What is risk management?
It's not about avoiding or eliminating risk. Rather it’s about understanding what the risks are, what can cause those risks to occur, their likely impact, and how we can manage or mitigate this. When we understand the risks we face we can make properly informed decisions and find efficiencies by avoiding ‘surprises’.
Principal risks and uncertainties
Our goal is for risk management to be:
- Embedded in our culture, a positive organisational culture in which people embrace their roles and responsibilities
- An integral part of all organisational processes, and not a stand-alone activity performed in isolation
- Explicitly addressing uncertainty, identifying the nature of uncertainty and how we can address it
- Based on the best available information, drawing on data, expert judgement and stakeholder feedback to inform evidence-based decisions
- Part of decision-making, helping staff to make informed choices, prioritise activities and identify the most effective and efficient course of action
- Dynamic and responsive to change, responding swiftly to events, changes in the environmental context and the results of monitoring and reviewing activities
- Applied consistently across our business, to facilitate comparisons and prioritisation
- Applied with clarity, clear delineation of roles and responsibilities for regular review and challenge of risk management.
We define strategic risks as ‘threats’ which if they occur could materially impact the ability to deliver our strategic objectives.
Typically, these are affected by competition, sector changes, capital availability, political environment, legal and regulatory changes and reputation issues. These tend to be inter-departmental in nature and reflect cross-cutting themes. Strategic Risks are owned by the Executive Team and reported to each regular Board meeting and to Audit & Risk Committee.
Operational Risks
Operational risks are significant in the context of our business. These are owned by Leadership Team (LT), who report into Executive Team, and reviewed at least quarterly. Structured in this way, we ensure risk ownership is clear and the whole operational business is risk assessed. Some ‘Risk Registers’ are also subject to review by Committees. Risks can be “escalated” from Operational Risk Registers to the Strategic Risk Register by the Executive Team.
Risk Appetite
We recognise it may not be possible to deliver our strategic objectives unless the business takes risks. We’ve a responsibility to strike the right balance between a very passive approach (taking little or no risk) and a very active approach (taking too much risk). Our Statement of Risk Appetite is an expression of how much risk we’re prepared to take. It’s set by Board and is regularly reviewed by both Audit & Risk Committee, and Board. Risk appetite varies between different business areas, can change over time, and is dependent on the opportunities or benefits presented through the activity weighed against the risk exposure. We consider risk appetite for each strategic risk.
We currently have 13 strategic risks reflecting those factors representing a greatest potential exposure to the newly merged Southern Housing business. Risk management is a fundamental tool in ensuring post-merger success. By operating an objectives-led risk management process, we’re able to identify those risks which put in jeopardy the achievement of our strategic objectives. Our risk scoring mechanism ensures consistency in assessing our risk profile, but also facilitates risk prioritisation, and the development of corresponding mitigation strategies.
We are constantly monitoring our risk environment. Current focuses include changes in the macroeconomic environment, recruitment markets, cyber security, and pan-Southern Housing integration. Whilst Board delegates oversight responsibility of risk to the Audit & Risk Committee, Board remains ultimately responsible for risk management. Both forums provide review, oversight, and challenge of our risk approach and strategic risks. As our embedded risk management approach is objectives-led, the management and reflection of our strategic risks on the strategic risk register supports the achievement of our strategic objectives. The following pages outline current strategic risks aligned to the objectives in our 2023-26 strategic plan.
|
Build homes to meet housing need |
||
|
Risk |
Risk Response |
Risk Owner |
|
Development activity fails to deliver against the financial plan |
Our ability to deliver the target number of homes ultimately will be driven by our capacity which we measure through the financial plan and stress testing. We ensure any new scheme is fully backed by funding before commitment. Effective programme monitoring ensures we stay within capacity. Board approved a number of triggers to ensure we manage the impact of rising costs. We also apply a comprehensive contractor management programme which allows ensuring effective delivery of quality end products on our developments.
|
Richard White – Executive Director of Development |
|
Deliver efficiency |
||
|
Business negatively impacted by changes to Government policy |
We influence Government on a wide range of relevant policy decisions through senior management involvement in government forums & boards. Where policy is identified as potentially changing, these changes are fed into our long-term financial plan and stress tested to ensure the Plan is sufficiently robust and resilient to these changes. We perform assessments on current internal position compared against the requirements of forthcoming legislation and take appropriate action where gaps are identified. We have an extensive network of external relationships with MPs, local authorities, senior civil servants, and politicians allowing a greater level of insight and influencing and work closely with other stakeholder groups such as G15, CASE, and NHF to further influence government policy.
|
Paul Hackett – CEO |
|
Financial health is not fully protected in line with risk appetite. |
It’s essential we operate an effective, efficient business delivering the right services to our residents. We operate tight control over our finances which includes a well-governed budget and forecasting process. We have effective monitoring of lender covenants with reporting and oversight from multiple sources including our Treasury Committee reflected in our recent positive regulatory assessment. The annual review of the financial plan allows us to flex the plan as necessary and the assurance over its appropriateness. |
Sarah Smith – CFO |
|
Significant cyber security breach resulting in loss of IT systems and / or loss of data. |
Loss of IT would be extremely detrimental to our ability to provide effective services for our residents. The development of a cyber security strategy provides assurance over our protective posture of the business. Disaster recovery plans are tested monthly and we’ve ongoing monitoring of our network for exceptional / unusual activity to keep us safe. Restricted access to our corporate environments means staff and the business are protected whilst performing their duties and the operation of a 24/7 Security Operations Centre allows us to respond immediately to any identified threat.
|
Tom Paul – Executive Director of Strategy & Change |
|
Ineffective governance and regulatory compliance and/or poorly controlled business |
We update our financial plan and stress test annually. Our financial parameters place limits on the risk built into the Plan and so the scale and tenure mix of the development programme. They express the Board’s risk appetite and ensure actual and projected financial risks are within our capacity for financial risk. Insights from our stress testing drive decisions about when and what new development commitments we should make. We’ve strong financial controls and frequent reporting on treasury matters including, covenant compliance, mark to market exposure and liquidity. Our internal controls framework and risk and assurance framework provide clear, structured guidance to the business on how these areas are managed and delivered. We have reviewed the corporate structure post-merger and will be consolidating and dissolving a number of subsidiary entities to increase simplicity of the group structure.
|
Sarah Smith – CFO |
|
Failure to deliver efficiency targets |
We have identified relevant efficiencies in line with target and reflected in the new FY budget. Although there are challenges around increased costs caused by inflation, including those related to new/renewed contracts, we’re focusing resources and focus on costs as a priority.
A slower than planned systems integration will impact on timing of cost efficiency too but, in the meantime, we are maintaining strong oversight of our performance and key metrics.
|
Sarah Smith – CFO |
|
We do not have assurance on the quality of our data or operation of our processes |
We have an effective strategy to deliver the assurance over our data including the development and delivery of Data Assurance Plans as well as further developing our data quality tools, for automated data quality checks.
The business is working well to embed these activities, and so we should see a reduction in the risk scoring as the integration programme nears its end.
|
Tom Paul – Executive Director of Strategy & Change |
|
Empower our people |
||
|
Failure to attract, recruit and retain colleagues with key skills and experience to meet our business demands and cultural expectations and not effectively managing capacity and work priorities required of these colleagues |
Our people are one of our most important assets. Our culture programme provides guidance on our values, behaviours and expectations and forms a part of our strong induction process. Regular colleague surveys are performed and provide us with a wealth of data to continually improve as a great place to work and to gauge employee satisfaction. Having a strong union relationship and colleague forum encourages a strong employee voice and gives colleagues a place to formally discuss and raise issues affecting them. We continue to expand our internal talent pool through professional development, and progression and perform pay reviews and salary benchmarking to ensure we’re attracting the best external talent. Our benefits offer was reviewed at the point of merger and will continue to be assessed attending to those factors which are most relevant for attracting and retaining colleagues.
|
Wam Dawson– Executive Director of People & Culture |
|
We do not deliver our integration programme as planned, making BAU more challenging and failure to deliver ongoing benefits |
Integration delivery is well progressed under the supervision of our dedicated Director of Integration & Transformation. An Integration & Transformation Committee and an Executive Integration Steering Group receive regular updates on integration progress and makes decisions on priorities including systems and data including assessment against our regulatory and legal obligations to ensure appropriate prioritisation.
Our integration project plan identifies the various workstreams, resources, deliverables and time frames for pan-Southern integration.
A key part of our systems integration work is data integration; ensuring we have assessed and improved the quality of data before it is migrated between systems.
|
Tom Paul – Executive Director of Strategy & Change |
|
Great Customer Experience |
|
|
|
Fail to effectively manage repairs service |
We face increased ombudsman scrutiny. We have a dedicated resource established to manage the strategic relationship between Southern Housing and our External Management Agents partners and we have a new complaint policy and robust processes for handling complaints in line with HOS handling code. Through our resident governance structure our residents work alongside colleagues to influence policies and strategies, monitor performance and help shape the services we deliver. We constantly monitor our repairs service metrics to ensure the highest possible standards of delivery.
|
Yvette Carter – Executive Director of Contract Services |
|
Fail to effectively deliver demobilisation of UL/Wates contracts and mobilisation of new contracts and DLO |
This risk is a temporary, short-term issue. As we move closer to completing the de/remobilisation project, we will be back within our risk parameters. Actions to mitigate this risk include providing training for our colleagues, integrating systems to ensure procurement timelines align with system integration schedules, and increasing staffing levels.
|
Yvette Carter – Executive Director of Contract Services |
|
Safe and sustainable homes in good repairs |
|
|
|
Failure to implement the new legal and regulatory requirements for building safety and fire safety |
We have a comprehensive transformation programme in place to ensure we meet the requirements arising from the Building Safety Act 22 and the Fire Safety Act 21 and related secondary legislation. The Building Safety Programme Board chaired by the Exec Director of Assets and Sustainability oversees a dedicated change programme. The programme involves several projects, and progress is being reported regularly to Board. We have finalised the new Building and Fire Safety Policy and related management plans, and our programme of PAS9980 assessments continues and resulting remedial works are ongoing.
|
Karin Stockerl – Executive Director of Assets & Sustainability |
|
Failure to plan and deliver environmental sustainability targets including road map to net zero carbon |
High energy costs and low efficiency increases fuel poverty and damp and mould risks. We maximise opportunities for external funding by applying for all relevant opportunities and scan the horizon for specific funds available. We've been successful with various bid applications in the past, including a recent BEIS bid to fund our retrofit programmes for 2023/2025. We routinely consider energy efficiency and wider sustainability considerations to ensure building standards and planning requirements are met on new build projects |
Karin Stockerl – Executive Director of Assets & Sustainability |