A handy tool to help Trustee Boards identify and manage risk
This page is under construction
Why we have risk registers
Identifying, monitoring, and managing risks are a key part of charity governance, and a requirement from charity regulators in the UK.
A risk register holds Trustee Boards accountable for risk management and helps Trustees make decisions to keep everyone safe. It can also help Trustees explain how they’re managing risks to donors, funders, and the public.
Trustees must collectively develop and maintain a risk register, including putting in place appropriate mitigations (POR Rule 5.4).
Even though this is a task for Trustees, they’re not directly responsible for all actions that come from risk management. Trustee Boards can delegate these actions to other teams and team members. For example, the Trustee Board might decide a building needs maintenance, but they’re not responsible for doing repairs themselves.
How to use our risk register template
Our risk register template follows the charities and risk management (CC26) guidance from the Charity Commission for England and Wales.
The level of detail you need to add to your risk register may depend on the size of your Group, District or County, and whether you’re a registered charity.
Once you’ve completed your risk register, use it at your Trustee Board meetings to review and monitor the risks you’ve identified.
Work with other Trustees and Lead Volunteers to identify risks in your Group, District or County.
There’re five main risk areas you should consider: Operational, financial, governance, external and compliance.
For some risks, you might need to gather more information before scoring the likelihood and impact on the template.
Operational risks are associated with running sections and delivering the programme. Think about the:
- ability to meet Scouts’ aims and objectives through the programme.
- volunteers’ skills, experience, knowledge, and availability.
- possibility of volunteers making decisions outside of their remit or authority.
- possibility of injury to members and non-members on Scout premises or while doing a Scout activity.
- ability to run and attend events safely.
- ability to use and manage social media appropriately.
- ability to manage equipment, vehicles, campsite, Scout shops and premises.
- possibility of having inadequate insurance for people, equipment, buildings, and assets.
If you have premises, you might’ve already identified risks when completing the Safe Scouting Premises Audit [LINK]. You can add this to your risk register.
Financial risks are associated with managing money, reserves, funding, and investments. Think about the:
- cashflow and reliance on income or grants.
- ability to cover costs of running a building or paying rent.
- ability to cover unbudgeted or unforeseen costs.
- ability to manage finances and create reports for accountability.
- ability to meet financial auditing requirements.
- ability to comply with funding restrictions or rules.
- possibility of internal or external fraud/scams, inappropriate or loss-making trading activities, unauthorised spend, and major financial error.
- possibility of volunteers financially benefiting from the charity.
Governance risks are associated with managing the charity. Think about the:
- Trustees’ skills, experience, knowledge, and availability.
- Trustee Board’s structure and its ability and capacity to govern the charity.
- ability to provide Trustees with the appropriate level of information at the right time.
- possibility of Trustees having conflict of interest.
- possibility of the Trustee Board being dominated by one individual or a small group of connected individuals.
External risks are associated with factors from outside Scouts. Think about the possibility of:
- temporarily or permanently losing equipment or buildings due to extreme weather events, vandalism and ending of hire or lease.
- competition with other similar organisations.
- collapse of other charities in the organisation.
- turbulent economic or political environment.
- complaints from previous members.
- criminal prosecution of adults or young people (relating or not to their involvement in Scouts).
- an impact of (positive and negative) press, community perception and relationships.
- changes to government policy.
- extreme weather events.
Compliance risks are associated with change or non-compliance with laws, regulations, and the Scouts policies, rules, and processes. Think about the possibility of:
- failing to comply with the Scouts Policy, Organisation and Rules, including volunteers not completing mandatory learning and disclosure checks.
- failing to comply with safeguarding policy.
- failing to comply with health and safety regulations.
- failing to follow charity law and employment laws.
- a personal data breach.
Use a 1 to 5 rating system, where 1 is remote and 5 is highly probable.
[ADD TABLE HERE]
Use a 1 to 5 rating system, where 1 is insignificant and 5 is extreme/catastrophic.
[ADD TABLE HERE]
You can calculate the overall risk score using the formula:
Likelihood score x impact score + impact score = risk score
Some experts believe the impact of a risk is more important than the likelihood, and so the impact deserves more weighting.
Find more information on how to calculate the overall risk on the charities and risk management (CC26) guidance.
Consider what actions you’ll need to reduce either the likelihood of the risk happening or its impact.
Some examples are:
- limiting the exposure to the risk,
- getting insurance against the risk,
- improving control procedures.
Use the rating high, medium, or low to identify the risk level of any remaining risks after putting control measures in place.
Sometimes, it might not be possible to remove a risk completely. This rating helps Trustees decide if the level of remaining risk is acceptable, or if the charity needs further action and controls.
Here’re a few ways you can monitor risks:
- Ask for reports and updates on actions.
- Chat about risks at Board meetings.
- Review risk assessments.
Risk register template
Our risk register template helps Trustee Boards identify, monitor and manage risks.Download risk register template
Risk register with examples
These examples will help your Trustee Board get started with completing your risk register.Download risk register with examples
Risk management guidance
Read the charities and risk management (CC26) guidance from the Charity Commission for England and Wales to get examples of risks and how to manage them.Discover CC26 guidance
Tips on how to manage risk
NCVO shares their seven steps tried-and-tested risk management process.Discover NCVO's tips on risk management