Insights
INSIGHTS
All Topics
Digital tools to help with risk assessment
22 Mar 2021by Paul Rubens
A risk assessment can be a daunting prospect. We take a look at some of the digital tools you can use to make the task easier
Every charity wants to improve the services it provides to beneficiaries and to maximise the results of its fundraising activities. So far, so obvious. But what may not be so obvious is that in order to do this an important step is to carry out an effective risk assessment.
That’s because every charity faces risks and these risks can come in many forms: a key donor may decide to stop donating, an important staff member may leave, the charity may become a victim of a cyber attack or fraud, or a change in government policy might negatively affect operations.
Many charities carry out regular cyber security risk assessments. But it’s only by carrying out a thorough and more general risk assessment, and then managing those risks, that a charity can ensure that it will be in a position to raise the funds that it requires and continue to operate effectively.
For many charities, a risk assessment isn’t just a good idea: it’s also the law. Non-company charities with incomes of £500,000 or more (and charities with incomes above £250,000 plus assets worth more than £3.26 million) must include a risk management statement in their trustees’ annual report, according to government guidance.
What is risk management?
Risk management is all about dealing with the risks that an assessment reveals. There are a number of ways of dealing or managing risks, including:
- Mitigation: This involves reducing a risk to an acceptable level. One of the most common ways to mitigate risk is through insurance
- Avoidance: This can be achieved by changing a process or way of working to avoid the risk, or by transferring the risk
- Acceptance: Some risks may cause disruption, but because the disruption would be manageable and avoidance or mitigation would be more costly they can simply be accepted
Five types of risk
When it comes to charities, there are many different types of risks to think about, and the Charity Commission recommends that these are grouped into five types:
- Financial risks: these include the risk that a major funding source could dry up, preventing the charity from operating, and the risk of financial fraud
- External risks: these include the possibility of political actions preventing the charity from operating, or that negative publicity caused by poor service could cause significant harm to the charity’s reputation
- Regulatory and compliance risks: for example, failing to comply with data privacy legislation, which could cause financial damage through fines
- Operational risks: for example, failing to recruit people with the right skills, which could prevent a charity from being successful
- Governance risks: for example, failing to ensure that the charity board has the right skill sets to ensure that the charity can work effectively
But identifying the risks is only part of the story. That’s because for any identified risk you also need to make an assessment of:
- the likelihood of the risk happening
- the impact on your charity if it does
These assessments are often made on a scale of 1 (very unlikely or very little impact) to 4 (very likely or very high impact).
Digital risk assessment tools
The idea of carrying out a risk assessment can be daunting, but there are a wide variety of digital tools which can make the task easier.
NCVO’s risk assessment toolkit
The key to an effective risk assessment is to ensure that you have thought of all the risks that your charity faces and all the possible impacts. This can vary widely depending on the size and activities of your particular charity.
One way to try to ensure that your risk assessment is comprehensive is to make use of the National Council for Voluntary Organisation’s (NCVO’s) free digital risk assessment toolkit. This is made up of self-assessment questions, videos, and other resources to help you.
A simple spreadsheet
Another digital tool you can use in risk assessment is a simple spreadsheet, which forms the basis of a Probability and Impact matrix.
A Probability and Impact matrix is simply a box four cells high by four cells wide. The top cells are for risks with very low probability and the bottom cells are for very high probability. The columns represent impact, ranging from very low impact on the left to very high impact on the right.
By ranking each risk with a score of 1 to 4 for impact and probability, each one can then be assigned a cell: the least likely and least impactful will appear in the top left, while the most likely and most impactful will appear in the bottom right.
A Probability and Impact matrix is a useful tool for understanding the priority in which risks need to be managed: the risks that appear in the bottom right cell need managing with the most urgency.
Risk management software
Risk management software products comprise a set of digital tools that help charities estimate, plan for, measure, and mitigate risks. The key features of these products help the charity to identify potential risks, calculate the potential costs of those risks happening, and keep a database of risks.
They often have many more features as well, such as compliance management and incident management tools.
There are a number of free options to choose from, including:
Commercial products include:
- TrackMyRisks (£30 per month for small charities)
- RiskWatch (price on application)
- Vantage (price on application)
More on this topic
Related Content
Recommended Products
Our Events
Digital Fundraising Summit 2024
For the sixth year in a row, we're bringing back an action-packed event filled with Digital Fundraising insights from the charity and tech sectors. Join us on 7th October 2024 for a free, one-day online event featuring informative webinars and interactive workshops.
© 2022 Charity Digital Trust. All rights reserved
We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
