Charity Risk Register: Free Template & Guide for Trustees
Free charity risk register template. How to identify, assess, and manage risks. Essential governance tool for UK charity trustees.
A risk register is a governance essential — it shows your board is actively identifying and managing threats to your charity. Here's a free template and practical guide.
What is a Risk Register?
A risk register is a document that lists the key risks facing your charity, assesses their likelihood and impact, and records what you're doing to manage them. It's a living document reviewed at every board meeting.
Why You Need One
- The Charity Governance Code (Principle 4) requires effective risk management
- Funders and grant-makers expect to see a risk register
- It protects trustees — documented risk management shows you're exercising reasonable care
- It prevents surprises — you've already thought about what could go wrong
Template
| Risk | Category | Likelihood (1-5) | Impact (1-5) | Score | Mitigation | Owner |
|---|---|---|---|---|---|---|
| Loss of key funder | Financial | 3 | 5 | 15 | Diversify income; build reserves to 6 months | Treasurer |
| Key staff departure | Operational | 3 | 4 | 12 | Cross-train staff; document key processes | Chair |
| Data breach | Compliance | 2 | 5 | 10 | GDPR policies; staff training; encrypt data | DPO/Secretary |
| Safeguarding incident | Safeguarding | 2 | 5 | 10 | DBS checks; safeguarding policy; training | Safeguarding lead |
| Reputational damage | Reputational | 2 | 4 | 8 | Crisis comms plan; media policy; transparency | Chair |
Risk Categories
- Financial — loss of income, fraud, cash flow problems
- Operational — staff departure, IT failure, premises issues
- Compliance — GDPR breach, regulatory failure, health & safety
- Safeguarding — harm to beneficiaries or staff
- Reputational — negative press, social media crisis, scandal
- Strategic — mission drift, relevance decline, competition
- External — economic downturn, policy changes, pandemic
How to Score Risks
Multiply Likelihood (1-5) by Impact (1-5):
- 1-6 (Green) — Low risk. Monitor annually.
- 7-14 (Amber) — Medium risk. Active mitigation. Review quarterly.
- 15-25 (Red) — High risk. Urgent action required. Review monthly.
Board Review Process
- Review the risk register at every board meeting (or at minimum quarterly)
- Each risk owner reports on their mitigation actions
- Add new risks as they emerge
- Remove or downgrade risks that have been effectively managed
- Record the review date
Risk Management Needs Good Data
QuikCue builds dashboards that give trustees real-time visibility into financial risks, operational metrics, and compliance status.
We build autonomous systems for charities.
Pledge collection, payment processing, WhatsApp automation, analytics dashboards, and the infrastructure that lets a small team do the work of fifty. Free tools. Fractional technology leadership. No fluff.
Get the next deep dive in your inbox.
No spam. No weekly roundups. Just the occasional piece when we have something worth saying.
Related articles
Charity Trustee Recruitment: How to Build a Strong Board
How to recruit charity trustees. Skills audits, where to find candidates, interview processes, diversity, and induction. Complete board-building guide.
Impact Measurement for Charities: Frameworks & Tools
How to measure and report charity impact. Theory of Change, outcomes frameworks, data collection, and reporting tools. Practical guide for UK charities.
Charity Data Protection & GDPR: Practical Compliance Guide
GDPR compliance for UK charities. Data protection principles, lawful bases, donor data, consent, subject access requests, and ICO requirements.