Appetite | 1 Adverse | 2 Minimalist | 3 Cautious | 4 Open | 5 Hungry |
---|---|---|---|---|---|
Avoidance of risk and uncertainty is a key Organisational objective | Preference for ultrasafe business delivery options that have a low degree of inherent risk and only have a potential for limited reward | Preference for safe delivery options that have a low degree of inherent risk and may only have limited potential for reward | Willing to consider all potential options and choose the one that is most likely to result in successful delivery while also providing an acceptable level of reward and value for money | Eager to be innovative and to choose options offering potentially higher business reward (despite greater inherent risk) | |
Risk Aspect | Examples of behaviours when taking decisions against the risk aspects (see Paragraph 3.3) | ||||
Reputation and credibility | Minimal tolerance for any decisions that could lead to scrutiny of the Government/Department. | Tolerance for risk taking limited to those events where there is no chance of any significant repercussions for the Government/Department. | NHSCFA has tolerance for risk taking limited to those events where there is little chance of any significant repercussions for the Government/Department should there be a failure. | Appetite to take decisions with potential to expose the Government/Department to additional scrutiny but only where appropriate steps have been taken to minimise any exposure | Appetite to take decisions that are likely to bring scrutiny of the Government/Department but where potential benefits outweigh the risks. |
Operational and policy delivery |
Defensive approach to objectives (aim to maintain or protect rather than create or innovate. Priority for tight management controls and oversight with limited devolved decision making authority General avoidance of systems/technology development. |
Innovations always avoided unless essential Decision making authority held by senior management. Only essential systems/technology developments to protect current operations. |
NHSCFA has a tendency to stick to the status quo, innovations generally avoided unless necessary. Key decision making authority is generally held by senior management Systems/technology developments are limited to improvements to protect current operations |
Innovation supported, with demonstration of commensurate improvements in management control System/technology developments considered to enable operational delivery Responsibility for noncritical decisions may be devolved. |
Innovation pursued – desire to ‘break the mould’ and challenge current working practices. New technology viewed as a key enabler of operational delivery High levels of devolved authority management by trust rather than tight control |
Financial/Value for money (Vfm) |
Avoidance of financial loss is a key objective. Only willing to accept the low cost option. Resources withdrawn from non-essential activities |
NHSCFA is only prepared to accept the possibility of very limited financial loss if essential. Vfm is the primary concern |
Prepared to accept the possibility of some limited financial loss. Vfm still the primary concern but willing to also consider the benefits. Resources generally restricted to core operational targets |
Prepared to invest for reward and minimise the possibility of financial loss by managing the risk to a tolerable level. Value and benefits considered (not just cheapest price) Resources allocated in order to capitalise on potential opportunities. |
Prepared to invest for the best possible reward and accept the possibility of financial loss (although controls may be in place).
Resources allocated without firm guarantee of return – investment capital type approach |
Compliance - legal/ regulatory |
Avoid anything which could be challenged even unsuccessfully. Play safe. |
NHSCFA want to be very sure we would win any challenge. |
Limited tolerance for sticking your neck out what to be reasonably sure would win any challenge. | Challenges will be problematic but we are likely to win them and the gain will outweigh the adverse consequences. | Chances of losing are high and consequences serious; but a win would be seen as a great coup. |
Strategy |
Guiding principles or rules in place that limit risk in organisational actions and the pursuit of priorities. Organisational strategy is refreshed at 5+ year intervals |
Guiding principles or rules in place that minimise risk in organisational actions and the pursuit of priorities. Organisational strategy is refreshed at 4-5 year intervals |
Guiding principles or rules in place that allow considered risk taking in organisational actions and the pursuit of priorities. Organisational strategy is refreshed at 3-4 year intervals | Guiding principles or rules in place that are receptive to considered risk taking in organisational actions and the pursuit of priorities. Organisational strategy is refreshed at 2-3 year intervals | Guiding principles or rules in place that welcome considered risk taking in organisational actions and the pursuit of priorities. Organisational strategy is refreshed at 1-2 year intervals |
Technology |
General avoidance of systems/ technology developments |
Only essential systems/ technology developments to protect current operations |
Consideration given to adoption of established/ mature systems and technology improvements. Agile principles are considered. |
Systems/ technology developments are considered to enable improved delivery. Agile principles may be followed. | New technology viewed as a key enabler of operational delivery. Agile principles are embraced. |
Data & Information Management |
Lock down data & information. Access tightly controlled, high levels of monitoring. |
Minimise level of risk due to potential damage from disclosure. |
Accept need for operational effectiveness with risk mitigated through careful management limiting distribution. | Accept need for operational effectiveness in distribution and information sharing. | Level of controls minimised with data and information openly share. |
Identified strategic corporate risks
This chart sets out the various levels of risk appetite and examples of the behaviours and decision making for various risk aspects.
Was this page helpful?
Help us improve cfa.nhs.uk
Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.