Charity Risk Register [inc Free Template]
Published: May 10th, 2021
Author: Matthew Quinn
Categories: Risk Assessment Risk Management
Creating a charity risk register from scratch can be a challenge. Particularly if you are new to the field. In this article we will look at the Charity Commission guidelines and what to include in your charity risk register.
Also included is a risk register template. This is based on the Charity Commission’s own guidance. The register can be downloaded for free using the link below.
Who is responsible for Risk Management in a charity?
The responsibility for the management and control of a charity rests with the trustee body. Therefore, their involvement in the key parts of the risk management process is essential. Especially with regards to setting the parameters of the process and reviewing the results.
However, this does not mean that the trustees must undertake each aspect of the process themselves. In many charities, the trustees are likely to delegate elements of the risk management process to staff or professional advisors.
What are the Risk Management Requirements?
In England & Wales, certain charities are under an obligation (i.e. they are legally required) to manage their risks.
Whether or not you must comply depends on your charity’s annual income. The Charity Commission’s guidance breaks down the requirements as follows:
“All charities that are under a legal requirement to have their accounts audited must make a risk management statement in their trustees’ annual report.
The statutory audit thresholds effective from 1 April 2009 are:
-an income of £500,000 or more or
-a gross income exceeding £250,000 with gross assets held exceeding £3.26 million”.
If your charity is legally required to have its accounts audited, you must also make a risk management statement in your trustees’ annual report.
Charities whose incomes are below the audit thresholds are not legally required to include a risk management statement. However, they “are encouraged to make a risk management statement as a matter of good practice.”
In the Charity Commission’s view, they should also produce a risk management statement unless there is good reason not to.
What should a Risk Management Statement include?
The point of a risk management statement is to give your trustees an insight into how your charity handles risk. It should also give readers an understanding of the major risks your charity is exposed to.
You can also use the statement to comment on any further developments of your risk management process/procedures.
There is no template for the risk management statement. According to the Charity Commission, the “form and content of the statement is likely to reflect the size and complexity of an individual charity’s activities and structure.”
The Commission is not requiring a detailed analysis of the risk assessment process and results. “A narrative style that addresses the key aspects of the requirements is acceptable.”
What should be included, as a minimum is:
-an acknowledgement of the trustees’ responsibility
-an overview of the risk identification process
-an indication that major risks identified have been reviewed or assessed
-confirmation that control systems have been established to manage those identified risks.
Many charities, particularly those who are larger or have more complex activities, will expand on this basic approach.
Where a more detailed approach is required, the Charity Commission recommends adopting the following broad principles:
-a description of the major risks faced
-the links between the identification of major risk and the operational and strategic objectives of the charity
-procedures that extend beyond financial risk to encompass operational, compliance and other categories of identifiable risk
-the link between risk assessment and evaluation to the likelihood of its occurrence and impact should the event occur
-a description of the risk assessment processes and monitoring that are embedded in management and operational processes
-trustees’ review of the principal results of risk identification processes and how they are evaluated and monitored
How should you manage risk day to day (Charity Risk Register)?
Knowing the requirements and putting them into practice are two different things. Many charities have a good grasp of some of their risks (e.g. financial risks), but are unsure about how to identify others (e.g. operating risks).
There are a number of organisations charities can turn to for further advice.
For charities registered in England & Wales, the Charity Commission’s website offers a range of guidance and helpful explainers.
Unfortunately, there is no Charity Commission risk register template available to download. Charities looking for such can find one on the NCVO’s website (though you have to be a member) or can make use of our Free Template (see image above).
Smaller charities can also take advantage of the Small Charities Coalition’s resources, though, as with the NCVO, you must be a member to access and download them.