Logo
  • WES
  • News
  • Schemes
  • Our Sponsors
  • Venues
  • Events
  • Resources
  • Contact Us
Join WES Today

Risk Management Policy

Approved By

Full Council

Author

Dan Gwalter

Confidentiality
Public
Date Published
November 4, 2025
Document Reference

WES-POL-0013

Notes

Owner (Role)
Secretary
Policy Group
Risk Data and Digital
Review Date
November 4, 2027
Status
Published
Version

1.0

Visible on Website
  • 1. Purpose
  • 2. Scope
  • 3. Definitions
  • 4. Policy Statement
  • 5. Roles and Responsibilities
  • 6. Policy Detail and Procedures
  • 6.1 Risk Identification
  • 6.2 Risk Classification and Rating
  • 6.3 Risk Register Maintenance
  • 6.4 Escalation and Response
  • 6.5 Thematic Areas to Monitor
  • 6.6 Annual Review and Scenario Testing
  • 7. Related Policies and References
  • 8. Compliance and Breach Handling
  • 9. Review and Version Control
  • 10. Approval Record

1. Purpose

This policy sets out how the Western Equestrian Society (WES) identifies, monitors, and manages risk in order to safeguard the Society's objectives, assets, members, and reputation.

Risk is not inherently negative - but unmanaged risk threatens continuity, credibility, and impact. This policy enables Council and key Officers to approach risk proactively, proportionately, and with clear accountability.

2. Scope

This policy applies to all areas of WES governance and operations, including but not limited to: governance and decision-making; financial stability; events and activities; data protection and digital systems; safeguarding, health, and safety; and reputational and regulatory risk.

It applies to Council members, Officers, and designated event or project leads.

3. Definitions

  • Risk: Any issue, event, or condition that may prevent WES from achieving its objectives
  • Risk Register: A central record of identified risks, their likelihood, potential impact, and mitigation measures
  • Strategic Risk: Risks to WES's purpose, governance, or long-term viability
  • Operational Risk: Risks relating to day-to-day activity, events, or services
  • Risk Owner: The named role responsible for monitoring and responding to a specific risk

4. Policy Statement

WES commits to managing risk in a structured and transparent way. The Society will maintain a central Risk Register, review it regularly, and ensure that new or emerging risks are added, monitored, and responded to in good time.

The Council accepts that not all risks can be eliminated - but all material risks must be known, discussed, and either mitigated or consciously tolerated.

5. Roles and Responsibilities

Role
Responsibility
Secretary
Maintain and update the Risk Register; support owners in identifying and rating risks; escalate concerns to Council
Risk Owners
Monitor their assigned risks; implement agreed mitigation or contingency actions
Council
Review and approve the Risk Register quarterly; support escalation and recovery decisions
Chairperson
Lead response in the event of major governance or reputational risk
Treasurer
Monitor financial risk and ensure adequate reserves and reporting structures

6. Policy Detail and Procedures

6.1 Risk Identification

  • Risks may be identified by any Council member, Officer, or event lead
  • New or emerging risks should be notified to the Secretary using the Risk Log Form
  • The Secretary will assess and add the risk to the register with an initial risk rating

6.2 Risk Classification and Rating

Each risk is rated based on Likelihood (Rare / Unlikely / Possible / Likely / Certain) and Impact (Insignificant / Minor / Moderate / Major / Critical). Each risk is assigned a Red / Amber / Green (RAG) status and classified as Strategic or Operational, with a named role owner.

6.3 Risk Register Maintenance

  • The Risk Register is a live document held in the Governance Data Room
  • It is reviewed quarterly by the Secretary and submitted to Council
  • Risk owners are responsible for updates on any action, mitigation, or incident response

6.4 Escalation and Response

  • Any risk scoring Amber or Red must be reviewed by Council
  • If a risk materialises, the relevant owner must notify the Secretary or Chair immediately
  • Council may convene a rapid response discussion or assign additional resource or oversight

6.5 Thematic Areas to Monitor

Category
Examples
Governance
Leadership turnover; poor engagement; breaches of policy or conduct
Finance
Event losses; reserve depletion; fraud; unplanned liabilities
Events
Accidents; venue issues; weather-related cancellations; poor turnout
Digital and Data
Data breaches; system outages; GDPR non-compliance
Safeguarding
Child/vulnerable adult harm; process failure; unqualified supervision
Reputation
Public complaints; disciplinary issues; mishandled communications; Social Licensing

6.6 Annual Review and Scenario Testing

  • The Risk Register will undergo a full annual review ahead of the AGM
  • The Secretary may propose one scenario-based tabletop exercise per year (e.g. data breach, cancelled national show) to test preparedness

7. Related Policies and References

  • Policy Review and Maintenance Policy (WES-POL-0006)
  • Data Protection Policy (WES-POL-0014)
  • Safeguarding Policy
  • Financial Controls Policy
  • Risk Log Form and WES Risk Register (Templates and Tools folder)

8. Compliance and Breach Handling

Failure to act on known risks, suppressing known issues, or failing to report material developments may constitute a governance breach and result in disciplinary action. Where a risk has been raised and ignored, Council bears collective accountability.

9. Review and Version Control

Version
Date
Author
Changes Made
0.1
18/07/2025
DG
Initial policy draft
0.5
08/10/2025
DG
Changes following Chairman's review
1.0
04/11/2025
DG
Published

10. Approval Record

Approved By
Date
Notes
Full Council
04/11/2025
Approved for immediate use