Watch our Video
A UK charity risk register template and risk management policy guide, which also explains risk assessment and the Charity Commission policy on risk management. Register (everything is free), then login, to download this policy using the in-system AI bunny and a range of other charity risk templates by scoring the Risk questionnaire.
A charity risk register and risk management policy are the 2 key tools most charities use to manage risk. These can vary from fairly complex systems to a simple risk assessment template for your charity fete.
You can download Word/Excel versions of these and a variety of other charity risk management templates from the Risk questionnaire.
The links to guidance and laws in these apply only to a UK charity. Links to the Charity Commission risk guidance are at the bottom.
There are risks in everything charities do and additional potentially huge risks in the outside world. Here are the basics of risk management explained simply and a 3 step process to manage risk, including sample templates that will enable you to create your risk management policy and register.
Staff and volunteers are hard pressed and demand increasing, but few charities have much in the way of financial reserves with which to respond to that. Charities are now less able to manage risk and the world is now more uncertain than ever.
Risk covers every area of charity activity and there are a huge variety of risks different ways to use risk management registers, but many don't really understand risk or how to manage it effectively. This toolkit and templates gives you an understanding of the fundamentals and how risk can be managed that you can apply in any charity.
Register with Charity Excellence and use its risk management questionnaire to assess your charity's risk management, including access to a huge range of toolkits, guides and templates to help you. Plus, 3 online directories Funding Finder, Help Finder and Data Finder and 100+downloadable funder lists.
Quick, simple and very effective.
Find Funding, Free Help & Resources - Everything Is Free.
Charity risk is often defined as the likelihood that a hazard will materialise, but that's not quite correct. Risk is about uncertainty and that can also be something good. The large funding bid you has very little expectation of securing comes in or your staff and volunteers achieving far beyond what was realistically achievable in the face of a crisis. Upside risk is rarely taken into account in charity risk registers. I'm not saying you should, but recognise that is not the whole story. Here's a simple 3 stage process to manage your risk.
Charities are faced with a huge range of risks, so the first step is to identify what that might look like. It can help to separate these into categories, such as strategic, financial, operational, reputational, legal/compliance, governance, IT/cyber, people etc.
Don't just focus on the obvious risks, but rather identify as many as possible. Sometimes the greatest risks are the ones we don't think about. Here are some examples.
There is an extensive list of potential risks that can be downloaded from the Charity Excellence Risk questionnaire.
Once you have identified the risks that matter to your charity you can carry out a risk assessment. Risk has 2 components. The probability it will happen and the impact if it did. Often the key risks are not those with great impact, but those that have a reasonably high impact and a reasonable probability of happening.
Here's a simple risk assessment template you can use, but there are lots of others, such as using numbers. For example, if the probability was 3 on a scale of 5 and the impact 4 on a scale of 5, multiplying these gives a risk score of 12, where the lowest risk score is 1 and the highest 25. The risks with the highest scores are the ones you most need to manage. For financial risk, put a £ sign in front of the impact number.
| Probability – a risk will materialise | ||||
| Low | Medium | High | ||
| Impact – if it did | Low | Very Low | Low | Medium |
| Medium | Low | Medium | High | |
| High | Medium | High | Very High | |
Here's a simple risk management template that explains the 4 basic risk management options.
| Risk Management | Action | Example |
| Avoid | Eliminate the cause of a risk. | Switching off computers at cease work to remove the risk of these catching fire. |
| Mitigate | Reduce the impact, if a risk does occur. | Have fire equipment and evacuation procedures in case of fire. |
| Accept | If it's too small to merit committing resources, or uncontrollable/can't reasonably be foreseen, create a contingency plan. | A contingency plan if your premises become uninhabitable due to the fire. |
| Transfer | Have a third part take on responsibility. | Ensuring that you have adequate fire, or other insurance. |
In order to manage risk well, everyone needs to know what your attitude to risk is, how that is to be managed and reported, who is responsible for what and they need to have the necessary skills in order to do so. That's what your risk policy does. It can be detailed, but for smaller charities it could be as simple as copying this resource amending it to suit your needs and making sure that everyone who needs to knows what they need to do.
A key component of that is your risk assessments and register and how you manage that. For larger charities there may be separate strategic, financial and operational risk registers, but for small ones it may be quite simple. our charity risk register should include the risks you need to manage, rate these in some way (gross risk), identify the action to be taken, who will be responsible for that and the impact this will have (net risk). This needs to be reviewed by trustees on a regular basis and acted upon. Here's a simple risk register template. If you need these, you can download risk management policy, risk register, risk assessment templates and scoring spreadsheet and a range of other risk management tools and templates from the Charity Excellence risk questionnaire.
| Risk Area | Risk | Gross Risk | Mitigation | Avoidance | Net Risk | Lead | Notes |
| Operations | Loss of premises due to fire | Medium | Up-to-date fire survey an plan, and equipment | Switch off all computers and VA equipment at cease work | Low | Ian | Arrange fire survey April. Servicing due October |
| Governance | Board Lack capacity skills | High | Arrange governance training | Skills audit recruit 3 additional trustees | Medium | Mohammed | Have only 3 trustees. Skills audit Feb, recruitment Mar, training Jun |
| Finance | Finances mismanaged | Medium | Create budget delegations and simple policy instructions, oversight by Finance Manager | Include finance responsibilities in job descriptions, appraisal objectives and arrange induction/on the job training | Low | Susan | Finance manager to liaise with HR support, proposal to board meeting Mar. |
As part of our AI Ready programme, we've put an AI Risk Register online that identifies and provides information on a wide range of risks relating to AI. You can download an AI and Data Protection Risk Register toolkit and resources to assess and manage the risks for your own charity, from the risk register questions in the Governance and Risk questionnaires.
Often business/annual/operations planning, the budget and risk management register are seen as separate to each other, but are actually linked. If you increase your targets in you annual plan, you either have to increase the risk, or the budget. If you increase the budget income target to make this work, you increase the financial risk. If you cut the spend in your budget, you have to reduce your annual plan targets, or increase the risk.
That's not a problem, as long as you make sure that when you change one, you consider and, if necessary, change another. The Charity Excellence Sector Data Store shows many charities reporting effective planning to be an area of substantive weakness. Closing the budget income gap with a 'stretch target' is just wishful thinking, unless you've taken steps to make that happen.
Having a charity financial reserves policy will ensure you are able to maintain adequate free reserves to enable you to manage any reasonably foreseeable contingency. If your reserves are too low, you put your charity’s future at risk and, if too high, funders may be unwilling to support you. Your reserves policy should set out how:
The CEF has a toolkit you can use to assess your financial sustainability and a simpler one for small charities. It also has toolkits that help you reduce your costs without reducing impact and how to maintain cash flow in an emergency.
Charity Commission CC26 (Charities and risk management) details the Commission's policy guidance to charities on risk management and risk registers. And there is also Charities: due diligence, monitoring and verifying the end use of charitable funds.
A registered charity ourselves, the CEF works for any non profit, not just charities.
Plus, 100+downloadable funder lists, 40+ policies, 8 online health checks and the huge resource base.
Quick, simple and very effective.
Find Funding, Free Help & Resources - Everything Is Free.
To access help and resources on anything to do with running a charity, including funding, click the AI Bunny icon in the bottom right of your screen and ask it short questions, including key words. Register, then login and the in-system AI Bunny is able to write funding bids and download 40+ charity policy templates as well.
I have worked in the sector at senior level for many years and hold various professional qualifications but am not an accountant, nor a lawyer and no advice can be applicable to all organisations, in all circumstances, so this resource is no more than a guide to understanding. Essentially, I've summarised the regulatory guidance and augmented this with my own experience and Internet research to create a layman's guide, with links to the source guidance. I hope you found it useful, but I am not competent to provide professional advice. If you need it, use Help Finder to find pro bono support.
