Risk management - charities


Filed Under: AIM-listed

A well-known charity collection website was recently suspended - the charity had not filed accounts for three years giving rise to concern about the management and control by the trustees.

Charities can face a wide variety of risks which could affect their beneficiaries if not dealt with properly. Risk management is the trustees’ responsibility.

Risks are any events that could prevent your charity from achieving its aims or carrying out its strategies.

Some of the risks charities can face are:
  • Fraud - internal and external.
  • Loss of money through inappropriate investments.
  • Damage to the charity’s reputation.

The National Fraud Authority released the Annual Fraud Indicator in June, showing that 1 in 10 charities with incomes over £100,000 have detected fraud in the last financial year.
It is vital that charities do not become complacent and ensure they have financial controls and policies in place to both prevent fraud occurring, and to deal with it when it does happen.

As a matter of good practice trustees should:
  • Install good financial controls and policies governing access, use and storage of electronic information.
  • Develop a financial records system for both the receipt and use of all funds.
  • Ascertain the identity and legitimacy of any organisation the charity works with.
  • Get safe online: put antivirus systems, firewalls and policies governing electronic information in place.
  • Have regard to, and apply, sound trustee “owned” governance principles.
  • Keep up-to-date with current good practice procedures.
  • Understand the charity’s structure, activities and areas of operation that could affect risks.

By law, non-company charities with incomes of £500,000 or more (and charities with incomes above £250,000 plus assets worth more than £3.26m) must include a risk management statement in the trustees’ annual report. It is good practice for smaller charities to report on their risk management activities as well.

Charitable companies must report on their main risks and uncertainties in the directors’ report (unless they are classed as a small company by law).

To protect against fraud and financial crime, it is strongly recommended that charities have a clear risk management policy and process.