Gemma's blog on workplace risk and protecting your crown jewels
Gemma Smith is the Group's Director of Business Assurance.
“Hi, I’m Gemma, and I’d call myself a risk geek. I will talk about risk management all day long! I can’t help it! I think it’s such an exciting topic and something that we can all relate to in our everyday lives. Think about it – we all make choices that are dictated by the amount of risk we are willing to take. For example, filling your car up with fuel when it goes down to a quarter of a tank full vs running it until it tells you that you’ve got zero miles left! Eating food out of the fridge before its use by date vs devouring it when it’s already gone out of date! Riding on a super high, ultra-fast rollercoaster vs being the coat and bag carrier! I could go on, but you get my point!
“Risk in the workplace is no different. We identify the risks we face, decide on how much risk we are willing to take, and then manage those risks accordingly.
“I’m really proud that Progress Housing Group has been recognised for its great risk management work after being shortlisted for an award by ALARM, embrace risk. ALARM is a membership organisation for risk management professionals. As well as housing, they support the public sector, blue light, education, health and social care, charity and other public-facing organisations. ALARMs national conference is taking place today (17 June) and tomorrow and I will be delivering a session on data assurance before attending the award ceremony evening (I will decide how risky it will be to demonstrate my rather dodgy moves on the dance floor afterwards!).
“I wanted to take the opportunity to tell you all about the work we have been doing that led to our award nomination, which is centred around our three lines of defence model. This model looks at the management of risk and how we get assurance that the controls in place are doing their job effectively. The first line of defence is our management assurance – challenging ourselves “How do we know that the control is doing what it is meant to be doing?” The second line of defence is our corporate assurance – using the insight and expertise of our corporate functions. The third line of defence is independent assurance – internal and external audits and consultants are some examples.
“Some examples of how we have been using the three lines of defence model are:
- Strategic risk assurance – our board need assurance that our key risks are being managed effectively, and the three lines of defence model helps us to do that. We have built the model into our risk management software so that we can report on this assurance.
- Internal audit planning – the three lines of defence allow us to map out where we get assurance from across all of the auditable areas across the Group. Like all teams, internal audit only has a certain amount of resources and could not possibly audit everything every year (phew I hear you say!). So we use this model to ensure that we coordinate the assurance and just focus on the highest risk areas or where there hasn’t been as much assurance provided.
- Data assurance – the Group holds an enormous amount of data. Using the three lines of defence model, we have created a data assurance protocol. This has enabled us to identify our key data sets and where we get assurance that the data is up to date and accurate. It has also helped us to develop a Data Strategy, which identifies some important actions to further progress our data journey.
- Consumer standards compliance – the Regulator of Social Housing introduced new consumer standards that took effect from 1 April 2024. Teams across the Group used the three lines of defence model to map out our compliance against the new standards, identify any gaps, and create a compliance action plan.
“I hope you've enjoyed reading my blog and that you'll root for us at tonight's ALARM, embrace risk awards, but even if we don’t win the award, I’m already really proud that we have been recognised by being shortlisted.”
Gemma.