ARTICLE
18 July 2012

Managing Risk

SW
Smith & Williamson

Contributor

Smith & Williamson logo
Explore
Depending on the nature of the charity, trustees are either required or encouraged to state in their annual reports that they "have given consideration to the major risks to which the charity is exposed and satisfied themselves that systems or procedures are established in order to manage those risks".
UK Corporate/Commercial Law
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

The requirements

Depending on the nature of the charity, trustees are either required or encouraged to state in their annual reports that they "have given consideration to the major risks to which the charity is exposed and satisfied themselves that systems or procedures are established in order to manage those risks".

Trustees need to consider carefully whether they can make such a statement when approving the annual report and accounts. For all charities, whatever their size or reporting requirements, it will be necessary to make some degree of risk assessment.

What is a 'major' risk?

A 'major' risk is an event whose occurrence would have a significant adverse impact on an organisation. It is an event which (in the absence of some form of control) has a degree of probability of occurring. A massive earthquake in the UK is not a major risk because it is not probable. Depending on the location of a charity, the risk of some other forms of natural disaster may need consideration, for example flood risk.

What is the benefit of risk management?

Failure to identify and manage a risk can be costly. Without proper management or control, regulations surrounding the vetting of care staff, for example, can easily be breached. Intervention by regulators could result in a charity no longer being able to function. Financial implications could include reduced funding and costs of closure. There would also be considerable reputational damage.

In this example, failure to meet regulatory requirements is a major risk. Such charities will in most cases have identified this and responded by establishing processes and controls to ensure that the correct checks on staff are always undertaken.

Identifying risks

Identification of risks is best done by those involved in running the charity, both management and trustees. The starting point should be consideration of what could go wrong: what could stop the charity meeting its objectives?

It is helpful to categorise risks and their potential impact.

Financial

  • Funding is significantly reduced – the charity is unable to operate.
  • Trustees receive inadequate management information – inappropriate strategic decisions are made.

Operational

  • Breach of law or regulations – enforced closure of operations.
  • Shortage of appropriate staff – deterioration in standards and reputation leading to reduced funding.

Governance

  • Inability to recruit trustees with appropriate skills – poor strategic decision making.

External

  • Changes in government policy – reduced demand for services or reduced availability of funding.

Responding to risks

For some risks positive actions will already exist or can be introduced in response.

Monitoring cashflow forecasts throughout the year should avoid an unexpected deficit which could trigger a rapid and costly withdrawal from certain services.

For some risks, charities will not be able to influence whether they occur or not. The charity's response to such risks is to mitigate the impact of that risk coming to pass. Risks associated with changes in government policy will usually fall into this category.

Ownership and monitoring

An individual should be tasked with responsibility for managing each risk in accordance with the charity's agreed response. There should also be a means by which the implementation of risk management is monitored and trustees should ensure that they review the risks and receive assurance that the charity's considered response to major risk is in place.

Documentation

Whatever the approach to risk management, it should be documented in some form. This could be a simple table or something more complex, such as a framework that involves the scoring of risks according to likelihood of occurrence and level of impact both at a 'raw' level and after taking account of mitigating factors and controls in place.

There should be regular reconsideration of what the major risks are as these will change over time. It is therefore important that the format of documentation is accessible and easily understood and is conducive to reassessment and revision.

For major organisations risk management will be a highly developed process but whatever the size of entity, trustees should be mindful of the major risks facing their charity. Where the risk is unavoidable, charities should take steps to mitigate any adverse impact of possible future events.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.

Authors
Person photo placeholder
Julie Mutton
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More