How to create a robust risk register for your charity
22 February 2022
One of the most important factors of being a successful and effective charity, is ensuring no money is wasted.
Therefore it is imperative that you have a robust risk register to ensure you know exactly what kinds of risk your charity is exposed to, and how to mitigate those risks.
Knowing what your risks are, and what to spend funds on to lower those risks, means you can be prepared for almost any eventuality and you won’t get caught out. It’ll also help you identify the risks which are so small you just don’t need to spend money on them. It’s enough that you’re simply aware and monitoring them.
What is a risk register?
A risk register is a purpose built document which holds your identified risks, their level of concern, and assessment details. You’ll also be able to keep record of the controls and mitigating actions you have put in place.
It is really helpful to see the current level of risk and areas of concern across your charity or organisation, because this provides key insight to support decision making and areas for focus. Being able to clearly see where you need to focus your attention will save both time and money, both of which are incredibly important when you have people who need the support you provide.
Why you need a risk register
The government has issued guidance specifically detailing the responsibility of charities to identify key risks and demonstrating how they are mitigating them. You can look it up on the Gov website, just search for CC26.
“Charity trustees should regularly review and assess the risks faced by their charity in all areas of its work and plan for the management of those risks. Risk is an everyday part of charitable activity and managing it effectively is essential if the trustees are to achieve their key objectives and safeguard their charity’s funds and assets.” –cc26
Having a robust and up to date risk register is a valuable tool to help protect your charity as well as the people associated with it.
You’ll be able to identify core gaps in the risk environment you’re exposed to as a charity, and it provides visibility of a robust audit trail of how you’re managing risks effectively and the actions you’ve undertaken internally and externally, to help protect all involved. This can prove invaluable to support your defence in any sort of incident that might occur, which may or may not result in an insurance claim against your charity.
How to make your risk register
Now you know what a risk register is and why you need it, you might be wondering just how to set yours up. You’ll be pleased to know, if you insure with us, your broker will be able to provide you with a template which can be downloaded and shared with you, it does a lot of the work for you!
You’ll want to set aside 2-3 hours to sit around a table with key people from your charity who can bring different perspectives and areas of concern. This will help you have a well-rounded view of what risks your charity is exposed to and the actions you can take to minimise the biggest concerns that sit outside of the level of risk you are prepared to take (your risk appetite).
We suggest writing this down in a rough format to begin with, and then putting it into a clear Excel Spreadsheet following the discussion. It’s also worth noting that different people will have different tolerances (appetites) for risk, so the differing opinions will help you see the risks more objectively.
The most important aspects to consider when assessing risk are:
- The risk itself (inherent risk)
- The causes of that risk
- The consequences if nothing is done to combat the risk and level of impact
- The current controls you have
- Who is responsible for those controls
- The remaining risk once controls are in place (residual risk)
- The action points and deadlines to mitigate high levels of residual risk and put any additional controls in place where appropriate
Creating a column for each, and working line by line will give you a clear vision of the risk you’re exposed to. Once the document has been put together, you should share this with the key people who contributed, to ensure everyone is happy with the content and to get final sign-off.
Please remember, a risk register is not the type of thing you can ‘set and forget’, this should be a living document that is regularly accessed and referenced. Your risk register should be embedded into your organisation and used as a tool to support strategic and governance activity.
When you have this document complete, you should review it at least annually, but we recommend quarterly or following any material change for a more robust and living document.
We hope this blog has been useful in explaining exactly how important a risk register is for your charity. If you have any questions regarding your risk, we encourage you to contact your insurer or broker to discuss in more detail. The more proactive you can be when it comes to identifying and mitigating your risks, the less likely you’ll be to have an incident, and if you do find yourself in the middle of an incident, it’s likely to be far more manageable with minimal intervention required.