Directors/trustees are expected to identify and manage obstacles that may prevent the organisation from reaching its goals. The whole board must be involved in risk management, particularly around financial matters and legal compliance.
In managing risk, directors/trustees have a responsibility to owners to foresee what could affect the organisation and to make sure plans are in place that will minimise the impact of events or changes that will have a negative effect.
Each company or trust will face a different risk profile. Each board will identify the key risks affecting their own sector and then take steps to manage those risks.
Effective risk management requires four steps:
- Identifying each major risk e.g. supply of product, earthquake, floods, retaining qualified staff
- Measuring identified risk in term of their potential magnitude, e.g. likelihood of flood, loss of chief executive
- Controlling the way the risk is managed e.g. what measures are put in place to minimise the damage, for example, succession planning
- Continuously monitoring the risk environment, e.g. have "Risk Management" as an item on every agenda.
Risk can be managed in four ways:
TRAP (from the KPMG Toolkit for the Company Director)
- Terminating the activity giving rise to the risk
- Reducing the risk by adopting appropriate procedures, controls and strategies
- Accepting the risk
- Passing on the risk to another party.
Ongoing risk management includes:
Reports to the board on:
- Incidents in the workplace
- Internal audits
- Financial exposure in foreign markets
- Cash flow forecasts
- Overview of contracts
Staff and director/trustee training on:
- Audit requirements
- Financial skills
- Legal compliance
- Cash flow forecasting
- Managing contracts
- Purchasing and expenditure guidelines
An Audit Committee which:
- Oversees the work of the external auditor
- Assesses the auditor's report
- Evaluates activities which are outside guidelines or processes
- Sets up processes for staff to notify the board of risk (whistle blowing)
See the Terms of Reference for an Audit Committee
More information for Partnerships
Each partner is personally liable for all of the debts and liabilities of the partnership. This includes the negligence of another partner if they were acting on partnership business and all debts run up by the other partner in the partnership name even if they had no authority to do so. So far as the outside world is concerned they are entitled to treat any partner as acting with the full authority of the partnership unless they know specifically that is not the case. It is important for each partner to be involved in risk management of the partnership. Partners have a responsibility to foresee what could affect the partnership and to make sure plans are in place that will minimise the impact of events or changes that will have a negative effect.
Areas of risk which partners are expected to consider include:
- Key staff leaving
- Misuse of funds
- Incidents in the work place
- Cash flow forecasts
- Credit control
For larger partnerships see managing risk for companies