Risky business: why trustees must be on top of risk


Adrienne Airlie provides some advice for charity trustees on how to mitigate risks to the health and wellbeing of their charity

3rd October 2017 by TFN 0 Comments

Managing risk is one of the key duties of a charity trustee, who is there to ensure that the charity meets its objects and to safeguard its assets and reputation. 

Safeguarding is the key word above: how can this be achieved without an understanding of the risks associated? Therefore not having a risk policy and processes for understanding, managing and developing strategies to mitigate risk, leaves the trustees short in terms of fulfilling their duties.

Risk management however is more than just creating a long list of risks that the charity faces and ranking them according to their likely impact and discussing them at quarterly board meetings.

Adrienne Airlie

Adrienne Airlie

Instead, trustees must have a clear and unambiguous understanding of the level of risk that is acceptable to the charity in order to achieve its charitable purpose. Within this, trustees should make a clear distinction between the charity’s risk appetite and risk tolerance. This should be documented in a formal risk policy and this policy should be communicated and embedded throughout the charity so all staff, management and board members understand what needs to be taken into account when making decisions.

The policy should also clearly state who is responsible for monitoring and managing risk, how risks should be documented and reported, and to whom. It should cover new risks and emerging issues that could impact the charity and how these new threats and issues should be reviewed and assessed.

Charities also need to consider whether all of the charity’s trustees and senior managers understand risk and the range of potential risks the charity could face?

As a starting point risks facing charities are split into five areas:

  • governance risks that could impact the board’s decision making capabilities.
  • operational risks that affect the day to day running of the charity.
  • financial risks – most risks will have a financial impact, both positive and negative. There will always be areas where the charity will be prepared to take risks in order to achieve its charitable purpose.
  • External risks including political, environmental, economic, social and technological factors that can impact the charity’s ability to achieve its objectives. More often than not these risks are outside the control of charity and therefore more difficult to anticipate and manage.
  • Regulatory and compliance risks relating to the wider regulatory framework relevant to the charity.

There are a wide range of approaches to document risk and facilitate effective monitoring by a board. In my experience, charity trustees are much more likely to engage with a high level analysis of the strategic risks if they are small (and focused) in number. A number of risk registers I’ve reviewed, whilst very comprehensive and detailed have often missed the strategic risks the charity faces.

The following areas should be considered and examined by the trustees when reviewing the impact of issues for the charity and assessing risk - effectiveness, financial health, brand & reputation and compliance.

Putting in place robust financial controls will also help the charity to identify and manage risk. The charity’s risk policy should refer to these controls and the boundaries that have been set to minimise and/or mitigate risk.

Some charities also find it helpful to set up a sub-committee for financea and risk. At these additional meetings trustees, charity employees, and their advisers can provide a detailed scrutiny of all areas.

In summary, there should be an understanding of risk that permeates all levels in the charity, with the tone being set by the trustees and the rhythm being constantly monitored and acted upon when necessary by managers, staff and volunteers.

Adrienne Airlie is chief executive of Martin Aitken & Co