In earlier updates as part of our General Code Corner series (Taking Stock on the General Code, The General Code- mind the gaps, The General Code- filling the gaps) we provided tips for trustees on developing strategies to prioritise and fill any gaps in their effective system of governance (“ESOG”).

Some schemes may still be progressing their work on the ESOG and may find it helpful to refer to the updates above. Please speak to your usual Sackers contact(s) if you require any assistance in this regard.

Schemes who have completed or nearly completed ESOG changes will now be thinking ahead to the first Own Risk Assessment (“ORA”). Our Alert sets out more detail on the timing requirements for the first ORA but, as a general rule, most schemes will need to have completed their first ORA by the next scheme year end date falling in 2026.

This may seem like a daunting task, particularly as there is no one-size-fits-all template ORA or a list of detailed statutory requirements to meet. Given this is something of a blank sheet of paper exercise, this blog sets out some practical hints and tips below to assist trustees in breaking down the task of preparing an ORA into more manageable chunks.

A. What is the ORA?

In its simplest terms, the ORA is designed to be a self-assessment by the trustee of how well the ESOG is working alongside the trustee’s objectives and risk management.

To recap, schemes with 100 or more members which are required to have an ESOG in place are also required to carry out and document an ORA. Failure to engage with the ORA is a risk in itself and TPR has said that it “may consider failure to complete an ORA as an indicator of poor governance”.

B. Assessing effectiveness

As a blank sheet of paper can seem daunting when starting to prepare an ORA, we suggest:

  • beginning the assessment process sooner rather than later so that it feels more manageable.  This could include agreeing a project plan for the ORA and making sure that those involved in preparing and signing off on it are aware of what will be needed from them and when.
  • making use of work already done on the ESOG (for example filling gaps and updating documents and processes) and/or the scheme’s existing arrangements for reviewing governance. There may be overlap between this workstream and what is needed for the ORA so that work doesn’t have to be repeated unnecessarily.
  • making sure that risks are identified and assessments are made as part of the ORA. As reviews and checks are carried out, consider the relevant scheme risks, note these down and consider how the relevant document or process assists with managing the risk, whether it appears to be effective and whether there is room for improvement.
  • where there is actual experience of using a policy or process, taking account of what worked well, and whether there is room for improvement next time. Were the trustee’s written policies and procedures – forming part of the ESOG – followed, and were they useful? Or did the exercise expose gaps or anything that got in the way of what really needed to be done?
  • making use of adviser input. In carrying out this assessment the trustee’s advisers are likely to be able to share their perspective and offer constructive feedback – all of which could form part of the trustee’s overall assessment.
  • logging these points within a reasonable timeframe after an assessment has been made – having the workings ready when it’s time to prepare the ORA will make the process of writing up the ORA much easier at a time when the detail of any discussions and processes followed could be a distant memory!
  • thinking about horizon scanning – are there any risks that the trustee could be exposed to which did not arise in practice, but which remain relevant? Are there future projects or emerging risks that could mean that it is appropriate to focus on certain aspects of governance in the short to medium term?  How is the trustee ensuring that complacency does not set in with regard to such risks and that governance is more than a tick box exercise?

C. Writing up the ORA

  • as noted above, there is not a single “right” approach to documenting the ORA and TPR has not (and is not currently expected to) produce a template or guidance in relation to this. In practice, we are seeing a range of approaches, and for good reason. Just as the ESOG is intended to be proportionate to the size, nature, scale and complexity of a scheme, it follows that the approach to and documentation of the ORA should also be proportionate and highly tailored to the circumstances of the scheme.
  • it may also be helpful to bear in mind that there is no requirement to formally submit the ORA to TPR (noting, however, that TPR could request sight of the ORA at any time) or to share it with members. It is helpful to think of the ORA as a useful governance tool for the trustee rather than as a compliance exercise or an exercise which requires member communication considerations to be taken into account.
  • the ORA has the potential to cover a lot of ground and assimilate a high volume of information. In documenting the assessment and outcomes, trustees should think about what is going to be most helpful for them in terms of identifying gaps or niggles in current governance structures and risk management processes. A detailed report may be deemed most suitable, however trustees should not be afraid to think outside the box. An ORA which is more streamlined or visual could be appropriate and proportionate in the context of their scheme. It may also be helpful to think ahead to future ORAs and to consider how the current one can be used to inform future governance work.
  • whichever format is chosen for the written ORA, it will still be important to keep an audit trail and supporting evidence of the trustee’s assessment and how it arrived at the conclusions.

Please speak to your usual Sackers contact if you have any queries regarding completing your first ORA.