Skip to NavigationSkip to content

What is risk management?

 

The following definition of effective risk management for charities is adapted from the Turnbull report:

"A charity's system of internal control has as its principal aim the management of risks that are significant to the fulfilment of its charitable objectives, with a view to safeguarding the charity's assets and ensure the charity is effectively fulfilling its objectives."

Risk and opportunity

Risk management does not have to be seen as a threatening or negative activity. Instead risk can be seen as an opportunity.

For example, the advent of the contract environment where voluntary organisations now compete in tender exercises to run welfare services funded by public bodies. If voluntary organisations do not tender for such work they risk missing out on obtaining resources to further deliver their mission. However, in tendering for such services they equally need to be mindful that getting the cost wrong or not being able to deliver against the project brief could result in the organisation losing the contract and even worse, being asked to repay the amount they have received.

Risk is not just about money and downside it is about understanding the reasons for undertaking an activity, reviewing what is required and coordinating activities to deliver and benefit from increased resources. This example illustrates moving the perception of risk from being a defensive isolation activity to instead making risk management proactive.

The British Standards Institute in 2007 issued a consultation document on a code of practice for risk management BS31100

The key risk management proposals listed below illustrate the wide coverage of risk management, which is an activity that is constantly undergoing change and requires constant monitoring:

  1. Systematic and structure Risk Management
  2. Evidence based risk management
  3. Addressing uncertainty and its causes
  4. Risk management as part of decision making
  5. Human factors and behaviour
  6. Adding benefit and value
  7. Tailoring Risk Management
  8. Transparency and inclusion of Stakeholders
  9. Responding to Change
  10. Enterprise Risk Management

As the headings identify, risk management embraces all aspects of the organisation.

This framework should be read in conjunction with the NCVO 10-point plan which provides a useful framework for voluntary organisations embarking on risk management.

 

 

 

Proactive risk management

Proactive risk management involves identifying risks and then taking a deliberate course of action to either:

  • Minimise the impact of risk for example with contingency planning.
  • Accept the risk.
  • Transfer the risk (insurance).
  • Reduce the risk (if complete avoidance is impossible or disproportionately expensive in time or money).
  • Monitor the risk and potentially exploit the upside for example: environmental charities have traditionally seen Landfill site operators as enemies, however, under the 1996 Landfill Tax Regulations such companies can divert a proportion of their tax liability to charities that have prevention of pollution of land as their purpose.

Internal control systems

Underpinning proactive risk management is a sound internal control system, which:

  • Can respond to significant risks
  • Is embedded in day to day processes
  • Is capable of responding to external and internal changes
  • Can immediately report major control weaknesses

An internal control system will provide a trustee board with reports on:

  • Identification, evaluation and management of key risks
  • Assessment of effectiveness of related controls
  • Actions to remedy weaknesses including considering costs and benefits
  • The adequacy of monitoring of internal control system
  • The process supporting reporting

Having such information will not only meet the SORP requirements but will give comfort to the trustees that their charity is well run.

Balancing objectives

Charitable organisations need to be clear about their key objectives and the risks associated with achieving those objectives. For example, objectives might be:

  • To grow public donations by 10% per annum
  • To meet the needs of our client group by 80% within the next two years
  • To comply with legislation
  • To safeguard stakeholder interests

Once identified two questions need to be answered:

  1. What risks would prevent us from meeting these objectives?
  2. What controls could we adopt to minimise risks to an acceptable level?

Inevitably this leads to balancing the charity objectives against the control objectives.

Example: Board concerned about its overall risk strategy and compliance with the SORP

Undertake potential full reviews of methods and processes organisation uses, and recognise, manage and harness the power of risk to ensure compliance.

Example: Board concerned with potential level of fraud

Idenitfy potential areas of fraud and establish of effective fraud prevention and detection function.

Example: Board of a children's charity concerned about confidentiality and security of data

Undertake comprehensive review of IT security policy including compliance with relevant legislation, that is Data Protection Act.

Further resources

Many accountancy and audit practices that specialise in charities - for example Kingston Smith LLP - have prepared a risk management pack for charities which provide practical guidance.

See also:

Back to top

Updated August 2007 

 

  • Was this page useful?

Charity Fundraising Ltd: Bid Writing - Contract Tenders - Strategy - Funder Research - Training - Tel: 01394 610581

Greenwich Borough: ex-offenders and substance misuse contract tenders

LASA advert

Social Enterprise Exchange

Pensions Trust

 

a site by SiftGroups