IntroductionThe Library defines risk as the threat that events (internal or external) will adversely affect its ability to achieve its strategy, policy, and operational goals. The Library recognizes that risk is something that cannot be eliminated but it aims to manage exposure to risks at a satisfactory level. It is the Library’s intention that effective, proactive risk management is integrated into the culture of the Library. Principles The Library will identify and manage risks that endanger the achievement of the strategic aims as defined in its Plan of Service as well as the operational aims defined in Board policies and/or documents. The approach used will meet all requirements of New York State law, rules, and regulations and will also be enhanced with best practices. The management of risk will be embedded at all levels of the library and supported by an active training and education program. Risk Assessment Risks will be assessed against criteria which covers the potential impact of the risk and the likelihood of its occurrence. The risk will be considered for its potential effect on strategy, operations, finances, and reputation and whether they are external or internal. Risk Tolerance The Director will, as a part of the annual budgeting process, assess the knowable risks that currently exist. This assessment will be repeated each time that the library begins a significant project or initiative. The criteria noted above should be used in this process. The Director and Board are responsible for identifying the acceptable risk tolerance level for the each potential risk the Library faces.As risks are managed this tolerance level will be used as the prompt for the escalation of risk reporting to senior management. Risk Management Risks will be managed in accordance with an agreed upon approach ranging from terminating the risk, taking risk reduction measures, accepting and monitoring risk, or passing the risk on.Review of the risks will be carried out by the Director and/or staff assigned responsibility for it. Risks will be reviewed:
Annually by the Board as part of the budget planning cycle;
Quarterly by the Director and reported to the Board at a regular Board meeting;
Regularly by staff assigned to manage various areas of risk.
Roles and responsibilities Each level of the Library has a responsibility for risk awareness and management. The main roles and responsibilities are as follows: Board The Board is responsible for confirming that the risk management approach will aid the achievement of policy aims. DirectorThe Director is responsible for the ensuring that the Risk Management Policy is followed and that all relevant areas of the library’s operations fall under its purview. The Director is also responsible for ensuring that Library Managers regularly review potential risks in their own areas of responsibility and that they promote any required culture changes needed to minimize risk.