Charity Risk Management

Charity trustees should regularly review and assess the risks faced by their organisation in all areas of its work. Risks are an everyday part of charitable activity and managing them effectively is essential if the trustees are to achieve their key objectives and safeguard their charity’s funds and assets.

What is a risk?
To be able to assess the risks you must first know how to identify exactly what a risk is. A risk is defined as anything that could prevent your charity from achieving its aims, namely, to be able to meet the needs of beneficiaries now and in the future.

Are trustees required to identify and assess risks?
As trustees of the charity, the responsibility for risk management rests on you. Whilst it is only a legal requirement for charities which exceed the audit threshold* to have a risk management statement, it is considered good practice for smaller charities to include one as well. For incorporated charities, a description of the principal risks and uncertainties facing the company must be included in the directors’ report.

What will a risk management document look like?
Due to the diversity of the charitable sector, each organisation will face its own different types of risk and level of exposure to them, therefore there is no standard model for a risk management document, also referred to as a risk register. Nevertheless, for a risk register to be successful it needs to:

  1. Be informed by the charity’s risk management policy, a document which determines the level of risk the charity is willing to be exposed to and how risks will be assessed and managed by the charity.
  2. Clearly identify each individual risk faced by the charity. It can help to catergorise risks according to the department they will affect, e.g., governance, operations, finance, environment, and law/regulations.
  3. Assess the risk to allow you to prioritise the most impactful.
  4. Include mitigation or contingency plans on how the risk will be managed to ensure it does not adversely affect the charity.
  5. Incorporate a monitoring/control element so risks can be managed during the day-to-day running of the charity.

I have recently helped a board of trustees set up a register for the first time. This enabled all the areas of risk, and management of issues involved with them, to be set out in a logical and thought through way.  This provoked the trustees to think more widely about their responsibilities and where the work being done is helping mitigate risk to an acceptable level.  This will be useful for new trustees coming in and to evaluate progress as time goes on.

Maintaining the risk register
A good example of maintaining the risk register is at the college where I chair the audit and risk committee. To ensure the register is kept as a relevant and up to date working document, we review the register formally once a year.  It is a document that involves all departments from IT to catering, from the medical center to the science labs and from finance to governance. As time goes on, the register evolves, as risks and priorities of the organisation change. For instance, traffic light colours are used to highlight the most to least urgent risks. The document is then used by staff to allow them to identify and manage the risks, with key risks singled out at the start of the Warden’s report.

Whilst the format of the register will differ between organisations, the key point of note is that it should be considered a working document, something which can be referred to, and the risks amended, prioritised, and discussed to inform the day-to-day running of the charity.

How we can help
Throughout our team we have a great deal of experience working with charities to ensure they are aware of the risks they face, and equipped with the resources to safeguard against them. When the unexpected happens, it is important to know you have the plans in place to help the organisation through with as little disruption to the beneficiaries as possible, and we have a great depth of experience to help you put these plans in place. For an in-depth chat about how we can help your charity assess and manage their risks give me a call on 01865 559900 or email

Deborah Pluck, Partner

Further reading
The Charity Commission guidance on risk management for Charities can be viewed by clicking the following links

* an income of £1m or more; or a gross income exceeding £250,000 with gross assets held exceeding £3.26m

Source: Mon, 26 Jul 2021 15:05:28 +0100