.png)
Free Step-by-Step Guide to Create a Charity Risk Register.
Creating a nonprofit or charity risk register is an essential part of risk management for any organisation, including charities and non-profits. A risk register helps identify, assess, and manage potential risks that could impact the organisation's operations and objectives.
This article will provide you with the relevant context, structure, and toolkits to create an effective charity risk register for your organisation. Note that the following guidance applies to non-profit organisations and charities; in the rest of this article, we will refer to the charity risk register for simplicity.
What Is a Charity Risk Register?
A charity risk register template is a documented framework that lists all identified risks, their potential impact, the likelihood of their occurrence, and the strategies in place to manage them. It helps charities proactively manage threats and opportunities, ensuring sustainability and effectiveness in their operations. This is a critical tool to evidence how charity trustees discharge their risk management responsibilities.
Is a Risk Register a Legal Requirement for UK Charities?
In the UK, maintaining a risk register is not explicitly mandated by law for charities. However, the Charity Commission for England and Wales, which regulates charities in England and Wales, strongly recommends that charities adopt robust risk management practices. This includes the creation and maintenance of a risk register as part of good governance. You will a summary of the key guidance below for reference:
Charity Commission Guidance
The Charity Commission's guidance on risk management (charities and risk management cc26) emphasises that trustees are legally required to manage the charity's resources responsibly. This includes identifying and managing risks effectively.
Although not a legal requirement, having a risk register is considered best practice and is strongly encouraged by the Charity Commission to ensure charities are well-prepared to handle potential risks faced.
Legal Responsibilities of Trustees
Trustees have a duty of care to act prudently and manage the charity’s affairs responsibly. This includes taking steps to identify and mitigate risks.
The annual report for larger charities (those with a gross income exceeding £500,000) must include a statement confirming that the major risks to which the charity is exposed have been reviewed and systems have been established to manage those risks. A risk register helps fulfil this requirement.
How does your organisation stand, and how can you improve your governance? Our comprehensive charity governance maturity assessment is quick, insightful, and free! Take the assessment today to get your score and gain practical insights on what's best in class and where you could do better.
What Are the Benefits of a Risk Register?
Proactive Risk Management: Enables to review and assess risks early and taking proactive steps to mitigate them.
Improved Decision-Making: Provides a structured approach to risk assessment, supporting better decisions.
Enhanced Accountability: Assigns risk ownership, ensuring specific individuals are responsible for managing each risk.
Resource Allocation: Helps prioritise risks, enabling effective allocation of resources.
Compliance and Reporting: Assists in meeting regulatory requirements and provides a clear record for reporting to stakeholders.
What Are the key Components of a Charity Risk Register?
The table below highlights the essential elements of a risk register and their respective contributions to a comprehensive risk management strategy. This structured approach both ensures proactive risk management and supports improved decision-making, enhanced accountability, efficient resource allocation, and compliance with regulatory requirements.
Component | Description |
Risk ID | A unique identifier is assigned to each risk for easy reference and tracking. |
Risk Description | A detailed description of the risk, outlining what it is and how it could potentially affect the charity. |
Risk Category | Classification of the risk into categories such as financial, operational, strategic, compliance, or reputational. |
Likelihood | An assessment of the probability that the risk will occur, typically rated on a scale (e.g., 1 to 5). |
Impact | An evaluation of the potential consequences if the risk materialises, also usually rated on a scale (e.g., 1 to 5). |
Risk Rating | A calculated score derived by multiplying the likelihood and impact ratings, which helps prioritise risks. |
Risk Response Strategy | The planned approach for managing the risk, which could include avoidance, mitigation, transfer, or acceptance. |
Risk Owner | The individual or team responsible for managing the risk and implementing the response strategy. |
Mitigation Plan | Specific actions to be taken to reduce the likelihood or impact of the risk, including timelines and responsible parties. |
Review Date | Scheduled dates for reviewing the risk to ensure that the mitigation plans are effective, and the risk status is up to date. |
How Do you Prepare a Free Charity Risk Register?
Here's a detailed free step-by-step guide to creating a risk register template for charities or non-profit organisation:
Step 1: Understand the Purpose and Scope
Purpose: The risk register will help the organisation identify, evaluate, and manage risks.
Scope: Define the boundaries of the risk register, including the types of risks to be considered (e.g., financial, operational and reputational).
Step 2: Assemble a Risk Management Team
Team Members: Include key stakeholders such as board members, senior management, project leaders, and volunteers.
Roles and Responsibilities: Assign roles for risk identification, assessment, mitigation, and monitoring.
Step 3: Revie and Assess Risks
Brainstorming Sessions: To identify potential risks, conduct brainstorming sessions with the risk management team.
Risk Categories: Consider various risk categories, such as financial, operational, strategic, compliance, and reputational risks. Download the Aevitium Risk Taxonomy for more information.
Historical Data: To identify recurring risks, review past incidents and near-misses.
Stakeholder Input: Gather input from stakeholders, including beneficiaries, donors, and partners.
Step 4: Document Risks in the Risk Register
Risk ID: Assign a unique identifier to each risk.
Description: Provide a clear and concise description of each risk.
Category: Classify each risk into appropriate categories (e.g., financial, operational).
Step 5: Assess Risks
Likelihood: Evaluate the likelihood of each risk occurring (e.g., on a scale from 1 to 5).
Impact: Assess the potential impact of each risk on the organisation (e.g., on a scale from 1 to 5).
Risk Rating: Calculate the risk rating by multiplying the likelihood and impact scores. This helps prioritise the risks.
Step 6: Determine Risk Response Strategies
Avoidance: Eliminate the risk by discontinuing the activity causing it.
Mitigation: Implement measures to reduce the likelihood or impact of the risk.
Transfer: Shift the risk to a third party (e.g., through insurance).
Acceptance: Accept the risk if it falls within the organisation’s risk tolerance level.
Step 7: Assign Risk Owners
Responsibility: Assign a risk owner for each identified risk. The risk owner will be responsible for implementing and monitoring the risk response strategies.
Step 8: Develop and Implement Mitigation Plans
Action Plans: Create detailed action plans for mitigating each risk. Include specific actions, timelines, and responsible parties.
Resources: Allocate necessary resources (e.g., budget, personnel) to implement the mitigation plans.
Step 9: Monitor and Review Risks
Regular Reviews: Schedule regular reviews of the risk register (e.g., quarterly, bi-annually).
Updates: Update the risk register to reflect any changes in the risk landscape or mitigation plans.
Reporting: Report on the status of risks and mitigation efforts to the board and other stakeholders.
Step 10: Communicate the Risk Register
Internal Communication: Ensure that all relevant staff and volunteers are aware of the risk register and understand their roles.
Training: Provide training on risk management practices and the use of the risk register.
Stakeholder Engagement: Communicate key risks and mitigation plans to external stakeholders, including donors and partners.
Step 11: Evaluate the Effectiveness of Risk Management
Performance Metrics: Establish metrics to evaluate the effectiveness of risk management efforts.
Continuous Improvement: Use feedback from evaluations to continuously improve the risk management process.
A well-maintained risk register is a crucial tool for ensuring the sustainability and resilience of a charity or non-profit organisation. By systematically identifying, assessing, and managing risks, the organisation can protect its resources, reputation, and mission. Regular reviews and updates will help keep the risk register relevant and effective.
Here are some additional sources that provide guidance and examples on creating a risk register for non-profit organisations:
Charity Commission for England and Wales: Risk Management for Charities
This guide provides comprehensive information on risk management tailored for charities. It includes steps on how to create and maintain a risk register.
Nonprofit Risk Management Centre: Risk Management Essentials
This resource offers tools and tips for non-profit organisations to manage risks, including how to develop a risk register.
NCVO (National Council for Voluntary Organisations): Managing Risk in Your Organisation
NCVO provides practical advice on risk management for non-profits, including detailed steps on creating a risk register.
Institute of Risk Management: A Risk Management Standard
Although not specific to non-profits, this standard provides a thorough framework for risk management, which can be adapted for charity use.
BoardSource: Risk Management and Your Board
BoardSource offers insights on the role of the board in risk management, which includes developing and overseeing the risk register.
BoardSource - Risk Management
Guidestar: Non-Profit Risk Management - 10 Key Principles
GuideStar provides a concise list of principles for managing risk in non-profits, including the creation and maintenance of a risk register.
Comments