Contact Us

Please use the form on the right to send us a short message. 

19 Station Road
Wellingborough, England, NN29 7EH
United Kingdom

+44 7802 957938

Consultancy services for the charity and not for profit sector.  Strategy Development, fundraising, governance, collaborations and partnerships.

What is your charity's 'risk appetite'?

Blog

Stay up to date with developments in the sector and our latest thinking on issues affecting charities and social enterprises.

What is your charity's 'risk appetite'?

Julian Lomas

For any organisation to deliver its strategy/plan it will be exposed to a certain level of risk. Active risk management enables a proper appraisal of those risks, helps calculated risk taking and helps to minimise, for example, financial loss, compromised service delivery, non-compliance with law and regulation, damage to reputation etc.

A key question, however, is how can your organisation know whether to take or accept a risk or the extent to which a risk needs to be managed? Put another way, what is your risk appetite?

Risk appetite is the extent of risk that an organisation is willing to accept in pursuit of the delivery of value (public benefit for a charity) through the achievement of its objectives. It acknowledges that risk is a broad concept that encompasses both taking, and not taking, opportunities.  It equally accepts that managing any particular risk could exacerbate other risks, for example by diverting resources from management of one risk to another or from one business function to another.

When determining its risk appetite an organisation should consider the following:

  1. Defining clear objectives (without this you have no hope of managing risk because you don’t know what you are trying to achieve).

  2. Identify, categorise and assess risks (likelihood and impact).

  3. Assess your capacity to handle each risk (either before it occurs to reduce likelihood and/or impact or should it materialise to minimise impact).

  4. Consider how tolerant you can be of each risk.

  5. Consult stakeholders where relevant - what would their appetite be in respect of each risk?

  6. Take a view on your stance on each risk (i.e. your appetite in respect of each risk using the descriptors suggested below).

  7. Communicate this to the rest of your organisation and integrate it into your business processes and decision making (e.g. the extent to which you put int place measures to manage the risk or not or at what level decisions need to be made).

  8. Monitor, review and update your risk appetite regularly as your risk environment changes (as characterised by your risk register).

One useful approach can be to explore the risk appetite of each member of the Board and the senior staff team for each of the identified risks associated with delivery of each of your strategic objectives.  In each case the risk appetite (or stance) could be described as follows:

  • We must try to avoid the risk

  • We must try to minimise the risk

  • We will be cautious about the risk

  • We will be open to the risk

  • We will seek the risk

  • We will take the risk

The following illustrates this approach for a fictional organisation, with broad objectives as follows:

  1. To deliver high quality services that meet beneficiaries’ needs.

  2. To advocate for beneficiaries to influence policy and strategy that impacts on relevant services that others provide for them.

  3. To grow the organisation and improve financial sustainability (e.g. increased fundraising/income generation, efficient systems and processes, etc. matched to the organisation’s strategic aims).

  4. To attract and retain high quality people with the skills and experienced needed to further the organisation’s strategic aims.

  5. To manage the organisation’s finances effectively (e.g. cash-flow, liquidity, assets and liabilities, etc.)

  6. To keep people safe (e.g. safeguarding and health and safety etc.)

  7. To ensure compliance with all legal and regulatory requirements (e.g. charity law, company law, data protection etc.)

The digram below illustrates the risk appetite profile determined by the Board and the senior staff team from each individual’s assessment of risks associated with these objectives. While this is, by its nature subjective, it establishes a consensus to guide operational and strategic decisions.  In this case you can see that the staff and Board had broadly similar risk appetites but in a few cases the staff’s appetite was significantly higher than the Board’s. One consequence of this is that is provide a guide to when staff should bring a decision whether or not to accept a risk to the board (or a committee).

If you would like to discuss risk management in more detail we'd be delighted to hear from you. Simply contact us at julian@almondtreeconsulting.co.uk to arrange free initial telephone discussion.