Date post: | 21-Jan-2018 |
Category: |
Government & Nonprofit |
Upload: | ncvo-national-council-for-voluntary-organisations |
View: | 108 times |
Download: | 1 times |
Drinks sponsors:
Partner sponsor:
Lead sponsor:
Media partner:
Tech partner:
RISKS WORTH TAKING: HOW TO GET RISK MANAGEMENT RIGHT
SPEAKERSLUKE FLETCHER PARTNER, BATES WELLS BRAITHWAITE
AMANDA OGILVIE SOLICITOR, BATES WELLS BRAITHWAITE
AGENDA
Risk management for charities: Setting the scene• Why is risk management important? • Key trends in the sector
Minimum requirements: The essentials Case study & discussion Going beyond minimum requirements:
What does good practice look like? Top tips Final questions
RISK MANAGEMENT FOR CHARITIES
SETTING THE SCENE…
Need for agility, responsiveness and
resilience
Increasing and changing needs
for services
Drive for bold, calculated risks
Wide ranging social
entrepreneurial activities
Evolving role of the State and Brexit Prolonged
austerity and significant
demographic shifts
Shift from grant to contract culture
Digitalrevolution
Risk management in dynamic, fast changing
environments
KEY RISK TRENDS
“Nothing in the world causes so
much misery as
uncertainty”
Martin Luther
“Risk is not bad – there is an element of risk in almosteverything. And many in the charity sector believe that in somesituations charities, working as they do at the cutting edge ofmany social problems, have a duty to take risks. Often no oneelse will. But trustees will be expected to identify risks anddecide how they should be managed.”
Bates Wells Braithwaite, Duties of Charity Trustees
“Making decisions is also closely linked to managing risk.It is important for trustees to be aware and informedabout risk. This does not always mean avoiding riskaltogether; it is better to recognise risks and takeappropriate steps to manage them. There is usuallysome element of risk in decision making, and sometimesinnovation only comes about through measured risk-taking.”
Charity Commission guidance “CC27 - It’s your decision : Charity trustees and decision making” published 10 May 2013
RISK MANAGEMENT FOR CHARITIES: THE ESSENTIALS
Charity Commission guidance “CC26 – Charities and Risk Management”
“Risk is an everyday partof charitable activity andmanaging it effectively isessential if the trusteesare to achieve their keyobjectives and safeguardtheir charity’s funds andassets.”
MINIMUM REQUIREMENTS
“The responsibility for the management and control of a charity restswith the trustee body and therefore their involvement in the keyaspects of the risk management process is essential.”
WHOSE RESPONSIBILITY IS IT?
Charity Commission guidance “CC26 – Charities and Risk Management”
MINIMUM REQUIREMENTS
Charities that are required by law to have their accounts audited must make a risk management statement in their trustees’ annual report confirming that:
THE RISK MANAGEMENT STATEMENT:
‘the charity trustees have given consideration to the major risks to which the
charity is exposed and satisfied themselves that systems or procedures are
established in order to manage those risks’.
Charities (Accounts and Reports) Regulations 2008
WHAT IS THE PURPOSE OF THE RISK
MANAGEMENT STATEMENT?
allow the trustees to comment on any further planned
developments of the charity’s risk
management processes
set out the major risks
that the charity is
exposed to
provide an insight into
how the charity
handles risk
An acknowledgement of the trustees’ responsibility
An overview of the charity’s risk identification process
An indication that major risks identified have been reviewed or assessed
Confirmation that control systems have been established to manage those risks
MINIMUM REQUIREMENTS
What does the risk management statement need to cover?
THE RISK MANAGEMENT STATEMENT
“Although the risk management statement forms an importantpart of the trustees’ annual report, there is no requirement forthe statement to be audited unless other requirements…apply.”
BUT “auditors that become aware of apparent misstatements orinconsistencies in the trustees’ Annual Report, based on theirother audit work, will seek to resolve them and will need toconsider the impact on their report if such issues cannot beresolved”.
Does the risk management
statement need to be audited?
NO, unless other requirements apply
WHAT ARE MAJOR RISKS?The Charity Commission provides that major risks are those which:
have a major impact; and
a probable or highly probable likelihood of occurring
CONTROL SYSTEMS & RISK IDENTIFICATION PROCESS
“Charities will need to consider risk and its management in a structured way if a positive risk management statement is to be made.”
WHAT DOES THIS MEAN?
Charity Commission guidance
“CC26 – Charities and Risk Management”
BOARD MINUTES
Trustees should not only make sure that they are assessing risk as part of their decision making
process… it is also important that they record the reasons for their decision so this can be evidenced
in the future.
THESE ARE ONLY THE ESSENTIALS…
CASE STUDY
WHAT DOES GOOD PRACTICE LOOK LIKE?
GOING BEYOND THE MINIMUM REQUIREMENTS
The identification, assessment & management of risk are linked to the achievement of the charity’s objectives
All areas of risk are covered
A risk exposure profile is created reflecting the trustees’ views as to what levels of risk are acceptable
The principal results of the risk identification, evaluation and management process are reviewed and considered
Risk management is ongoing and embedded in management and operational procedures
SO WHAT DOES GOOD LOOK LIKE?The Charity Commission recommends that charities adopt a risk management policy and implement a rigorous risk management processes to help to ensure that:
SO WHAT DOES GOOD LOOK LIKE?
EMBED AN EFFECTIVE RISK MANAGEMENT FRAMEWORK
No particular model
Key stages:
• Risk Management Policy
• Identify
• Assess
• Evaluate
• Monitor and assess
What does this mean?
RISK MANAGEMENT POLICY
“The implementation of an effective risk management policy is a key part of ensuring that a charity is fit for purpose.”Charity Commission guidance “CC26 – Charities and Risk Management”
What is risk?
“Risk is the uncertainty surrounding events and their outcomes that may have a significant impact, either enhancing or inhibiting any area of the charity’s operations”.
Charity Commission for England and Wales
“Risk is the effect of uncertainty on our objectives”
International Organisation for Standardisation ISO 31000
IDENTIFY: HOW DO WE IDENTIFY RISKS?
The Charity Commission identifies 5 key categories of risk:
IDENTIFY: HOW DO WE IDENTIFY RISKS?
Governance
Operational
Financial
External
Compliance
IDENTIFY: HOW DO WE IDENTIFY RISKS?
CONSULT
Whose responsibility?
Regular reporting and discussion at
Board meetings
Specific part of individual
roles?
Everyone’s?
ASSESS
EVALUATION OF IMPACT AND LIKELIHOOD
EVALUATE: SO WHAT?
Draw up an “Action Plan”
CONSIDER WHAT ACTION NEEDS TO BE TAKEN
The 4 “T”s!
Tolerate
Treat
Transfer
Terminate
CONTINGENCY PLANNING “As part of an effective risk management process, a charity should consider what needs to be done if a serious event does take place.”
Charity Commission guidance “CC26 – Charities and
Risk Management”
MONITOR AND ASSESS
“Risk management is a dynamic process…not a one-off event and should be seen as a process that will require monitoring and assessment.”
TOP TIPS…
Create a safe space
Wide involvement
Embed into operations
Risk ownership
Regular debate
15 QUESTIONS TRUSTEES SHOULD ASK
FINAL QUESTIONS AND COMMENTS
Luke Fletcher, Partner
Email: [email protected]
Telephone: 020 7551 7750
Amanda Ogilvie, SolicitorEmail: [email protected]: 020 7551 7789