Friday, 8 November 2013

Guest Blog: Risk Management and understanding your organisation's risk appetite - Zurich

By Hannah Clark, Head of Charities and Social Organisations, Zurich

As greater demands are put on the charity sector, it is more important than ever that trustees are involved in defining the amount and type of risk their organisation is willing to pursue or accept.  

The consideration of risk and how risk is managed is particularly important for charities because those who are ultimately responsible for the organisation, its trustees, are not normally involved in the day-to-day running of its operation.

Since the publication of the Charity Commission’s Statement of Recommended Practice in 2000, trustees of charities have been required to make a statement in their annual Trustees Report confirming that systems or procedures have been established to manage major risks. Most charities therefore have in place a Risk Management strategy and a risk register, developed in line with those risks to which the charity is especially exposed.

One of the Trustees’ key responsibilities is defining the charity’s Risk Appetite – ‘the amount and type of risk the charity is willing to pursue/accept’.  The Board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its corporate objectives, and must set provisions accordingly.

When defining your organisation’s risk profile it will be important that it aligns with the overall strategy and culture of the charity.  In doing so it will help ensure that the organisation is only taking a level and type of risk that it is comfortable with and that exposure is commensurate to the reward. 

Risk appetite can be expressed in a number of ways - from a Risk Appetite statement (listing tolerable level of maximum loss, zero tolerance for injuries, no tolerance for fraud etc) to setting the boundaries of a risk ‘traffic light’ matrix.  Whatever method is chosen it is essential that the charity’s risk appetite is properly communicated to your executives and employees so they have a framework to make judgements about which risks are acceptable and which are not, thereby avoiding over the top or lax reactions to risk.

To be effective, risk management should not be an isolated process but integral to how the charity operates.  There are a number of straightforward ways to ensure good risk management becomes part of your organisation’s culture:

·         Secure commitment from the top of the organisation
·         Ensure people understand the Risk Management process and their role
·         Keep it simple
·         Align risk to the organisation’s objectives
·         Embed risk management into existing ways of working
·         Ensure the Strategic Risk Register captures the key risks and people fully understand them
·         Ensure your Risk Reporting arrangements are fit for purpose and that Trustees are receiving the right information,  looking at the key risks and are asking the right questions
·         Demonstrate how risk management has supported the charity and has helped maximise any opportunities
·         Think ahead of emerging risks 
·         Review the risk register regularly, maintaining it as a dynamic and living document

Hannah Clark is Head of Charities and Social Organisations at Zurich

No comments:

Post a Comment