Contact us

Risk register

Risk is an everyday part of charitable activity and managing it effectively is essential if the members of your trustee board are to achieve their key objectives and safeguard your group’s funds and assets.

Your group trustee board should regularly review and assess the risks faced by your group in all areas of its work and plan for the management of those risks.

The risks that your group faces depend very much on the size, nature and complexity of the activities it you undertake and also on your finances. As a general rule, the larger and more complex your activities, the more difficult it will be for your trustee board to identify the major risks that it faces and put proper systems in place to manage them. This means that the risk management process will always need to be tailored to fit the circumstances of each individual scout group, focusing on identifying the major risks.
 

What is risk management?

The term “risk” describes an uncertain event which, if it occurs, will have a significant impact, either enhancing or inhibiting your group operation. Risk management is the identification, assessment and prioritisation of risks in order to reduce the potential downside impact and maximise opportunities.

By Identify any potential risks that could prevent your group from meeting the needs of your members, and by putting processes in place to assess and manage those risks, you will be in a good position to deal with situations should any of theses situations happen.

Types of risk

Risks could be anything that could prevent your group achieving its aims or carrying out its strategies is a risk. The types of risks your group might face will depend on its size, funding and activities, among other factors. Across scouting we face a very wide range of risks on an ongoing basis and these can be generally grouped under five categories:

table of possible risks

Many of these risks are common to many groups and we’ve been living with them for years, knowing that if they occur the impact on scouting locally or even district, county or country wide could be severe.

Without a formal risk management process, then at best, these risks are being addressed informally, although perhaps some of them have never been considered and/or ownership of them is unclear. 

Introducing a simple risk management framework will help your trustees consider the main risks that are facing their charity and ensure that appropriate actions are in place to deal with them.

Introducing and following a light risk management framework will help our trustees to understand and manage their risks better and meet its legal responsibilities regarding risk management and also comply with Charity Commission guidance.
 

How to manage risks

Your group is not required by law to have a risk management process, nor to follow a particular method. But the Charity Commission strongly recommends that you have a clear risk management policy and process. This will help you identify and manage all types of risks and embed risk management into your group executive committee’s work.

The commission’s detailed guidance on risk management sets out the basics of dealing with risks. It includes a risk management model made up of the following steps:

  • establish a risk policy

  • identify risks

  • assess risks

  • evaluate what action to take

  • review, monitor and assess periodically

 

Stages of risk management

We recommend a simple approach to Risk Management that is based on the material provided by the Charity Commission. 

 The guide Charities and Risk Management - CC26 provides more details and guidance, which is based on good practice.  

Risk management is a five stage process, summarised here:

Stage 1 - Establish a risk policy:

The risk policy sets the direction for risk management, the scope, accountabilities and ownership both of the risk management process and risks. See our example.

Stage 2 - Identify the risks:

Identification of the risks is best done by those with a detailed knowledge of the organisation and will often include people from a range of different areas. 

At this stage, take in a wide variety of risks. Often a brainstorming or similar facilitated group working session will be useful.

Potential areas of risk
Sample areas of risk to consider:

Operational

  • Volunteer skills
  • Quality and alignment of the programme
  • Child protection and vetting
  • Adult learning and development
  • Succession planning 
  • Large scale event planning

Governance

  • Trustee skill set
  • Management information provided to trustees
  • Conflicts of interests

Legal & Regulatory

  • Health and safety Law
  • Compliance with POR & the Charity Commission
  • Adequate insurance cover
  • Data Protection
  • IT Security

Financial

  • Financial information – management accounts
  • Five year financial forecast
  • Annual budget
  • Too large/small financial reserves compared to published reserves policy
  • Fraud prevention controls
  • Reliance on grants/income that could be lost
  • Investment management policies and performance
  • Proactive management of property/asset maintenance/replacement

External

  • Image and public perception
  • Adverse publicity/media coverage
  • Changing demographics of an area
  • Competition from other youth activity providers
  • Adults having less time to volunteer
  • Changes in local councils

Stage 3 - Assess the risks:

Assess the risks in terms of probability and impact of occurrence with any existing controls or mitigation in place. 

We have provided a template to collect the risks on, called a risk register.

Stage 4 - Evaluate what action needs to be taken on the risks:

Consider each risk and decide if it is acceptable or if further action should be taken (accept / fix).

Where action is required, note the action, who is accountable and when it will be addressed. It is possible that some of the major strategic risks that the trustee's deal with will remain unavoidably high simply due to the activities being undertaken.

Each risk will either be “accepted” or require a “fix”. Accepted risks are where the trustees have confirmed that they are happy with the level of risk and the controls to mitigate the risk occurring. These are therefore within their risk appetite. Where trustees are uncomfortable with the level of risk and/or the current controls they will deem that the risk needs a “fix”. The assessments will be based on an impact/likelihood basis.

Every risk will have a “risk owner”.  This will either be our Group Lead Volunteer, Group Chair or one of their direct reportees.  Risks that require a “fix” will, in addition, have an “action owner” who is responsible to the “risk owner” for developing and implementing the new controls that will, once operational, bring the risk within the trustee’s risk appetite.  

If an “action owner” is unable to meet the “action delivery date” this must be reported to the trustees via the “risk owner” at the earliest opportunity in order that the situation can be considered.

Stage 5 - Periodic monitoring and assessment:

For risk management to add value the most significant risks and associated actions need to be reviewed regularly. We recommend formally reviewing all risks at least annually and more often in the first year of risk management implementation.


Where to start

A good place to start is to read through the Charity Commission’s guide to Risk Management and becoming more familiar with the risk management process. Then, fix a time for your trustees as a group (or a sub-committee/working group) to begin identifying and assessing risks.  

Depending on the group and state of any previous work this could take a couple of hours.

Some of this material is drawn from The Charity Commission and is subject to Crown Copyright.  The Scout Association is grateful for the support given by the Charity Commission in authorising its use.

 

Risk Assessment Policy template
Risk register tracking template

 

 

 

 

 

 

 

Further reading...