RSF GAG meeting 14 January 2021 – meeting notes By way of minutes for the most recent Governance Advisory Group meeting, we were joined by Vince at our meeting on 14 January to discuss the Risk Policy and other policies on which the Finance Advisory Group have been focussing. Chris was unfortunately unable to attend, but had been sent the risk policy and risk matrix, as we’ll as the draft terms of reference for the Finance Advisory Group, ahead of the meeting and had no comments on these (nor did the other members of the committee, all of whom had reviewed these previously). The meeting started with a brief summary from Vince of the methodology behind the risk policy and matrix and the discussions at the recent board meeting on 13 January, explaining how the trustees had each picked 2-3 key risks and then had discussed how best to map these in terms of probability and materiality of impact, before looking at appropriate mitigation and concluding that all residual risks were acceptable. Vince confirmed that the outcome of the board discussion provided a good reflection of the trustees’ concerns, and that RSM were satisfied with the approach taken for the purposes of the accounts. We then moved on to discuss the other policies. Using the list that Debbie has included in the risk matrix paper, the board has approved 1-4 (conflicts + conflict register and risk + risk register). In respect of the Reserves policy, I understand that Karina is intending to produce a discussion paper for the board, and that the paper and subsequent discussion will be used to develop the policy. Input will also be sought from the Research Advisory Group, as well as FAG and GAG, and it was suggested that Andy Folwell should also input into this. In respect of the financial controls policy, I understand that Andy Folwell is developing a general ledger coding system and a more granular breakdown of the financial reports and controls which will assist in developing this policy. In relation to the remaining policies, we understand that those covering ABC, Fundraising, Trustees’ code of conduct, Safeguarding, Whistleblowing and Complaints have been finalised and have either been approved by the board or are in the process of being approved. Some of the others on the list (eg staff expenses and internet policy) may not be specifically required, since these relate to matters which are either covered by other policies or will be adequately covered by the staff handbook (which I understand is now close to final). The main outstanding policy is the Data protection policy. Mike led a discussion on the proposed appointment of Savanti to act as virtual DPO and CISO. It was agreed that, if/when appointed, one of their primary tasks would be to review the IT set up and make recommendations, including in relation to ECB systems currently used by the charity. As part of this, they should also review the draft data protection policy to ensure that it is appropriate and sufficient for the charity’s needs. There was also a discussion of the cost of such appointment, and Mike explained that PTI Digital, who had previously also pitched for these roles, had now pulled out. I also passed on RSM’s quote for these services (which appeared higher than Savanti’s). It was agreed that the costs of such support were appropriate when the risk of leaks and the reputational issues from misuse of personal data held by the charity were taken into account. The meeting concluded with a discussion around the next steps relating to governance of the charity. It was agreed that the charity would potentially benefit from the board minutes and the minutes of the various advisory groups being shared among each of the advisory groups in order to foster increased co-ordination among the advisory groups and ensure that all are working towards the same goals. One idea was to invite the chair of other groups to future GAG meetings to explain the work of each group in more detail (as Vince did at this meeting). For the next meeting however it was agreed that it would be great if you were able to attend to run us through the strategy
discussed by the board and priorities for the coming year. If this works, please let me know if you would be available on Thursday 18 February at 5 or 6 pm.