NOTE: A PDF version of this document is available. In the case of any disagreement between this version and the PDF, the PDF will be considered authoritative.
TORONTO ULTIMATE CLUB (TUC)
TUC RISK MANAGEMENT POLICY
Policy Category: Risk Management Policy
Date First Passed: July 14, 2019
By Which Body: TUC Board of Directors
Review Period: 1 year
Review Body: TUC Governance Committee
Date of Last Review: July 14, 2019
File Location: TUC File Storage / Board and Committees / TUC Governance /
- The following words will have the following meanings for this Policy:
- Risk - is the chance of an event or situation occurring that will prevent TUC from reaching a desired objective.
- Risk Registry - is the record of risks identified, actions taken, successes or failures, and recommendations.
- Risk Management - is the process used to identify, assess and address risks to better achieve desired Outcomes.
- The Toronto Ultimate Club (TUC) recognizes that there are risks inherent in all aspects of our governance, business operations, and program delivery. TUC aims to implement and monitor effective Risk Management procedures, including identification, assessment and effective control of risks.
- From a Risk Management perspective, TUC’s responsibilities are to:
- ensure that our membership and community are well-served in a professional and credible manner;
- compliance with applicable regulations and standards;
- protect TUC from litigation; and
- prensure otect and enhance our ability to achieve our strategic objectives.
- This policy outlines TUC’s commitment to managing risk in the organization in a thoughtful and considered manner and will apply policies, procedures and practices to manage risk appropriately.
- In order to fulfill our commitment, TUC will analyze all activities, events and opportunities from a risk management perspective with a view to protecting TUC, its members and its participants against possible risks. This includes post-event review.
- TUC will ensure that risk management is an integral part of all our decision-making processes.
- TUC will use a structured risk management program to minimize reasonably foreseeable disruption to operations, harm to people and damage to the environment and property.
- TUC acknowledges that risk management is a broad activity and a shared responsibility. Accordingly TUC will promote a culture that embraces the importance of risk management on an ongoing basis.
- TUC will strive to continually improve our risk management practices.
Roles and Responsibilities
- Executive Director - The Executive Director is accountable to the Board of Directors for the implementation of the risk management process and is ultimately responsible for the management of risks in business.
- The Executive Director may facilitate the development of a common risk management approach across all areas of our business by:
- Establishing a Risk Management Committee
- Implementing a Risk Management Process
- Sharing information of broad applicability to those directly affected
- Reporting to the Board of Directors on the progress of implementing the Risk Management program
- Any other actions that further the risk management objectives of TUC
- Risk Management Committee - The Risk Management Committee will develop a Risk Registry specific to risks facing TUC.
- To ensure that risk management remains a high priority within TUC, risk management will be a standing item on the agenda of every regular Board of Directors Meeting, so that the Executive Director can provide updates as required.
- Staff /Volunteers - All staff and volunteers have an ongoing responsibility to take appropriate measures within their scope of authority and responsibility to identify, assess, manage and communicate risks, and to ensure that risk management is an integral part of their day to day decision-making.
Risk Management Process
- TUC will ensure that any potential and existing risks will be regularly identified, assessed, and evaluated.
- Risks exist throughout TUC operations including the following general categories of risk:
- Operational and program delivery risk - includes poor quality program delivery and lack of attention to the safety and well-being of participants, resources, or staff, as well as risks associated with staffing including succession planning and performance management;
- Communication risk - includes the risk of inaccurate or undependable communications with stakeholders and security of information technology;
- Compliance risk - includes the risk of fines or penalties for not complying with legal or regulatory requirements including payroll and tax remittances;
- Financial risk - includes the risk of fraud, misappropriation, financial mismanagement, inadequate insurance or poor financial decision-making;
- Reputational risk - includes the risk of losing the respect and confidence of our membership and community;
- Governance risk - includes risk associated with insufficient leadership and organizational oversight.
- Once the risks have been identified, assessed and evaluated, they will be managed and mitigated through appropriate policies and procedures, training, communication, contract management, monitoring and other actions that are determined appropriate to the risk.
- It is recognized that any identified risks will be managed by incorporating the following options:
- Accepting the risk - typically because the probability or consequences are considered minimal and/or inherent in the activity.
- Reducing the risk - through efforts including financial audits, policies, planning, and educating to reduce possibility of risk occurring;
- Transferring the risk - through insurance and business contracts;
- Avoiding the risk - by not doing something that will prompt a risk; or
- Mitigating the risk - through efforts to reduce the impact of risks whether financial, reputational, or other, where the risk cannot be reduced, transferred, or avoided.
TUC recognizes that the Risk Management policy, practices and procedures will be dynamic and constantly changing as new risks are identified and new risk control measures are developed. As such, the Policy and affiliated Risk Registry will be maintained, reviewed and updated by the Risk Management Committee on an annual basis.