B3: Risks worth taking: How to get risk management right

Drinks sponsors:

Partner sponsor:

Lead sponsor:

Media partner:

Tech partner:

RISKS WORTH TAKING: HOW TO GET RISK MANAGEMENT RIGHT

SPEAKERSLUKE FLETCHER PARTNER, BATES WELLS BRAITHWAITE

AMANDA OGILVIE SOLICITOR, BATES WELLS BRAITHWAITE

AGENDA

Risk management for charities: Setting the scene• Why is risk management important? • Key trends in the sector

Minimum requirements: The essentials Case study & discussion Going beyond minimum requirements:

What does good practice look like? Top tips Final questions

RISK MANAGEMENT FOR CHARITIES

SETTING THE SCENE…

Need for agility, responsiveness and

resilience

Increasing and changing needs

for services

Drive for bold, calculated risks

Wide ranging social

entrepreneurial activities

Evolving role of the State and Brexit Prolonged

austerity and significant

demographic shifts

Shift from grant to contract culture

Digitalrevolution

Risk management in dynamic, fast changing

environments

KEY RISK TRENDS

“Nothing in the world causes so

much misery as

uncertainty”

Martin Luther

“Risk is not bad – there is an element of risk in almosteverything. And many in the charity sector believe that in somesituations charities, working as they do at the cutting edge ofmany social problems, have a duty to take risks. Often no oneelse will. But trustees will be expected to identify risks anddecide how they should be managed.”

Bates Wells Braithwaite, Duties of Charity Trustees

“Making decisions is also closely linked to managing risk.It is important for trustees to be aware and informedabout risk. This does not always mean avoiding riskaltogether; it is better to recognise risks and takeappropriate steps to manage them. There is usuallysome element of risk in decision making, and sometimesinnovation only comes about through measured risk-taking.”

Charity Commission guidance “CC27 - It’s your decision : Charity trustees and decision making” published 10 May 2013

RISK MANAGEMENT FOR CHARITIES: THE ESSENTIALS

Charity Commission guidance “CC26 – Charities and Risk Management”

“Risk is an everyday partof charitable activity andmanaging it effectively isessential if the trusteesare to achieve their keyobjectives and safeguardtheir charity’s funds andassets.”

MINIMUM REQUIREMENTS

“The responsibility for the management and control of a charity restswith the trustee body and therefore their involvement in the keyaspects of the risk management process is essential.”

WHOSE RESPONSIBILITY IS IT?

Charity Commission guidance “CC26 – Charities and Risk Management”

MINIMUM REQUIREMENTS

Charities that are required by law to have their accounts audited must make a risk management statement in their trustees’ annual report confirming that:

THE RISK MANAGEMENT STATEMENT:

‘the charity trustees have given consideration to the major risks to which the

charity is exposed and satisfied themselves that systems or procedures are

established in order to manage those risks’.

Charities (Accounts and Reports) Regulations 2008

WHAT IS THE PURPOSE OF THE RISK

MANAGEMENT STATEMENT?

allow the trustees to comment on any further planned

developments of the charity’s risk

management processes

set out the major risks

that the charity is

exposed to

provide an insight into

how the charity

handles risk

An acknowledgement of the trustees’ responsibility

An overview of the charity’s risk identification process

An indication that major risks identified have been reviewed or assessed

Confirmation that control systems have been established to manage those risks

MINIMUM REQUIREMENTS

What does the risk management statement need to cover?

THE RISK MANAGEMENT STATEMENT

“Although the risk management statement forms an importantpart of the trustees’ annual report, there is no requirement forthe statement to be audited unless other requirements…apply.”

BUT “auditors that become aware of apparent misstatements orinconsistencies in the trustees’ Annual Report, based on theirother audit work, will seek to resolve them and will need toconsider the impact on their report if such issues cannot beresolved”.

Does the risk management

statement need to be audited?

NO, unless other requirements apply

WHAT ARE MAJOR RISKS?The Charity Commission provides that major risks are those which:

have a major impact; and

a probable or highly probable likelihood of occurring

CONTROL SYSTEMS & RISK IDENTIFICATION PROCESS

“Charities will need to consider risk and its management in a structured way if a positive risk management statement is to be made.”

WHAT DOES THIS MEAN?

Charity Commission guidance

“CC26 – Charities and Risk Management”

BOARD MINUTES

Trustees should not only make sure that they are assessing risk as part of their decision making

process… it is also important that they record the reasons for their decision so this can be evidenced

in the future.

THESE ARE ONLY THE ESSENTIALS…

CASE STUDY

WHAT DOES GOOD PRACTICE LOOK LIKE?

GOING BEYOND THE MINIMUM REQUIREMENTS

The identification, assessment & management of risk are linked to the achievement of the charity’s objectives

All areas of risk are covered

A risk exposure profile is created reflecting the trustees’ views as to what levels of risk are acceptable

The principal results of the risk identification, evaluation and management process are reviewed and considered

Risk management is ongoing and embedded in management and operational procedures

SO WHAT DOES GOOD LOOK LIKE?The Charity Commission recommends that charities adopt a risk management policy and implement a rigorous risk management processes to help to ensure that:

SO WHAT DOES GOOD LOOK LIKE?

EMBED AN EFFECTIVE RISK MANAGEMENT FRAMEWORK

No particular model

Key stages:

• Risk Management Policy

• Identify

• Assess

• Evaluate

• Monitor and assess

What does this mean?

RISK MANAGEMENT POLICY

“The implementation of an effective risk management policy is a key part of ensuring that a charity is fit for purpose.”Charity Commission guidance “CC26 – Charities and Risk Management”

What is risk?

“Risk is the uncertainty surrounding events and their outcomes that may have a significant impact, either enhancing or inhibiting any area of the charity’s operations”.

Charity Commission for England and Wales

“Risk is the effect of uncertainty on our objectives”

International Organisation for Standardisation ISO 31000

IDENTIFY: HOW DO WE IDENTIFY RISKS?

The Charity Commission identifies 5 key categories of risk:

IDENTIFY: HOW DO WE IDENTIFY RISKS?

Governance

Operational

Financial

External

Compliance

IDENTIFY: HOW DO WE IDENTIFY RISKS?

CONSULT

Whose responsibility?

Regular reporting and discussion at

Board meetings

Specific part of individual

roles?

Everyone’s?

ASSESS

EVALUATION OF IMPACT AND LIKELIHOOD

EVALUATE: SO WHAT?

Draw up an “Action Plan”

CONSIDER WHAT ACTION NEEDS TO BE TAKEN

The 4 “T”s!

Tolerate

Treat

Transfer

Terminate

CONTINGENCY PLANNING “As part of an effective risk management process, a charity should consider what needs to be done if a serious event does take place.”

Charity Commission guidance “CC26 – Charities and

Risk Management”

MONITOR AND ASSESS

“Risk management is a dynamic process…not a one-off event and should be seen as a process that will require monitoring and assessment.”

TOP TIPS…

Create a safe space

Wide involvement

Embed into operations

Risk ownership

Regular debate

15 QUESTIONS TRUSTEES SHOULD ASK

FINAL QUESTIONS AND COMMENTS

Luke Fletcher, Partner

Email: l.fletcher@bwbllp.com

Telephone: 020 7551 7750

Amanda Ogilvie, SolicitorEmail: a.ogilvie@bwbllp.comTelephone: 020 7551 7789