Risk registers: is yours working for you?

Published on 7th October 2019

Many charities state that they have a risk register. Often, when it is produced, it is a colour coded spreadsheet identifying risks and highlighting whether they are considered significant. For many it has become a tick box exercise of identifying risks but not actually managing them.

Instead of a traditional register (or in addition to), a risk policy might work better. A risk policy would involve the trustees asking themselves where they are willing to take risks. This therefore needs to be linked to strategy.

Areas to be considered:

  • impact
  • reputation
  • compliance
  • financial sustainability
  • specific risks.

It can be helpful to focus on three broad categories of risk: project risks, operational risks and strategic risks.

A charity’s approach to risk will usually encompass a level of risk taking the evaluation of the risk should consider the severity of impact and the likelihood of it happening to assess mitigation.

Trustees should decide where they are prepared to take risks in order to innovate and grasp opportunities but still be alert and respond to their strategic risks.

Is now the time to revisit what your charity does on risk?