Gambian Community Birmingham (GCB) Risk Management Policy
Version number Creation date: Created by:
Date of last review:
Reviewed by:
Date of next review:
Risk Management in Gambian Community Birmingham.
Policy and Procedure
A- GCB risk management model
(a) GCB recognizes that risk management is essential to its governance and to sustainable operation of its services. Risk management in GCB will be designed to ensure:-
- the identification, assessment and management of risk is linked to the achievement of the charity’s objectives;
- all areas of risk are covered – for example, financial, governance, operational and reputational;
- a risk exposure profile will be created that reflects the trustees’ views as to what levels of risk are acceptable;
- the principal results of risk identification, evaluation and management are reviewed and considered;
- risk management is ongoing and embedded in management and operational procedures.
(b) GCB will regularly review and assess the risks it faces in all areas of its work and plans for the management of those risks.
(c) There are risks associated with all GCB’s activities – they can arise through things that are not done, as well as through ongoing and new initiatives. Risk exposure for GCB will vary depending on circumstance. For example GCB may be willing to expose itself to higher risks as
the size of our reserves/size of our organisation increases. Risk tolerance may also be a factor in what activities are undertaken to achieve objectives. GCB will therefore ensure that there is an appropriate balance taken between higher and lower risk activities.
These considerations will inform the trustees in their decision as to the levels of risk they are willing to accept.
(d) Trustees need to let staff know the boundaries and limits set by their risk policies to make sure there is a clear understanding of the risks that can and cannot be accepted.
Identifying our Risks
(a) As part of its business planning process, a risk register will be developed. This register is a ‘living document’ and forms the baseline for further risk identification. GCB recognises that new risks will appear and other risks will become less or more severe or may disappear over the lifetime of the plan. Risk identification is therefore an ongoing process within GCB. When new risks are identified by a trustee or staff member, these will be referred to the Secretary General of the Foundation who in consultation with the Chairperson will update the risk register accordingly. GCB will also annually review the risks identified in its risk register.
(b) In undertaking this, staff and trustees will consider:
- GCB’s objectives, mission and business plan;
- the nature and scale of our activities;
- the outcomes that need to be achieved;
- external factors that might affect the Foundation such as legislation and regulation;
- the Association’s reputation with its major funders and supporters;
- past mistakes and problems that Foundation has faced;
- the operating structure – for example if we established subcommittees
- comparison with other charities working in the same area or of similar size; and
- examples of risk management prepared by other charities or other organisations.
(c) In developing GCB’s risk register, trustees and staff will identify/update risks in the following areas
- governance;
- operational risk
- finance risk;
- environmental and external risk;
- law and regulation compliance risk.
3. Assessing, Monitoring and Evaluating risk
- Identified risks need to be put into perspective in terms of the potential severity of their impact and likelihood of their occurrence. Assessing and categorising risks helps in prioritising and filtering them, and in establishing whether any further action is required.
- When a new risk arises, the Secretary General in consultation with the Chairperson will then assess the risks identified by staff and trustees based on how likely they are to occur and how severe their impact using the methodology set out at appendix 1
- They will identify those risks that are major and propose appropriate actions to mitigate these risks. This will update GCB’s risk register and will be approved by the Chair and/or treasurer (if a financial risk).
- Where a trustee subsequently has a concern about the risk register, s/he should initially seek agreement to amendment via email and if s/he is still not satisfied raise the issue at the next board meeting
- Examples of possible actions to mitigate risks are set out in appendix 2.
APPENDIX 1
Risk Assessment Methodology
Descriptor | Score | Impact on service and reputation |
---|
Insignificant | 1 | 1. no impact on service 2. no impact on reputation 3. complaint unlikely 4. litigation risk remote |
2 | 1. slight impact on service 2. slight impact on reputation 3. complaint possible 4. litigation possible |
3 | 1. some service disruption 2. potential for adverse publicity – avoidable with careful handling 3. complaint probable 4. litigation probable |
4 | 1. service disrupted e.g. long term sickness 2. adverse publicity not avoidable (local media) 3. complaint probable 4. litigation probable 5. Sudden loss of funding |
Extreme | 5 | 1. service interrupted for a significant time 2. major adverse publicity not avoidable (national media) 3. major litigation expected 4. resignation of senior management 5. resignation of board 6. major premises related issue e.g. burglary 7. loss of beneficiary confidence |
Descriptor | Score | Example |
---|
Remote | 1 | may only occur in exceptional circumstances |
Unlikely | 2 | expected to occur in a few circumstances |
Possible | 3 | expected to occur in some circumstances |
Probable | 4 | expected to occur in many circumstances |
Appendix 2
Actions that could be taken to mitigate risks
The following are examples of possible actions:
- the risk may need to be avoided by ending that activity
- the risk could be transferred to a third party (e.g. use of a trading subsidiary, outsourcing or other contractual arrangements with third parties);
- the risk could be shared with others (e.g. a joint venture project);
- the charity’s exposure to the risk can be limited (e.g. establishment of reserves against loss of income, phased commitment to projects);
- the risk can be reduced or eliminated by establishing or improving control procedures (e.g. internal financial controls, controls on recruitment, personnel policies);
- the risk may need to be insured against (this often happens for residual risk, e.g. employers liability, third party liability, theft, fire).
In assessing the actions to be taken, the costs of management or control should be considered in the context of the potential impact or likely cost that the control seeks to prevent or mitigate.
It is possible that the process may identify areas where the current or proposed control processes are disproportionately costly or onerous compared to the risk they are there to manage. A balance will need to be struck between the cost of further action to manage the risk and the potential impact of the residual risk.