Environmental Risk Register
How to develop a Corporate Risk Register & Action Plan: Step by Step Process

• Frequency / spread of risk;
• Average risk rating;
• Level of exposure;
• Impending legislation requirements;
• System failures;
• External and internal drivers.

The BBC will review and amend the risks based on the analysis of information from the following sources:

The current Environmental Risk Register - This will show the risk priorities within the BBC, any new risks, and any changes in risk details.  Risks which reach an unacceptable level will give rise to action.

Current Divisional and Corporate Environmental Risk Action Plans - The current environmental risk action plan will show outstanding actions to manage risks.  If the actions have not been completed then the risk remains.

Relevant performance, audit or inspection report(s) - These will highlight under-managed risk activity; legislative or technical standards and guidelines, compliance failures and enforcement action.

Legislative and other requirement - The Corporate Register of Legal and Other requirements will indicate new and changing requirements.

Evaluate the categorised risks and enter the risks into the Risk Register.

For each risk:

1. Identify and apply existing controls currently in place or that are required to reduce the likelihood of the risk occurring.
2. Assess Severity (i.e. how serious would the impact be if the risk materialised):  Severity is allocated a score between 1 and 5 (with 5 the highest).
3. Assess Likelihood (i.e. how likely it is that the risk will occur):  Likelihood is allocated a score between 1 and 5 (with 5 the highest).
4. Assess Exposure Level:  Exposure reflects the potential impact on the environment. Enter an estimate of the number sites likely to be exposed to the risk.
5. Severity and Likelihood scores are then combined to produce a total risk score.
6. Prioritise risks based on the residual risk score.

See Appendix II for full details of the scoring system.

• Identify objectives based on the corporate environmental risks identified and prioritised in the previous step.
• Develop Objectives that are SMART and which will facilitate an improvement in the management of environmental risk and the eventual minimisation of the risk.

• Identify and assign Corporate Actions that address corporate risks and that will enable the achievement of the corporate objectives.
• Actions are to include a completion date and be assigned to a person / role responsible for carrying out the action.

• Review and approve Corporate Action Plans as developed by the Head of BBC Safety on behalf of MCORC. If not approved return to BBC Safety for rewrite, including comments and reasons for rejection.
• Ratify the Divisional Environmental Risk Action Plan, ensuring consistency with the corporate objectives. If the Divisional plan is not consistent with the needs of the Corporate Objectives return to the appropriate division for rewrite, including comments and reasons for rejection.

• Cascade the objectives and actions throughout the organisation and as appropriate delegated to specific relevant divisions.
• Ensure that the corporate environmental risk action plan is communicated and implemented.

• Ensure the corporate environmental risk plan is kept up to date.
• Ensure actions reported as completed are verified.
• Ensure plans are reviewed on a regular basis and as a minimum, annually.