Why is risk management important?
Risk management is a key element of good governance which all charity trustees should be familiar with. The Charities Governance Code specifically calls on charity trustees to “identify any risks your charity might face and how to manage these risks”. Complex charities are required to “make sure there is a formal risk register that the board regularly reviews” as also stated in the Charities Governance Code. Having an appropriate risk management system in place helps to give charity trustees confidence that they have proper controls and procedures in place to deal with issues, in a proactive, measured way.
Who is responsible for addressing the risks a charity is exposed to?
While the primary responsibility lies with the charity trustees, managing risk in any charity is a collaborative process. It requires meaningful engagement from management and other key personnel within the charity.
What should charity trustees do to manage risks?
Charity trustees should ensure that they have a risk management system in place. There is no “one size fits all” approach to risk management but typically a risk management system should including the following:
- A Risk Register
- A Risk Management Policy
- A monitoring and reporting process, and
- A meaningful ‘risk aware’ culture throughout the organisation
How do charities implement a risk management system?
1. Identify the risk
The risks a charity may be exposed to will depend on:
- The nature of the charitable activities undertaken
- The size of the charity, and
- The structure within which it sits
For example, the type of risks facing a religious order operating a school will be very different to the risks facing a religious order which no longer carries out active ministry and is focused on caring for its members. Religious charities might typically consider risks under the following categories:
- Mission
- Governance
- Operational/external
- Financial
- Reputational
2. Evaluate the risk
Some risks are more significant than others. Therefore, it is important that charities have a method in place to evaluate the seriousness of the risk. Impact and probability are the two common methods used to evaluate risk. The former assesses the severity of the risk with the latter referring to the likelihood of the risk materialising. Charity trustees should consider what their appetite for risk is under each of the risk headings above and evaluate each individual risk against the overall “risk appetite” for the category it falls within.
3. Address the risk
Charity trustees should put a plan in place to assist in addressing the risk. This can include steps to avoid the risk occurring, but also mitigating steps to minimise the impact of the risk if it occurs. It should also be clear who is responsible for these steps.
4. Monitor the risk
Charity trustees should agree on the frequency with which a particular risk is monitored, typically based on the overall evaluation of the risk.
Once the charity trustees have engaged in this process, the risks, evaluation, mitigating steps and the identity of those responsible for the mitigating steps; and the frequency of monitoring should all be captured in the charity’s Risk Register. A Risk Management Policy should also be created. This is designed to put in place structures to help charity trustees plan how they will carry out these key steps.
When should charity trustees engage in this process?
Risk management is an important ongoing and constantly evolving process. It is designed to help charity trustees effectively manage their charities and assist in the stewardship of the charity’s funds and assets. Charity trustees should therefore ensure that risk management is a regular agenda item for their meetings throughout the year, not just a one off at the end of the year or when updating the Charities Governance Code.
Where can charity trustees get more information?
The Charities Regulator has published helpful guidance on risk management which can be found on their website. We also regularly assist our religious clients with risk management.
Conclusion
While the ultimate objective for charities is to avoid the occurrence of as many risks as possible, a pragmatic approach to risk, as set out above, seeks to minimise the impacts of these risks.
For more information and expert advice, please contact a member of our Charity Law and Not-for-Profit team.
The content of this article is provided for information purposes only and does not constitute legal or other advice.
People also ask
Why charities need to care about risk? |
Failure to effectively manage risk can jeopardise a charity’s ability to further their charitable objectives and can place the funds and assets of the charity at risk. |
Who is responsible for addressing the risks a charity is exposed to? |
While the primary responsibility lies with the charity trustees, managing risk in any charity is a collaborative process, requiring meaningful engagement from management and other key personnel within the charity |
What can charities do to manage risks? |
Charity trustees should ensure that they have a risk management system in place. |
