Digital tools to help with risk assessment

What is risk management?

 

Risk management is all about dealing with the risks that an assessment reveals. There are a number of ways of dealing or managing risks, including:

• Mitigation: This involves reducing a risk to an acceptable level. One of the most common ways to mitigate risk is through insurance
• Avoidance: This can be achieved by changing a process or way of working to avoid the risk, or by transferring the risk
• Acceptance: Some risks may cause disruption, but because the disruption would be manageable and avoidance or mitigation would be more costly they can simply be accepted

 

Five types of risk

 

When it comes to charities, there are many different types of risks to think about, and the Charity Commission recommends that these are grouped into five types:

• Financial risks: these include the risk that a major funding source could dry up, preventing the charity from operating, and the risk of financial fraud
• External risks: these include the possibility of political actions preventing the charity from operating, or that negative publicity caused by poor service could cause significant harm to the charity’s reputation
• Regulatory and compliance risks: for example, failing to comply with data privacy legislation, which could cause financial damage through fines
• Operational risks: for example, failing to recruit people with the right skills, which could prevent a charity from being successful
• Governance risks: for example, failing to ensure that the charity board has the right skill sets to ensure that the charity can work effectively

But identifying the risks is only part of the story. That’s because for any identified risk you also need to make an assessment of:

• the likelihood of the risk happening
• the impact on your charity if it does

These assessments are often made on a scale of 1 (very unlikely or very little impact) to 4 (very likely or very high impact).

 

 

Digital risk assessment tools

 

The idea of carrying out a risk assessment can be daunting, but there are a wide variety of digital tools which can make the task easier.

 

 

NCVO’s risk assessment toolkit

 

The key to an effective risk assessment is to ensure that you have thought of all the risks that your charity faces and all the possible impacts. This can vary widely depending on the size and activities of your particular charity.

 

One way to try to ensure that your risk assessment is comprehensive is to make use of the National Council for Voluntary Organisation’s (NCVO’s) free digital risk assessment toolkit. This is made up of self-assessment questions, videos, and other resources to help you.

 

 

A simple spreadsheet

 

Another digital tool you can use in risk assessment is a simple spreadsheet, which forms the basis of a Probability and Impact matrix.

 

A Probability and Impact matrix is simply a box four cells high by four cells wide. The top cells are for risks with very low probability and the bottom cells are for very high probability. The columns represent impact, ranging from very low impact on the left to very high impact on the right.

 

By ranking each risk with a score of 1 to 4 for impact and probability, each one can then be assigned a cell: the least likely and least impactful will appear in the top left, while the most likely and most impactful will appear in the bottom right.

 

A Probability and Impact matrix is a useful tool for understanding the priority in which risks need to be managed: the risks that appear in the bottom right cell need managing with the most urgency.

 

 

Risk management software

 

Risk management software products comprise a set of digital tools that help charities estimate, plan for, measure, and mitigate risks. The key features of these products help the charity to identify potential risks, calculate the potential costs of those risks happening, and keep a database of risks.

 

They often have many more features as well, such as compliance management and incident management tools.

 

There are a number of free options to choose from, including:

• SimpleRisk
• Eramba
• Project Risk Manager

Commercial products include:

• TrackMyRisks (£30 per month for small charities)
• RiskWatch (price on application)
• Vantage (price on application)