Risk Analysis

Potential RiskPotential ImpactSteps to Mitigate Risk
Too few Trustees to carry out current commitments and future development• The charity fails to adequately support people living with RTS
• Pressure on current Trustees becomes intolerable and could impact mental health
• Trustees step down
• The charity’s reputation and image is adversely affected
• Trustee recruitment becomes more difficult
• The charity is wound down
• Ensure plans are aligned to resources available for delivery
• Have clearly defined roles with clearly identified responsibilities with capacity for delivery by one individual
• Monitor how much time is spent by individual Trustees
• Break down roles into bite-sized chunks
• Run specific recruitment for individual roles
The charity lacks direction, strategy and forward planning• the charity drifts with no clear objectives, priorities or plans
issues are addressed piecemeal with no strategic reference
needs of beneficiaries not fully addressed
financial management difficulties
loss of reputation
• create a strategic plan which sets out the key aims, objectives and policies
create financial plans and budgets
use job plans and targets
monitor financial and operational performance
get feedback from beneficiaries and funders
Trustee body lacks relevant skills or commitmentcharity becomes moribund or fails to achieve its purpose
decisions are made bypassing the trustees
resentment or apathy amongst staff
poor decision making reflected in
poor value for money on service delivery
review and agree skills required
draw up competence framework and job descriptions
implement trustee training and induction
review and agree recruitment processes
Trustee body dominated by one or two individuals, or by connected individualstrustee body cannot operate effectively as strategic body
decisions made outside of trustee body
conflicts of interest
pursuit of personal agenda
culture of secrecy or deference
arbitrary over-riding of control mechanisms
consider the structure of the trustee body and its independence
agree mechanisms to manage potential conflicts of interest
review and agree recruitment and appointment processes in line with governing document
agree procedural framework for
meetings and recording decisions
Trustees are benefiting from charity (e.g. remuneration)poor reputation, morale and ethos
adverse impact on overall control environment
conflicts of interest
possibility of regulatory action
ensure legal authority for payment or benefit
consider alternative staffing arrangements
implement terms and procedures to authorise/approve expenses and payments
agree procedures and methods to establish fair remuneration conducted separately from ‘interested’ trustee (remuneration committee/benchmarking exercise etc)
Conflicts of interestcharity unable to pursue its own interests and agenda
decisions may not be based on relevant considerations
impact on reputation
private benefit
agree protocol for disclosure of potential conflicts of interest
put in place procedures for standing down on certain decisions
review recruitment and selection processes
Ineffective organisational structurelack of information flow and poor decision making procedures
remoteness from operational activities
uncertainty as to roles and duties
decisions made at inappropriate level or excessive bureaucracy
use organisation chart to create a clear understanding of roles and duties
delegation and monitoring should be consistent with good practice and constitutional or legal requirements
review structure and the need for constitution
define trustee roles with clarity of special responsibilities e.g. fundraising, safeguarding, events etc.
agree clear decision making protocol
Activities potentially outside objects, powers or terms of gift (restricted funds)loss of funds available for beneficiary class
liabilities to repay funders
loss of funder confidence
potential breach of trust and regulatory action
loss of beneficiary confidence
taxation implications (if non- qualifying expenditure)
agree protocol for reviewing new projects to ensure consistency with objects, powers and terms of funding
create financial systems to identify restricted funds and their application
Loss of key staff/volunteersexperience or skills lost
operational impact on key projects and priorities
loss of contact base and corporate knowledge
succession planning
document systems, plans and projects
implement training programmes
agree notice periods and handovers
review and agree recruitment processes
ensure key volunteers and staff are given opportunity to develop skills, stay motivated and thus maximise retention
Poor service provision – low customer satisfactionbeneficiary complaints
loss of fee income
loss of significant contracts or claims under contract
negligence claims
reputational risks
agree quality control procedures
implement complaints procedures
benchmark services and implement complaints review procedures
consult with, listen to and involve those with ideas on how to address need, develop and build on success
learn from and respond to complaints – be prepared to change
Project or service developmentcompatibility with objects, plans and priorities
funding and financial viability
project viability
skills availability
appraise project, budgeting and costing procedures
review authorisation procedures
review monitoring and reporting procedures
clarity of responsibility for projects and services or aspects of them
Lack of clarity on what we are fundraising for and our medium/long term objectivesunsatisfactory returns
reputational risks of campaign or methods used
actions of agents and commercial fund-raisers
compliance with law and regulation
Fund-raising reduces or does not meet charity’s needs or aspirations
supporters are reluctant to fundraise on our behalf
implement appraisal, budgeting and authorisation procedures
review regulatory compliance
monitor the adequacy of financial returns achieved (benchmarking comparisons)
stewardship reporting in annual report
encourage and enable individual supporters (including non-members) to fundraise on our behalf
improve transparency on how we spend funds we raise to benefit people with and affected by RTS
Inability to recruit and retain volunteerslack of competences, training and support
poor service for beneficiaries
inadequate vetting and reference procedures
recruitment and dependency
responsibilities and extent of activities fall to a few
review and agree role, competencies
review and agree vetting procedures
review and agree training and supervision procedures
agree development and motivation initiative
agree awareness raising and recruitment strategy
agree how volunteers would be supported, recognised and retained
Health, safety and environmentvolunteer/staff injury
product or service liability
ability to operate (see Compliance risks)
injury to beneficiaries and the public
comply with law and regulation
train staff and volunteers in H&S responsibilities and compliance
raise awareness of H&S issues and risks
put in place monitoring and reporting procedures
regularly review and assess required insurance cover
Procedural and systems documentation inadequately managedlack of awareness of procedures and policies
actions taken without proper authority
outdated policies and procedures in circulation
confusion re document management / version control
properly document policies and procedures
audit and review of systems
allocate responsibility for document management and version control
establish system for agreeing and changing policies
Inadequate knowledge and use of Information technologysystems fail to meet operational need
failure to innovate or update systems
loss/corruption of data eg donor base
lack of technical support
breach of GDPR law
waste of staff / volunteer time and effort in trying to use systems
appraise system needs and options
appraise security and authorisation procedures
implement measures to secure and protect data
agree implementation and development procedures
use service and support contracts
create disaster recovery procedures
consider outsourcing
review insurance cover for any insurable loss
buy in expertise when needed to maximise use and efficiency
Poor / inadequate budgetary control and financial reportingbudget does not match key objectives and priorities
decisions made on inaccurate financial projections or reporting
decisions made based on unreliable costing data or income projections
inability to meet commitments or key objectives
poor credit control
poor cash flow and treasury management
ability to function as going concern
not meeting legal compliance
link budgets to business planning and objectives
monitor and report in a timely and accurate way
use proper costing procedures for product or service delivery
ensure adequate skills base to produce and interpret budgetary and financial reports
agree procedures to review and action budget/cash flow variances and monitor and control costs
regularly review reserves and investments
ensure reporting in an accessible way to enable full understanding of those receiving reports
Inadequate reserves policieslack of funds or liquidity to respond to new needs or requirements
inability to meet commitments or planned objectives
reputational risks if policy cannot be justified
failure to comply with Charity Regs
link reserves policy to business plans, activities and identified financial and operating risk
regularly review reserves policy and reserve levels
use reserves for the benefit of people with and affected by RTS as required
Cash flow does not meet needinability to meet commitments
lack of liquidity to cover variance in costs
impact on operational activities
ensure adequate cash flow projections (prudence of assumptions)
identify major sensitivities
ensure adequate information flow from operational managers
monitor arrangements and reporting
Failure to comply with donor imposed restrictionsfunds applied outside restriction
repayment of grant
adverse effect on future relationship with donor and beneficiaries
regulatory action
reputational damage
implement systems to identify restricted receipts
agree budget control, monitoring and reporting arrangements
allocate responsibility for contract management
Fraud or errorfinancial loss
reputational risk
loss of volunteer / staff morale
regulatory action
impact on funding
review financial control procedures
segregate duties
set authorisation limits
agree whistle-blowing anti-fraud policy
review security of assets
identify insurable risks
take legal action as appropriate
involve external agencies as required
Public perceptionimpact on voluntary income
impact on use of services by beneficiaries
ability to access grants or contract funding
communicate with supporters and beneficiaries
ensure good quality reporting of the charity’s activities and financial situation
implement public relations
Adverse publicityloss of donor confidence or funding
loss of influence
impact on morale of staff
loss of beneficiary confidence
implement complaints procedures (both internal and external)
agree proper review procedures for complaints
agree a crisis management strategy for handling – including consistency of key messages and a nominated spokesperson
Compliance with legislation and regulations appropriate to the activities, size and structure of the charityfines, penalties or censure from licensing or activity regulators
loss of licence to undertake particular activity (see operational risks)
employee or consumer action for negligence
reputational risks
identify key legal and regulatory requirements
allocate responsibility for key compliance procedures
put in place compliance monitoring and reporting
prepare for compliance visits
obtain compliance reports from regulators (where appropriate) – auditors and staff to consider and action at appropriate level