A three-step guide to risk management for trustees

Third Sector Promotion Markel

The responsibility of managing and controlling a charity means a trustee's involvement in the risk-management process is essential, writes Richard Napoli, claims manager at Markel

Poor risk management reflects badly on both trustees and their charity and leaves them in a position of vulnerability (and potentially facing allegations of negligence) when something inevitably goes wrong.

By following these three steps, trustees can create a simple but effective risk-management strategy that will minimise the chances of something going wrong during their tenure.

Step 1: allocate responsibilities to individuals

Different charities face different risks depending on their finances and the complexity, size and nature of the activities undertaken. This means trustees need to recognise that the risk-management process should be tailored to fit the circumstances of their own specific charity. However, it’s impossible for a trustee to appreciate the intricate risks facing an IT system, for example. By allocating risk-management responsibilities to an individual in each department, the charity can benefit from their specialist knowledge of systems and processes, and of their weaknesses, to identify the risks facing them.

Step 2: identify the risks

It is often a matter of common sense – for example, maintaining a safe environment for visitors and staff to work in – but a trustee should consider what needs to be done if a serious event does take place. This could be anything from a major computer malfunction that breaches confidential service-user data, to a physical disaster such as a flood or fire. The diagram below details some of the risks and the knock-on effects they can have on a charity’s operations.


Once risks are identified, they should be assessed for their likelihood and impact (this should be a collaborative process between the risk manager and trustee) and a decision taken on the processes to control and document them; a simple example is an accident book to record injuries suffered by volunteers and service users.

Step 3: insuring against the unforeseen

Insurance plays a big part when evaluating risk assessment; some risks are insurable but others are not. For example, insurance is available for injury claims at public events, but not for 'trade risks' such as lack of ticket sales due to inadequate promotion. Generally speaking, however, the majority of ‘obvious’ risks can be insured against:

- Professional indemnity insurance can protect against allegations of negligent advice.

- Trustee liability insurance can protect against allegations of wrongdoing by trustees.

- Public liability insurance can cover against injuries and illness suffered by members of the public.

- Employers’ liability insurance can protect against injuries and illness suffered by employees (and usually volunteers).

- Fidelity cover can protect against loss of money or goods arising from fraudulent acts by employees.

Find out more about the types of cover available to charities.

As headline sponsor of the Third Sector Awards, Markel had the opportunity to speak to a number of charities at last year’s event to find out more about the risks they face and how they manage them.

Watch the video interviews

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in

Latest Jobs

RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners


Expert hub

Insurance advice from Markel

How bad can cyber crime really get: cyber fraud #1

Promotion from Markel

In the first of a series, we investigate the risks to charities from having flawed cyber security - and why we need to up our game...

Third Sector Logo

Get our bulletins. Read more articles. Join a growing community of Third Sector professionals

Register now