My Oracle system maintenance
My Oracle will be unavailable between 7pm on Friday 15 November and 7pm on Sunday 17 November due to scheduled maintenance.
Risk management
Guide Navigation
Skip Guide NavigationRisk strategy, toolkit and process
We have a strategy, toolkit and process for managing risk at the council.
Risk management strategy
The Risk Management Strategy on the Essex County Council website outlines our approach to managing risks. It is revised annually and approved and signed off at Audit Governance and Standards Committee.
Risk management toolkit
The Risk Management Toolkit (PDF, 2MB) aims to help employees put the strategy into practice. The toolkit will help you identify, escalate and manage risk at every level of the organisation.
The following tools are part of the Risk Management Toolkit.
Risk management process
The risk management process involves first establishing the context, then identifying risks before assessing them and responding to them and finally implementing risk management. The process is based on the International Standard in Risk Management ISO 31000.
Risk management process (PDF, 156KB)
Risk matrix
Once you have identified a risk, the risk needs to be scored using the risk matrix to assess its severity. The matrix helps you evaluate the level of risk by considering the probability or likelihood of the incident and its impact or consequences. Scoring risks allows you to compare them with one another and to highlight the higher priority risks which need a greater focus.
Four T’s of risk management
The four T’s of risk management help you identify the most appropriate method to respond to a risk. You can treat, tolerate, terminate or transfer a risk by following the four T’s guidelines. ‘Treating’ is by far the most common approach for JCAD risks and involves putting in place ‘control measures’, also known as ‘mitigations’ in order to manage the risk.
Four T’s of risk management (PDF, 102KB)
How to write a risk description
Once a risk has been identified, it needs to be described in JCAD Core in the correct way. It needs to start with the trigger, or the cause, then say what the actual risk or event is, and then finish with what the impact or consequence would be if the risk happened. This is important for consistency in how we report on matters that affect the council and its services. It also helps us to manage the risk better if we understand what could cause the risk to happen, and why it matters if it does.
How to write a risk description (PDF, 146KB)
Control measure statuses
Each control measure or mitigation needs to have a status of either: proposed, in progress, ongoing, implemented or withdrawn. This helps describe what stage the control measure is at and helps determine how often the control should be reviewed.
Control measure statuses (PDF, 79KB)
Guide to risk management levels and escalation and de-escalation
The risks on JCAD Core, our risk management system are at different levels. This document explains the levels plus details the criteria required for a risk to be recorded on the Strategic Risk Register. It also explains when risks should be escalated and de-escalated and the best practice for strategic and function level escalation.
Guide to risk management levels and escalation and de-escalation (PDF, 289KB)
Risk management toolkit annexes
The toolkit has 8 annexes, which are documents that provide additional information alongside the main toolkit.
Annex 1: Simple, single risk template (PDF, 64KB)
Annex 2: Opportunity identification (PDF, 32KB)
Annex 3: Risk at a glance (PDF, 483KB)
Annex 4: Risk identification methods (PDF, 298KB)
Annex 5: Category description for risks (PDF, 128KB)
Annex 6i: Adding risks and control measures (PDF, 260KB)
Annex 6ii: Reviewing risks and control measures (PDF, 224KB)
Annex 7: Completing a risk review (PDF, 80KB)
Annex 8: Multiple risk assessment template (XSLX, 29KB)
Last published date:
Next review date: