Identifying and managing risk in your charity

All charities face some risks. The risks your charity might face will depend on factors such as its size, funding and activities. Recently we considered managing those risk at our inaugural charity trustees roundtables.

Risk is not a dirty word

When speaking with charity trustees sometimes I am asked the question “Are we allowed to take risks in the running of our charity?” A glance at Charity Commission guidance “CC3: The Essential Trustee” provides a clear answer:

You and your co-trustees should manage risk responsibly. You have a duty to avoid exposing your charity to undue risk. This doesn’t mean being risk averse. Risk management is the process of identifying and assessing risks and deciding how to deal with them.

The Commission has a Regulatory and Risk Framework which provides its terms of reference – it has limited resources which need to be used to deliver maximum impact i.e. effective regulatory intervention:

“We will prioritise our casework resources towards addressing the highest risks, those which have the potential to cause the highest level of harm to public trust and confidence, or which may affect trustees’ ability to comply with their duties.”

Taking significant risks has become the norm for charities since the Coronavirus pandemic: facing existential threats, many organisations have been forced to change their operating and funding models, making advances in digital working that would have taken years in “normal times”, which in turn have led to different risks needing to be managed, such as looking after the welfare – in particular mental health - of a charity’s staff and volunteers so they can continue to support those people the charities help and the causes they advance.

To mark Trustees’ Weeks 2021, on Thursday 4 November Shoosmiths held its inaugural charity trustee roundtables, adopting the format we have used for a quarterly programme of charity leaders’ virtual roundtables established during lockdown, where we invited speakers to address a small group of charity executives on a topical issue for 15-20 minutes as a prompt to a wider discussion among the group (all subject to the Chatham House Rule). The roundtable programme has been welcomed as an informal forum in which charity leaders can network, share insights and experiences with peers from all around the country, working in different parts of the charity sector.

Trustees from charities large and small joined us on a Teams call to hear from Paul Rao, UK Head of Not for Profit at Grant Thornton, a Charity Risk specialist who shared with our two groups the findings of Grant Thornton’s 2021 charity risk benchmarking study which examined the highest rated risks facing charities (and which include safeguarding, cyber and fundraising risks): The top 10 risks facing the charity sector in 2021 | Grant Thornton

Some key risks for charities in 2021...

Paul’s presentation led to a rich discussion and various observations and insights, some of which we highlight here in the hope these will be of interest to charity trustees who weren’t able to join us on the evening:

  • It is a risk not to take risks – a mindset of risk aversion will in time prevent you developing significant opportunities and will curtail your ambitions as a charity. This is why it is so important for each charity to be clear from the outset about its own levels of risk appetite and risk tolerance.
  • There is much more use of social media and websites to extend charities’ reach and for their fundraising. How are charities coping with the risk of fraud and cybercrime? Basic IT controls are sensible but the biggest risk is usually human behaviour – an itchy finger that just can’t help clicking on that enticing link before the brain is engaged. As to which see our recent webinar resources here: Charity fraud and cybercrime: Managing the risks (
  • And even though you may have battled through the business interruption of the last 20 months, and even if you have successfully dealt with a ransomware attack, have you factored in the time it’s going to take to become fully operational again after the incident?
  • You may be data-compliant, follow your privacy policy to the letter and you may be relieved that your data storage is in the cloud – but what happens to your data if your cloud provider disappears overnight?
  • If you have an estate of charity shops and traditionally have run lots of in-person fundraising events the national lockdowns shined a light on the need to diversify income streams where possible. But are your plans for securing other sources of income realistic in terms of timeframes to reach fruition and the level of additional revenue they may generate? Recent headlines proclaim that UK charity legacy income is predicted to reach £5bn in 2030, but it takes time to develop a charity’s legacy fundraising capability and even if your charity is gifted a legacy in a will someone writes today, you may not know about it and will have no control over the timing of that gift in the future, so cannot easily plan on the basis of receiving it.
  • In the last year or so many charities have collaborated more closely to advance their aligned charitable purposes and even if the specific funding which facilitated partnership working has ended, there remains a legacy of established connections and networks providing a platform for working together again in future.
  • Safeguarding’ is a risk for which almost all charities have close to zero risk appetite, but safeguarding can mean very different things in different charities, especially bearing in mind the Charity Commission’s wide interpretation, which encompasses all those who come into contact with a charity and so includes employees, donors and other stakeholders, not just children and vulnerable adults.
  • There is a greater focus on attracting talent to charities, in the knowledge that the ‘third sector’ usually offers lower pay than the private sector – what is it that charities can do to attract and retain that talent? In some bigger charities there seem to be fewer directors in senior leadership teams and more ‘Heads of…’ As already mentioned, remote working during the pandemic has taken its toll as well as offering some benefits (e.g. reduced commutes) – so how are charities keeping in touch with their people? Are they using pulse surveys and regular touch points to maintain team working and spirit?
  • Can you believe there was a time before the pandemic when the (high) level of some charities’ reserves was questioned? Not anymore, as we have since seen many rainy days. And might it be appropriate for your Board to pre-empt that rainy day and buy an umbrella today, investing your free reserves to increase your organisation’s capacity to advance your charitable purposes because, all things considered, that’s the right thing to do?
  • Membership charities may face a ‘relevance’ risk, in balancing the needs of their members with the public benefit they need to deliver.
  • And while grant-making charities may not face the same level of funding risks of operational charities, they have the risks of investment and those presented by funded organisations that may not be here in a year’s time – which of course may be outweighed by the emergency support those organisations deliver today.
  • As well as the ‘corporate’ risks your charity may face there are many others – such as the risks that frame your strategy and the risks to execute it.

Ultimately risk management isn’t a tick-box exercise. In early 2020 many charities had risk registers but even if yours had the word ‘pandemic’ written somewhere on it, what was the state of your contingency planning when COVID-19 struck?

Managing risk is an approach, to be tailored to your organisation, and a culture to be nurtured, where all your people - not just your Board, even if your trustees are the leaders - continually evaluate what might happen that would affect your charity achieving its purposes.

Come along to our Trustees' Roundtable in 2022

If you are a charity trustee and interested in participating in our trustee roundtables in 2022, to learn from your peers and to provide them with your own insights then do get in touch.


This information is for general information purposes only and does not constitute legal advice. It is recommended that specific professional advice is sought before acting on any of the information given. Please contact us for specific advice on your circumstances. © Shoosmiths LLP 2024.



Read the latest articles and commentary from Shoosmiths or you can explore our full insights library.