Date Adopted: August 2025

Review Date: July 2026

1. Purpose

To identify, assess, and mitigate risks that could impact the charity’s ability to deliver its mission, safeguard its beneficiaries, and maintain public trust.

2. Scope

This policy applies to all trustees, staff, volunteers, and contractors. It covers strategic, operational, financial, reputational, and compliance risks.

3. Risk Categories

We monitor risks across the following areas:

Category

Examples

Financial

     Funding shortfalls, fraud, mismanagement

Operational

     Service disruption, IT failure, staff absence

Reputational

     Safeguarding incident, negative media coverage

Governance

     Trustee conflict, poor decision-making

Legal/Compliance

      Breach of GDPR, charity law, or safeguarding duties

4. Risk Management Process

We will:

• Maintain a Risk Register with likelihood, impact, mitigation, and responsible persons
• Review risks quarterly at trustee meetings, or more frequently if needed
• Assign mitigation actions and monitor progress
• Escalate serious risks to the Chair and relevant authorities where appropriate
• Ensure all trustees understand their role in risk oversight

5. Roles & Responsibilities

Board of Trustees: Owns the risk strategy and reviews the register

Chair: Leads risk discussions and ensures timely action

CEO/Lead Officer: Implements mitigation and reports emerging risks

Volunteers/Staff: Flag concerns and follow safeguarding/reporting procedures

6. Risk Appetite

We adopt a low risk tolerance in areas affecting vulnerable beneficiaries, safeguarding, and legal compliance. We may accept moderate risk in innovation or fundraising where benefits outweigh potential harm.

7. Review & Continuous Improvement

This policy and the Risk Register will be reviewed annually or following any significant incident, regulatory change, or operational shift.