22 May 2024

"Risk registers should include the main risks to the school or academies strategic aims, they shouldn't be an endless list of all possible risks most of which the setting will have risk assessments in place for."


In March of this year the Governance Handbook was consigned to history and replaced with two new guides, for maintained schools out came the Maintained schools governance guide and for the MAT sector the Academy trust governance guide. In the latter risk management and assurance is mentioned and trustees are referred to the Academy Trust Handbook which expands on the required policies, procedures and practice. For maintained schools’ section 2.5 clearly lays down the expectations of how the governing body will approach and manage risk management. So, for both sectors clear guidance that a risk register needs to be in place, aligned with the strategic priorities of the improvement or development plan, which must identify, manage and record risks.


Hand being used to stop dominoes from falling


Risk registers should include the main risks to the school or academies strategic aims, they shouldn’t be an endless list of all possible risks most of which the setting will have risk assessments in place for i.e school trips, sporting activities. The register should identify the ‘risk tolerance or appetite’, the degree of risk the board is willing to accept or tolerate in order to pursue its strategic aims. Furthermore the register should ideally contain the ICAEW four lines of defence to clearly identify the sources of assurance that will underpin the management of risk in the setting. The ESFA gives the following example for academies which could be adapted for maintained schools:

  • 1st line of defence – management and staff who own and manage risk on a day-to-day basis.
  • 2nd line of defence – the board who oversee the effectiveness of the risk management framework.
  • 3rd line of defence – the internal scrutiny function who provide independent assurance on the overall effectiveness of risk management and controls.
  • 4th line of defence – assurance from external independent bodies such as the external auditors and other external bodies.

Sitting behind the risk register you may wish to add a list of those risks that have been resolved recently, often referred to as ‘closed risks’, in order that they can be quickly added back should further mitigations be required or removed at a later date.

I think we are all used to doing a SWOT exercise to identify strengths, weaknesses, opportunities and threats which still has a place, especially when discussing strategic priorities and planning. However, unless this is carried out on a regular basis then potential risks may be missed. A PESTLE analysis is a simple approach to considering external risk factors that may be emerging or are ‘on the horizon’ and may have an impact on future decision making and planning. It can be a useful exercise as well to support your SWOT analysis! PESTLE stands for political, economic, social, technological, legal and environmental factors – here are some examples:



Upcoming general election and potential changes to education policy and provision, will direction of travel towards academisation continue or evolve, wider geopolitical tensions and their impact on schools, role of Ofsted.


Falling school rolls and/or over provision of school places, impact of inflation/ high interest rates, future energy price uncertainty, changes to future contract renewals, school estate challenges, changes to local employment landscape


Social mobility, new housing developments, long term impacts of cost of living challenges and pandemic, SEND provision, DfE guidance on gender questioning children, crime in local community, greater challenges with contextual safeguarding, teacher recruitment


Filtering and monitoring challenges, ever more sophisticated cyber security risks evolving, embracing the positive aspects of generative and non-generative AI, longer term impact of increasing use of smart phones and social media by increasingly younger age groups.


Evolution of HR landscape, risks of non-compliance with increasing volume of guidance and legislation, wraparound care provision compliance, teacher workload changes. 


Reduction in outdoor space, new waste disposal/ recycling compliance, net zero plans and ability to meet timeline, travel to school challenges, EV points in school car parks, solar and wind generation opportunities.


The word "risk" with surrounding words


This can all be captured in a single document sitting behind your risk register with the emerging risks captured on a risk radar. One example could be the classic circular radar, with the six PESTLE factors divided into segments, with three ‘RAG’ bands. Outer band ‘worth watching’, middle band ‘keep monitoring’ and central band ‘moving to live risk’ – plot each identified emerging risk within a segment on the band judged best fit for its risk ‘score’. As with any radar you would continue to scan the horizon on a regular basis, review the risk level for the emerging risks, and update this together with your risk register on a termly basis.

This whistle stop tour will hopefully have answered some questions and will enable you to either embed and/or evolve existing practice or begin the process of developing risk management in your setting. In conclusion, risk management is an essential component of ensuring the safety, security, and resilience of our schools in today's complex educational landscape. By adopting a proactive approach to risk identification, mitigation and review, schools can create safe and supportive environments where students can thrive academically, socially, and emotionally. As we navigate the challenges of tomorrow, let us remain focussed on the safeguarding and well-being of our school communities through effective risk management practices.  

Share this