Introduction

We recognise the importance of effective risk management to achieve our charitable objectives. This policy outlines our commitment to identifying, assessing, and managing risks to ensure our charity’s resilience and continued success.

Purpose

The purpose of this policy is to establish a framework for identifying, assessing, prioritising, and managing risks associated with our activities. It aims to ensure a systematic and proactive approach to risk management, protecting the charity, its beneficiaries, and stakeholders.

Scope

This policy applies to all trustees, employees, volunteers, and stakeholders involved in our work.  It covers all aspects of the charity's operations, including but not limited to programmes, finances, reputational risk, and governance.  Where necessary, we will create additional relevant policies, such as systems of internal control, due diligence and health & safety policies.

Charity Commission Guidance

This policy is informed by Charity Commission guidance, including CC26, which encourages charities to identify, assess, and manage risks as part of effective governance and day-to-day operations.

Risk Management Cycle

Risk is managed through a structured cycle of identification, assessment, mitigation, and review.

• Identification: Identifying potential risks that may affect the charity’s activities, governance, finances, reputation, or compliance.

• Assessment: Assessing risks based on their likelihood and potential impact.

• Mitigation: Taking appropriate action to manage identified risks. This may include:

  • Avoiding the risk where possible.

  • Reducing the likelihood of the risk occurring.

  • Reducing the potential impact if the risk does occur.

  • Transferring the financial impact of the risk through appropriate insurance cover.

Risk cannot be eliminated. The Board will ensure that mitigation measures are proportionate and reasonable, taking into account available resources. While risks must be carefully managed, the charity recognises that an overly risk-averse approach may limit opportunity and innovation.

• Review: Risks will be reviewed as regularly as necessary, depending on their probability and potential impact, and in light of changing circumstances. Reviews may take place on an ongoing basis, at key project stages, or at regular Board meetings.

Responsibilities

The Board has overall responsibility for ensuring that there is an appropriate system of controls, financial and otherwise in place and working effectively.  The systems of financial control are designed to provide reasonable, but not absolute, assurance against material misstatement or loss.   These include:

• a strategic plan and an annual business plan and budget approved by the Board.
• regular consideration by the Board of financial results and variance from budgets.
• delegation of authority and segregation of duties.
• management of risk.

All staff and volunteers have a role in identifying and reporting risks within their respective areas of responsibility.

Risk Identification and Assessment

Risks will be identified through regular risk assessments conducted at least annually.

Identified risks will be assessed based on likelihood and impact to determine the level of risk.

Risks will be categorised as strategic, operational, financial, or compliance related.

Risk Mitigation and Management

Strategies for risk mitigation will be developed for high-priority risks.

Mitigation plans will be assigned to responsible individuals with clear timelines.

Regular monitoring and reporting on the progress of risk mitigation plans will be conducted.

Reporting and Communication

A risk register will be maintained and regularly reviewed by the Board of Trustees.

Key risks and mitigation efforts will be communicated to relevant stakeholders.

In its annual report, the Board will report on the steps it has taken to manage risk, to demonstrate the charity's accountability to its stakeholders including beneficiaries, donors, funders, employees and the general public.

Review and Continuous Improvement

The risk management policy and processes will be reviewed annually or as needed.

Lessons learned from risk events will be used to improve risk management practices.

Training and Awareness

Staff and volunteers will receive training on risk management principles and practices.

Regular communication will be conducted to raise awareness of the importance of risk management.

Version Control - Approval and Review