You can also view a colour PDF version of Charities and Risk Management: A guide for trustees (CC26)
Charity trustees should regularly review and assess the risks faced by their charity in all areas of its work and plan for the management of those risks. Risk is an everyday part of charitable activity and managing it effectively is essential if the trustees are to achieve their key objectives and safeguard their charity's funds and assets.
This guidance outlines the basic principles and strategies that can be applied to help charities manage their risks. It should help trustees set a risk framework that allows them to:
The risks that a charity faces depend very much on the size, nature and complexity of the activities it undertakes, and also on its finances. As a general rule, the larger and more complex or diverse a charity's activities are, the more difficult it will be for it to identify the major risks that it faces and put proper systems in place to manage them. This means that the risk management process will always need to be tailored to fit the circumstances of each individual charity, focusing on identifying the major risks. Trustees of large, complex charities may need to explore risk more fully than the outline given here.
The main body of the guidance covers:
Part E contains the contact details of organisations that offer useful information about risk management. Annex 1 contains a risk register template with examples of how it can be used and Annex 2 gives examples of the most common risk areas for charities, their potential impact and the possible steps to mitigate them.
Our guidance has been updated to include current thinking in models for assessing risk and to draw attention to the distinction between risks that arise from a financial situation and risks arising in other ways that can be seen as non-financial, even if ultimately they have a financial impact. There is no change to the regulatory requirements for charities (see Part C).
Where we use 'must', we mean there is a specific legal or regulatory requirement. Trustees and the charity must comply with these requirements. These sections are highlighted by the symbol.
We use 'should' where we recommend trustees follow good practice guidance unless there is a good reason not to.
We also offer less formal advice and recommendations that trustees may find helpful in the management of their charity.
The Charities Act means the Charities Act 2011
Annual report means the trustees' annual report prepared under the Charities Act
Governing document (GD) means a legal document setting out the charity's purposes and, usually, how it is to be administered. It may be a trust deed, constitution, memorandum and articles of association, will, conveyance, Royal Charter, scheme of the Commission, or other formal document.
Joint venture in this guidance means an entity formed between two or more parties to undertake some form of economic activity together. The parties involved create a new entity by all contributing equity, and they then share in the revenues, expenses, and control of the enterprise. The venture can be for one specific project only, or a continuing business relationship.
Regulations refers to the Charities (Accounts and reports) Regulations 2008 (SI 2008 No. 629) which set out the required form and content of the trustees' annual report and the scrutiny and accounting arrangements for charities. The Regulations made the SORP recommendations that the trustees' annual report should contain a risk management statement a statutory requirement for certain charities.
Risk is used in this guidance to describe the uncertainty surrounding events and their outcomes that may have a significant impact, either enhancing or inhibiting any area of a charity's operations.
SORP means Accounting and Reporting by Charities: Statement of Recommended Practice revised in 2005 and published by the Charity Commission. It sets out the recommended practice for the purpose of preparing the trustees' annual report and preparing the accounts on the accruals basis. The accounting recommendations of the SORP do not apply to charities preparing receipts and payments accounts (non-company charities with an annual income of under £250,000). For some types of charity a more specific SORP applies, for example for the Higher and Further Education Institutions or Registered Social Landlords.
Subsidiary trading company is any non-charitable trading company owned by a charity or charities to carry on a trade on behalf of the charity or charities.
Trustee means a charity trustee. Charity trustees are the people who are responsible for the general control of the management of the administration of the charity. In a charity's governing document they may be collectively called trustees, the board, managing trustees, the management committee, governors or directors, or they may be referred to by some other title.
This part covers:
More detail on approaches to identifying and managing risk management can be found in Part D.
Identifying and managing the possible and probable risks that a charity may face over its working life is a key part of effective governance for charities of all sizes and complexity.
By managing risk effectively, trustees can help ensure that:
Reporting in its trustees' annual report on the steps a charity has taken to manage risk helps to demonstrate the charity's accountability to its stakeholders including beneficiaries, donors, funders, employees and the general public.
Charities will face some level of risk in most of the things they do. The diverse nature of the sector and its activities means that charities face different types of risk and levels of exposure.
An essential question for charities when considering risk is whether or not they can continue to meet the needs of beneficiaries now and in the future. For example, in a period of economic uncertainty, the major financial risks for a charity are likely to be:
Generally, risk will need to be considered in terms of the wider environment in which the charity operates. The financial climate, society and its attitudes, the natural environment and changes in the law, technology and knowledge will all affect the types and impact of the risks a charity is exposed to. Although the risks that a charity might face are both financial and non-financial, a part of the ultimate impact of risk is financial in most cases. This could be where a party seeks compensation for loss, or costs incurred in managing, avoiding or transferring the risk, for example by buying employers' liability insurance or buildings insurance. The law requires that some risks are insured - motor insurance and employers' liability insurance for charities that employ staff are compulsory.
A system of classification, such as the example below, is helpful for ensuring key areas of risk arising from both internal and external factors are considered and identified. Annex 2 expands on this approach and provides further illustrations of the type of risks that may fall into each category.
Compliance with law and regulation
Following identification of the risks that a charity might face, a decision will need to be made about how they can be most effectively managed. Trustees may wish to establish a risk framework to help them make decisions about the levels of risk that can be accepted on a day to day basis and what matters need to be referred to them for decision.
There are four basic strategies that can be applied to manage an identified risk:
Section D sets out a possible framework for evaluating the potential courses of actions that can be taken to manage the risks identified.
Two simple examples that illustrate different risks and how they might be managed.
Example 1: Funding of core activities
This concerns two charities that are working with disadvantaged people in a local community.
One charity is dependent on funding in the form of donations from local philanthropists, including local businesses, for the vast majority of its funds. In the event of a downturn in the economic cycle those same local businesses may no longer be in a position to contribute either because of cash flow difficulties or because they face severe financial difficulty themselves. This will lead to a sudden drop in income that may have a severe impact on the charity's ability to do its work.
The other charity depends mostly on public sector funding and, provided this funding is renewed on a timely basis, it may therefore have a more secure income stream. Uncertainty only arises at the time that the funding agreement comes up for review or renewal.
Both charities in this example may find that the impact on their local community of an economic downturn means that families in the community are struggling to manage and that both charities are dealing with a far higher number of potential beneficiaries than they had expected or planned to help.
In such a situation the trustees of both charities will need to draw up an outline of the steps that their charity should take in these circumstances. At the same time they will need to draw up a recovery plan, that could be activated when necessary, that would include alternative ways of raising funds, concentrating on core activities, reducing costs and taking advantage of any new opportunities that arise. Consideration of the risks attached to these areas would be part of the budget setting and forward planning process and also part of the ongoing monitoring of their charity's performance throughout the year.
The Charity Commission's guidance The economic downturn: 15 questions trustees need to ask sets out a number of key questions that trustees can use as a basis for discussion at any planning meeting.
Example 2: Cutting costs
In this example, one charity is organising a garden fete and the other is organising a charity concert.
The organisers of the garden fete want to set out stalls and fun activities for children in a large private garden to raise funds for the village hall. They are expecting a good turnout of up to 200 people over the day. Since the event is being held on an English summer's day, they may plan to have a tented area just in case of showers and a back up plan to use the village hall if it rains heavily. This means they wouldn't need to take out insurance covering the effects of adverse weather conditions. In thinking through and planning the event, the trustees are taking account of risk in a very practical, pragmatic way.
The organisers of the charity concert may approach the weather risk differently as part of their planning. They may be hiring an outdoor venue, hiring seating, incurring costs in setting up a parking area and refreshments, and paying artists' performance fees. The fete described in the previous paragraph was comparatively small with 200 people attending over the whole day, but the concert is planned to have 600 seats for a 3 hour early evening performance. The risk from adverse weather to the charity concert is viewed as so great that the extra cost of insurance is considered worthwhile.
Note that even though facing the same risk of adverse weather, the scale and nature of the fundraising events can cause trustees to take a different approach to risk management.
As a part of an effective risk management process, a charity should consider what needs to be done if a serious event does take place. This could range from a fire or flood to a serious computer malfunction.
Charities should consider how their services to their beneficiaries would be affected as a result of a serious incident, including those with a major impact and a low likelihood, and plan to resume normal operations as far as and as soon as possible. Many charities develop disaster recovery plans (sometimes referred to as business contingency plans) and follow good practice procedures used in the public and private sector.
The scope and complexity of any disaster recovery plan will vary according to the size and activities of the charity concerned. However, the basic stages in establishing an effective disaster recovery or business contingency plan are likely to be similar to those shown in the following grid.
2 Impact/risk assessment
3 Drawing up the plan
6 Updating and maintaining
This part covers:
The responsibility for the management and control of a charity rests with the trustee body and therefore their involvement in the key aspects of the risk management process is essential, particularly in setting the parameters of the process and reviewing and considering the results.
This should not be interpreted as meaning that the trustees must undertake each aspect of the process themselves. In all but the smallest charities, the trustees are likely to delegate elements of the risk management process to staff or professional advisers. The trustees should review and consider the key aspects of the process and results. The level of involvement should be such that the trustees can make the required risk management statement with reasonable confidence.
Charities that are required by law to have their accounts audited must make a risk management statement in their trustees' annual report confirming that '...the charity trustees have given consideration to the major risks to which the charity is exposed and satisfied themselves that systems or procedures are established in order to manage those risks.' (Charities (Accounts and Reports) Regulations 2008)
Major risks are those risks that have a major impact and a probable or highly probable likelihood of occurring. If they occurred they would have a major impact on some or all of the following areas:
Any of these major risks and their potential impacts could change the way trustees, supporters or beneficiaries might deal with the charity.
Charities will need to consider risk and its management in a structured way if a positive risk management statement is to be made. One method of reviewing and assessing risk through a 'risk mapping' exercise is set out in Part D.
Charities that are required to be audited: All charities that are under a legal requirement to have their accounts audited must make a risk management statement in their trustees' annual report.
The statutory audit thresholds effective from 1 April 2009 are:
Further information on audit thresholds can be found on our website.
Smaller charities: Trustees of smaller charities with gross income below the statutory audit threshold (who should still be concerned about the risks their charity faces) are encouraged to make a risk management statement as a matter of good practice.
Incorporated charities (companies): Charities that are incorporated under company law (other than small companies1 as defined by company law) must include a business review in their directors' report. The business review must contain a description of the principal risks and uncertainties facing the company.
The purpose of the risk management statement is to give readers of the trustees' annual report an insight into how the charity handles risk and an understanding of the major risks the charity is exposed to. It is also an opportunity for the trustees to comment on any further developments of risk management procedures being undertaken or planned.
The form and content of the statement is likely to reflect the size and complexity of an individual charity's activities and structure. The Charity Commission is not seeking 'template' reporting, or requiring a detailed analysis of the processes and results. A narrative style that addresses the key aspects of the requirements is acceptable. This means:
Many charities, particularly larger charities or those with more complex activities, will, as a matter of best practice, expand on this basic approach in their reporting. Where this more detailed approach to reporting is adopted the following broad principles can be useful:
Although the risk management statement forms an important part of the trustees' annual report, there is no requirement for the statement to be audited unless other requirements outside the Charities Act 2011 or the Companies Act 2006 apply. The regulatory requirements do not extend auditors' duties but auditors who become aware of apparent misstatements or inconsistencies in the trustees' Annual Report, based on their other audit work, will seek to resolve them and will need to consider the impact on their report, if such issues cannot be resolved. In extreme cases a reporting duty may arise where charity assets are at significant risk or have already been lost, auditors should be aware of their whistle-blowing obligations and may find our guidance Reporting Serious Incidents of help.
This part sets out a model for risk management covering the typical stages in the process and will be of use to those actually carrying out or involved in the identification and management of the risks a charity faces. The model can be adapted by any charity to suit its size and activities and covers:
1. Establishing a risk policy
2. Identifying risks
3. Assessing risks
4. Evaluating what action needs to be taken on risks
5. Periodic monitoring and assessment
1. Establishing a risk policy
2. Identifying risks
3. Assessing risks
4. Evaluating what action needs to be taken on risks
5. Periodic monitoring and assessment
For most charities, risk management has been incorporated into their management processes for many years. While there is no requirement or obligation for trustees to adopt any particular model, having a rigorous process and a clear risk management policy helps ensure that:
An effective charity regularly reviews and assesses the risks it faces in all areas of its work and plans for the management of those risks. The implementation of an effective risk management policy is a key part of ensuring that a charity is fit for purpose.
There are risks associated with all activities - they can arise through things that are not done, as well as through ongoing and new initiatives. Charities will have differing exposures to risk arising from their activities and will have different capacities to tolerate or absorb risk. For example, a charity with sound reserves could embark on a new project with a higher risk profile than, say, a charity facing financial difficulties. Risk tolerance may also be a factor in what activities are undertaken to achieve objectives. For example, a relief charity operating in a war zone may need to tolerate a higher level of risk to staff than might be acceptable in its UK-based activities in order to achieve its objectives. A charity will also need to look at the risk profile, ie the balance taken between higher and lower risk activities.
These considerations will inform the trustees in their decision as to the levels of risk they are willing to accept and may provide a benchmark against which the initial risk assessment is undertaken. The risk assessment and evaluation in turn will inform the trustees of the charity's overall risk profile and the steps taken to manage the major risks identified. This will help the trustees agree their policies on risk. Trustees need to let their managers know the boundaries and limits set by their risk policies to make sure there is a clear understanding of the risks that can and cannot be accepted.
Although there are various tools and checklists available, the identification of risks is best done by involving those with a detailed knowledge of the way the charity operates. Whilst the risk management statement focuses on major risks identified by trustees, input into this process will extend beyond the trustee body (except perhaps in the smallest charities).
Examples of what a charity will need to consider as part of this process include:
For this process to work, trustees and executive management need to be committed to it. All staff and volunteers will need to understand the part they should play in risk management. Trustees will need to consult widely with key managers and staff, as ideas are likely to come from all levels of the organisation. Internal workshops involving management, staff and volunteers are often used to gather information. Some workshops can involve supporters and beneficiaries where reputational risk or provision of service to beneficiaries is being considered.
Where the charity conducts some of its activities through affiliated members, branches, subsidiary companies or joint ventures which are legally separate entities, risks may arise that could directly or indirectly impact on the charity. For example, events in a subsidiary trading company may affect income streams to the charity, give rise to reputational risk or may even affect operational objectives directly if the subsidiary is used as a vehicle for service delivery. The risk identification process, whilst focusing on the risk to the charity itself, is therefore also likely to include identifying risks that may arise in branch, subsidiary company or joint venture activities. The trustees of a charity may seek to ensure that the directors of subsidiary companies also adopt similar risk management procedures, with the results being reviewed by the charity's trustees or incorporated into the overall risk management processes of the charity.
There are a number of models or frameworks that provide a classification of the type of risk to which an organisation can be exposed. Most models can be adapted to fit the charitable sector. Annex 2 sets out one possible framework, looking at risk across the following categories:
It is important to appreciate that the process of risk identification must be charity specific reflecting the activities, structure and environment in which a particular charity operates. It follows from this that Annex 2 should not be used as a checklist, but rather to illustrate the type of risks that may be faced.
Similarly, although the process of risk identification should be undertaken with care, the analysis will contain some subjective judgements - no process is capable of identifying all possible risks that may arise. The process can only provide reasonable assurance to trustees that all relevant risks have been identified.
Identified risks need to be put into perspective in terms of the potential severity of their impact and likelihood of their occurrence. Assessing and categorising risks helps in prioritising and filtering them, and in establishing whether any further action is required. One method is to look at each identified risk and decide how likely it is to occur and how severe its impact would be on the charity if it did occur.
This approach attempts to map risk as a product of the likelihood of an undesirable outcome and the impact that an undesirable outcome will have on the charity's ability to achieve its operational objectives. It enables the trustees to identify those risks that fall into the major risk category identified by the risk management statement.
In previous guidance we set out a risk management methodology that focused on considering both the impact of a risk and the likelihood of it occurring, giving them equal importance. Using this method, the impact score is usually multiplied by the score for likelihood and the product of the scores used to rank those risks that the trustees regard as major risks.
In recent years, methodologies for measuring risk impact and likelihood have developed further. Many organisations now take account of events that are rare or unprecedented, where the rules are unknown or rapidly changing or where risks are driven by external factors beyond their control. These risks which have very high impact and very low likelihood of occurrence are now accepted by many as having greater importance than those with a very high likelihood of occurrence and an insignificant impact. In these cases, the concept of impact and the likelihood of risks occurring and their interaction should be given prominence in both the risk assessment and risk management processes. Using the method outlined in the previous paragraph, they would have scored the same.
If an organisation is vulnerable to a risk that potentially might have an extremely high impact on its operations, it should be considered and evaluated regardless of how remote the likelihood of its happening appears to be. Charities need to find a balance and they will need to weigh the nature of the risk and its impact alongside its likelihood of occurrence. With limited resources, the risks and the benefits or rewards from the activity concerned will need to be considered. It is important to bear in mind that on rare occasions improbable events do occur with devastating effect, at other times probable events do not happen.
A focus on high-impact risk is important, but trustees should not forget that what may be a lower impact risk can change to very high impact risk because of the possible connection between it happening and triggering the occurrence of other risks. One low impact risk may lead to another and another so that the cumulative impact becomes extreme or catastrophic. Many studies have shown that most business failures are the result of a series of small, linked events having too great a cumulative impact to deal with rather than a single large event. If organisations only look at the big risks they can often end up ill-prepared to face the interaction of separate adverse events interacting together.
The following tables can be used to provide some guidance on the 1-5 scoring illustrated in this section.
may only occur in exceptional circumstances
expected to occur in a few circumstances
expected to occur in some circumstances
expected to occur in many circumstances
expected to occur frequently and in most circumstances
The 'heat map' below shows a different way of assessing risk by increasing the weighting of impact. This works on a scoring of xy+y where x is likelihood and y is impact. This formula multiplies impact with likelihood then adds a weighting again for impact. The effect is to give extra emphasis to impact when assessing risk. It should be remembered that risk scoring often involves a degree of judgement or subjectivity. Where data or information on past events or patterns is available, it will be helpful in enabling more evidence-based judgements.
In interpreting the risk heat map below, likelihood is x and impact is y. The colour codes are:
Red - major or extreme/catastrophic risks that score 15 or more
Yellow - moderate or major risks that score between 8 and 14
Blue or green - minor or insignificant risks scoring 7 or less
Some suggest an even greater weighting for impact and use a formula of xy+2y.
Where major risks are identified, the trustees will need to make sure that appropriate action is being taken to manage them. This review should include assessing how effective existing controls are.
For each of the major risks identified, trustees will need to consider any additional action that needs to be taken to manage the risk, either by lessening the likelihood of the event occurring, or lessening its impact if it does. The following are examples of possible actions:
Once each risk has been evaluated, the trustees can draw up a plan for any steps that need to be taken to address or mitigate significant or major risks. This action plan and the implementation of appropriate systems or procedures allows the trustees to make a risk management statement in accordance with the regulatory requirements.
Risk management is aimed at reducing the 'gross level' of risk identified to a 'net level' of risk, in other words, the risk that remains after appropriate action is taken. Annex 1 gives two examples of how gross and net risk can be recorded in a risk register. Trustees need to form a view as to the acceptability of the net risk that remains after management.
In assessing additional action to be taken, the costs of management or control will generally be considered in the context of the potential impact or likely cost that the control seeks to prevent or mitigate. It is possible that the process may identify areas where the current or proposed control processes are disproportionately costly or onerous compared to the risk they are there to manage. A balance will need to be struck between the cost of further action to manage the risk and the potential impact of the residual risk.
Good risk management is also about enabling organisations to take opportunities and to meet urgent need, as well as preventing disasters. For example, a charity may not be able to take advantage of technological change in the absence of a reserves policy that ensures there are adequate funds, or perhaps could not organise a successful emergency relief programme without adequately trained staff and organisational structures. Annex 2 sets out some illustrative examples of the type of systems and procedures that can be put into place to mitigate an identified risk.
Risk management is a dynamic process ensuring that new risks are addressed as they arise. It should also be cyclical to establish how previously identified risks may have changed. Risk management is not a one-off event and should be seen as a process that will require monitoring and assessment. Staff will need to take responsibility for implementation. There needs to be communication with staff at all levels to ensure that individual and group responsibilities are understood and embedded into the culture of the charity. A successful process will involve ensuring that:
One method of codifying such an approach is through the use of a risk register (see Annex 1). The register seeks to pull together the key aspects of the risk management process. It schedules gross risks and their assessment, the controls in place and the net risks, and can identify responsibilities, monitoring procedures and follow up action required.
The trustees can monitor risk by:
Annual monitoring by trustees supplemented by interim reports is likely to be sufficient for most charities where operating conditions are stable. Depending on a charity's risk profile, more frequent monitoring might be advisable.
Our website offers a wide range of easily accessible online services, tools, information and guidance. Before contacting us for advice or help you might like to search our online database of frequently asked questions. Most people can find the answer they need without making a phone call or writing an email. Alternatively, our Contacting us page is linked to from the top and bottom of every webpage.
Accounting and Reporting by Charities: Statement of Recommended Practice (SORP)
The SORP is available as a free PDF download, but you can also buy a printed copy:
Mae'r rhan fwyaf o'n cyhoeddiadau ar gael yn Gymraeg.
Charity Finance Group
Charity Finance Group is a membership charity specialising in helping charities manage their accounting, taxation, audit and other finance related functions. It carries out an annual risk survey among its members, the results of which are available on its website.
Charity Finance Group
49-51 East Road
Tel: 0845 345 3192
Health and Safety Executive (HSE)
HSE's mission is to prevent death, injury and ill health in Great Britain's workplaces. It provides useful and easy to use advice on risk management from a health and safety perspective. The best way to access advice is to look at their website.
Incident Contact Centre Tel: 0845 300 9923
The Institute of Risk Management
The Institute is a professional education and training body. Its services cater for a range of levels, from introductory to professional. Its publication 'A Risk Management Standard' can be downloaded free of charge from its website.
6 Lloyd's Avenue
Tel: 020 7709 9808
The National Audit Office (NAO)
The role of the NAO is to:
The Information Centre Helpdesk: 020 7798 7264
The National Council for Voluntary Organisations (NCVO)
The NCVO is a national charity that provides support and a wide range of information for voluntary and community organisations. Its website offers advice on various issues connected with risk management in the third sector.
The National Council for Voluntary Organisations
8 All Saints Street
Tel: 020 7713 6161
Wales Council for Voluntary Action (WCVA)
The voice of the voluntary sector in Wales. It represents the interests of, and campaigns for, voluntary organisations, volunteers and communities in Wales. WCVA provides a comprehensive range of information, consultancy, funding, management and training services. Charities can use the WCVA website to find their nearest County Voluntary Council (CVC).
Wales Council for Voluntary Action
Mount Stuart Square
Thanks to contributors
We are grateful to Pesh Framjee, Head of Not for Profits at Howarth Clark Whitehill for his contribution to the updated guidance on assessing risk (Part D, stage 4).
Risk management is aimed at reducing the 'gross level' of risk identified to a 'net level' of risk, in other words, the risk that remains after appropriate action is taken. This template has been created to illustrate a practical way of recording in a risk register how this reduction in level might be achieved by the charity. In example 1, the gross risk is identified as the lack of return/diversity of investment portfolio and rated as high. After identifying the procedures for managing this risk, the net risk has been rated as medium. Trustees need to form a view as to the acceptability of the net risk that remains after management.
lack of return/diversity of investment portfolio
Likelihood of occurrence (score)
Severity of impact (score)
Overall or 'gross' risk
Retained or 'net' risk
performance reports reviewed quarterly by trustees
trustees and treasurer
Further action required
quarterly agenda item for trustee meetings
Date of review
Risk area/risk identified
The charitable sector is by its nature diverse. The nature of activities, funding base, reserves and structures will expose charities to differing areas of risk and levels of exposure. While the areas of risk identified below will deserve consideration by most charities, it is not an exhaustive list of all potential areas of risk and should not be a substitute for a charity undertaking its own processes for risk identification.
This list is intended to be an indication of some of the main areas of risk that may need to be considered by trustees. Illustrative examples of potential impact are given, as well as some illustrative examples of controls or action that might be taken to mitigate the risk or impact. Some risks will fall into more than one category. Although the list may be long, it is not exhaustive and there will be other risks that apply to a particular charity because of its own circumstances and activities.
The risks are classified as follows:
The charity lacks direction, strategy and forward planning
Trustee body lacks relevant skills or commitment
Trustee body dominated by one or two individuals, or by connected individuals
Trustees are benefiting from charity (eg remuneration)
Conflicts of interest
Ineffective organisational structure
Activities potentially outside objects, powers or terms of gift (restricted funds)
Loss of key staff
Reporting to trustees
(accuracy, timeliness and relevance)
Service provision - customer satisfaction
Project or service development
Competition from similar organisations
Suppliers, dependency, bargaining power
Capacity and use of resources including tangible fixed assets
Security of assets
High staff turnover
Health, safety and environment
Disaster recovery and planning
Procedural and systems documentation
Budgetary control and financial reporting
Cash flow sensitivities
Dependency on income sources
Guarantees to third parties
Inappropriate or loss-making non-charitable trading activities
Protection of permanent endowment
Compliance with donor imposed restrictions
Fraud or error
Counter party risk
Relationship with funders
Compliance with legislation and regulations appropriate to the activities, size and structure
of the charity
Regulatory reporting requirements:
Financial and other reporting requirements will be dependent on how the charity is constituted and may also vary according to funding arrangements
1. To be a small company at least two of the following conditions must be met:
© 2012 Crown Copyright Copyright Notice | Disclaimer and Privacy Statement | Cookies