UK Charity Risk Register Template, Risk Management Policy and Risk Assessment

A UK charity risk register template and risk management policy guide, which also explains risk assessment and the Charity Commission policy on risk management. 

UK Charity Risk Register Template and Risk Management Policy

A UK charity risk register template and risk management policy guide, which also explains risk assessment and the Charity Commission policy on risk management.  Register (everything is free), then login, to download this policy using the in-system AI bunny and a range of other charity risk templates by scoring the Risk questionnaire.

What Are a Charity Risk Register and Risk Management Policy?

A charity risk register and risk management policy are the 2 key tools most charities use to manage risk.  These can vary from fairly complex systems to a simple risk assessment template for your charity fete.

  • Your risk management policy details how and who will manage risk.
  • Your charity risk register details the risks, your assessment of each and what will be done to manage these.

You can download Word/Excel versions of these and a variety of other charity risk management templates from the Risk questionnaire.

The links to guidance and laws in these apply only to a UK charity.  Links to the Charity Commission risk guidance are at the bottom.

Charity Risk Management Planning - Policy & Register

There are risks in everything charities do and additional potentially huge risks in the outside world.  Here are the basics of risk management explained simply and a 3 step process to manage risk, including sample templates that will enable you to create your risk management policy and register.

Why Charity Risk Management Is Important

Staff and volunteers are hard pressed and demand increasing, but few charities have much in the way of financial reserves with which to respond to that.  Charities are now less able to manage risk and the world is now more uncertain than ever.

Risk covers every area of charity activity and there are a huge variety of risks different ways to use risk management registers, but many don't really understand risk or how to manage it effectively.  This toolkit and templates gives you an understanding of the fundamentals and how risk can be managed that you can apply in any charity.

Risk Management Made Simple, Quick & Free

Register with Charity Excellence and use its risk management questionnaire to assess your charity's risk management, including access to a huge range of toolkits, guides and templates to help you.  Plus, 3 online directories Funding FinderHelp Finder and Data Finder and 100+downloadable funder lists.

Quick, simple and very effective.

Find Funding, Free Help & Resources - Everything Is Free.

Register Now!

Charity Risk Definition

Charity risk is often defined as the likelihood that a hazard will materialise, but that's not quite correct.  Risk is about uncertainty and that can also be something good.  The large funding bid you has very little expectation of securing comes in or your staff and volunteers achieving far beyond what was realistically achievable in the face of a crisis.  Upside risk is rarely taken into account in charity risk registers.  I'm not saying you should, but recognise that is not the whole story.  Here's a simple 3 stage process to manage your risk.

Step 1 Charity Risk Register - Identifying Risks

Charities are faced with a huge range of risks, so the first step is to identify what that might look like. It can help to separate these into categories, such as strategic, financial, operational, reputational, legal/compliance, governance, IT/cyber, people etc.

Don't just focus on the obvious risks, but rather identify as many as possible.  Sometimes the greatest risks are the ones we don't think about.  Here are some examples.

  • Strategic - failure to create a deliverable strategic plan, failure to identify and respond to major external issues.
  • Financial - fail to secure adequate income, fraud, fail to use resources effectively.
  • Operational - injury to a beneficiary, project/activity delayed or not delivered, loss of premises.
  • Reputational - damaging media coverage, unable to articulate a clear engaging message
  • Legal/Compliance - significant breach of data protection, safeguarding failing, health & safety incident.
  • Governance - lack of effective oversight, loss of key trustees, not managed effectively.
  • IT - cyber-attack, virus, loss of systems or data and the growing AI risk.
  • People - a toxic culture, loss of key people, unable to recruit adequate staff/volunteers, a serious HR issue.

There is an extensive list of potential risks that can be downloaded from the Charity Excellence Risk questionnaire.

Step 2 - Charity Risk Assessment Template

Once you have identified the risks that matter to your charity you can carry out a risk assessment.  Risk has 2 components.  The probability it will happen and the impact if it did.  Often the key risks are not those with great impact, but those that have a reasonably high impact and a reasonable probability of happening.

Here's a simple risk assessment template you can use, but there are lots of others, such as using numbers.  For example, if the probability was 3 on a scale of 5 and the impact 4 on a scale of 5, multiplying these gives a risk score of 12, where the lowest risk score is 1 and the highest 25.  The risks with the highest scores are the ones you most need to manage.   For financial risk, put a £ sign in front of the impact number.

Probability – a risk will materialise
Low Medium High
Impact – if it did Low Very Low Low Medium
Medium Low Medium High
High Medium High Very High

Step 3 - Charity Risk Management Template

Here's a simple risk management template that explains the 4 basic risk management options.

Risk Management Action Example
Avoid  Eliminate the cause of a risk. Switching off computers at cease work to remove the risk of these catching fire.
Mitigate Reduce the impact, if a risk does occur. Have fire equipment and evacuation procedures in case of fire.
Accept  If it's too small to merit committing resources, or uncontrollable/can't reasonably be foreseen, create a contingency plan. A contingency plan if your premises become uninhabitable due to the fire.
Transfer Have a third part take on responsibility. Ensuring that you have adequate fire, or other insurance.

Your Charity Risk Register and Risk Management Policy

In order to manage risk well, everyone needs to know what your attitude to risk is, how that is to be managed and reported, who is responsible for what and they need to have the necessary skills in order to do so.  That's what your risk policy does.  It can be detailed, but for smaller charities it could be as simple as copying this resource amending it to suit your needs and making sure that everyone who needs to knows what they need to do.

A key component of that is your risk assessments and register and how you manage that. For larger charities there may be separate strategic, financial and operational risk registers, but for small ones it may be quite simple.  our charity risk register should include the risks you need to manage, rate these in some way (gross risk), identify the action to be taken, who will be responsible for that and the impact this will have (net risk).  This needs to be reviewed by trustees on a regular basis and acted upon. Here's a simple risk register template.  If you need these, you can download risk management policy, risk register, risk assessment templates and scoring spreadsheet and a range of other risk management tools and templates from the Charity Excellence risk questionnaire.

Risk Area Risk Gross Risk Mitigation Avoidance Net Risk Lead Notes
Operations Loss of premises due to fire Medium Up-to-date fire survey an plan, and equipment Switch off all computers and VA equipment at cease work Low Ian Arrange fire survey April. Servicing due October
Governance Board Lack capacity skills High Arrange governance training Skills audit recruit 3 additional trustees Medium Mohammed Have only 3 trustees. Skills audit Feb, recruitment Mar, training Jun
Finance Finances mismanaged Medium Create budget delegations and simple policy instructions, oversight by Finance Manager Include finance responsibilities in job descriptions, appraisal objectives and arrange induction/on the job training Low Susan Finance manager to liaise with HR support, proposal to board meeting Mar.

Charity Risk Management - Budgets And Annual Plans

Often business/annual/operations planning, the budget and risk management register are seen as separate to each other, but are actually linked.  If you increase your targets in you annual plan, you either have to increase the risk, or the budget.  If you increase the budget income target to make this work, you increase the financial risk. If you cut the spend in your budget, you have to reduce your annual plan targets, or increase the risk.

That's not a problem, as long as you make sure that when you change one, you consider and, if necessary, change another.  The Charity Excellence Sector Data Store shows many charities reporting effective planning to be an area of substantive weakness. Closing the budget income gap with a 'stretch target' is just wishful thinking, unless you've taken steps to make that happen.

Charity Financial Risk Management - Reserves Policy

Having a charity financial reserves policy will ensure you are able to maintain adequate free reserves to enable you to manage any reasonably foreseeable contingency.  If your reserves are too low, you put your charity’s future at risk and, if too high, funders may be unwilling to support you. Your reserves policy should set out how:

  • Much your charity needs to hold in reserve and why.
  • And when your charity’s reserves can be spent.
  • Often the reserves policy will be reviewed.

The CEF has a toolkit you can use to assess your financial sustainability and a simpler one for small charities.  It also has toolkits that help you reduce your costs without reducing impact and how to maintain cash flow in an emergency.

Charity Commission Risk Management Policy & Risk Register Guidance

Charity Commission CC26 (Charities and risk management) details the Commission's policy guidance to charities on risk management and risk registers. And there is also Charities: due diligence, monitoring and verifying the end use of charitable funds.

Charity Risk Management Policy FAQs

  • Is a charity required to have a risk management policy?  Charities are not required to have a risk management policy, but charity trustees are required to review and assess their charity's risks and to manage these, and having a policy is a good way to do so.
  • What is the Charity Commission risk guidance?  The Commission has published Charities and risk management (CC26), which outlines the basic principles and strategies that can be applied to help charities manage their risks.
  • What should be included in a risk management policy? A charity risk management policy usually includes the types of risks in the register, the criteria for adding/removing risks from the register, who will review the risk register and how often it will be reviewed.

Charity Risk Register FAQs

  • Does a charity have to have a risk register?  A charity doesn't need to have a risk register but trustees are responsible for managing their charity's risk and a register provides a structured approach that doesn't have to be time consuming nor complex.
  • What should be in a charity risk register?  A charity risk register should include the key risks the trustees need to manage, often including finance, income, people, governance and communications, their quantification of each risk, the action being taken to manage it and by whom.
  • What is a non profit risk assessment?  A charity risk assessment is the process of identifying risks, quantifying these in terms of their likelihood and impact if they did happen, identifying action to manage the key risks and who will do so.
  • How do you manage risks in a charity?  Risk in a charity is managed by the trustees following the risk management cycle of risk identification, quantification, avoidance and mitigation action, allocating responsibility and ongoing monitoring and review.

Charity Risk Assessment FAQs

  • What are the key risks for a charity?  A charity's key risks are those that are so significant the trustees feel these must be managed.  What these are will vary depending on a charity's role and activities but often securing income and safeguarding are key risks.
  • What are the financial risks for a charity?  The biggest financial risk for many charities is income generation but others can include control of expenditure, compliance, financial management and decision making, record keeping, fraud and cybercrime.
  • What are strategic risks for charities?  Charity strategic risks may be external, such as a recession, or internal.  Internal risks may relate to a major change in activities, or failures in managing strategy, such as poor planning or failure to implement effectively.
  • How can risk be reduced?  The risk your charity faces can be reduced in 4 main ways.  Avoidance, mitigation, insuring against risks, such as fire and legal action, or transferring responsibility to another organisation, such as by contracting it out.
  • What is risk avoidance?  Risk avoidance is action taken to minimise the likelihood of a risk happening.  For example, switching off electrical equipment to minimise the risk of a fire.
  • What is risk mitigation?  Risk mitigation is action taken to minimise the impact of a risk if it were to occur.  For example, fire extinguishers to put a fire out.
  • How is risk measured? Risk is measured by multiplying the likelihood (probability) of a risk occurring by the estimated impact if it did in various ways, including using percentages, low/medium/high, numbers and/or a currency.
  • What is gross risk?  Gross risk is the total quantified risk facing a non profit before risk avoidance and mitigation action is taken to minimise the likelihood of risks occurring and the impact if they did.

A Free One Stop Shop for Everything Your Charity Needs

A registered charity ourselves, the CEF works for any non profit, not just charities.

Plus, 100+downloadable funder lists, 40+ policies, 8 online health checks and the huge resource base.

Quick, simple and very effective.

Find Funding, Free Help & Resources - Everything Is Free.

Register Now!

To access help and resources on anything to do with running a charity, including funding, click the AI Bunny icon in the bottom right of your screen and ask it short questions, including key words.  Register, then login and the in-system AI Bunny is able to write funding bids and download 40+ charity policy templates as well.

This Resource Doesn't Constitute Professional Opinion

I have worked in the sector at senior level for many years and hold various professional qualifications but am not an accountant, nor a lawyer and no advice can be applicable to all organisations, in all circumstances, so this resource is no more than a guide to understanding.  Essentially, I've summarised the regulatory guidance and augmented this with my own experience and Internet research to create a layman's guide, with links to the source guidance. I hope you found it useful, but I am not competent to provide professional advice.  If you need it, use Help Finder to find pro bono support.

Register Now
We are very grateful to the organisations below for the funding and pro bono support they generously provide.

With 40,000 members, growing by 2000 a month, we are the largest and fastest growing UK charity community. How We Help Charities

View our Infographic

Charity Excellence Framework CIO

14 Blackmore Gate
United Kingdom
HP22 5JT
charity number: 1195568
Copyrights © 2016 - 2024 All Rights Reserved by Alumna Ltd.
Terms & ConditionsPrivacy Statement
Website by
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram