Skip to main content
English Cymraeg

Strategic Risk Management

FSA 23-03-04 - This paper reflects the FSA’s strategic, corporate and management approaches to risk, including identifying which responsibilities lie at Board, Audit and Risk Assurance Committee (ARAC) or Executive level, and also provides the Board with an overview of the strategic risks being managed.

Last updated: 9 March 2023
See all updates
Last updated: 9 March 2023
See all updates

1  Summary

1.1    This paper reflects the FSA’s strategic, corporate and management approaches to risk, including identifying which responsibilities lie at Board, Audit and Risk Assurance Committee (ARAC) or Executive level, and also provides the Board with an overview of the strategic risks being managed. 

1.2    The Board is asked to:

  • Note and agree the risk management framework and our current approach to risk management (see paragraph 3.1 - 3.7).
  • Note and agree the FSA principal risks (see paragraph 4.1 - 4.2 and Annex A).


2    Background

2.1    All organisations should employ a range of approaches and actions for identifying and mitigating risk.  The FSA is unusual in that its entire purpose is rooted in the management of certain risks in the food system.  The Agency was formed in the aftermath of, and as a direct response to, the incidence of Bovine Spongiform Encephalopathy, and works to protect public health, and consumers’ wider interests in relation to food.  This means that risk considerations are always front of mind across the whole department.  

2.2    The food system is complex and is evolving rapidly with developments such as: new technologies around food production; logistics; shifting consumer habits; and trading influences including online sales.  

2.3    The effects post pandemic, the war in Ukraine, rising inflation and, climate and environmental related events have contributed to disruptions to the food supply chain and cost of living crisis.  An increasing number of people are being pushed into food insecurity and disruptions to the food supply chain continue.  Climate change is becoming more urgent as environmental events become more frequent, the food supply chain needs to adapt, to provide long-term food security.  The drive for the food system to become more sustainable maybe slowed by the short-term cost pressures currently being experienced.  

2.4    The FSA also faces internal challenges such as in our ability to recruit and retain a skilled workforce whilst managing the resilience and wellbeing of our people, with competing work pressures and ongoing economic pressures.  Contingencies the FSA has put in place have steadily increased the number of Official Veterinarians to provide full-service delivery, however the UK’s Veterinary workforce shortages still adds challenges to the delivery of Official Controls for which we are responsible.  Also, a shortage of experienced and qualified Environmental Health Officers who support the delivery of Official Controls by local authorities and port health authorities, raises wider challenges for the resilience of the regulatory system. 

3    Risk Management Policy and Framework 

3.1    The FSA has an established risk management framework that forms part of the ‘Three Lines of Defence’ (refer to Annex B) and applies the principles of the HM Treasury Orange Book, a document providing guidance which establishes the concept of risk management.  We use this framework to provide assurance to the FSA Board, ARAC, and the Chief Executive Officer (CEO) as Accounting Officer that opportunities and risks are being effectively identified, assessed and managed, and those involved understand their roles and responsibilities.

3.2    The Board is responsible for setting the FSA’s strategic risk tolerance / appetite, agreeing the thresholds for the levels of risk exposure, and ensuring that an appropriate risk management strategy is in place.  The Board also provides a strategic view on the FSA’s principal risks and reviews the risks annually. 

3.3    ARAC has oversight of the FSA’s approach to, and assurance over, the risk management delegated from the Board and, in its non-executive capacity, advises the Board and CEO on the strategic processes for risk management, including reviewing the strategic risks and ratings; considering the risk appetite; and providing oversight of the effective application of appropriate controls and processes.

3.4    The Executive formally oversees operational risk management as part of our risk management cycle and considering risk in all strategic and executive decisions. 

3.5    Our strategic risks are reviewed by relevant senior leaders quarterly (or sooner by exception), ensuring that the level of risk exposure is monitored closely in the changing environment we operate in, updating the Executive to provide strategic oversight. 

3.6    ARAC are presented quarterly with a summary of the latest risk review alongside the strategic risk dashboard, and as appropriate, are consulted regarding process changes / improvements.  To supplement this process our principal risks are also subject to periodic in-depth reviews, presented to ARAC to evaluate and challenge.

3.7    Adding to the Board’s strategic and corporate risk roles, the Board’s Business Committee has a key role in high-level oversight of operational matters which includes identify and monitor operational and delivery risks, ensuring that ARAC is informed if these risks could become a strategic concern.

4    FSA Principal Risks and Uncertainties

4.1    The Board and Executive hold an annual risk workshop to identify and consider the risks and opportunities we face in the future, agreeing which risks pose the greatest threat to us successfully achieving our objectives and corresponding strategic risk tolerance and thresholds for the levels of risk exposure. 

4.2    The principal risks the FSA faces in delivering food you can trust are the inability to do the following (see Annex A for further detail):

  1. Being able to effectively identify, prioritise, assess and act on a food risk to prevent harm to consumers.
  2. Maintaining confidence and trust from consumers, business, government and / or other stakeholders sustaining our ability to deliver our strategic objectives to protect consumers.
  3. Maintaining informative and influential relationships across government and internationally to advance consumer protection, now and in the future.
  4. Working effectively and cohesively across multiple nations of the UK and administrations to ensure consumers are well-protected despite potential divergence between systems.
  5. Being able to provide an appropriate response to a major food / feed incident to protect consumers from potential harm.
  6. Effectively support local and port authorities in delivering Official Controls reducing potential food safety risk to consumers and maintaining confidence by trading partners and consumers.
  7. Being able to deliver our Official Controls functions in England and Wales for meat to protect consumer safety and confidence plus wider implications such as food supply interruption, trade and animal welfare.
  8. Successfully securing and utilising our resources and supporting our people so to deliver the FSA Strategy benefiting consumers.

5    Conclusion 

5.1    The Board is asked to:

  • Note and agree the risk management framework and our current approach to risk management (see paragraph 3.1 - 3.7).
  • Note and agree the FSA principal risks (see paragraph 4.1 - 4.2 and Annex A).

Annex A

Table showing principal risks and uncertainties, and our response
Principal risks and uncertainties Our response
Being able to effectively identify, prioritise, assess and act on a food risk to prevent harm to consumers.

The FSA’s risk analysis process captures the capabilities and processes in an end-to-end service by which a food risk is identified (either through an arising policy issue or through surveillance), assessed and mitigated (managed and communicated).  Leaving the EU means the FSA is now responsible for many of the combined risk analysis functions that were previously carried out by the European Commission and the European Food Safety Authority.  This process also forms the basis for authorisation of regulated products. 

To ensure that the high standard of food safety and consumer protection is maintained, our risk analysis process is kept under review to ensure regulatory effectiveness.  Surveillance in general across the FSA remains critical to our role and therefore we have established a flexible, responsive, data-enabled science, evidence and surveillance approach to harness the power of data science to identify emerging risks before they become risks to public health, using a variety of data sources.  

Maintaining confidence and trust from consumers, business, government and/or other stakeholders sustaining our ability to deliver our strategic objectives to protect consumers.

Failing to influence and engage effectively with a wide range of stakeholders would risk our pledge to put consumers first in everything we do.  Trust and confidence (of consumers, media, government, industry, partners) are central to us achieving our outcomes for consumers. 

One of the foundations of trust in the FSA is our use of evidence, openly published and well communicated.  We use science and evidence to come to our decisions, and are seen to be open, honest, independent and inclusive.  However, we work in an environment populated with numerous problems, with many factions holding opposing points of view.  A single incident or a major campaign where we are seen to not be playing the required role or do not provide proportionate advice and information that is not science based or impartial, could jeopardise the trust in FSA and adversely affect our reputation.  Structured and proactive stakeholder management mitigates this chance of a loss of trust resulting from public criticism.  

Maintaining informative and influential relationships across government and internationally to advance consumer protection, now and in the future. It is vital that we are able to influence Governments effectively in Westminster, Wales and Northern Ireland, as well as internationally, to ensure that our work is understood, supported and that we are able to achieve change that benefit consumers.  The UK’s new relationship with the EU makes the FSA’s role as a food system regulator more important and has altered the institutional drivers for some of our international activities.  The FSA Board set out a clear set of principles to guide FSA officials’ input to trade policy and trade negotiations and we provide respected expertise into lead departments to inform negotiations of Free Trade Agreements.  Monitoring international developments aids early intelligence and analysis on issues which could have an impact on food safety risks for consumers.  
Working effectively and cohesively across multiple nations of the UK and administrations to ensure consumers are well protected despite potential divergence between systems. 

The FSA works with UK regulatory partners, Wales and Northern Ireland governments and with Food Standards Scotland and the Scottish government to ensure that the UK regulatory regime continues to provide strong protection for consumers.  Inevitably, there are areas where different political priorities and viewpoints among the four administrations will occur.  These changes have the potential to negatively affect four-nation collaborative working relationships.

The FSA is party to three cross-government UK Frameworks.  These put in place commitments to joint ways of working and seeking consensus on changes across the UK, while recognising that often businesses trading across the UK require consistency and that consumers require equal levels of protection.  UK frameworks also recognise that UK Ministers can make different decisions from one another, where it is agreed on a four-nation basis that this is appropriate and supported by evidence.  

Being able to provide an appropriate response to a major food / feed incident to protect consumers from potential harm.

The FSA has well-established contingency and resilience arrangements to respond to a major food or feed safety incident.  Lessons learned reviews from real incidents as well as Winter Planning activity, provide us with valuable learning to strengthen our resilience and improve our response standard operating procedures.  

This approach enables us to invoke our incident response and emergency protocols efficiently; deliver an appropriate response to a food incident; and enable the organisation to return to our normal operations as quickly as possible.  However, a response to a large-scale food-borne incident (on a scale similar to the pandemic) the FSA would face significant challenges to respond in such a comprehensive way.

Effectively supporting local and port authorities in delivering Official Controls reducing potential food safety risk to consumers and maintaining confidence by trading partners and consumers

FSA places reliance on others to deliver many regulatory functions and we need to work closely to ensure service / consumer protection are not compromised whilst new approaches are developed. 

  • Local authorities specifically cover food producers, food processors, catering establishments, takeaway and food delivery, retailers and approved dairy, and meat and fish establishments.
  • FSA and local authorities together deliver shellfish official controls.
  • Local authorities and port health authorities in England, local authorities and the Animal and Plant Health Agency in Wales, and local authorities and Department of Agriculture, Environment and Rural Affairs (DAERA) in Northern Ireland are responsible for imported food controls.
  • Feed controls are the responsibility of local authorities in England and Wales, and DAERA in Northern Ireland.

Local authorities face increased pressures and challenges, which has impacted resources and has highlighted challenges faced in meeting the FSA’s expectations for delivery of food controls.  The need to reform the food hygiene delivery model, including the risk assessment scheme in the Food Law Code of Practice that drives planned intervention programmes, has now become more pressing. 

Through the Achieving Business Compliance Programme, we aspire to focus more on outcomes, and we collaborate with local authorities and industry to make sure that food regulation is data driven and evolves with the rapidly evolving food system.  We are also supporting local authorities to understand the challenges with recruiting Environmental Health Officers to work towards a longer-term solution and plan of action. 

Being able to deliver our Official Controls functions in England and Wales for meat to protect consumer safety and confidence plus wider implications such as food supply interruption, trade and animal welfare.

FSA has direct responsibility for inspecting, auditing and assuring businesses in England and Wales producing meat, wine and dairy.  We deliver Official Controls in abattoirs and game handling establishments, and we audit and inspect meat cutting plants, wine producers and on-farm dairy establishments.  The current sector wide difficulties in recruiting and retaining Official Veterinarians adds challenges to the delivery of Official Controls for which we are directly responsible.

The FSA’s approach to direct delivery of regulatory controls involves a split between FSA-employed people and contractors via a Service Delivery Partner.  The FSA via its contract management arrangements continually monitors the capacity and capability of the supplier to undertake their contractual obligations and uses key performance indicators to identify non-compliances and service failures (for which there are financial penalties).

Successfully securing and utilising our resources and supporting our people so to deliver the FSA Strategy benefiting consumers.

There are ever-increasing constraints on resource that all parts of government face.  The FSA will continue to focus on improving its effectiveness and efficiency, ‘leveraging great impact from small resources.’ This includes ongoing development of our planning, performance, financial, risk, and prioritisation capability.

We continue to create an environment in which our people are highly capable, effectively supported, and choose to make outstanding contributions to protecting, informing and empowering consumers and to successfully deliver the FSA’s strategic objectives.

 

Annex B: Figure 1: HM Treasury Orange Book ‘three lines of defence model’

Figure 1: HM Treasury Orange Book ‘three lines of defence model’

The 1st, 2nd and 3rd lines of defence answer to Senior Management. 

The 3rd line of defence answers to Board/Audit Committee. 

The 1st line of defence is Management control and Internal control measure:

  • Identify, assess, own and manage risks
  • Design, implement and maintain effective internal control measures
  • Supervise execution and monitor adherence
  • Implement corrective actions to address deficiencies

2nd line of defence is functions that oversee or specialise in risk management:

  • Set the boundaries for delivery through the definition of standards, policies, procedures and guidance
  • Assist management in developing controls in line with good practice
  • Monitor compliance and effectiveness
  • Agree any derogation from defined requirements
  • Identify and alert senior management, and where appropriate governing bodies, to emerging issues and changing risk scenarios

3rd line of defence is Internal Audit:

  • Provide an objective evaluation of the adequacy and effectiveness of the framework of governance, risk management and control
  • Provide proactive evaluation of controls proposed by management
  • Advise on potential control strategies and the design of controls

Other bodies that are part of the model, with more independence from management (and less responsibility for risk management), are:

  • Inspection bodies
  • the Infrastructure and Projects Authority
  • the National Audit Office