The Pensions Regulator

Internal controls

.

.

.

Define success criteria

Purpose

The purpose of this stage is for trustees to determine the levels of risk that they consider to be acceptable to the scheme in light of the desired outcomes established earlier in the process. This will provide an effective means of recognising whether the controls they put in place in future are being successful in mitigating the targeted risks.

Description

Before you can assess and prioritise the list of risks held on the risk register you need to establish what level of risk is acceptable to the scheme. You cannot mitigate all risk completely and accepting a degree of risk is a valid outcome from the risk-management process.

Setting the level of acceptable risk will provide the threshold above which you may need to establish internal controls when you come to assess the risks in the next stage of the process. It will also provide a measure for establishing the success of the internal controls you put in place to see whether the risk has been sufficiently mitigated.

It may be helpful to consider the acceptable level of risk in terms of its impact on:

• the security of members' benefits;
• disruption to the smooth running of the scheme; and
• direct financial cost to the scheme.

At this stage you will also need to establish who 'owns' the risks you have identified. The owner of the risk is the person with primary responsibility for managing it. The ownership of each risk will need to be communicated to the relevant person.

You will need to record the agreed success criteria and risk owners on a risk register.

Outcomes

The scheme's acceptable risk levels and risk owners have been agreed and communicated, and success criteria have been recorded in the risk register.

.

.

.