Home | Charities & Community Groups | Running Your Organisation | Governance | Risk Management

Risk Management

The identification and management of risk is one of the board’s responsibilities. Risks are not just financial risks, but also include risks associated with loss of key staff and volunteers, reputation or health and safety.

The identification and management of risk is one of the board’s responsibilities, although parts may be delegated to operational staff or volunteers. The Charity Commission has guidance on risk management and we’ve picked out some of the best other tools and guides for you.

Useful tools to help with risk management

Insurance

Some risks are dealt with by insuring against them, which may be a legal requirement (for example, motor and employer’s liability insurance, where a charity owns vehicles or employs staff.) The Charity Commission has produced excellent guidance.

Risk management

Charities Commission: Charities and Risk Management
NCVO: Managing risk
NCVO: How to complete a risk assessment
Sayer Vincent: Risk assessment made simple
Kingston Smith: A toolkit for effective risk management
Institute of Risk Management: Risk management for charities
Association of Chairs: Navigating risk
Lloyds Bank Foundation guide: Risk management toolkit

Risk register

A risk register is a framework for identifying, assessing and recording the risks that your organisation faces.

The NCVO : Risk Register Template which is available to NCVO members should be used as a starting point for your own risk register and be adapted for your organisation.

Fraud

Every charity, NGO and not-for-profit is susceptible to fraud and cybercrime by criminals. Charities need to be aware of the risks and take steps to keep their money, people and data safe.

Below are a range of help sheets from the Prevent Charity Fraud website:

Additional resources can be found on the Fraud Advisory Panel as well as the NCSC Cyber Security Small Charity Guide.

Virgin Media also have a useful Cyber Security Safety Test that aims to build awareness and educate users of all ages on how to better protect themselves from online threats.

Leadership & Trustees

Policies

Governance

Governance in Fundraising

Image courtesy of Wheelpower

Privacy Overview

We use some essential cookies to make this website work. We’d like to set additional cookies to understand how you use our website, remember your settings and improve your website experience. We also use cookies set by other sites to help us deliver content from their services.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
akavpau_ppsd	session	This cookie is provided by Paypal. The cookie is used in context with transactions on the website.

Performance

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-17527993-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gat_UA-61319948-14	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
CONSENT	16 years 5 months 16 days 13 hours 4 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
uvc	1 year 1 month	The cookie is set by addthis.com to determine the usage of Addthis.com service.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
loc	1 year 1 month	This cookie is set by Addthis. This is a geolocation cookie to understand where the users sharing the information are located.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
at-rand	never	No description available.
m	2 years	No description available.
x-cdn		No description available.
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

There’s a lot to consider when you’re setting up or running a charity or community group. It’s a hugely rewarding role, but you need to make sure you’re doing it right.

The identification and management of risk is one of the board’s responsibilities. Risks are not just financial risks, but also include risks associated with loss of key staff and volunteers, reputation or health and safety.

Insurance

Risk management

Risk register

Fraud