Key findings of the Charity Council Risk Management Survey 2017
- 50.9% of respondents do not have a formal approach to managing risk, or are unsure if a policy exists.
- 59.4% of respondents stated that they either do not understand or are unsure of the benefits of proper risk management.
- The survey discovered that respondents were not sure who is responsible for risk management – the Board, CEO or CFO, Audit Committee, Internal Audit, or Board Risk Committee.
- Charities placed the most importance on their finances and viewed IT risks as the least important. This is despite them operating in an increasingly digital world.
Top risks affecting charities
- Strategic risks
- Financial risks
- Operational risks
- IT risks
- Compliance risks
How we can help charities address the gaps identified in the survey
- Organise workshops to create risk awareness and promote accountability
- Develop Risk Management Manual that includes risk strategy, governance structure, policy, process and templates to institutionalise risk management in key decision-making process and to enable continuous reporting & monitoring
- Establish roles and responsibilities for Board, Committee, Management, Risk Function, and Internal Auditor
- Establish risk appetite statements, risk tolerance limits as well as set key risk indicators for effective monitoring
- Assess adequacy and effectiveness of risk mitigations
- Generate report of risk profile and action plan
Charities will receive:
- Risk management manual
- Register of risk universe
- Risk register of top risks and key indicators
- Risk heat maps
- Risk appetite and risk tolerance
- Summary risk Report for the board
We rely on internationally-recognised enterprise risk management frameworks to help charities identify, analyse and manage risks.
- 3 Lines of Defense
- ISO 31000
- COSO ERM
Talk to our experts: