Failure to have proper internal controls in place could result in the Pensions Regulator’s (TPR’s) intervention. Here we share with you our very own Rule of Six – six best practice tips for ensuring schemes truly manage the risks they are facing:

1. Do your homework when analysing risks

One size doesn’t fit all. Yes, there are core risks that will affect all schemes but the true value of a Risk Register is that it is only meaningful to the scheme in question. Mindful that some risks could result in a tumbleweed of implications for the scheme, we advocate an Integrated Risk Management (IRM) approach, ensuring that all stakeholders are closely involved in the ongoing management and mitigation of risk. The homework doesn’t stop, trustees should horizon watch continually for upcoming scheme and regulatory changes, bringing potential new risks to the table early for consideration.

2. Define your metrics

0-5, 0-10. rag ratings... over-complicated scoring metrics are not helpful. It’s important to identify the likelihood of the potential risk, its potential impact and the trustees’ objectives for managing risk; this in turn will lead to meaningful metrics and enable more effective monitoring of risk.

3. Allocate actions

Having a well thought out Risk Register is just the first step; someone then needs to take active responsibility for monitoring those risks. We suggest assigning a secretariat team member, trustee or adviser to take responsibility for a particular risk, or risks, and lead on any actions required to mitigate that risk or address it once it becomes and issue.

4. Manage Change

The days are long gone when a cumbersome Risk Register sat in a dusty corner of an office is brought out for the annual tick box risk review.

Identifying, monitoring and mitigating risk has never been more prevalent than over the last year. Seismic events such as the pandemic require their very own Risk Register to ensure trustees stay one step ahead.

We created a COVID-19 specific Risk Register once the true scale of the pandemic became apparent, taking into consideration the range of issues that the pandemic presented. Within a week of national lockdown we were working with all clients to use the Risk Register as a framework for meeting with all key stakeholders, trustees, advisers and sponsors to truly identify the real-time risks and take steps to mitigate the same.

5. Evaluate and refine

Risk Registers are living documents. As Schemes evolve, Risk does too; whether it be the implementation of liability management exercises, investment strategy overhaul, change of Trustee Board or scheme closure, the register should be refined to reflect those changes. For some of our schemes, the impact of COVID-19 - and, indeed, Brexit - continues to be front and centre, therefore, the risks identified as part of the COVID-19 specific Risk Register have, sadly, become part of the ‘business as usual’ Risk Register.

6. Keep it on the agenda

Our secretariat team believe that best practice requires a rolling review of the register as a standing item for each trustee meeting. Specific areas of risk are explored and debated at each quarterly meeting, meaning the monitoring is current and relevant, and – most crucially – manageable.