Providing assurance on risk management and controls Jonathan Orchard 16 September 2016
Who’d be a charity trustee?
Basic legal context The trustees are collectively responsible for Everything the charity does How it does it Exercise duty of care & duty of prudence Compliance with law & regulation Trustees must make sure the charity Pursues its aims Uses its assets exclusively to achieve the charity’s aims Acts in the interest of its beneficiaries Delivers public benefit Trustees must: Ensure that the charity is and will remain solvent Use charitable funds and assets wisely, to further the purposes of the charity Avoid undertaking activities that might place the charity’s assets or reputation at undue risk Take special care when investing the funds of the charity, or borrowing funds Exercise reasonable care and skill to ensure that the charity is well run and efficient Consider getting external professional advice where there may be material risk to the charity, or trustees may be in breach of their duties Charity law and the Charity Commission Companies Act The charity’s Articles of Association The requirement for trustees to act with integrity and avoid any personal conflicts of interest or misuse of charity funds or assets
But they are volunteers….. available time is limited commitment is to the cause not compliance their role is governance not management And expectations on trustees are only set to increase
The challenge is….. How to give trustees the confidence they rightly need in the effectiveness of underlying risk management without… …interfering with management
Case study Consider the scenario described Discuss in groups What would you expect to see on the charity’s risk register?
How can trustees meet the challenge? Organisation culture Focus on issues that matter Set financial strategy/ parameters Get regular assurance from management Seek independent review when needed
Organisation culture Tone from the top Risk appetite Delegation of authority Policies & procedures Compliance Transparency
Strategic risks – the Big 5 Impact Are you making the desired impact in support of your beneficiaries and can you evidence it? Financial sustainability Are you managing the finances to ensure you continue to make an impact in the medium to long term? Compliance Are you meeting your regulatory, legal and donor compliance requirements and expectations? Reputation Are you able to respond effectively to any incident that could result in damage to your reputation? Specific to your charity Specific to the nature of the charity and may be a risk that is at the heart of what the charity stands for. For example, for a children’s charity it might be child protection.
Impact Are you making the desired impact in support of your beneficiaries and can you evidence it? Expect to see: Strategy Board monitoring progress Impact reporting
Financial sustainability Are you managing the finances to ensure you continue to make an impact in the medium to long term? Expect to see: Viable business model Reserves policy Long term financial plan Cash flow
Compliance Are you meeting your regulatory, legal and donor compliance requirements and expectations? Expect to see: Clear understanding of requirements Appropriate culture
Reputation Are you able to respond effectively to any incident that could result in damage to your reputation? Expect to see: Response plans Clear, decisive communications
Charity specific risks: Choose one (or more) from: Governance Founder CEO Child safeguarding Staff Grant-making
Understanding assurance picture
Independent assurance Three lines of defence First line Second line Third line Operations Oversight Independent assurance Frontline staff Line managers Support and compliance functions Senior management Internal and external audit Regulatory assessment Assurance
‘Independent’ review Internal review of internal controls (eg CC8) Regular internal review of high risk areas Extend external audit Develop tools for in-house internal audit Commission internal audits on one-off basis Recruit an internal auditor Outsource internal function Cost
Case study Re-visit our risk register How could the tools help provide assurance to the Board? Would they work for you too?
Contact details Jonathan Orchard 020 7841 6360 @orchardj @sayervincent