The Charity Commission defines a risk as ‘anything that could, if it happened, affect your charity achieving its purposes or carrying out its plans’. It notes that trustees ‘have a duty to avoid exposing your charity to undue risk’.
Risk management is the process of identifying and assessing risks and deciding how to deal with them.
The Charity Commission says this should consist of the following steps:
1. Establish a risk policy.
2. Identify risks (what could go wrong, including governance, operational, financial and external risks as well as compliance with the law and legislation).
3. Assess risks (how likely is it, and how serious would it be).
4. Evaluate what action to take (e.g. avoid it, transfer it, insure against it, accept it).
5. Review, monitor and assess periodically.
Full information from the Charity Commission can be found here: Charities and risk management (CC26) (publishing. service.gov.uk).
The Charity Governance code also talks about the importance of good risk management.