Patrick Nash is chief executive at Connect Assist and Consult+Assist, a joint venture with NCVO to help charities innovate and develop digital transformation in service delivery. Patrick has established and led 14 charities and social enterprises. Recent consulting engagements include Royal London Society for Blind People, The Brooke, Action Aid UK, St. Giles Trust and Racing Welfare.
This year a number of UK charities were hit by damaging reputational crises, putting the entire sector under extra scrutiny from the media and politicians.
In the summer, London based Kids Company collapsed following a series of financial problems, and then in September the RSPCA and 14 other charities hit the headlines for allegedly misusing personal data.
Other allegations to have hit the sector this year have centered around issues of corporate governance and fundraising techniques. All of this highlights the urgent need for charities to have comprehensive risk management policies in place.
What are the reputational risks?
Negative media coverage can cause huge amounts of reputational damage for any business, but for charities, many of which are almost entirely reliant on public donations, it can be devastating.
Not only can it severely affect their capacity to raise funds, but it can also have an impact on their ability to attract high quality staff and to forge vital partnerships. Loss of reputation leads to loss of trust and can ultimately lead to a charity’s demise.
One of the growing risks for charities to be aware of, and one which could have wide-ranging repercussions for the sector as a whole, is around data.
A survey of 2,000 Britons carried out for insurer Zurich earlier this year concluded that a serious data loss incident could cause major reputational damage; 69 % of respondents said it would decrease their trust in a charity’s ability to keep their data secure, and 56% said it would decrease their trust in all charities’ ability to safeguard data.
Managing risk
After all that’s happened in the charity sector this year the message for trustees should be clear – comprehensive risk management at regular intervals is vital.
The purpose of risk management is to be proactive in advance of events, and to be prepared if something untoward happens.
Charity trustees need to understand the nature of risk and the specific risks to their own organisation, and should insist and ensure that stringent and comprehensive risk management policies are put in place. Charity Commission guidance states:
Risk is an everyday part of charitable activity and managing it effectively is essential if the trustees are to achieve their key objectives and safeguard their charity’s funds and assets.
The risk register
Every charity should have a risk register agreed by the board and updated by the senior management team every month. This should be an organic and systematic process; regular updates will demonstrate that risk is being taken seriously and keep it on everyone’s radars.
The register should contain a matrix of potential risks and their impact, organised in a ‘traffic light’ system and covering everything that could affect the charity, from data loss and financial problems to bomb scares and power cuts.
This is an important exercise for all sizes of charity; while most large charities will already do this, many medium and small charities don’t bother, thus exposing themselves to unnecessary risk.
To paraphrase Benjamin Franklin, ‘by failing to prepare, you are preparing for failure’.
Crisis management
It is also vital to be prepared for crisis management. Always have a statement with the most important questions and answers about your charity that speaks to those risks, so if an issue becomes newsworthy you will be prepared.
As a charity trustee, the most important thing for me when assessing risk is to analyse a situation and ask what we have to do to make sure we are not affected by it.
If you are confident your policies and procedures are robust and you are prepared to be transparent, you should be able to withstand most of the pressure you will face.
Posts written by guests who have contributed to NCVO projects and events. 
