Risk Policy
Table of Contents
Potential Risk Areas
Introduction
The following Governance, Organisational and Financial risks have been identified as potential areas to be reviewed on a regular basis. Not all of these areas will be relevant at any particular time but all are of potential relevance. This document will be reviewed on an annual basis to identify any particular areas that require attention at that time.
Governance Risks
| Potential Risk | Potential Impact | Steps to mitigate risk |
| The Charity lacks direction, strategy and forward planning |
|
|
| Trustee body lacks relevant skills or commitment | o Charity becomes morbund or fails to achieve its purposeo Decisions are made bypassing the Trusteeso Resentment or apathy amongst staffo Poor decision making reflected in poor value for money or service delivery | o Review and agree skills required o Draw up competence framework and job descriptions o Implement Trustee training and induction o Review and agree recruitment process |
| Trustee body dominated by one or two individuals, or by connected individuals | o Trustee body cannot operate effectively as a strategic body Decisions made outside of Trustee bodyo Conflicts of interesto Pursuit of personanl agendao Culture of secrecy or deferenceo Artitrary over-riding of control mechanisms | o Consider the structure of the Trustee body and it’s independenceo Agree mechanisms to manage potential conflicts of interesto Review and agree recruitment and appointment processes in line with governing documento Agree procedural framework for meetings and recording decisions |
| Trustees are benefiting from Charity (e.g. remuneration) | o Poor reputation, morale and ethos o Adverse impact on overall control environment o Conflicts of Interest o Possiblity of regulatory action | o Ensure legal authority for payment or benefit o Consider alternative staffing arrangements o Implement terms and procedures to o Agree procedures and methods to establish fair |
| Conflicts of Interest | o Charity unable to pursue its own interests and agendao Decisions may not be based on relevant considerationso Impact on reputationo Private benefit | o Agree protocol for disclosure of potential conflicts of interesto Put in place procedures for standing down on certain decisionso Review recruitment and selection processes |
Governance Risks cont….
| Potential Risk | Potential Impact | Steps to mitigate risk |
| Ineffective organisational structure | o Lack of information flow and poor decision making procedureso Remoteness from operational activitieso Uncertainty as to roles and dutieso Decisions made at inappropriate level or excessive bureaucracy | o Use organisation chart to create a clear understanding of roles and dutieso Delegation and monitoring should be consistent with good practice and constitutional or legal requirementso Review structure and the need for constitutiono Define Trustee roles with clarity of responsibilities e.g. Fundraising, Safeguarding, Events etc.o Agree clear decision making protocol |
| Activities potentially outside objects, powers or terms of gift (restricted funds) | o Loss of funds available for beneficiary class o Liabilities to repay Funders o Loss of funder confidence o Potential breach of trust and regulatory action o Loss of beneficiary confidence o Taxation implications (if non qualifying | o Agree protocol for reviewing new projects to ensure consistency with objects, powers and terms of fundingo Create financial systems to identify restricted funds and their application |
| Loss of key staff, volunteers | o Experience or skills lost o Operational impact on key projects and priorities o Loss of contact base and corporate knowledge | o Succession planning o Document systems, plans and projects o Implement training programmes o Agree notice periods and hand overs o Review and agree recruitment processes o Ensure key volunteers and staff are given the |
Environmental Factors
| Potential Risk | Potential Impact | Steps to mitigate risk |
| Public perception | o Impact on voluntary income o Impact on use of services by beneficiaries o Ability to access grants or contract funding | o Communication with supporters and beneficiaries o Ensure good quality of reporting of the charity’s o Implement public relations training/procedures |
| Adverse publicity | o Loss of donor confidence or funding o Loss of influence o Impact on morale of staff o Loss of beneficiary confidence | o Implement complaints procedures (both internal and external)o Agree proper review procedure for complaintso Agree crisis management strategy for handling – including consistency of key messages and a nominated spokesperson |
Operational Risks
| Potential Risk | Potential Impact | Steps to mitigate risk |
| Poor Service provision – low customer satisfaction | o Beneficiary complaints o Loss of fee income o Loss of significant contracts or claims under o Negligence claims o Reputational risks | o Agree quality control procedures o Implement complaints procedures o Benchmark services and implement complaints o Consult with, listen to and involve those with o Learn from and respond to complaints – be |
| Project or service development | o Compatibility with objects, plans and priorities o Funding and financial viability o Project viability o Skills availability | o Appraise project, budgeting and costing procedureso Review authorisation procedureso Review monitoring and reporting procedureso Clarity of responsibility for projects and services or aspects of them |
| Lack of clarity on what we are fundraising for and our medium/long term objectives | o Unsatisfactory returns o Reputational risks of campaign or methods used o Actions of agents and commercial fund raisers o Compliance with law and regulation o Fund raising reduces or does not meet charity’s o Supporters are reluctant to fundraise on our | o Implement appraisal, budgeting and authorisation procedureso Review regulatory complianceo Monitor the adequacy of financial returns achieved (benchmarking comparisons)o Stewardship reporting in annual reporto Encourage and enable individual supporters (including non-members) to fundraise on our behalfo Improve transparency on how we spend funds we raise to benefit people affected by RTS |
| Inability to recruit and retain volunteers | o Lack of competences, training and support o Poor service for beneficiaries o Inadequate vetting and reference procedures o Recruitment and dependency o Responsibilities and extent of activities fall to | o Review an agree role, competencies o Review and agree vetting procedures o Review and agree training and supervision o Agree development and motivation initiative o Agree awareness raising and motivation initiative o Agree awareness raising and recruitment strategy o Agree how volunteers would be supported, |
| Health & Safety environment | o Volunteer/staff injury o Product or service liability o Ability to operate (see Compliance Risks) o Injury to beneficiaries and the public | o Comply with law and regulation o Train staff and volunteers in Health & Safety o Raise awareness of Health & Safety issues and o Put in place monitoring and reporting procedures o Regularly review and assess required insurance |
Operational Risks cont …
| Potential Risk | Potential Impact | Steps to mitigate risk |
| Procedural and systems documentation inadequately managed | o Lack of awareness of procedures and policies o Actions taken without proper authority o Outdated policies and procedures in circulation o Confusion re document management/version control | o Property document policies and procedures o Audit and review of systems o Allocate responsiblity for document management o Establish system for agreeing and changing |
| Inadequate knowledge and use of information technology | o Systems fail to meet operational need o Failure to innovate or update systems o Loss/corruption of data e.g. donor based o Lack of technical support o Breach of GDPR law o Waste of staff/volunteer time and effort in | o Appraise system needs and options o Appraise security and authorisation procedures o Implement measures to secure and protect data o Agree implementation and development procedures o Use service and support contracts o Create disaster recovery procedures o Consider outsourcing o Review insurance cover for any insurable loss o Buy in expertise when needed to maximise use and |
Compliance Risk
| Potential Risk | Potential Impact | Steps to mitigate risk |
| Compliance with legislation and regulations appropriate to the activities, size and structure of the Charity | o Fines, penalties or censure from licensing or activity regulatorso Loss of licence to undertake particular activity (see operational risks)o Employee or consumer action for negligenceo Reputational risks | o Identify key legal and regulatory requriements Allocate responsibility for key compliance procedures o Put in place compliance monitoring and reporting o Prepare for compliance visits o Obtain compliance reports from regulators (where |
Financial Risks
| Potential Risk | Potential Impact | Steps to mitigate risk |
| Poor/inadequate budgetary control and financial reporting | o Budget does not match key objectives and prioritieso Decisions made on inaccurate financial projections or reportingo Decisions made based on unreliable costing data or income projectionso Inability to meet commitments or key objectiveso Poor credit controlo Poor cash flow and treasury mangemento Ability to function as going concerno Not meeting legal compliance | o Link budgets to business planning and objectives o Monitor and report in a timely and accurate way o Use proper costing procedures for product or o Ensure adequate skills base to produce and o Agree procedures to review and action budget/cash o Regularly review reserves and investments o Ensure reporting in an accessible way to enable |
| Inadequate reserves policies | o Lack of funds or liquidity to respond to new needs or requirementso Inability to meet commitments or planned objectiveso Reputational risks if policy cannot be justifiedo Failure to comply with Charity Regulations | o Link reserves policy to business plans, activities and identified financial and operating risko Regularly review reserves policy and reserve levelso Use reserves for the benefit of people with and affected by RTS as required |
| Cashflow does not meet needs | o Inability to meet commitments o Lack of liquidity to cover variance in costs o Impact on operational activities | o Ensure adequate cash flow projections (prudence of assumptionso Identify major sensitivitieso Ensure adequate information flow from operational managerso Monitor arrangements and reporting |
| Failure to comply with donor imposed restrictions | o Funds applied outside restriction o Repayment of grant o Adverse effect on future relationship with donors o Regulatory action o Reputational damage | o Implement systems to identify restricted receipts o Agree budget control, monitoring and reporting o Allocate responsibility for contract management |
| Fraud or error | o Financial loss o Reputational risk o Loss of volunteer/staff morale o Regulatory action o Impact on funding | o Review financial control procedures o Segregate duties o Set authorisation limits o Agree whistle-blowing anti-fraud policy o Review security of assets o Identify insurable risks/take legal action as o Involve external agencies as required |
Date of origin/ acceptance by Trustees
2 Year review due
Comments