This charity risk management policy guide explains the basics of risk management and assessment. It gives you a simple 3 step process to use and sample templates for your own risk policy and risk register and includes having a charity reserves policy. It can be used for everything from trustee risk planning to assessing and managing charity shop and fundraising event risk.
There are risks in everything charities do and additional potentially huge risks in the outside world. Here are the basics of risk management explained simply and a 3 step process to manage risk, including sample templates that will enable you to create your risk management policy and register.
The years of austerity after the 2008 recession left many charities vulnerable and Covid then had a furter huge impact. Staff and volunteers are hard pressed and demand increasing, but few charities have much in the way of financial reserves with which to respond to that. Charities are now less able to manage risk and the world is now more uncertain than ever.
Risk covers every area of charity activity, there are a huge variety of risks different ways to use risk management registers, but many don't really understand risk or how to manage it effectively. This toolkit gives you an understanding of the fundamentals and how risk can be managed that you can apply in any charity.
Register with Charity Excellence and use it's risk management questionnaire to assess your charity's risk management, including access to a huge range of toolkits, guides and other resources to help you.
Fast, Simple And Everything Is Free
To find the free help and funding you need – Register Now
Charity risk is often defined as the likelihood that a hazard will materialise, but that's not quite correct. Risk is about uncertainty and that can also be something good. The large funding bid you has very little expectation of securing comes in or your staff and volunteers achieving far beyond what was realistically achievable in the face of a crisis. Upside risk is rarely taken into account in charity risk registers. I'm not saying you should, but recognise that is not the whole story. Here's a simple 3 stage process to manage your risk.
We are faced with a huge range of risks, so the first step is to identify what that might look like. It can help to separate these into categories, such as strategic, financial, operational, reputational, legal/compliance, governance, IT/cyber, people etc.
Don't just focus on the obvious ones, but rather identify as many as possible. Sometimes the greatest risks are the ones we don't think about. Here are some examples.
There is an extensive list of potential risks that can be downloaded from the Charity Excellence Risk questionnaire.
Once you have identified the risks that matter to your charity you can assess these. Riks has 2 components. The probablity it will happen and the impact if it did. Often the key risks are not those with greets impact, but those that have aresonably high impact and a reasonable probability of happening.
Here's simple risk assessment framework you can use, but there are lots of others. For example, using numbers. For example, if the probability was 3 on a scale of 5 and the impact 4 on a scale of 5, multiplying these gives a risk score of 12, where the lowest risk score is 1 and the highest 25. The risks with the highest scores are the ones you most need to manage. For financial risk, put a £ sign in front of the impact number.
|
|
Probability – a risk will materialise |
||
|
|
Low |
Medium |
High |
Impact – if it did |
Low |
Very Low |
Low |
Medium |
Medium |
Low |
Medium |
High |
|
High |
Medium |
High |
Very High |
You have 4 basic risk management options:
In order to manage risk well, everyone needs to know what your attitude to risk is, how that is to be managed and reported, who is responsible for what and they need to have the necessary skills in order to do so. That's what your risk policy does. It can be detailed, but for smaller charities it could be as simple as copying this resource amending it to suit your needs and making sure that everyone who needs to knows what they need to do.
A key component of that is your risk register and how you manage that. For larger charities there may be separate strategic, financial and operational risk registers, but for small ones it may be quite simple. It should include the risks you need to manage, rate these in some way (gross risk), identify the action to be taken, who will be responsible for that and the impact this will have (net risk). This needs to be reviewed by trustees on a regular basis and acted upon. Here's a simple risk register layout. If you need these, you can download risk managemnt policy, register, risk scoring spreadsheet and a range of other risk tools and templates from the Charity Excellence risk questionnaire.
Risk Area | Risk | Gross Risk | Mitigation | Avoidance | Net Risk | Lead | Notes |
Operations | Loss of premises due to fire | Medium | Up-to-date fire survey an plan, and equipment | Switch off all computers and VA equipment at cease work | Low | Ian | Arrange fire survey April. Servicing due October |
Governance | Board Lack capacity skills | High | Arrange governance training | Skills audit recruit 3 additional trustees | Medium | Mohammed | Have only 3 trustees. Skills audit Feb, recruitment Mar, training Jun |
Finance | Finances mismanaged | Medium | Create budget delegations and simple policy instructions, oversight by Finance Manager | Include finance responsibilities in job descriptions, appraisal objectives and arrange induction/on the job training | Low | Susan | Finance manager to liaise with HR support, proposal to board meeting Mar. |
Often business/annual/operations planning, the budget and risk management plan are seen as separate to each other, but are actually linked. If you increase your targets in you annual plan, you either have to increase the risk, or the budget. If you increase the budget income target to make this work, you increase the financial risk. If you cut the spend in your budget, you have to reduce your annual plan targets, or increase the risk.
That's not a problem, a slong as you make sure that when you chnage one, you consider and, if necessary, chnage another. The Charity Excellence Sector Data Store shows many charities reporting effective planning to be an area of substantive weakness. Closing the budget income gap with a 'strectch target' is just wishful thinking, unless you've taken steps to make that happen.
Having a charity financial reserves policy will ensure you are able to maintain adequate free reserves to enable you to manage any reasonably foreseeable contingency. If your reserves are too low, you put your charity’s future at risk and, if too high, funders may be unwilling to support you. Your reserves policy should set out how:
The CEF has a toolkit you can use to assess your financial sustainability and a simpler one for small charities. It also has toolkits that help you reduce your costs without reducing impact and how to maintain cash flow in an emergency.
Find funders using the Funding Finder database and 50+ funder lists. Health check your charity in half a day, access the huge resource base, including 100s of organisations that provide free help and resources, and achieve the Quality Mark.
Fast, Simple And Everything Is Free
To find the free help and funding you need – Register Now