Risk Management 

The successful operation of MAEL’s risk management policy necessitates the following steps:

• Risk assessment (including putting mitigation measures into operation)
• Business continuity plan (including training in, and testing of, the plan)
• Operation, monitoring, logging and review

 

Risk Assessment

 

The types of incidents which may constitute a serious risk include:

• violent intrusion / burglary / break-in / vandalism
• bomb alert or explosion / chemical or biological contamination
• missing person(s) / extreme staff shortages / multiple staff sickness / severe injury, illness or epidemics, such as outbreaks of infection such as flu pandemics, Legionnaires’ disease or E. Coli.
• fire
• failure of power, water or other utilities, loss of communications, computer failure
• severe weather, including snow drifts, floods, summer heatwaves, etc.
• loss of access or accommodation due to disaster in a neighbouring property
• breach of confidentiality / adverse effects
• breach of policy / procedures; serious mismanagement; Inappropriate recruitment
• conflicts of interest
• any event leading to an actual or adverse effect for learners
• any act (or omission)[1] which would tend to render MAEL ineligible to act as an awarding organisation
• fail to award a qualification within any 2-year period.

 

The local environment is a source of possible risks that will be considered, such as:

• access roads
• civil airports / low-flying military aircraft / personal airborne craft / drones
• overhead cables

There are no railways, rivers, sports grounds or COMAH sites (industrial sites for which off-site emergency plans must be prepared, under The Control of Major Accident Hazards Regulations 1999) nearby which might otherwise have presented a risk.

 

The risks are assessed by reviewing vulnerability to possible incidents. The objective is to identify critical functions and ensure that any risk to these areas can be reduced or responded to in an effective way.  Identifying critical points involves considering the importance of each function and estimating how quickly it would have to be re-established after any possible emergency. Critical points include electricity, water, heating and lighting, as well as the availability of key staff.  Each potential incident is assessed in the plan with regard to:

• its likelihood
• the severity of its impact
• alternative contingencies and backups.

 

Given the risks identified, risk mitigation measures are considered below, including (but not necessarily limited to):

• physical security measures, including access control systems – security locks are provided on all doors, video access control of the main gate is being acquired.
• computer security software and hardware.
• fire protection – HAES system installed and maintained by Kentec Ltd
• insurance – kept up to date and reviewed on annual renewal.

 

All recovery plans include the recovery of essential data, such as records, accounts, insurance, maintenance and staffing records. Electronic backup systems are in place to recover such data if it is lost, e.g. due to a serious computer fault.

 

The risk assessment (and the business continuity plan) will be reviewed by the MD not less than bi-annually.

 

The Business Continuity Plan

 

The MD is responsible for ensuring the compilation of a business continuity plan.  Once the critical points have been identified, along with the threats that might affect them and the importance of recovering them, a plan will be put in place identifying what needs to be done and in what order.

 

The business continuity plan includes the response to any incident or disaster and it:

• focuses on the effects of the incident rather than the cause
• answers the questions “who?” “where?” and “when?”
• is flexible / compatible with health and safety policies / compatible with any local area disaster recovery plan (where appropriate).

 

Headings should include the following.

• Notification (who will be notified of an incident and how, plus contingency notification arrangements)
• Activation of the plan (who will activate the plan and how, including stand-by, implementation and stand-down)
• Management structure for responding to an incident
• Prioritisation of functions (essential, important and others)
• List of resources (e.g. items or services for specialist hire/lease, buying like-for-like replacements, buying alternatives and borrowing from elsewhere)
• Emergency contact list (a vital list of key internal personnel with operational roles, and external resources and organisations)
• Legal matters (possibility having to respond to enquiries from statutory bodies)
• Salvage (irreplaceable asset, damage limitation methods and resources, insurance, loss adjustment, etc).

Procedures should be clearly written in plain language and should contain all the necessary information to allow a user to manage a crisis effectively.

 

The plan should make specific provision for dealing with vital records in the event of an incident or disaster.  Types of vital records include:

• application papers
• progress records
• archive materials
• audited accounts
• next-of-kin contacts
• insurance
• legal records
• electronic access codes
• personnel records
• research documents
• work in progress.

 

Effective communication — both internally and externally — is vital for overcoming an incident or disaster.  Internal communication should:

• be co-ordinated by a named member of staff
• include the recording of minutes of all crisis management team meetings
• inform staff of ongoing developments
• should use the normal means of communication where appropriate.

External communication should be provided to those with a genuine stakeholder interest.  Other interested parties, e.g. the media, should be dealt with openly and honestly, and have information passed to them in a quick and controlled way.  However, all such communications shall be channelled through the CEO who will check for accuracy.

The media should be:

• directed to an agreed single point of contact or person (i.e. the CEO) who should handle all media enquiries
• handled by trained spokespersons
• informed of the timetable for holding any press conferences.

 

The crisis management plan needs to be supported by regular staff training and exercises, such as regular evacuation of premises.  Training programmes should aim to enhance knowledge and understanding of the content of the crisis management plan and the specific roles and responsibilities of staff.

 

The following aspects of the plan should be tested to ensure that the content is up to date and the strategies employed are still the most appropriate and effective:

• the emergency contacts list, in and out of hours, including:
• names and where appropriate, job titles/relationships
• landline and mobile telephone numbers
• email addresses and fax numbers
• the plan documentation, including:
• names and responsibilities
• external resources
• the plan itself, against the statement “The plan continues to meet the criteria for which it was initially created.”

 

Plan Operation

 

All actions and messages relating to an incident or disaster must be logged by the CEO or a specifically delegated staff member. Electronic recording may be used, but the benefit of a written log book is that it can easily be referred to on the move and provides evidence for possible enquiries.

The log should include:

• the nature of the incident
• date
• time
• action taken
• further action required.

Log books should be preserved for as long as necessary, and in any case not less than six years, to provide protection against any legal action.

 

It is essential that a continuous monitoring, review and revision process is in place.  Plan distribution and amendment procedures are also important.  Business continuity plans are living documents and can never be regarded as being complete or finished.  All copies should be kept current.

The plan should be reviewed half-yearly by the CEO for changes in the following areas:

• staffing (including management, persons named in the plan and changes in job function)
• contact details for external agencies
• activities
• systems (including hardware, software and telecommunications)
• key support services
• suppliers

and an updated plan produced and submitted to the board of directors.

 

Specific Contingency Plans

 

Where any risk has been identified, MAEL takes all reasonable steps to prevent the identified circumstances or to reduce it probability as far as possible.  If such incidents do occur, MAEL will take active steps to mitigate any adverse effect as well as trying to prevent any future occurrence.   The following contingency plans must be reviewed by the CEO and, if necessary, updated annually.   In any case MAEL will be guided by the principle that assessments shall be provided which reliably and validly differentiate between learners’ achievement (on the basis of demonstrated attainment) and also to the timely and accurate award of qualifications.

 

The following specific incidents have been identified as potential risks.   Additional incidents shall be added to the policy on an ad hoc basis.   No order of priority is implied by the listing order.

 

• Illness of senior staff – all staff (including junior staff) shall have a ‘shadow’ who is able and competent to take over their duties in an emergency.  Should such a situation arise, other than for 2 or 3 days, the MD shall be notified immediately.
• Breach of confidentiality (general) – a nominated member of the board of directors in conjunction with the MD  will investigate the circumstances and identify if there is any actual or potential adverse effect on the operations of MAEL.  If a staff member is responsible for the breach, they shall be subject to disciplinary procedures.
• Breach of confidentiality (of assessment materials, where these are not available openly) – the material in question will be immediately cancelled and replaced by the CE with material of a demonstrably similar standard.  All Centres will be notified immediately.  If the breach has occurred in the past and existing assessments are prejudiced, the MD will investigate the circumstances and recommend appropriate action within 28 days.   If an MAEL staff member is responsible for the breach, they shall be subject to disciplinary procedures.  If a Centre staff member is responsible, the Centre shall be placed on probation for a specified term (to be determined by the directors) and warned that any future breach will result in the withdrawal of their licence.
• Non-supply of assessment materials or information, or late delivery – the CEO will review the circumstances and make representations as to prevention of future circumstances.   Adverse effects of learners will be identified and specific recommendations made to mitigate the effects.
• Undeclared conflict of interest – any breach of the policy on conflict of interest will be reported to the directors and the individual concerned subject to disciplinary procedures.
• Lack of clientele – a qualification may be withdrawn, but in any case a minimum of 12 months notice will be given to Centres, and the interests of existing learners, or those who have not completed the qualification, will be safeguarded.  Centres will be expected to report all such steps and their reports will be reviewed by the board of directors at their next quarterly meeting.
• Issuance of erroneous data about results, or incorrect certificates – if the incorrect data would result in a grade or mark being raised, then the individual(s) concerned and the Centre(s) involved shall be notified promptly.   New grades will be issued immediately.  If the error would result in a lower grade or mark then the incorrect grade will normally be allowed to stand, unless that would result in a gross injustice, in which case the board of directors will review the situation and take a decision.  In any case, a full investigation by the CEO will take place and the directors notified.
• Changes to statutory regulations or regulatory body rules -   A designated officer shall be given the specific responsibility of co-ordinating any such changes.   When advised, the change will be checked against existing policies and if there is any conflict this shall be reported to the directors.   They will decide whether to amend the relevant policies or to contact the appropriate body with a view to obtaining a dispensation.
• Changes to the Montessori ethos – any perceived conflict shall be reported to the directors immediately and an emergency meeting convened to determine if the change n ethos affects the issuance of a Montessori qualification..
• Malpractice – All instances will be reported to the directors who will, as appropriate, report to relevant regulatory bodies.  In every case a full report will be made available to the directors who will decide what actions need to be taken to prevent recurrence and to mitigate any adverse effects.   Staff members guilty of malpractice will be subject to disciplinary procedures.
• Cost increases which force fee increases significantly above the rate of inflation – every attempt will be made to absorb such increases, or find alternative suppliers.   If this should be impossible, all Centres will be notified as soon as the necessity for the increase becomes apparent.   Phased increases will be introduced if at all possible, in order to mitigate the impact on Centres’ finances..
• MAEL being involved in criminal or civil proceedings – when proceedings are initiated, regulatory bodies will be notified.   MAEL will defend all action vigorously, unless there is clear evidence of malpractice, in which case an apology will be issued and an out-of-court settlement sought.   The result of any proceedings will also be sent to the regulatory bodies within 14 days.
• MAEL being subject to censure by any regulatory or professional body – the MD shall investigate the circumstances.   If the censure appears not to be justified then an appeal will be initiated.   If the censure appears justified then an apology shall be issued and the relevant policies modified if necessary.  In either case the directors will issue any communication with the complainant.   If malpractice is indicated, it will be dealt with as herein.
• A senior officer becoming unable to fulfil the conditions set out in the qualifications of senior staff policy – this would normally be grounds for dismissal but in exceptional circumstances the officer may be censured
• Misleading advertising – all advertising which does not conform to MAEL’s policy shall be withdrawn immediately.   In the event of complaint, the situation will be reviewed within 28 days to see if the policy needs to be amended.
• Inappropriate use of logos (whether MAEL’s or a third parties) – where MAEL is authorised to use a third party’s logo, the responsible staff member for communicating with regulator(s) shall ensure that they are cognisant of, and in compliance with, the third party’s policy on the use of their logo.  With respect to MAEL’s own logo, it is recognised that it is impossible to prevent unauthorised copying, however, if any such unauthorised use is detected MAEL shall take all possible steps (e.g. using fair trading legislation) to prevent it.   In any case, Centre’s shall be notified of the infringement.  Damages will be sought if financially viable.
• Inappropriate use of MAEL materials or copyright by third parties – similar steps to the unauthorised use of logos will be taken.  Any consequential losses may be sought to be recouped.

In any case of risk, the appropriate regulatory bodies shall be notified promptly.  Notification shall include details of steps being taken to minimise any actual or potential adverse effect.  Notification shall not be delayed due to incomplete information being available, but must include details of the nature of such missing data and what steps are being taken to obtain it.

The current business continuity plan is to be found in the Staff Handbook.

Any risk which comes to the notice of the MD will be referred to the Chair of the Board of Directors to assess whether their input is appropriate.  All action plans shall be signed off by the Board and the MD will be responsible for reporting on progress and completion of such plans.

 

 

 

 

 

 

 

Document last reviewed 13.03.2016