“Charity trustees should regularly review and assess the risks faced by their charity in all areas of its work and plan for the management of those risks. Risk is an everyday part of charitable activity and managing it effectively is essential if the trustees are to achieve their key objectives and safeguard their charity’s funds and assets.” (Charities and Risk Management, Charity Commission)
Please note, whilst different charity regulations apply in Scotland and Northern Ireland, this good practice applies across Girlguiding.
While not all Counties are charities, the principles are the same – the Executive need to identify the risks which could impact the County, and decide how best to respond to these risks to minimise any negative outcome, and to make an appropriate statement in the annual report. It is good practice to do so even if not required by the Charity Commission.
The risks facing a County could include:
• Governance risks – such as an ineffective structure, conflicts of interest or a lack of the right skills among the Trustees or other key personnel.
• Operational risks – such as risks relating to events or property, safe from harm issues, or data protection issues.
• Financial risks – such as insufficient insurance cover, reducing income or cash flow issues.
• External risks – such as reputational risk, image risk, and changes in government policy.
• Compliance risks – such as poor knowledge of the responsibilities of an employer or other regulatory requirements, or breach of trust.
Each County should have a log of risks, assessed using our standard risk assessment process, and should review this regularly (perhaps every six months) or when a new risk appears or where risk has significantly increased. The focus should be on identifying and implementing the right mitigating actions (or controls) to reduce to risk to a level which the Trustees/Executive are prepared to accept. Very high risk items may need to be considered more frequently, until the risk reduces.
Each County event and property should have their own risk logs, which should be managed by the relevant committee, but reported back to the Executive, who may wish to add high risk items to the County log to ensure that they receive suitable attention. The Executive/Trustees remain responsible for risk management, even if the day to day management is delegated.
Having a set of well-considered mitigating actions to take before or if a risk actually happens will assist in dealing with the issue, should it arise. It is harder to think clearly when dealing with a live issue, and having a set of procedures to follow which were written before the issues arises is a great benefit.
Remember that risks should be managed at the appropriate level, and the County Executive should be concerned with risks which would affect the well-being of the County.
Click here for more information on how to carry out a risk assessment.