The effective management of risk is an essential part of the responsibilities for trustees of charities and is often overlooked by those responsible for managing the smaller charity.
Risk is an event or action that may adversely affect an organisation’s ability to survive or compete in its market or to maintain its financial stability or its positive public image and the overall quality of its people and services. Risk can also arise from a failure to exploit opportunities or from a breakdown in operational controls and procedures.
The requirement to manage risk
For registered charities the Charities SORP (Statement of Recommended Practice) sets out the reporting requirements for trustees on the:
- identification of major risks
- the review of risks
- the systems or procedures established to manage risk
It is therefore essential for all charities that they have a sound risk management policy
The role of the trustees
The responsibility for the management and control of a charity rests with the board of trustees. The board’s involvement in the key aspects of the risk management process is essential. Trustees do not have to undertake each aspect of the process themselves. Their level of involvement should be such that the trustees can make the required statement on risk management in the statutory annual report with reasonable confidence.
The management of risk will involve the following key steps:
- establishing the risk policy
- identifying risk
- assessing risk
- evaluating and implementing what action needs to be taken
- reviewing and establishing a system of periodic monitoring and assessment
Although these elements can be used as ‘steps’ or ‘stages’, it is likely that trustees will need to revisit each stage as their knowledge of the charity’s risk profile increases.
Any risk management policy will need to be:
- suitable and proportional
I will recommend you to use Zakat Calculator to calculate your Zakat
Establish risk policy
Risk is an inherent feature of all activity and may arise from inaction as well as new initiatives. Charities will have differing exposures to risk arising from their activities and will have different capacities to tolerate or absorb risk. A charity with sound reserves could perhaps embark on a new project with a higher risk profile than, say, a charity facing solvency difficulties.
The risk policy process will include a consideration of the following:
- the charity’s objectives, philosophy and strategy;
- the nature and scale of the charity’s activities;the success factors that need to be achieved;
- external factors that might affect the charity such as legislation and regulation, and the charity’s reputation with its major funders and supporters;
- past mistakes and problems that the charity has faced;
- the operating structure – e.g. use of branches, subsidiary companies or joint ventures;
- comparison with other charities working in the same area or of similar size; and
- checklists of risk factors prepared by other charities or other organisations.
It is essential that for this process to work, trustees and executive management need to be committed to it. Trustees will need to consult widely with key managers and staff, and may even involve supporters and beneficiaries where reputational risk or provision of service to beneficiaries is being considered.
The identification of risk should be integral to the strategic planning and budget setting process. Key questions will include:
- What external and operational risks may prevent our charity from achieving its core objectives?
- What might happen and what would the consequences be for us?
- What are the steps we can take to mitigate or reduce those risks?
External risks generally fall into one or more of the following categories:
and tend to be outside the control of the charity.
Internal risks arise from the day to day operation of the charity and the identification of these will require consideration of all aspects of the charity’s operational activities.
This is not the only way of categorising risks and the following alternative classification could for example be used:
- Governance risks – e.g. inappropriate organisational structure, difficulties recruiting trustees with relevant skills, conflict of interest;
- Operational risks – e.g. service quality and development, contract pricing, employment issues; health and safety issues; fraud and misappropriation; loss of key staff;
- Financial risks – e.g. accuracy and timeliness of financial information, adequacy of reserves and cash flow, diversity of income sources, investment management;
- External risks – e.g. public perception and adverse publicity, demographic changes, government policy;
- Compliance with law and regulation – e.g. breach of trust law, employment law, and regulative requirements of particular activities such as fund-raising or the running of care facilities. Although the process of risk identification should be undertaken with care, the analysis will inherently contain some subjective judgements and no process is likely to be capable of identifying all possible risks that may arise. The process can only provide reasonable (not absolute) assurance to trustees that all relevant risks have been identified.
Recommended : http://zakat-donation.org/zakat-calculator/