What is a corporate wellbeing programme?

An employer-funded service combining mental, physical, financial and social health support for staff. MEM Academy pairs coach-led corporate fitness sessions with a self-serve wellbeing curriculum and ESG/SROI reporting so the spend is provable at year-end.

How much does it cost?

Programmes start at a fixed per-seat monthly fee. A 100-person pilot typically lands between £6 and £14 per seat per month depending on coach hours, on-site cadence and reporting depth.

How quickly can we launch?

Two to four weeks from contract — Week 1 diagnostic, Week 2 design, Week 3 launch comms, Week 4 first sessions delivered. First board report at end of Q1.

What ESG evidence do we get back?

A quarterly board-ready report with workforce KPIs (absence, wellbeing score, participation) plus a verified SROI figure showing social value per £1 spent — suitable for the Social-S section of your annual report.

06 — Live Risk Register

The register is live — kept in Notion / Linear (whichever holds the source of truth), reviewed at every MBR, re-ranked every QSR. This file is the schema, scoring, and the current top-15 snapshot.

Schema (one row per risk)

Field	Notes
`id`	RR-### (sequential, never reused)
`title`	One sentence, plain English
`family`	Delivery / Safeguarding / Commercial / People / Financial / Data & Privacy / Reputational / Regulatory / Strategic
`description`	What could happen, in 2–3 sentences
`cause`	Why it could happen
`consequence`	What it would mean if it did
`likelihood`	1–5 (see scoring)
`impact`	1–5 (see scoring)
`inherent_score`	likelihood × impact, before controls
`controls`	Active controls (link to `07-risk-policies-and-controls.md`)
`residual_likelihood`	1–5 after controls
`residual_impact`	1–5 after controls
`residual_score`	residual_l × residual_i
`trend`	↑ / ↓ / → since last review
`owner`	One named accountable person
`review_date`	Next review (max 1 quarter for High, 6 months for Medium, 12 months for Low)
`status`	Open / Mitigating / Accepted / Closed
`linked_okrs`	OKR IDs this risk influences
`linked_incidents`	Past incident IDs that materialised this risk

Scoring

Likelihood

Rare — has never happened, no plausible scenario this year
Unlikely — could happen, no recent precedent
Possible — has happened to peers or in our history
Likely — expect at least once in the next 12 months
Almost certain — expect at least once per quarter

Impact

Negligible — absorbed in normal ops
Minor — one cohort or one client affected, recoverable in days
Moderate — multiple cohorts/clients affected; remediation 2–6 weeks; possible service credits
Major — material revenue, reputational, or safeguarding harm; exec + board involvement
Severe — existential to the business, or serious harm to a participant

RAG bands (on residual score)

1–6: Low (green)
8–12: Medium (amber)
15–25: High (red) — MBR review mandatory

Top-15 snapshot (illustrative starting register)

ID	Title	Family	L	I	Score	Owner	Trend
RR-001	Safeguarding disclosure mishandled by a coach	Safeguarding	2	5	10	DSL	→
RR-002	Coach gives advice that breaches FCA boundary (financial wellbeing)	Regulatory	2	5	10	HoC	↓
RR-003	Client withdraws mid-engagement → revenue & reputational hit	Commercial	3	4	12	CL	→
RR-004	Single-client concentration > 35% of ARR	Financial	4	4	16	COO	↑
RR-005	Personal data breach (participant PII)	Data & Privacy	2	5	10	DPO	→
RR-006	SROI figures challenged by external assurer	Reputational	3	3	9	Evidence Lead	↓
RR-007	Coach bench under-supply → cohort delayed	Delivery	3	4	12	HoC	↑
RR-008	Key-person dependency on founders	Strategic	4	4	16	CEO	→
RR-009	Hybrid dashboard outage during client review	Delivery	2	3	6	HoD	↓
RR-010	Coach burnout / attrition spike	People	3	3	9	HoC	→
RR-011	Pricing model erodes margin via discount creep	Financial	3	3	9	CL	↑
RR-012	Misrepresentation in marketing of clinical scope	Regulatory	2	4	8	CEO	→
RR-013	Sub-processor (AI gateway / hosting) outage	Delivery	3	2	6	Ops	→
RR-014	Negative media coverage of a composite case study	Reputational	2	4	8	Comms	→
RR-015	Insufficient cash runway during scale-up	Financial	2	5	10	Finance	→

Each row links to controls in 07-risk-policies-and-controls.md and to a mitigation OKR where one is open.

Review cadence

Weekly: any new safeguarding-family risk (RR-001-style) is opened at delivery review and triaged the same day
Monthly (MBR): every High + any new Medium reviewed; owner reports on control effectiveness
Quarterly (QSR): full re-rank; close anything that has been Low + stable for two consecutive quarters; add new strategic risks

Acceptance criteria for a "live" register

Every High risk has a named owner and a next-review date in the future
Every High risk has at least one active control mapped in §07
The register is touched at every MBR — silence is treated as drift, not stability
Incidents (§08) write back to the risk that materialised, with date and learning