Charities are navigating heightened complexity as economic pressures, regulatory change, and emerging technologies brings new opportunities while also increasing risk. How can trustees ensure their approach to risk management is proactive and proportionate?

Charity leaders spend 70% of their time battling operational problems, as organisations are stretched for resources yet tasked with meeting rising demand.¹ Risk assessments may be seen as an administrative burden, but there are several ways for charities to optimise their approach to risk and unlock the confidence to deliver greater impact in a challenging landscape.

What risks are emerging for charities?

Understanding where pressures are likely to arise is the first step in building resilience. Each organisation’s risk profile will be unique, shaped by their operations and the needs of their stakeholders and beneficiaries. However, the Charity Commission has recently highlighted the following as risk areas of particular significance to the sector²:

• Financial resilience

• Risks to public benefit

• Safeguarding and compliance

• Governance-related risks, such as trustee recruitment, diversity, and skillset

• Fraud risks, including cybercrime and threats from emerging technologies

• Sociopolitical and geographical risks, including social tensions, geopolitics, and risks from overseas activity

Trustees hold ultimate responsibility for assessing and addressing the risks in their charity. Their attitudes will be influenced by external factors, such as competition for funding, and may vary over time alongside other priorities. In most organisations, the key centralised record of this assessment is the risk register.

What are the qualities of an effective risk register?

The risk register can be a powerful tool in managing potential threats, but it is crucial it does not become a static document. Registers that deliver the most value share the following characteristics:

• Tailoring: Risks are described specifically as they relate to the charity and its environment so that they can be evaluated accurately.

• Risk ratings: Each risk is rated by severity and likelihood of materialising, with consideration given to the impact on perceived risk levels of any existing controls, allowing for better resource allocation decisions.

• Forward-looking: Actions are clearly identified and have assigned owners and timeframes for completion.

• Regular review: Dates are set to chart progress at regular intervals, inviting accountability and helping to drive change in the charity.

• Completeness: The register is scrutinised periodically by trustees in light of internal or external developments to ensure it is complete and relevant.

Using a risk register is beneficial for charities of all sizes, including smaller charities whose exposure to certain risks such as financial resilience may be heightened due to their size.

An integrated, balanced approach

Planning for risks is a function of charity management, but trustees must also consider the role of other employees.

One common pitfall is adopting a purely top-down approach to risk management. Involving operational teams in risk reduction discussions is generally beneficial, as it ensures that agreed-upon mitigation strategies are appropriately aligned with the day-to-day challenges encountered by staff. A centralised but integrated approach is suitable in most cases.

For some charities, a dedicated Audit and Risk Committee or internal audit function, whether in-house or outsourced, may provide a valuable additional layer of support. Culture remains important and can be reinforced even with limited resources. It is worthwhile to evaluate whether sufficient training is provided and whether accountability is integrated into team practices.

Effective risk management will look different in every charity. Balance is key, combining elements of best practice with practical considerations about charity size, environment, and capacity levels.

Even when resources are in short supply, it is vital that trustees’ approach is intentional so that they are prepared for the challenges ahead.

Minimising risk or maximising impact?

Risk management can sometimes feel restrictive. The outlook for many charities and their beneficiaries is defined by high costs, employment struggles, and economic uncertainty, requiring responsive action from the sector.

A successful risk management system not only indicates when trustees should avoid risks but also provides clear guidance on when embracing certain risks is appropriate to foster growth and innovation. It gives leaders the space and confidence to focus on their leadership, to act boldly and seize strategic opportunities, reaffirming their charities’ impact in these challenging times.

¹ CAF UK Charity Insights Report 2025

² Charity Sector Risk Assessment 2025 (Charity Commission)

How we can help

If you are concerned about risk management, our specialist Charity and Not-For-Profit team is here to help. We offer professional advice tailored to your needs, including audit and assurance services and bespoke training. Please complete the form below and we will be in touch to discuss how we can support you.