Charitable organisations are no strangers to the many hurdles that potentially stand in the way of achieving their objectives. As a result, risk management takes on an indispensable role in the strategic planning and daily operations of any charity. At the heart of it all is the risk register — a vital tool that allows organisations to identify, assess, and monitor potential risks systematically.

Whilst the easiest way to make this tool come to life is to use Governance360 (naturally) and our purpose built Risk Register feature built to Charity Commission best practice guidelines, let us quickly take you through the step-by-step process of creating a robust risk register for your charity:

Understanding Risk Registers

A risk register is a comprehensive document that records the identified risks faced by an organisation, assesses their potential impact, and outlines the agreed-upon risk management actions. It provides a clear snapshot of the current risk landscape and the strategies in place to mitigate these risks.

Why Does Your Charity Need a Risk Register?

A risk register helps charity trustees to stay on top of potential risks and take proactive measures to prevent or minimise their impact. By systematically identifying and monitoring risks, charities can optimise their operations, ensure legal compliance, protect their reputation, and secure their financial sustainability. In an ever-changing world, a robust risk register is a lifeline that enables charities to thrive amidst uncertainty.

Legal Requirements for Risk Management

In the UK, the Charity Commission mandates that all charities, regardless of their size or nature of operations, should regularly review and assess the risks they face.

Trustees are expected to demonstrate a comprehensive approach to risk management that covers all aspects of their charity's work and culture. While a formal risk management statement is not legally required for smaller charities, the Charity Commission clearly advises that implementing an effective risk management policy is vital for a charity's success and longevity.

Creating a Meaningful Risk Register

Creating a meaningful risk register involves a collaborative effort. Each stakeholder brings a unique perspective to the table, ensuring a well-rounded understanding of the risks the charity faces.

This collective process ensures that no significant risks are overlooked or underestimated.

This is one reason why the Governance360 Risk Register tool can only be edited by Board Admins – whilst all members can view the Risk Register feature 24 hours a day (by simply logging into their dashboard), they cannot amend or re-write the contents on their own. This means they can visualise and reflect on the Register at their leisure, but require a further discussion at a Board or Committee meeting to change and update.

Key Elements of a Risk Register

A comprehensive risk register typically includes the following key elements:

  1. Risk Identification: This involves listing each potential risk separately. The risks can be categorised into various types such as strategic, financial, operational, reputational, legal/compliance, governance, IT/cyber, and people-related risks.
  2. Risk Analysis: This step involves assessing the likelihood of each risk occurring and its potential impact.
  3. Risk Evaluation: Here, the risks are ranked based on their likelihood and impact. This helps to prioritise the risks and determine which ones need immediate attention.
  4. Risk Mitigation: This involves outlining the actions to manage the identified risks. The actions could include avoiding, reducing, transferring or accepting the risk.
  5. Risk Owner: Each risk should have a designated person responsible for monitoring and managing it.
  6. Review and Update: The risk register should be regularly reviewed and updated to reflect changes in the risk environment.

Steps to Create a Risk Register

Creating a risk register involves a systematic approach. Here are the essential steps to follow:

  1. Define Your Risk Policy: Determine your charity's risk appetite — the level of risk your organisation is willing to accept.
  2. Identify Risks: Identify all potential risks that your charity might face. Consider all aspects of your charity's operations and activities.
  3. Assess Risks: Evaluate each identified risk based on its likelihood of occurrence and potential impact.
  4. Plan Risk Responses: Decide on the strategies to manage each risk. The strategies could include avoiding the risk, mitigating its impact, transferring it to a third party, or accepting it with a contingency plan.
  5. Assign Risk Owners: Assign a person or team to be responsible for each risk. They will be in charge of monitoring the risk and implementing the planned responses.
  6. Review and Update the Risk Register: Regularly review and update the risk register to ensure it remains relevant and effective.

Charity Risk Management Planning

Risk management planning involves creating strategies to manage identified risks. It includes developing a risk management policy that details how and who will manage risk, along with a risk register that records the risks, their assessment, and the measures to manage these risks.

Maintaining Your Risk Register

A risk register is not a one-time document but a living tool that should be regularly accessed, reviewed, and updated. It should be used as a strategic tool to support decision-making and risk management activities. Regular reviews will ensure that the risk register remains current and relevant, reflecting any new risks or changes in existing risks.

Risk Register and Insurance

An effective risk register can also play a crucial role in your charity's insurance decisions. By identifying and assessing potential risks, you can better understand your charity's insurance needs and ensure that you have adequate coverage for all significant risks.


A robust risk register is an invaluable asset for any charity. It not only helps in identifying and managing potential risks but also contributes to the overall success and sustainability of the charity.

By investing time and effort in creating and maintaining a comprehensive risk register, charities can ensure they are well-prepared to navigate any challenges that come their way.

If you would like to find out more about how Governance360 and our proven Risk Register feature can help you improve your Charity’s defences please contact us now or book a demo here.

Post by Laura B
Laura is a member of the Customer Success team at Governance360