Risk Management Policy
1. Policy objective
Risk in this policy describes the uncertainty surrounding events and their outcomes that may have a significant impact, either enhancing or inhibiting, on any area of the charity’s operations.
The Charity Commission strongly recommends that charities have a clear risk management policy and process. The charity should have a structured approach to risk management that is appropriate for its size and complexity.
The objective of this policy is to provide guidance on managing organisational risk to support the achievement of strategic objectives, protect beneficiaries, staff and business assets and ensure business operations and financial sustainability. The policy objective is to provide a framework to:
• Define risk governance
• Identify principal risks
• Assess priority risks
• Develop mitigating strategies and actions
• Monitor and review risk activities
• Communicate and report risks
2. Risk governance
|Trustee||Trustees are required to identify and review the strategic, operational, regulatory, people, political and environmental risks to which the organisation is exposed and to assess the likelihood of such risks and the possible level of impact they would have.
Trustees must be satisfied that risk management is embedded in the organisation and adequate systems are in place to monitor, manage and, where appropriate, mitigate Animal Saviours exposure to the major risks.
|Managers & Staff||Comply with risk management policy and processes and foster an environment where risks can be identified and escalated.|
3. Principal risk identification
Risk is embedded within the organisation and risk management is factored into planning, continuity management and project management. All projects and countries look at risks specific to their particular context. Enterprise wide risks that could have a major impact on Animal Saviours as a whole are those reviewed by trustees and management.
There are myriad enterprise risks to which Animal Saviours is exposed. In 2019 the trustees took time to identify a ‘long list’ of around 20 risks, split between six main categories:
• Legal and regulatory
• Political and environmental
4. Assess priority risks
Each priority risk is entered on the risk log. The risk is assessed by considering the following dimensions:
• Risk appetite (high, medium, medium/low, low)
• Significance of the risk (scale of 1-5, where 5 is the most significant)
• Probability of risk occurrence (scale of 1-5, where 5 is the most probable)
• Description of worst-case outcome, including a financial quantification if appropriate
In addition, ‘direction of travel’ is also noted, whether we think that overall the impact of the risk has stayed static since previous review or is changing for better or worse.
5. Risk mitigation
Each risk has an owner responsible for the mitigation strategy. The key elements of the mitigation strategy are noted on the risk log with summary associated comments. In addition, if a risk has been delegated to a specific trustee this is also noted.
It is designed to be a dynamic process, both in terms of considering what the top risks are and looking at strategies to mitigate them. These strategies provide the foundation for developing our key operational and financial processes such as safeguarding, reserves, investment and treasury management policies.
6. Risk monitoring and review
Trustees are ultimately responsible for the system of risk management and internal control and through the audit committee reviews the effectiveness of this system.
Every year the trustees consider in depth the nature and extent of the principal risks that Animal Saviours is willing to take to achieve its strategic objectives. For each principal risk, risk appetite is assessed to balance opportunities for development and growth in areas of potentially higher risk, while maintaining reputation and reasonable levels of broad stakeholder support.
The trustees reviews the risk log at each meeting.
There are discussions to decide as to whether priority risks need to be introduced, amended or replaced in light of external events or operational challenges. It is an accountability of the trustees to promote risk management processes throughout the organisation and encourage transparency in reporting and speedy issue and risk escalation.
Priority risks are reviewed regularly by the trustees and considered when developing development plans and approaches.
7. Risk communication and reporting
Trustees are required to report on the adequacy of the risk management framework under Charities SORP – Accounting and Reporting by Charities: Statement of Recommended Practice applicable to charities preparing their accounts in accordance with the Financial Reporting Standard applicable in the UK and Republic of Ireland (FRS 102) (effective 1 January 2015).
As well as a risk systems adequacy statement, a description of each priority risk is published by trustees in the annual report.
Risk management is factored into business planning, performance management, audit and assurance, business continuity management and project management and monitoring. All projects and countries look at risks specific to their particular context. Project risk logs are published on the programme portal alongside other relevant documentation.
Partner risk processes inclusive of safeguarding and financial control elements are assessed as a core element of partner due diligence. If their policy/processes are deficient, we will either not work with them. Where it is deemed essential that Animal Saviours does partner, policies will be developed as part of the early stages of the partnership, led by the due diligence process. These should include child safeguarding and risk management elements, and partners could use our policies as a foundation, adapted to the legislation of the relevant country.
Animal Saviours’ Risk Management Policy is also published on its external website.
Charity Commission: Charities and Risk Management (CC26)
Institute of Risk Management guidance
This document from the IRM summarises UK Corporate Governance Code requirements and notes selected company approaches to designing and implementing risk appetite statements.