process, focussing in particular on the accuracy and robustness of reporting information.

3.17 The Internal Audit unit is also being used to assist in the development of arrangements for Risk Management within the Agency. They are well placed to do this as they possess a wide ranging view of the activities undertaking within the Agency and has already undertaken some form of assessment to inform it's planning of systems and processes to be audited.

3.18 However, it is important to note that their function is to provide an independent assurance about the way in which risks are managed. Internal Audit is neither a substitute for Agency management ownership of risk, nor is the presence or activity of Internal Audit a substitute for an embedded review system carried out by colleagues with executive responsibility for the achievement of Agency objectives.