Risk management policy

1) Introduction

The National Portrait Gallery recognises that the effective management of risk and opportunity is central to its ability to achieve its aims, objectives and policies.  This document outlines the principles for managing risk, including an outline of acceptable risks and prohibited risk areas, and the responsibilities of all staff for risk management. The policy can be found on the staff network.

2) Scope

The Chair and Deputy Chair of Trustees, the Chair of Audit and Compliance Committee, members of Management Team and Heads of Section should be familiar with this policy and all other Trustees and staff should be aware of it.  The aim of the policy is to ensure that all staff are aware of the Gallery’s risk management framework and what to do regarding risks they are not empowered to take.  

3) Definitions

Governance is the process by which stakeholders (staff, Trustees and bodies to which the Gallery is accountable) articulate their interests, their input is taken on board, decisions are taken and decision-makers are held accountable. Good governance will give management the freedom to take the organisation forward without undue restraints and ensure this freedom of management is exercised within a framework of effective accountability.

Risk management is the culture, processes and structure that are directed towards the effective management of potential opportunities for and threats to the Gallery.

Risk is something which could:

  • have an impact by not taking opportunities or not capitalising on the Gallery’s corporate strengths,
  • prevent or hinder the achievement of the Gallery’s objectives,
  • cause financial disadvantage, i.e. additional costs or loss of money or assets; or
  • result in damage to or loss of an opportunity to enhance the Gallery’s reputation.

Statement on Internal Control is the mandatory annual statement made jointly by the Chair of Trustees and Director in the Annual Report and Accounts, confirming that the Gallery has maintained a sound system of internal control throughout the year.   

4) Legal Basis

The Gallery’s responsibilities in relation to risk management and the annual Statement on Internal Control are set out in chapter 21 of Government Accounting 2000.

5) Statement of Principles

The objectives of the Gallery’s Risk Management arrangements are to help managers make informed choices which:

  • improve the Gallery’s performance by informing decision-making and planning;
  • promote a more innovative, less risk averse culture in which taking calculated risks in pursuit of opportunities to benefit the Gallery is encouraged;
  • provide a sound basis for integrated risk management and internal control as components of good corporate governance.

The improvements and benefits which effective risk management should provide are:

  • an increased likelihood of achieving the Gallery’s aims, objectives and priorities;
  • prioritising the allocation of resources;
  • giving an early warning of potential problems; and
  • providing everyone with the skills (after specific training if necessary) to be confident decision-makers.

General Principles

  • All risk management activity will be aligned to corporate aims, objectives and organisational priorities, and aims to protect and enhance the reputation and standing of the Gallery.
  • Risk analysis will form part of strategic and business planning, and investment and project appraisal procedures (including working with other organisations).
  • Risk management will be founded on an approach to internal control based on risk assessment which is part of the day-to-day operations of the Gallery.
  • The Gallery’s risk management approach will inform the Gallery’s work to improve the reliability of organisational systems and will form the principal means by which the Director gains direct assurance for the Statement on Internal Control.
  • Managers and staff at all levels will have a responsibility to identify, evaluate and manage or report risks, and will be equipped to do so.
  • The Gallery will foster a culture which spreads best practice, lessons learned and expertise acquired from risk management activities across the Gallery.

Principles for Managing Specific Risks

Corporate and operational risks should be identified, objectively assessed and, where this is the appropriate response, actively managed.

  • The Gallery aims to anticipate and, where possible, avoid risks rather than dealing with their consequences.  However, for some key areas where the likelihood of a risk occurring is relatively small, but the impact on the Gallery is high, the Gallery may cover that risk by developing Contingency Plans, for example the Emergency Procedures Plan.  This allows the Gallery to contain the negative effect of unlikely events which might occur.
  • In determining an appropriate response, the cost of control/risk management and the impact of risks occurring will be balanced with the benefits of reducing risk.  This means that the Gallery will not necessarily set up and monitor controls to counter risks where the cost and effort are disproportionate to the impact or expected benefits.
  • The Gallery also recognises that some risks can be managed by transferring them to a thi