Charity donation tax deduction reduces the amount of your taxes. The effective management of risk is an essential part of the responsibilities for trustees of charities and is often overlooked by those responsible for managing the smaller charity.
Risk is an
event or action that may adversely affect an organisation’s ability to
survive or compete in its market or to maintain its financial stability
or its positive public image and the overall quality of its people and
services. Risk can also arise from a failure to exploit opportunities or
from a breakdown in operational controls and procedures.
The requirement to manage risk
registered charities the Charities SORP (Statement of Recommended
Practice) sets out the reporting requirements for trustees on the:
identification of major risks
the review of risks
the systems or procedures established to manage risk
It is therefore essential for all charities that they have a sound risk management policy
The role of the trustees
responsibility for the management and control of a charity rests with
the board of trustees. The board’s involvement in the key aspects of the
risk management process is essential. Trustees do not have to undertake
each aspect of the process themselves. Their level of involvement
should be such that the trustees can make the required statement on risk
management in the statutory annual report with reasonable confidence.
The management of risk will involve the following key steps:
establishing the risk policy
evaluating and implementing what action needs to be taken
reviewing and establishing a system of periodic monitoring and assessment
Although these elements can be used as ‘steps’ or
‘stages’, it is likely that trustees will need to revisit each stage as
their knowledge of the charity’s risk profile increases.
Any risk management policy will need to be:
suitable and proportional
Establish risk policy
Risk is an
inherent feature of all activity and may arise from inaction as well as
new initiatives. Charities will have differing exposures to risk arising
from their activities and will have different capacities to tolerate or
absorb risk. A charity with sound reserves could perhaps embark on a
new project with a higher risk profile than, say, a charity facing
The risk policy process will include a consideration of the following:
the charity’s objectives, philosophy and strategy;
the nature and scale of the charity’s activities;the success factors that need to be achieved;
external factors that might affect the charity such as legislation and
regulation, and the charity’s reputation with its major funders and
past mistakes and problems that the charity has faced;
the operating structure – e.g. use of branches, subsidiary companies or joint ventures;
comparison with other charities working in the same area or of similar size; and
checklists of risk factors prepared by other charities or other organisations.
It is essential that for this process to work, trustees
and executive management need to be committed to it. Trustees will need
to consult widely with key managers and staff, and may even involve
supporters and beneficiaries where reputational risk or provision of
service to beneficiaries is being considered.
The identification of risk should be integral to the strategic planning and budget setting process. Key questions will include:
What external and operational risks may prevent our charity from achieving its core objectives?
What might happen and what would the consequences be for us?
What are the steps we can take to mitigate or reduce those risks?
External risks generally fall into one or more of the following categories:
and tend to be outside the control of the charity.
risks arise from the day to day operation of the charity and the
identification of these will require consideration of all aspects of the
charity’s operational activities.
This is not the only way of categorising risks and the following alternative classification could for example be used:
Governance risks – e.g. inappropriate organisational structure,
difficulties recruiting trustees with relevant skills, conflict of
Operational risks – e.g. service quality and development, contract
pricing, employment issues; health and safety issues; fraud and
misappropriation; loss of key staff;
Financial risks – e.g. accuracy and timeliness of financial
information, adequacy of reserves and cash flow, diversity of income
sources, investment management;
External risks – e.g. public perception and adverse publicity, demographic changes, government policy;
Compliance with law and regulation – e.g. breach of trust law,
employment law, and regulative requirements of particular activities
such as fund-raising or the running of care facilities. Although the
process of risk identification should be undertaken with care, the
analysis will inherently contain some subjective judgements and no
process is likely to be capable of identifying all possible risks that
may arise. The process can only provide reasonable (not absolute)
assurance to trustees that all relevant risks have been identified.
The first stage of
the assessment process is to prioritise risks using impact analysis so
that the significance of a risk is measured against the likelihood of
that risk actually arising. Significance should be considered in both
financial and reputational terms. Risks can be prioritised so that those
with high significance and high probability receive primary attention.
Risks with high significance and low probability scores give rise to the
need for contingency planning whereas risks with low significance but
high probability scoring can often be addressed by improvements to
internal control procedures.
All risks have to be considered in
the light of the charities ‘risk threshold’ the setting of which will be
influenced by the level of reserves, the projected surpluses etc.
Evaluating and implementing the action required
major risks are identified the trustees will need to ensure that
appropriate action is taken to ensure that these are mitigated. This
review should include establishing the adequacy of controls already in
place. For each of the major risks identified, trustees will need to
consider any additional action that needs to be taken to mitigate the
risk, either by lessening the likelihood of the event occurring, or
lessening its impact if it does.
There are four basic strategies that can be applied to an identified risk:
transferring the financial consequences to third parties or sharing it (e.g. insurance, outsourcing);
avoiding the activity giving rise to the risk completely (e.g. a potential grant or contract not taken up);
management or mitigation of risk; or
accepting it (e.g. assessing it as an inherent risk that cannot be avoided if the activity is to continue).
Risk mitigation is aimed at reducing the ‘gross level’ of
risk identified to a ‘net level’ of risk that remains after appropriate
action is taken. This identification of ‘gross risk’, the control
procedures put in place to mitigate the risk, and the identification of
the residual or ‘net risk’ can be recorded in a risk register (see pro
forma below). Trustees need to form a view as to the acceptability of
the residual or ‘net risk’ that remains after mitigation. It is possible
that the process may also identify areas where the current control
processes are disproportionately costly or onerous to the risks they
seek to address.
It can be
helpful to use a scoring system to assess which risks need further work.
Severity of impact could be scored from 1 (least serious) to 5 (most
serious) and similarly the likelihood of occurrence could be scored from
1 (remote) to 5 (very likely). The impact score is usually multiplied
by the score for likelihood and the product of the scores used to rank
those risks that the trustees regard as most serious.
than high likelihood/high impact should not be ignored. Those with high
potential severity of impact but low likelihood of occurrence need to be
kept under review, possibly annually, and will need arrangements in
place to ensure that they can be addressed should they arise. Similarly,
events with low severity but with a high likelihood of occurrence may
become gradual drains on a charity’s finances or reputation. Those risks
with both low severity and low likelihood of occurrence are unlikely to
merit significant attention and effort might be better focused
Risk management extends beyond simply setting out
systems and procedures. The process needs to be dynamic to ensure new
risks are addressed as they arise and also cyclical to establish how
previously identified risks may have changed. For all but the larger and
more complex charities, annual monitoring is likely to be sufficient
when supplemented by update reports and assessment of new activities or
A charity that has identified the major risks it faces, and established systems to mitigate such risks, will be able to make a positive statement on risk in its trustees’ Annual Report. This will help to demonstrate the charity’s accountability to its stakeholders (beneficiaries, donors and other funders, employees, and the general public). An effective risk management strategy can help ensure the charity’s aims are achieved more effectively and significant risks are known and monitored, enabling trustees to improve forward planning.
Nigel SG Harper Chartered Accountant
Services Limited are experienced providers of advice and support for
the smaller business. A full range of accounting and management
consultancy services are available together with a without obligation,
free initial consultation.
Further details can be found at http://www.mcserv.co.uk/
Article Source: https://EzineArticles.com/expert/Nigel_Harper/767294
Article Source: http://EzineArticles.com/5018837