Enterprise Risk Management
|Publication Date:||7 September 2019|
This process applies to all parts of the business that own and / or manage Level 0 to Level 2 enterprise risks as shown in Figure 1.
This process sets out a principle-based approach for the management of Enterprise Risks in Network Rail to enable:
a) the effective and consistent management of all risks to strategic objectives;
b) risks to be managed in accordance with NR/L1/RSK/001 and Board approved corporate risk appetite statements;
c) the identification, prioritisation and management of interrelated enterprise risks to support successful delivery of the Company's strategic objectives;
d) strategic objectives to be managed in accordance with the UK Corporate Governance Code and governance requirements under licence condition 15 of
the Network Licence; and
e) clarity on risks which Network Rail have responsibility to manage as part of a wider set of industry risk mitigation activity.
NOTE: Strategic objectives includes network-level objectives such as those governed by the National Strategy Committees. These are the highest-level specific corporate objectives, typically of a timescale of the current or following control period. Each objective can be traced back up to Network Rail's role, purpose and vision.