A risk assessment can be a daunting prospect. We take a look at some of the digital tools you can use to make the task easier
Every charity wants to improve the services it provides to beneficiaries and to maximise the results of its fundraising activities. So far, so obvious. But what may not be so obvious is that in order to do this an important step is to carry out an effective risk assessment.
That’s because every charity faces risks and these risks can come in many forms: a key donor may decide to stop donating, an important staff member may leave, the charity may become a victim of a cyber attack or fraud, or a change in government policy might negatively affect operations.
Many charities carry out regular cyber security risk assessments. But it’s only by carrying out a thorough and more general risk assessment, and then managing those risks, that a charity can ensure that it will be in a position to raise the funds that it requires and continue to operate effectively.
For many charities, a risk assessment isn’t just a good idea: it’s also the law. Non-company charities with incomes of £500,000 or more (and charities with incomes above £250,000 plus assets worth more than £3.26 million) must include a risk management statement in their trustees’ annual report, according to government guidance.
Risk management is all about dealing with the risks that an assessment reveals. There are a number of ways of dealing or managing risks, including:
When it comes to charities, there are many different types of risks to think about, and the Charity Commission recommends that these are grouped into five types:
But identifying the risks is only part of the story. That’s because for any identified risk you also need to make an assessment of:
These assessments are often made on a scale of 1 (very unlikely or very little impact) to 4 (very likely or very high impact).
The idea of carrying out a risk assessment can be daunting, but there are a wide variety of digital tools which can make the task easier.
NCVO’s risk assessment toolkit
The key to an effective risk assessment is to ensure that you have thought of all the risks that your charity faces and all the possible impacts. This can vary widely depending on the size and activities of your particular charity.
One way to try to ensure that your risk assessment is comprehensive is to make use of the National Council for Voluntary Organisation’s (NCVO’s) free digital risk assessment toolkit. This is made up of self-assessment questions, videos, and other resources to help you.
A simple spreadsheet
Another digital tool you can use in risk assessment is a simple spreadsheet, which forms the basis of a Probability and Impact matrix.
A Probability and Impact matrix is simply a box four cells high by four cells wide. The top cells are for risks with very low probability and the bottom cells are for very high probability. The columns represent impact, ranging from very low impact on the left to very high impact on the right.
By ranking each risk with a score of 1 to 4 for impact and probability, each one can then be assigned a cell: the least likely and least impactful will appear in the top left, while the most likely and most impactful will appear in the bottom right.
A Probability and Impact matrix is a useful tool for understanding the priority in which risks need to be managed: the risks that appear in the bottom right cell need managing with the most urgency.
Risk management software
Risk management software products comprise a set of digital tools that help charities estimate, plan for, measure, and mitigate risks. The key features of these products help the charity to identify potential risks, calculate the potential costs of those risks happening, and keep a database of risks.
They often have many more features as well, such as compliance management and incident management tools.
There are a number of free options to choose from, including:
Commercial products include: