Risk Contingency Plan

Return to Index

 

Risk Register and Contingency

The over-arching goal is to provide external quality assurance for qualifications at low cost, reducing administrative overhead for assessors and maximising rewards for learners. The key risks have been prioritised as follows.

 

Identified Risks

Contingency

Awarding risks
1. Certification Fraud On-line authentication reduces the likelihood of certification fraud. Most significant risk is a forged paper certificate but this will not authenticate. Should forgeries come to light. the Chief Assessor will order an investigation and take such action including legal action to deter further instances. In the unlikely event that a certificate can be authenticated by someone not owning it eg through identity theft, the authentication of that certificate will be blocked until its true owner is traced and that ownership re-established. Any instances where significant certification fraud has occurred will be reported to the Regulators.
2. Assessor Malpractice All organisations acting as centres for TLM qualifications are risk assessed before any of their staff can become assessors. All assessors are vetted by TLM and provided with on-going training and support. Most are qualified teachers or similar education professionals. All have to sign an agreement promising to uphold standards. In most cases there is a Principal Assessor with control over a group of assessors. There is potentially sufficient professional damage to the individual from an accusation of malpractice to deter such behaviour.  Should an assessor be shown to be acting unprofessionally in any way, their account will be suspended until it can be established that they present no risk to the system. In extreme cases  legal action will be started and the assessor's Principal Assessor and employer informed. The regulators will be informed in any case where malpractice is likely to have caused receipt of awards without proper justification. Where malpractice results in withholding awards which are due, awards will be made at no additional charge to those that have earned them.
3. Errors in assessment The moderation process is designed to reduce the risk from assessment errors while keeping the cost of assessment low.  In the lowest level Entry certificates, where the effect of risk is not critical, the description of levels and training are considered sufficient given the use to which these certificates will be put. The more likely the certificate is be critical in gaining employment or a place in further or higher education, the greater the sampling and more demanding the moderation of assessors. Feedback to assessors is designed to provide continuing professional development to make errors less likely, particularly in rapidly changing fields such as technology. The contingencies on discovering systematic errors in an assessor's work is to inform them and require them to adjust any related work accordingly. Re-sampling will take place until it is clear that the error is eradicated. Should assessors continue to submit work that is subject to error, their Principal Assessor will be informed and compulsory additional training required. In extreme cases the Assessor's account can be and will be blocked. Any errors that are significant and could have led to awarding of certificates that are not justified will be recorded and reported to the regulators.
4. Risk of compromising the data systems The data system is operated using passwords and permissions. There are two sites, one that that manages assessment and certificates that is deliberately separated from the one that manages general user activities. General security such as using encrypted passwords through the HTTPS system, keeping software up to date with patches and general maintenance apply. Regular backups by the hosting service mean that it is possible to revert to earlier versions of the data. The most likely compromise is for users to leave themselves logged in and for another person to then use that account. For example, an Assessor leaving themselves logged in and a student going to the account and awarding themselves assessment criteria. Since Assessors don't authorise awards, it would be impossible for such a failure to result in the award of a certificate without first going through the moderation procedure. It is very unlikely that an assessor would not notice a change in the patterns of assessment and these assessments have to be backed by evidence from the student. If it came to light that a student had added data and a certificate was awarded in error, the certificate will be revoked in accordance with the malpractice contingency above. Even if the student breaking into the assessors account, deleted all the student information, it is not actually deleted from the system and can be reinstated. Only administrators at TLM can actually delete physical data and admin rights are only given to a few very experienced users. The data systems are hosted by a large professional hosting company and outages are very rare. It is possible to record assessments off line in a spreadsheet and up date the on-line database and so any unavailability of the site is unlikely to disrupt day to day work to any great extent. Should the system go off line through a major disaster at the hosting company, we keep local backups and so these could be used with minimal loss of data.
Business Risks
5. Political change Changes in government policy could destroy entire markets. Mostly TLM's products are sold to public sector organisations and funding policies are crucially important. In order to mitigate this risk TLM is diversifying it's customer base to include overseas groups and different local groups that are less likely to be affected by any particular change in policy. In terms of contingency, changes tend to happen with a year or two of notice and so the contingency is to plan to shift resources to the most viable markets in response to changes that are likely to make an existing market non-viable.
6. Bureaucratic risks For a small Awarding Organisation the cost of administration and dealing with several government agencies is disproportionately expensive and this raises the level of financial risk. TLM uses state of the art open source and cloud-based technologies to reduce the costs associated with bureaucracy. The contingency for unforeseen change is difficult except for campaigning for government agencies to use open systems and open standards and the most appropriate tools for tasks.  Another strategy is to be involved in EU lifelong learning projects for transfer of innovation. This extends the possibilities for new export markets while providing funding for development and language translations and reduces the risk associated with investment in innovation and development that is long term.
7. Loss of revenue Loss of revenue is a continuing risk.  Should revenue fall below a critical threshold, TLM would go out of business and there is nothing that could be done about it apart from a take over from a larger awarding body.  However, at present development work is continuing so there is scope in the first instance to simply stop all development. That would be the first step in the contingency plan. At this point the regulators would be informed that there was a good chance that TLM would cease trading in the not too distant future and that eventually there would be no mechanism to maintain the database record of awarded certificates. Two options then exist. Notify users and ensure they have printed paper manifests of their certificates and awards or arrange for the database to migrate elsewhere for at least the maintenance of authentication and printing of certificates. The former option has the disadvantage of not allowing certificates to be authenticated and lost certificates could not be re-issued. The latter option has a small cost involved but this is likely to be negligible to an organisation that is already hosting a significant web site.
8. Loss of key personnel Each member of staff has a "deputy" that could take over their work at least on a maintenance level until that member of staff was replaced. The worst case scenario of loss of the most crucial key member of staff would be loss of revenue to the extent that the contingency in 7 above would be invoked. However, that would take some time and so finding a replacement would be the first option. The technical support staff have changed during the development process demonstrating that none are indispensable, and since a lot of the work is developmental, it is not essential for the basic running of the business.
Regulatory Risks
9. Cost associated with compliance Compliance with the regulatory conditions carries some overhead in providing systems to verify and respond to compliance issues. These are no more onerous than previous systems and a risk based approach provides the potential to reduce risk by prioritising resources to aspects that are the most significant.
10. A. Governance Serious problems related to governance as defined in Condition A1.2 to A1.4 are likely to lead to far more serious organisational risks in themselves than the risk associated with the consequences of regulation. A1.3 is considered unrealistic as many qualifications are based on 2 year courses. It would therefore be impossible to accredit a qualification prior to the start of a course and have it awarded within the 2 year stipulated period.  As a small organisation it is very unlikely that any of the causes of non-compliance would escape the direct scrutiny of the governing body. There is no realistic chance of TLM being located outside the UK even if it does open subsidiary offices in other countries. (A2). It is difficult to envisage a change of control scenario where the new controller would not have a strong commitment to maintaining regulation. In this respect the risk of an adverse effect from this is very low. Conflicts of interest have been allowed for in the organisational government from the outset. The principles are well-established and there is no additional risk from the requirement to comply with the conditions. Availability of resources is fundamental to the operation of the organisation. The requirements of the conditions add no more risk to this and so the primary focus is to ensure resources are prioritised to reduce the likelihood of the most significant adverse effect. That would be to go out of business and be unable to provide continuity for verifying learner outcomes and qualifications. In that respect the maintenance of the systems supporting these things have been designed to be as low cost as possible and to be such that a third party with minimal training could maintain them. Risk associated with the conditions for dealing with malpractice are potentially the most significant because the degree that malpractice initiated by third parties can be controlled by TLM is limited.  Again the risk associated with the issue itself is more significant than the risk associated with the regulations associated with malpractice. Since regulation is itself risk based, the most significant risk to TLM from regulation is associated with the activities of highest risk.
11. B. Ofqual/Qualifications Wales There is a possible overhead in reporting requirements to Ofqual/Qualifications Wales but these are integrated in the general planned working practices and so the risk from the additional overhead is low. The most significant risk is in proving unlimited cooperation with Ofqual/Qualifications Wales in any investigation since the scope falls outside the control of TLM. It seems unlikely that Ofqual/Qualifications Wales would require such resources in such a situation that would cause TLM to go out of business and that is the most serious risk.
12. C Third parties Third parties present a relatively high risk in that there are factors associated that are outside the control of the AO. Risk is minimised through a range of measures and the requirements of regulation do not add significantly to that risk since apart form reporting to and cooperating with the regulators the rest would be done in any case. The risk in losing customers through lack of regulation is more significant.
13. D & E Qualifications The regulatory requirements for qualifications have some administrative overhead but it is not onerous. It is not possible to have credible qualifications without the requirements of the conditions and an estimated 95% of the work is required whether or not  regulation was needed.
14. F Providing products The requirements related to providing qualifications to purchasers are basically administrative. For this reason the regulatory risk is low because any requirements to change anything is likely to have low bureaucratic overhead. Any Ofqual/Qualifications Wales investigation is likely to be quickly resolved and therefor of low financial risk.
15. G Setting the assessment Setting the assessment has risk if the regulators disagree with TLM's judgements related to the design and delivery of the assessments. The main issue would be to alter the design of affected assessments and this is within the existing capacity of TLM. There is a clear plan to make statistical and other comparisons to ensure that TLM assessments are in line with those of other awarding organisations in terms of their demand on candidates at a particular level. 
16. H Marking The main regulatory risk is if the regulators disagree with TLM's judgements related to marking and grading assessment. Much of these processes have been developed with the Sector Skills Council and other AOs and so the risk of this is considered low. In a case where adjustments were needed, the expertise and capacity to do so exist and therefore the risk from regulation itself is manageable. In general TLM designs exam papers, questions and marking schemes to be unambigous and reviews responses from candidates to inform refinements to make this more and more robust as the scale increases to more markers. This reduces risk from variations in marking.
17. I  Appeals and certificates The appeals procedure is well-established and in 6 years there have been no appeals. This leads us to conclude that the risk of a regulatory issue is low. There has been extensive dialogue with the Regulators concerning TLM's innovative methods for certification. Typically certificates can be with a learner in as little as 2 days from the assessor requesting the award, including the time needed for moderation and verification. The main risks associated with regulation of certificates is therefore behind us and the regulatory risk is mainly related to administrative procedures that even if in error would be inxepensive to put right.
18. J Definitions We believe that we understand the definitions as presented and therefor the risk associated with definitions is low.