Seeking value and demonstrable improvement in governance

We worked with a large UK DB and DC scheme to comply with the draft Code and undertake its first ORA. The trustees wanted to review their risk management approach, but also comply with the draft Code and go through the process to complete their first ORA to avoid duplication of work. They challenged us to ensure value was delivered given there was not a need at the time to complete the ORA.

We worked with the Audit and Risk Committee and an ORA working group to follow a step-by-step process, with each step building on the others to form an overall picture and assessment of governance and risk management::

  1. We reviewed all scheme policies and documents and ensured that underlying processes were working as expected.
  2. We undertook an ESOG gap analysis. This involved checking compliance with the ESOG requirements, but more importantly that the governance was fit for purpose. We approached this work as we would a governance/ board effectiveness review, to look at both the operational and behavioural effectiveness of the scheme.
  3. We reviewed all risk documentation, processes, governance and the risk register. We aligned risks to strategic objectives, separated out DB and DC risks, particularly to bring in the member perspective, developed the plan’s risk profile – identifying key risks. We reviewed the Trustee’s risks and risk assessment process, looking at quantitative and qualitative risk assessment and scoring metrics, risk event escalation and reporting, business continuity and contingency planning. We also introduced an online risk management system to increase efficiency and enable touch‑button risk reporting, which is focused on the most material risks and issues to enable strategic discussion.
  4. We continue to work with the scheme to undertake risk and control self-assessments to test the effectiveness and proportionality of the controls in place and the robustness of the assurance provided.
  5. We have provided the Trustees with a framework and tools to enable them to complete their own ORAs in future without external support.

Our approach has helped the trustee:

  • Consider risk from both a strategic and operational perspective.
  • Review how controls are embedded into scheme operations.
  • Consider risk reporting that is focused on what matters and is meaningful.
  • Understand and document the approach to risk management.
  • Complete its first ORA in a value-add way, which provides a repeatable future process.

“Muse has provided us with a comprehensive framework to help assess the effectiveness of our existing system of governance and to challenge our existing approach to risk management. With Muse’s guidance, we have seen a number of improvements to our risk management framework which will put us in a strong position for when TPR’s General Code comes into force. Muse has helped us to identify and resolve gaps in our governance structure underpinning our risk management framework. In particular, by aligning our risk management framework with our strategy, the Trustee Board is supported in achieving its objectives.

The Trustee Board agreed at its December 2023 meeting that Muse (Rosanne Corbett and Claire Wallis) have done an outstanding job, and was impressed by their presentation of the ORA Report itself and the accompanying supporting documents. I am extremely grateful for the support and advice we have received from Rosanne and Claire during the project, absolutely first class. They have helped improve the Plan’s governance significantly, which I know is exactly what Muse is about!”

Stuart Dunn, Head of Trustee Governance, DHL Pensions 

First ORA for a large Irish DC scheme

Rosanne Corbett was hired as the Risk Management Key Function Holder (KFH) for this scheme in December 2022 with a key requirement for bringing independent, pension risk expertise and is supported by the Muse Advisory team.

Since appointment, we have reviewed the Trustee’s approach to risk management, as well as its risk documentation and policies to ensure compliance with the IORPII requirements. We have developed dashboard risk reporting to enable the Trustee to focus on key risks and take a strategic approach to risk management. We have also completed the first ORA process, which involved:

  • Reviewing the Trustee’s objectives, ensuring that they accurately convey the Trustee’s ambitions and focus on member outcomes to know what risks are relevant.
  • Assessing all risks relevant to the scheme, determining those that have the most material impact on members, the Trustee’s objectives and/ or the ability of the scheme to operate effectively.
  • Documenting the scheme’s risk profile – key risks to the scheme, exposure, risk appetite and tolerance.
  • Defining specific parameters, quantifying and qualifying tolerance, and assigning Key Risk Indicators (KRIs) within which decision-making and risk-taking is expected to operate.
  • Working with risk owners to implement the KRIs to ensure management information provides evidence-based information from service providers on risks and their mitigation and to determine and assess emerging risks and opportunities, developing an emerging risks/ opportunities radar.
  • Assessing the effectiveness of the Trustee’s Risk Management Framework.
  • Recommending actions for the Trustee to implement.

Our approach has helped the trustees:

  • Revisit their strategic objectives and identify risks specific to the scheme’s circumstances, membership demographic and behaviours.
  • Make risk management and the ORA an integral part of the Trustee Board’s management and decision-making processes, particularly with quarterly risk and control reviews, supported by KRIs and evidence, and risk reporting to the Board by Muse Advisory.
  • Decide which activities to prioritise and where management time should be focused, by seeing the overall picture of risk and how specific events/ issues can cause a drain on resources.

"When we selected Muse as our Risk KFH, we were looking for something special that would add value to the Scheme by constructively challenging our perspective. We were not disappointed"

Trustee Chair

“Muse have quickly instilled a confidence in the Trustees around their management of risk and that the scheme is in safe hands. We have done some really good work to complete our first Own Risk Assessment.”

Chair of the ORA Working Group

PASA
Cyber essentials plus