“To work as intended, risk management needs to be much more than a reporting exercise of a list of risks on an excel spreadsheet”
Ben Cave – CEO – RSPCA WA
The guidance for risk management published by the Charity Commission for England and Wales clearly states, “Charity trustees should regularly review and assess the risks faced by their charity in all areas of its work and plan for the management of those risks.”
Yet unfortunately, charity leaders are voicing concerns that the process is “far too mechanical”, and “not adding value through improved decision making or risk reduction.”
The third sector has dealt with one perfect storm after another. With reserves heavily depleted from 3 years of Covid-19, we’re now facing an unprecedented modern day inflation and cost-of-living crisis.
There’s more need in the world. This means a surge in the demand for the critical services being provided by charities – but in an increasingly difficult fundraising environment. This time, the storm is even more perfect in that costs, especially those energy related, are rising. This of course reduces the buying power of any funds raised.
Having the right people with the vision and leadership at the helm is fundamental to the necessary change.
The risk management process is a critical contributing factor that needs to deliver value and facilitate successful growth.
Whilst financial resilience, or a lack of funds are almost always the reason for failure, it is most probably not the root cause.
We have engaged with the CEOs and leaders of a number of charities and learned how they now separate their commercial divisions from the Trust. The reason? The culture of each organisation now needs to behave like, compete with and win against commercial businesses in order to meet its charitable goals. Many with long histories have been through massive transformation over recent years. These transformations often include overhauls of the board and the recruitment of fresh thinking.
It goes without saying that it helps having the visible support of the CEO and Board of Trustees. In this way, everyone should understand why risk management has to be taken seriously, and that accountability needs to cascade all the way down the organisation including into units and individual branch locations.
This intangible ‘culture’ of professionalism, commerciality and risk-awareness is quite rare to see, but one notable thing we observe when it is identified is that risk reporting is integrated with organisational performance metrics.
Here at GOAT Risk™ we often talk about the step change in effectiveness that metrics or indicators can have on a risk process.
This occurs as the dialogue shifts away from risk assessment scores (which are viewed as subjective but acknowledged as useful from a prioritisation perspective) to a more pragmatic, data-led, ‘what gets measured, gets managed’ philosophy.
Instead of just speaking about the status of actions, when metrics are added into the mix, we can observe and evidence the actual impacts. For many organisations, a quarterly risk review meeting provides the platform for meaningful management discussion in this regard.
Risk culture distinguishes a mechanical or reporting process from a living, dynamic, value-adding and embedded process.
Whilst essential to achieving the benefits and potential of risk management, it is elusive and only referred to with a ‘light touch’ in the CC26 guidance. But what behaviours do you need to have an effective risk culture?
We answer this with ETCHED. But it’s not just a neat acronym, it needs to be internalised. At GOAT, this is who we are. Our team is empowered. Look at our website and you will see that we’re fully transparent.
As a business, we’ve challenged the status quo, and we see the bigger picture. We recognise risk in every decision we make, and we launched our business using market data that identified a niche and the need for simple, low-cost risk management software platform.
We have worked charities of all sizes, with varying degrees of risk maturity.
The common thread is that performance data and risk reporting is nearly always still manually produced, and the collection and aggregation of data and reporting is extremely time consuming.
GOAT Risk™ automates this process reducing the reporting, aggregation and coordinating time whilst providing a platform for collaboration, communication and accountability.
Unlike most systems, GOAT has a light and intuitive feel so that users who we describe as ‘non-risk experts’ are able to engage with ease and feel supported with obvious sign posts in the right places.
It is both a risk system and education tool, offering tips on risk management, terms and definitions to dispel jargon, whilst helping users identify and manage what risks they might face.
This is done by leveraging a risk universe and even helping them think through the necessary controls and actions with a pragmatic control framework.
The Charity Commission provides helpful example risk register templates, but spreadsheet tools have limitations.
Even for small charities with limited resources, if trustees and leaders appreciate the importance of risk management and want to do it right, GOAT offers a low cost alternative starting from just £30/mo.
There now really is no reason anyone who wants to improve risk management should remain on an uninspiring and ineffective spreadsheet based risk register!