Basic Risk Assessment (Resource adapted from material contributed by Community Matters) This activity should be used alongside the Charity Commission’s ‘Avoiding Problems in Running Your Charity (risk management)’ information for smaller charities. Voluntary organisations and charities should take a responsible approach to risk. This means identifying the important risks your organisation faces and doing something about them. Risk management is all about using your organisational knowledge and good judgement to help avoid or lessen the impact of serious foreseeable problems. The question to ask is not “Do we face any risks?” but rather “Which risks matter?” Identifying Risks One way of identifying the risks that matter is to plot the risks your organisation faces into a grid like the one below. The most serious risks will appear nearest the top right corner. This is based on the idea that there are two main aspects to any risk: 1. How bad its effect would be if it actually occurred (importance or impact) 2. How likely it is to happen (likelihood)
Very important
Importance (Impact)
Important
Not important
Unlikely
Possible
Probable
Likelihood Draw the grid onto a large sheet of paper. Give people post-it notes and ask them to write down one risk on each. There are some examples in Appendix 1 and plenty more in the Charity Commission pages, but you should come up with your own ideas as well. Ask everyone to stick their risks in the appropriate square on the grid. Discuss the risks to get agreement about how likely and important they are. The ones that are both high importance/impact and likely are the ones you really need to take action over. You might also choose to take action over ones that are particularly likely to happen even though the effect isn’t too bad; or to take steps about any that might be
Code of Good Governance for Smaller Organisations: Useful Resources
Page 1
very bad in effect even if there is only a small chance of them happening – it’s down to your judgement. Taking Action The only reason to think about risk is to do something about it. There are three basic types of action you can take to reduce a risk: • Eliminate – prevent it or avoid it • Mitigate – make it less likely to happen, or make the effects less severe • Manage – put yourself in the best position to deal with the (remaining) effects Make sure that you agree: • what action is to be taken • who is responsible for doing it • when it should be completed by Think about how and when you will check progress – risk management could be a regular brief item on the board agenda, for example. Review your risks regularly – once every 12-18 months is usually sufficient, but you should also review risk if your organisation goes through any major changes.
Code of Good Governance for Smaller Organisations: Useful Resources
Page 2
Appendix 1 These are just a few example risks. Don’t forget to look at the Charity Commission examples in ‘Avoiding Problems in Running Your Charity (risk management)’ information for smaller charities for more examples. Once you have considered these (if relevant) you can add others that are important for your organisation. (The text in red gives ideas of the kind of actions you might take): Risk
Agreed action to be taken (eliminate, mitigate, manage)
Who is Date to responsible be done by
Chairman resigns
Succession planning; recruitment; temporary delegated work load arrangements Losing a major funding Funding strategy; reserves policy; stream back-up plans - ‘Plan B’; redundancy arrangements A volunteer has an Health and safety policy and accident on a visit supporting training; insurance The building is flooded Emergency plans and contact lists; insurance Volunteer behaves Protection of vulnerable people inappropriately toward policy and supporting training; CRB a service user checks; good volunteer management Service user makes a Equal opportunities policy and claim about being supporting practices / training discriminated against Cash is stolen from a Finance policy and supporting collection box practices / training Your membership list Regular back up copy, held securely is accidentally wiped in another location or lost A member complains Data protection policy and the organisation holds supporting training unauthorised information about them
Code of Good Governance for Smaller Organisations: Useful Resources
Page 3