Giroscope’s Risk Register Methodology
Our Risk Profile in Matrix Form
(The basis for this document is the Charity Commission’s Guidance Note (CC26): Charities and Risk Management, published June 2010)
We list 5 Risk Categories as follows:
Risk Category | Examples |
Governance Risks | Direction strategy and planning, Inappropriate structure, Trustees lack relevant skills and commitment, Conflicts of interest, Loss of key staff, reporting to trustees (accuracy, timeliness and relevance) |
Operational Risks | Contract risks, Service provision (customer satisfaction), Project risks, Loss of contracts, Capacity risks, Use of resources, Funding risks, Employment issues, Staff turnover, Volunteer risks, HSE issues, IT risks (data protection breach), Disaster recovery planning (IT collapse, major fire/flood) |
Financial Risks | Dependency on income sources, Reserves policy, dependency on funding, Control and reporting, Borrowing risks, Pension commitments, Non-charitable trading risks, Cash flow risks, Compliance with donor imposed restrictions, Fraud or error, Counter party risk, 3rd party guarantees |
External and Environmental Risks | Public perception, Adverse publicity, Relationship with funders, Demographic impacts, Government policy |
Compliance Risks | Compliance with appropriate legislation and regulations consistent with size and structure of the charity, Regulatory reporting requirements, Taxation impacts, Professional advice |
Within each Category, the risks identified are assessed using a scoring system as follows.
A: Their Impact (x) on Giroscope is scored 1-5 as follows:-
Descriptor | Score | Impact on Service and Reputation |
Insignificant | 1 |
|
Minor | 2 |
|
Moderate | 3 |
|
Major | 4 |
|
Extreme | 5 |
|
B: Their Likelihood of occurring (y) to Giroscope are similarly assessed as follows:-
Descriptor | Score | Example |
Remote | 1 | May only occur in exceptional circumstances |
Unlikely | 2 | Expected to occur in a few circumstances |
Possible | 3 | Expected to occur in some circumstances |
Probable | 4 | Expected to occur in many circumstances |
Highly probable | 5 | Expected to occur frequently and in most circumstances |
A combined Risk Score is then calculated using the formula xy+x
This yields a range of possible values between 2 and 30 for each identified risk and reflects the fact that high impact/low likelihood is inherently of greater risk than low impact/high likelihood.
In interpreting the Risk Score, the Charity Commission guidance is that scores of 15 or over should be considered as major or extreme risks (red), scores between 8 and 14 as moderate or major risks (amber) and scores below 8 as minor or insignificant risks (green).
We show this information in a matrix form.
Identified Risks falling in the red zone are addressed as they arise and at quarterly Trustees’ meetings and action items flagged for immediate Management action. Items within one step of a red (either through upscale of Impact or Likelihood) are flagged at the Trustees’ meeting and assessment/monitoring actions put in place by Management to contain the risk.