ao link
Charity Digital
Search
Remember Login

New to Charity Digital?

User Menu
Remember Login

New to Charity Digital?

Remember Login

New to Charity Digital?

Search
Back to listing

Article: Digital tools to help with risk assessment

15 March 202209:00 - 10:00
Moderator

Every charity wants to improve the services it provides to beneficiaries and to maximise the results of its fundraising activities. So far, so obvious. But what may not be so obvious is that in order to do this an important step is to carry out an effective risk assessment.

 

That’s because every charity faces risks and these risks can come in many forms: a key donor may decide to stop donating, an important staff member may leave, the charity may become a victim of a cyber attack or fraud, or a change in government policy might negatively affect operations.

 

Many charities carry out regular cyber security risk assessments. But it’s only by carrying out a thorough and more general risk assessment, and then managing those risks, that a charity can ensure that it will be in a position to raise the funds that it requires and continue to operate effectively.

 

For many charities, a risk assessment isn’t just a good idea: it’s also the law. Non-company charities with incomes of £500,000 or more (and charities with incomes above £250,000 plus assets worth more than £3.26 million) must include a risk management statement in their trustees’ annual report, according to government guidance.

 

What is risk management?

 

Risk management is all about dealing with the risks that an assessment reveals. There are a number of ways of dealing or managing risks, including:

  • Mitigation: This involves reducing a risk to an acceptable level. One of the most common ways to mitigate risk is through insurance
  • Avoidance: This can be achieved by changing a process or way of working to avoid the risk, or by transferring the risk
  • Acceptance: Some risks may cause disruption, but because the disruption would be manageable and avoidance or mitigation would be more costly they can simply be accepted

 

Five types of risk

 

When it comes to charities, there are many different types of risks to think about, and the Charity Commission recommends that these are grouped into five types:

  • Financial risks: these include the risk that a major funding source could dry up, preventing the charity from operating, and the risk of financial fraud
  • External risks: these include the possibility of political actions preventing the charity from operating, or that negative publicity caused by poor service could cause significant harm to the charity’s reputation
  • Regulatory and compliance risks: for example, failing to comply with data privacy legislation, which could cause financial damage through fines
  • Operational risks: for example, failing to recruit people with the right skills, which could prevent a charity from being successful
  • Governance risks: for example, failing to ensure that the charity board has the right skill sets to ensure that the charity can work effectively

But identifying the risks is only part of the story. That’s because for any identified risk you also need to make an assessment of:

  • the likelihood of the risk happening
  • the impact on your charity if it does

These assessments are often made on a scale of 1 (very unlikely or very little impact) to 4 (very likely or very high impact).

 

 

Digital risk assessment tools

 

The idea of carrying out a risk assessment can be daunting, but there are a wide variety of digital tools which can make the task easier.

 

 

NCVO’s risk assessment toolkit

 

The key to an effective risk assessment is to ensure that you have thought of all the risks that your charity faces and all the possible impacts. This can vary widely depending on the size and activities of your particular charity.

 

One way to try to ensure that your risk assessment is comprehensive is to make use of the National Council for Voluntary Organisation’s (NCVO’s) free digital risk assessment toolkit. This is made up of self-assessment questions, videos, and other resources to help you.

 

 

A simple spreadsheet

 

Another digital tool you can use in risk assessment is a simple spreadsheet, which forms the basis of a Probability and Impact matrix.

 

A Probability and Impact matrix is simply a box four cells high by four cells wide. The top cells are for risks with very low probability and the bottom cells are for very high probability. The columns represent impact, ranging from very low impact on the left to very high impact on the right.

 

By ranking each risk with a score of 1 to 4 for impact and probability, each one can then be assigned a cell: the least likely and least impactful will appear in the top left, while the most likely and most impactful will appear in the bottom right.

 

A Probability and Impact matrix is a useful tool for understanding the priority in which risks need to be managed: the risks that appear in the bottom right cell need managing with the most urgency.

 

 

Risk management software

 

Risk management software products comprise a set of digital tools that help charities estimate, plan for, measure, and mitigate risks. The key features of these products help the charity to identify potential risks, calculate the potential costs of those risks happening, and keep a database of risks.

 

They often have many more features as well, such as compliance management and incident management tools.

 

There are a number of free options to choose from, including:

Commercial products include:

Recite Me toolbar