Home > Help and Guidance > Running your organisation > Risk management and Insurance
Hands hold up some collapsing dominos in front of a pile of coins

Risk Management process

A risk is the chance, great or small, that the organisation will be damaged in some way as a result of a particular hazard. For example, a trailing cable is a tripping hazard, which creates a risk of accident and injury, potentially resulting in litigation and financial costs to your organisation.  

Risks can arise from a variety of situations, and health and safety issues such as the example above are a common concern. However you should also be alert to other risks which may arise in the different areas of your organisation’s work. These risks could be financial, operational, regulatory, to do with your governance or an external factor. You should try to think about all of these risk areas when making decisions.

Risk management is sometimes perceived to be a potentially overwhelming process. However, there are simple steps that you can take to work through a risk management process. You should not be put off by a concern that you might not get it 100% right, as any action you take to reduce risk is infinitely better than none at all.

The cycle of risk management

Risk management is a cyclical process with four stages.

  1. Risk identification – identify all the factors, events and situations that could present a risk to the organisation.
  2. Risk analysis – sort, score and rank risks as the basis for making decisions about how to handle them. When you analyse the risk you need to think about the likelihood of it happening and the potential impact.
  3. Risk control – take steps to reduce or avoid the likelihood of a risk occurring and to minimise its impact. You can also think about fall back (contingency) plans for managing bad and worst-case scenarios.
  4. Risk monitoring – monitor and review risks to determine whether the risk control actions under 3 above are effective, and whether their nature and/or likelihood has changed over time.

Controlling risk

When deciding how to deal with a risk you have a number of options, and your action will depend on the circumstances and how much risk your organisation is willing to accept (your ‘risk appetite’). The main options that you have are:

When deciding how to deal with a risk you have a number of options, and your action will depend on the circumstances and how much risk your organisation is willing to accept (your ‘risk appetite’). The main options that you have are:

  • Avoid – not carry out the activity for which risk has been identified.
  • Prevent – taking action to reduce the likelihood of a loss, for example, installing anti-virus software on ICT equipment. Development of robust internal policies is key to prevention.
  • Minimise – taking action to reduce the consequences of a loss should it occur, for example installing sprinklers to slow the progress of a fire.
  • Accept – the organisation might be prepared to accept some risks, for example where the cost of preventative action significantly outweighs the likelihood and potential impact of the risk.
  • Transfer – liability for the risk is transferred to another body. This might be through contractual arrangements, for example a sub-contractor accepts the risks associated with contract delivery. Alternatively, risks flowing from financial loss are transferred to an external insurance company when you take out insurance. It is the responsibility of the trustees to make sure that the organisation has adequate insurance cover and we look at this in our Insurance section.

Other sources of information

Charity Commission guidance on how to assess risk, including information on how to assess and score risks

NCVO also have information on how to assess risk

Health & Safety Executive risk management

Insurance requirements

Trustees have a responsibility to protect their organisation. Insurance can be an appropriate way to manage risk and protect against any loss, damage or liability arising from the specified risks. Some insurances may be required by law, others are optional and what is required will depend upon the size, complexity and activities that your organisation carries out.

Insurances required by law

  • Organisations that employ staff are required by law to buy employers’ liability insurance
  • Organisations that own or operate motor vehicles are required by law to buy motor insurance

Other types of insurance

Examples of types of insurance that might be needed to cover an organisation’s property against loss or damage are:

  • buildings insurance
  • contents insurance
  • event insurance

Examples of types of insurance that might be needed to cover against an organisation’s third party liabilities are:

  • professional indemnity insurance
  • public liability insurance

It is also possible to buy insurance that protects the organisation’s Trustees from personally having to pay any claims that are made against them for failing in their duties. This insurance is called trustee indemnity insurance.

Volunteers and insurance

For insurance purposes, voluntary organisations are advised to treat volunteers in the same way as they do their employees and ensure that they are covered by the usual types of insurance an organisation might buy, such as employers’ liability or public liability cover.

You should check any insurance policy to make sure:

  • that it definitely includes volunteers
  • how the term ‘volunteer’ is defined for the purposes of that policy
  • whether any upper or lower age limits apply
  • that the policy covers the types of activities that the volunteers will be undertaking

Get advice

When thinking about taking out any type of insurance cover, you should carefully consider taking proper independent professional advice. It is usually best to use an insurance broker who has an understanding of the needs of the voluntary sector and who is in a position to place business with any one or more of a range of insurance companies. Organisations can also go directly to a specialist charity insurer. The important point is to use a broker or insurer with specialist knowledge of the insurance requirements of charities and voluntary organisations to ensure that the correct coverage is arranged at a competitive price.

For more information on the things to consider when putting in place insurance have a look at our information sheets:

Colleagues going through documents



Volunteers and Insurance

Volunteers and Insurance

Other sources of information

Charity Commission guidance – Charities and insurance