In late June 2020, following a number of high profile corporate governance failures in the UK, the Charity Commission wrote to trustees and senior management of charities with annual income over £9 million to reinforce the importance of transparent and accountable governance. In its communication, the Commission announced a follow up with large charities on a sample basis to understand what measures they have taken to assure effectiveness of their governance. This clear focus from the Commission reinforces more than ever that charities need to ensure their governance arrangements are robust.
The Charity Governance Code was also updated in December 2020 after consultation with over 800 charities, setting out clear expectations of the necessary governance arrangements. To meet these expectations charities need effective processes for managing governance and regulatory risks, including clear questions for your trustees and audit committees.
Perform a self-assessment against the Charity Governance Code, to determine whether your charity is in line with good governance practices.
Boards and their committees should perform an annual self-assessment of their effectiveness. While this will provide useful feedback to enhance governance effectiveness, self-assessments are limited by human biases that tend to result in an inflated outcome rating. To counter this, larger charities should commission an external review to get an objective assessment on a periodic basis, typically every three years.
Board and committee papers communicate critical information to trustees. Nevertheless, board and committee packs can be extensive and detailed, resulting in information overload. Critical information can be lost and not given the attention it requires.
Trustees and management should challenge their current board and committee reporting format to consider whether they're enabling effective communication and generating meaningful discussion. In working with a wide range of charities, we've observed organisations are actively trying to make their management information more concise, enabling decision-makers to spend more time on key issues.
Keep risks under ongoing review. In its recent communication to large charities, the Commission stressed the need for all charities to establish and maintain an effective risk management process. Tailored to suit individual charities, the process should allow for ongoing and iterative assessment of existing and emerging risks, ensuring trustees and senior management discuss topical risks.
The Audit Committee, or equivalent, is commonly the forum at which top risks are discussed, though we note the extent and quality of that discussion can be varied. Taking an exception-based approach to focus on the top risks will create more time to discuss the aspects that matter the most.
New charity regulations are increasingly complex and have far-reaching organisational impact. For example, complying with the GDPR required large charities to invest significant time and resources, in addition to accelerating major systems upgrades and redesigning business processes to enable compliance.
While the level of effort required to comply can be significant, so are the range of consequences resulting from non-compliance. Charities risk fines, reputational damage and increased scrutiny by the media and the Charity Commission, particularly in the wake of its heightened focus on governance. Other areas of regulatory compliance we see charities focus on include fundraising and health and safety regulations. In both areas, during internal audit reviews, we often identify important weaknesses concerning compliance monitoring arrangements and awareness of applicable laws and regulations.
Leveraging project management methodology when preparing for and embedding new regulations should help create the structure and rigour necessary to achieve compliance in a timely and cost-effective manner. Core elements of an effective project management methodology are clearly defined roles and responsibilities, project plans including key activities and milestones, such as Gantt charts, governance arrangements for monitoring and oversight, and a detailed understanding of the constraints and risks to achieving compliance in the required timescale.
New regulations can be extremely complex and updates to existing regulations can sometimes require a comprehensive review. Charities should undertake a detailed and documented impact assessment of new regulations to identify relevant changes and to understand how their policies, processes and charitable activities will be affected. The impact assessment should be led by an appropriately skilled and experienced individual, such as a legal director, and it should actively involve process owners to ensure operational impacts are identified and thoroughly understood.
Some of the key external reporting requirements most large charities need to be aware of include, but are not limited to, notification to the Information Commissioner's Office (ICO) in the event of a data breach, the Health and Safety Executive (HSE) for health and safety breaches, and serious incident reporting to the Charity Commission. The challenge with these reporting requirements, and particularly serious incident reporting, is that there is some ambiguity with regards to what to report and when. The Commission states a Serious Incident Report is required following an adverse event that results in or risks significant harm to beneficiaries, staff, volunteers and others in contact with the charity, loss of money or assets, and harm to a charity’s work or reputation. 'Significant' is defined as relative to the context of the charity. It's therefore important that charities incorporate triggers in their policies and procedures that help keep serious incident reporting at front of mind when dealing with a wide range of issues.
For more information and guidance on charity risk and regulation, get in touch with Paul Rao.
Our insights provide advice on the highest rated risks for the charity sector so you can ensure that your risk management and control arrangements remain robust.
