Tips for charities to help manage risk and reduce claims

Risk management interactive diagram on a screen with individual touching a button.

The risks charities can be exposed to depends a lot on the size of the organisation, how complex the organisation is, and how it is funded.

There are also external factors that can influence risk, some of which are beyond control of the charity and can merely be prepared for in advance, or reacted to after the fact, such as changes in the economic climate, legislative changes, technology changes, environmental issues, and of course human involvement.

Why is risk management important for charities?

Risk management is important for all organisations and is a key part of effective governance for charities of all sizes.

Through effective risk management, charity trustees can help to ensure the following:

  • Significant risks are identified and closely monitored to enable trustees to make informed decisions and take correct and timely courses of action.
  • The charity is able to make the most of opportunities, knowing that the risks involved will be well managed.
  • Strategic planning is continually updated and improved.
  • The charity’s goals are achieved more easily and with minimal disruption.

The Charity Commission recommends that charitable organisations have risk management policy in place so they can effectively identify, monitor and manage the potential risks.

What should a charity’s risk management statement include?

Charities with annual incomes of £500,000 or more should include a risk management statement in their trustees’ annual report (1).

The risk management statement should include:

  • Acknowledgement of the trustees’ responsibility for identifying, assessing, and managing the risks.
  • An overview of the charity’s process for identifying risks, including details of any major risks that have been identified, and reviewed/assessed.
  • Explanation of the processes and systems the charity has put in place to manage risks.

What are the common risks that charities can face?

When charities consider their risks they must ask whether or not they can continue to meet the needs of their beneficiaries, both now and in the future.

  • Public liability – including accidents and injuries to members of the public and/or accidental damage to another person’s property.
  • Employee claims in the event of an accident or illness.
  • Risk of damage to the charity’s reputation – this could come in the form of human error, such as a misjudgment of a situation, or a dishonest act.
  • Financial risks – including shortage of donations, misappropriation of monies, inappropriate investments, shortage of employees and volunteers, and the rising costs to hire community halls, heat rooms, and run vehicles.
  • Changes to government legislation.

Explaining the risk management process for charities

No matter how careful you are, there will always be the potential risk of accidents. Therefore, no organisation should seek to eliminate risk altogether, but should seek to better understand the potential for risk and the potential impact of various risks.

The creation and management of a risk register can help to briefly explain the risks, their potential impact, and more importantly… explain the actions that need to be taken to manage the risk and who is responsible for those actions.

At the very least, charity committee meetings could include risks as an agenda point to be discussed.

Charity risk assessments

A risk assessment is the process of considering the risks associated with any given activity or event in advance. From the risk assessment, plans are put into place to minimise, mitigate, and even nullify the risk and its potential consequences.

Typically, the things to consider include:

  • What is the hazard?
  • Who is at risk from the hazard?
  • Are there any control measures already in place?
  • What control measures should be implemented?
  • What is the severity of the risk (including the likelihood of the hazard’s occurrence and the adequacy of the control measures)
  • What, if any, further precautions might need to be put in place?

It is very important that all staff and volunteers involved in the charity event understand the risk assessment and know how to implement the actions identified.

From the risk assessment, a risk register can begin to be populated so staff and volunteers know who is responsible for dealing with each risk occurrence.

Charity risk register

A risk register is a risk management tool, which also helps to fulfill regulatory compliance requirements, and acts as a repository for all identified risks, including any helpful information such as the nature of the risk, measures for management and mitigation, and who is responsible for the risk. It is commonly displayed as a table or as a scatterplot diagram. (2)

An example of a risk register could be:

Ref no.





Risk Score



Action When


Unique identifier for each risk

Risk description and causes

Agreed score to indicate probability of risk occurrence

Summary of the potential impacts of the risk

Agreed score to indicate impact of the risk

Total of Probability and Impact scores

Actions for which the risk owner is responsible – Prevent, Control, Reduce, Mitigate.

Person/s responsible for monitoring and managing the risk and for the mitigation measures.

Immediacy of required action for each risk.

How to monitor the ongoing risk and who will monitor it.

Risk 1










Risk 2











Tips to minimise a charity’s exposure to potential risks

There are many risks that charities face daily. The most obvious risks are to employees and volunteers and to charity shop customers and third-party suppliers, such as couriers, financial advisers and accountants, legal professionals, and other visitors to a charity’s premises.

Accidents can cause injury claims from employees and/or third-parties which can be expensive if a charity organisation is not adequately insured.

Ensuring any trip hazards (such as steps) are clearly marked will help to mitigate any accidents, whilst carrying adequate public liability insurance for charities will ensure any legal costs that may arise from a third-party claim for an accident can be covered without too much financial impact on the charity itself.

If an employee or volunteer has an accident whilst working for the charity, then they could claim for lost income and medical fees as a result. In this instance, employers’ liability insurance for charities would respond to cover a claim and the associated damages, such as fees for medical treatment.

Charity risks that are arguably less obvious to the general public but more relevant to those within the charity organisation include:
• Governance risks
• Operational risks
• Financial risks
• External risks
• Compliance and regulatory risks
• Reputational risks

For this article we will highlight one potential risk example for each of these, its potential impact on the charity, and what steps can be taken to mitigate the risk.


Charity governance risk example:

Potential risk

Potential impact

How to mitigate the risk

Conflicts of interest

  • charity unable to pursue its own relevant interests.
  • decisions potentially based on considerations not relevant to the charity.           
  • reputational damage to the charity.
  • private benefit of individuals in question.
  • agree a protocol for the disclosure of potential conflicts of interest.
  • agree procedures for standing down on certain decisions where potential conflicts of interest may be in play.
  • review recruitment/selection/election process to mitigate potential conflicts of interest.


Charity operation risk example:

Potential risk

Potential impact

How to mitigate the risk


  • unsatisfactory ROI.
  • reputational risks of campaigns or fundraising methods used.
  • actions of agents and commercial fundraisers.
  • compliance with fundraising law and legislation.
  • implement appraisal, budgeting, and authorisation procedures.
  • review fundraising methods to ensure they meet regulatory compliance.
  • monitor the adequacy of fundraising returns (use benchmarking comparisons).
  • stewardship reporting in annual report.


Charity financial risk example:

Potential risk

Potential impact

How to mitigate the risk

Fraud or financial error

  • monetary loss.
  • reputational risk to the charity.
  • impact on staff morale.
  • regulatory action.
  • impact on future funding.
  • review financial control procedures and update where necessary.
  • split financial duties (rather than one person controlling all financials).
  • set authorisation limits to minimise potential losses.
  • agree a confidential whistleblowing anti-fraud policy.
  • review security of the charity's assets.
  • identify the insurable risks and ensure they are covered.


External risk example:

Potential risk

Potential impact

How to mitigate the risk

Adverse publicity

  • monetary loss.
  • reputational risk to the charity.
  • impact on staff morale.
  • regulatory action.
  • impact on future funding.
  • implement/review complaints procedures (internal and external).
  • agree proper review procedures for complaints.
  • agree crisis management strategy (including consistency of messaging and a nominated spokesperson).


Compliance risk (law and legislation) example:

Potential risk

Potential impact

How to mitigate the risk

Compliance with legislation and regulations appropriate to the activities, size, and structure of the charity

  • fines, penalties or censure from licensing or activity regulators.
  • loss of licence for certain activities.
  • employee or consumer action for negligence.
  • reputational damage.
  • identify key legal and regulatory requirements.
  • allocate responsibility for key compliance procedures.
  • put in place compliance monitoring and reporting.
  • prepare for compliance visits.
  • obtain compliance reports from regulators, auditors, and staff to consider appropriate actions.


Reputational risk example:

Potential risk

Potential impact

How to mitigate the risk

Hiring staff and volunteers to work with potentially vulnerable children or adults.

  • reputational damage.
  • consumer action for negligence.
  • fines, penalties or censure from licensing or activity regulators.
  • loss of licence for certain activities.
  • impact on future funding.
  • enhanced CRB checks
  • clearly explain a volunteer’s role at the outset – agree this with the volunteer and record it in writing, with a signed and dated volunteer agreement.
  • agree crisis management strategy (including consistency of messaging and a nominated spokesperson).

Who is responsible for a charity’s risk management?

Overall responsibility for the smooth running of a charitable organisation rest with its trustees. The trustees’ involvement in the charity’s risk management is vital for determining the charity’s risk appetite, for accountability of the effective risk management of the charity, and for ensuring the charity is compliant with legislation.

Almond Tree Consulting risk register diagram


It is the responsibility of the trustees to ensure the processes involved in risk management are implemented using a diagram such as the one below, can help when determining the severity of risk and the timescale for action.

Almond Tree Consulting impact vs likelihood diagram

Mitigating a charity’s risk exposure with insurance

  •  Charity public liability insurance (PL)Public liability insurance will cover legal costs and damages should your charity be accused of damaging a customers’ property or be alleged to have caused an accident to a member of the public.

  • Employers’ liability insurance (EL) – This policy is a compulsory insurance requirement under the Employers’ Liability Act (1969) and it is a criminal offence not to carry cover if you employ staff. The legal minimum level of employers’ liability insurance you must carry is £5million. The policy covers legal fees and the cost of compensation awarded to an employee who suffers an injury or illness that they have sustained working for you.

    It is important to be aware that you can be fined £2,500 for each day you are not adequately insured. On top of this, you can be fined £1,000 if you do not display your employers’ liability insurance certificate, or if you refuse to make your EL certificate available to inspectors when they ask to see it. (3)

  • Professional indemnity insurance (PI)Professional indemnity insurance covers your legal costs and expenses in defending a claim, and any compensation or costs that may subsequently be awarded, following:
    - Professional negligence - such as making a mistake in a piece of work for a client or giving them poor advice.
    - Unintentional breach of confidentiality - such as sharing sensitive client information without permission.
    - Unintentional breach of copyright - such as using an image on your website without permission.
    - Defamation and libel - such as making false comments about a competitor or client that damages their reputation.
    - Loss of documents or data.
    - Loss of money or goods (for which you are responsible).
  • Trustee indemnity insuranceTrustee indemnity insurance can cover your legal fees, expenses and any damages awarded against you following an allegation of negligence in the running of the charity – giving you the peace of mind that your personal finances will not be at risk if a claim is made against you.

    Our insurance for trustees provides cover for:
  • Your legal liability as a governor, director, council member, officer or trustee of the organisation.
  • The defence of any legal action seeking your disqualification as a director.
  • Any investigations you are requested to attend.
  • Extradition proceedings (including appeals).

  • Fidelity insurance (PI)Fidelity insurance can protect your charity, club or community group against fraud, theft or dishonesty by volunteers or employees. Common examples include fabricating invoices, false expense claims, petty cash theft and stealing collection tins.

    Our fidelity insurance pays for losses you incur because of:
    • Loss of money or goods arising from the dishonest or fraudulent acts of your employees.
    • Loss of property or funds through third party computer fraud or fraudulent transfer instructions.

  • Office insuranceOffice insurance is designed to protect your business against unexpected events concerning your workplace. This can include cover for damage to the structure of your building, as well as protection against the loss of or damage to your office equipment. Anything from a fire or flood to a break-in could result in thousands of pounds worth of damage.

    We offer a range of different types of cover, including buildings and contents insurance, business equipment cover and business interruption insurance, to comprehensively protect your property against a multitude of risks.

Arranging the right insurance for your charity is important, and without speaking to a specialist it can be a complicated process. At Markel Direct we have a wealth of experience of providing cover for charities and other not-for-profit organisations.

Click the ‘Get a quote now’ button today to get a quick quote for your charity insurance.

Guidance pdf: Charities and risk management (CC26)

Business insurance from £5 a month