Risk Assessment: Sample Document

Article modified: December 2019, Author:

Please note that sample documents are supplied as examples which can act as starting points and prompters. They should not be taken as definitive, complete or even sufficient for your purposes – you should at the very least consider how your circumstances (requirements, organisational structure etc.) differ. But they should be a lot better than a blank sheet!

The following was produced as part of a Trustees Manual, rather than a stand-alone document.

Risk Assessment

The risks associated with the activities of AN ORGANISATION and the assessment of those risks are as follows:

a.     Fundraising:


Investing in a fundraising scheme that produces no return, or too low a return, on the investment.

Participating in a fundraising scheme that contravenes legislation.

Lack of information about fundraising activity.

Assessment The fundraising strategy including financial budgets is reviewed by the Board on an annual basis.  The Chief Executive reports at the meetings of the Board on progress against budgets and targets.  The Board will review fundraising activity on a regular basis.  The level of risk is low

b.     Grant making:

Risks Directing grants to inappropriate projects or not in accordance with the wishes of the donor

Assessment There is a clear audit trail of earmarked donations and their destination.  The level of risk is very low

c.     Students

Risks A student, sponsored by AN ORGANISATION, breaches the terms of her/his entry permit.

Assessment AN ORGANISATION can only give a statement of support and not any advice on immigration related matters.  The Immigration Service has powers to deport anyone who breaches the terms of their entry visa.  The risk is low.

d.     Financial management

Risks       AN ORGANISATION’s employees defraud the charity.

Assessment All post containing or likely to contain donations is opened in the presence of two people.  There is an audit trail to match cash donations received with cash banked.

All expenditure payments are made with two signatures at levels agreed by the Board. (See section 5.2). The risk is low.

e.     Software licences

Risks AN ORGANISATION exceeds the number of users it has licensed for using software.

Assessment The Board has instructed the Chief Executive to carry out an annual audit of software licenses to ensure that no unauthorised copies of software are used by any employees and to report the results of the audit to the Board.  Level of risk is low

f.     Employment

Risks AN ORGANISATION breaches employment and employment-related legislation.

Assessment The Board has instructed the Chief Executive to review on a regular basis contracts of employment and to provide all employees with access to AN ORGANISATION’s policies on key issues such as personal use of computers {,equal opportunities}.  The level of risk is low

g.     Health and Safety

Risks      AN ORGANISATION breaches health and safety regulations

Assessment The Board has instructed the Chief Executive to review health and safety policies on a regular basis and to ensure that all employees are aware of their obligations.  The level of risk is low.

The trustees annually review the risks faced by AN ORGANISATION, assess them and agree policies to mitigate those risks.


VolResource Addendum on other potential issues

h.     IT

Network security, backups and uninterruptible power supply. Virus protection. Data protection regulation breaches (especially around membership, marketing).

i.     Slander and Libel

Risks from badly worded emails; lack of clarity on who should/can speak for the organisation on which issues. Address partly by insurance?

j.     Purchasing

Inadequate control leading to major unauthorised commitments.


NOTE: Some of the above items might appear in other documents, such as the Financial Procedures, in which case a cross-reference is usually better than a repeat (in case of later revision or minor differences leading to confusion).