Improving your risk management process

Having a risk management process fit for your pension scheme’s needs is vital. An inadequate process exposes both you and your members to a wide range of potential issues. 

But defining what the best risk management process for you can be tricky, as each pension scheme will have its own unique set of circumstances to contend with. That’s why we help our clients to identify their specific risks, working with them to produce a process that’s fit for them.

Here, we breakdown some of the ways our Pension Executive and Management Services (PEMS) team have been able to help clients improve their risk management strategies. You will see that we refer to use of our developed best practice templates - we use these as a starting point before working with our clients to produce processes and documents tailored to their specific needs.

Risk registers

Our experts have put together a template risk register, that covers 26 core risks that organisations need to mitigate, manage or avoid. This covers all the usual areas you would expect for a pension scheme including overall governance, administration, service disruption, data management, funding and security of assets. We then compare the risks on the client’s existing register with our template, deploying a traffic light system to identify if risks are already matched (green), partially matched (amber) or missing (red). On top of highlighting what is and isn’t in place already, this process can also be useful for unearthing risk controls that are in place but aren’t documented on the risk register.

After mapping out the existing register, we then look to implement any client-specific risks and controls. Finally, our PEMS governance team reviews each risk individually, assigning scores based on likelihood, potential impact and trustee’s views, whilst also taking into account risk tolerances and appetites based on the client’s most recent risk appetite statement.

Risk management policy (RMP)

Typically, once we have a new risk register in place, we then move on to reviewing a risk management policy, again comparing it against our own best practice template. This review looks to capture the trustee’s processes and mitigating factors, whilst also identifying potential changes to the risk management process for monitoring and mitigating risks.

This RMP outlines the trustee’s risk governance framework, setting out the minimum operating standards for the management and governance of risk, including the identification, assessment, and monitoring of risk. The RMP also defines roles and responsibilities to help ensure risk management processes are understood, followed and auditable.

Integrated Risk Management (IRM) dashboard

By introducing a single dashboard to monitor and manage funding, investment and covenant risks, the investment and funding experts on the BW Governance team have helped our clients summarise their numerous existing data feeds and quite wordy IRM monitoring report into a much shorter dashboard to graphically show all the key interrelated metrics, allowing users to better grasp the big picture.

Case study

We recently worked with a £2.5bn pension scheme, with over 8,000 members, to improve their risk management procedures. Their case was fairly typical of those our PEMS team deal with – while some effective processes were already in place, there was plenty of room for improvement across multiple areas. 

The challenge

In the process of transitioning their trustee executive scheme from in-house to BW’s PEMS team, the trustee’s internal auditor recommended a review of both existing risk management processes and governance documents and policies. They wanted to see what could be improved, with a desire to be in-line with the draft General Code.

Our team, consisting of governance, investment and funding specialists, carried out a comprehensive review into the apparent risks that the scheme should be monitoring. From this, and in discussion with the trustee board, we produced a set of recommendations that would not only bring procedures in line with anticipated future regulations, but also result in a risk management process that was clearer and easier for trustees to implement.

How did we help?

As outlined above, our team carried out a thorough review of the client’s risk register, risk management policy and IRM dashboard, producing several solutions that when combined gave the trustee board confidence that their risk management framework was robust and fit for purpose.

As a result of the review, the trustee board felt comfortable delegating the day-to-day risk governance framework responsibility to its governance sub-committee, with input from its other sub-committees, knowing that a clear framework was in place. The exercise was also a useful awareness and risk training activity for the trustee.

On the implementation of our recommendations, the scheme’s internal auditor reviewed the risk register and didn’t suggest any significant alterations, speaking to the high quality of the work we provided.

Would you like help reviewing your risk management framework or risk register? Contact our PEMS team to see how they can help.