Risk management

Giroscope’s Risk Register Methodology

Our Risk Profile in Matrix Form

(The basis for this document is the Charity Commission’s Guidance Note (CC26): Charities and Risk Management, published June 2010)

We list 5 Risk Categories as follows:

Risk Category Examples
Governance Risks Direction strategy and planning, Inappropriate structure, Trustees lack relevant skills and commitment, Conflicts of interest, Loss of key staff, reporting to trustees (accuracy, timeliness and relevance)
Operational Risks Contract risks, Service provision (customer satisfaction), Project risks, Loss of contracts, Capacity risks, Use of resources, Funding risks, Employment issues, Staff turnover, Volunteer risks, HSE issues, IT risks (data protection breach), Disaster recovery planning (IT collapse, major fire/flood)
Financial Risks Dependency on income sources, Reserves policy, dependency on funding, Control and reporting, Borrowing risks, Pension commitments, Non-charitable trading risks, Cash flow risks, Compliance with donor imposed restrictions, Fraud or error, Counter party risk, 3rd party guarantees
External and Environmental Risks Public perception, Adverse publicity, Relationship with funders, Demographic impacts, Government policy
Compliance Risks Compliance with appropriate legislation and regulations consistent with size and structure of the charity, Regulatory reporting requirements, Taxation impacts, Professional advice

Within each Category, the risks identified are assessed using a scoring system as follows.

A: Their Impact (x) on Giroscope is scored 1-5 as follows:-

Descriptor Score Impact on Service and Reputation
Insignificant 1
  • No impact on service
  • No impact on reputation
  • Complaint unlikely
  • Litigation risk remote
Minor 2
  • Slight impact on service
  • Slight impact on reputation
  • Complaint possible
  • Litigation possible
Moderate 3
  • Some service disruption
  • Potential for adverse publicity – avoidable with careful handling
  • Complaint probable
  • Litigation probable
Major 4
  • Service disrupted
  • Adverse publicity not avoidable (local media)
  • Complaint probable
  • Litigation probable
Extreme 5
  • Service interrupted for significant period
  • Major adverse publicity not avoidable (national media)
  • Major litigation expected
  • Resignation of senior management and board
  • Loss of beneficiary confidence

 

B: Their Likelihood of occurring (y) to Giroscope are similarly assessed as follows:-

Descriptor Score Example
Remote 1 May only occur in exceptional circumstances
Unlikely 2 Expected to occur in a few circumstances
Possible 3 Expected to occur in some circumstances
Probable 4 Expected to occur in many circumstances
Highly probable 5 Expected to occur frequently and in most circumstances

 

A combined Risk Score is then calculated using the formula xy+x

This yields a range of possible values between 2 and 30 for each identified risk and reflects the fact that high impact/low likelihood is inherently of greater risk than low impact/high likelihood.

In interpreting the Risk Score, the Charity Commission guidance is that scores of 15 or over should be considered as major or extreme risks (red), scores between 8 and 14 as moderate or major risks (amber) and scores below 8 as minor or insignificant risks (green).

We show this information in a matrix form.

Identified Risks falling in the red zone are addressed as they arise and at quarterly Trustees’ meetings and action items flagged for immediate Management action. Items within one step of a red (either through upscale of Impact or Likelihood) are flagged at the Trustees’ meeting and assessment/monitoring actions put in place by Management to contain the risk.