UK Charity Risk Management Policy & Risk Register - A Guide And Sample Templates That Anyone Can Use

This charity risk management policy guide explains the basics of risk management and assessment. It gives you a simple 3 step process to use and sample templates for your own risk policy and risk register and includes having a charity reserves policy. It can be used for everything from trustee risk planning to assessing and managing charity shop and fundraising event risk.

Charity Risk Management Planning - Policy & Register

There are risks in everything charities do and additional potentially huge risks in the outside world.  Here are the basics of risk management explained simply and a 3 step process to manage risk, including sample templates that will enable you to create your risk management policy and register. 

Why Is Risk Management Important To Charities?

The years of austerity after the 2008 recession left many charities vulnerable and Covid then had a furter huge impact.  Staff and volunteers are hard pressed and demand increasing, but few charities have much in the way of financial reserves with which to respond to that.  Charities are now less able to manage risk and the world is now more uncertain than ever.  

Risk covers every area of charity activity, there are a huge variety of risks different ways to use risk management registers, but many don't really understand risk or how to manage it effectively.  This toolkit gives you an understanding of the fundamentals and how risk can be managed that you can apply in any charity. 

Risk Management Made Simple, Quick & Free

Register with Charity Excellence and use it's risk management questionnaire to assess your charity's risk management, including access to a huge range of toolkits, guides and other resources to help you.  

Fast, Simple And Everything Is Free

To find the free help and funding you need – Register Now

What Is Charity Risk?

Charity risk is often defined as the likelihood that a hazard will materialise, but that's not quite correct.  Risk is about uncertainty and that can also be something good.  The large funding bid you has very little expectation of securing comes in or your staff and volunteers achieving far beyond what was realistically achievable in the face of a crisis.  Upside risk is rarely taken into account in charity risk registers.  I'm not saying you should, but recognise that is not the whole story.  Here's a simple 3 stage process to manage your risk. 

Step 1 - Identifying Risks For Your Charity

We are faced with a huge range of risks, so the first step is to identify what that might look like. It can help to separate these into categories, such as strategic, financial, operational, reputational, legal/compliance, governance, IT/cyber, people etc. 

Don't just focus on the obvious ones, but rather identify as many as possible.  Sometimes the greatest risks are the ones we don't think about.  Here are some examples.

  • Strategic - failure to create a deliverable strategic plan, failure to identify and respond to major external issues.
  • Financial - fail to secure adequate income, fraud, fail to use resources effectively.  
  • Operational - injury to a beneficiary, project/activity delayed or not delivered, loss of premises. 
  • Reputational - damaging media coverage, unable to articulate a clear engaging message
  • Legal/Compliance - significant breach of data protection, safeguarding failing, health & safety incident.
  • Governance - lack of effective oversight, loss of key trustees, not managed effectively. 
  • IT - cyber-attack, virus, loss of systems or data. 
  • People - a toxic culture, loss of key people, unable to recruit adequate staff/volunteers, a serious HR issue.

There is an extensive list of potential risks that can be downloaded from the Charity Excellence Risk questionnaire. 

Step 2 - Assessing the Risk To Your Charity

Once you have identified the risks that matter to your charity you can assess these.  Riks has 2 components.  The probablity it will happen and the impact if it did.  Often the key risks are not those with greets impact, but those that have  aresonably high impact and a reasonable probability of happening. 

Here's simple risk assessment framework you can use, but there are lots of others.  For example, using numbers.  For example, if the probability was 3 on a scale of 5 and the impact 4 on a scale of 5, multiplying these gives a risk score of 12, where the lowest risk score is 1 and the highest 25.  The risks with the highest scores are the ones you most need to manage.   For financial risk, put a £ sign in front of the impact number. 

 

 

Probability – a risk will materialise

 

 

Low

Medium

High

Impact – if it did

Low

Very Low

Low

Medium

Medium

Low

Medium

High

High

Medium

High

Very High

Step 3 - How To Manage Charity Risk

You have 4 basic risk management options:

  • Avoid - eliminate the cause of a risk.
    • Switching off computers at cease work to remove the risk of thse catching fire.
  • Mitigate - reduce the impact, if a risk does occur.
    • Have fire equipment an devacuation procedures in case of fire.
  • Accept - if it's too small to merit committing resources, or uncontrolable/can't reasonably be foreseen, create a contingency plan.
    • A contingency plan if your premises become unoinhambitable due to the fire.  
  • Transfer - have a third part take on responsibility. 
    • Ensuring that you have adequate fire, or other insurance. 

Your Charity Risk Policy and Risk Management Register

In order to manage risk well, everyone needs to know what your attitude to risk is, how that is to be managed and reported, who is responsible for what and they need to have the necessary skills in order to do so.  That's what your risk policy does.  It can be detailed, but for smaller charities it could be as simple as copying this resource amending it to suit your needs and making sure that everyone who needs to knows what they need to do.  

A key component of that is your risk register and how you manage that. For larger charities there may be separate strategic, financial and operational risk registers, but for small ones it may be quite simple.  It should include the risks you need to manage, rate these in some way (gross risk), identify the action to be taken, who will be responsible for that and the impact this will have (net risk).  This needs to be reviewed by trustees on a regular basis and acted upon. Here's a simple risk register layout.  If you need these, you can download risk managemnt policy, register, risk scoring spreadsheet and a range of other risk tools and templates from the Charity Excellence risk questionnaire.  

Risk Area  Risk Gross Risk Mitigation Avoidance Net Risk Lead Notes 
Operations Loss of premises due to fire Medium Up-to-date fire survey an plan, and equipment Switch off all computers and VA equipment at cease work Low Ian Arrange fire survey April. Servicing due October
Governance Board Lack capacity skills High Arrange governance training Skills audit recruit 3 additional trustees Medium  Mohammed Have only 3 trustees. Skills audit Feb, recruitment Mar, training Jun
Finance Finances mismanaged Medium Create budget delegations and simple policy instructions, oversight by Finance Manager Include finance responsibilities in job descriptions, appraisal objectives and arrange induction/on the job training Low Susan Finance manager to liaise with HR support, proposal to board meeting Mar.

Charity Risk Management, Budgets And Annual Plans

Often business/annual/operations planning, the budget and risk management plan are seen as separate to each other, but are actually linked.  If you increase your targets in you annual plan, you either have to increase the risk, or the budget.  If you increase the budget income target to make this work, you increase the financial risk. If you cut the spend in your budget, you have to reduce your annual plan targets, or increase the risk.

That's not a problem, a slong as you make sure that when you chnage one, you consider and, if necessary, chnage another.  The Charity Excellence Sector Data Store shows many charities reporting effective planning to be an area of substantive weakness. Closing the budget income gap with a 'strectch target' is just wishful thinking, unless you've taken steps to make that happen.    

Managing Charity Financial Risk - Reserves Policy

Having a charity financial reserves policy will ensure you are able to maintain adequate free reserves to enable you to manage any reasonably foreseeable contingency.  If your reserves are too low, you put your charity’s future at risk and, if too high, funders may be unwilling to support you. Your reserves policy should set out how:

  • Much your charity needs to hold in reserve and why.
  • And when your charity’s reserves can be spent.
  • Often the reserves policy will be reviewed.

The CEF has a toolkit you can use to assess your financial sustainability and a simpler one for small charities.  It also has toolkits that help you reduce your costs without reducing impact and how to maintain cash flow in an emergency.  

 

Access All The Free Charity Resources & Free Funding Database

Find funders using the Funding Finder database and 50+ funder lists.  Health check your charity in half a day, access the huge resource base, including 100s of organisations that provide free help and resources, and achieve the Quality Mark.

Fast, Simple And Everything Is Free

To find the free help and funding you need – Register Now

The questions are phrased brilliantly - challenging how we prioritise our management time." Ecosystems Knowledge Network

Register Now