Risk Management Policy

Adopted on: 1 April 2025
Review Date: April 2030

Purpose

This policy outlines our approach to identifying, assessing, and managing risks that could impact our ability to achieve our objectives as a charity focused on fire safety education, advocacy, or community support.

Scope

Covers strategic, operational, financial, reputational, and compliance risks across all activities, including outreach, training, fundraising, and governance.

Principles

Risk management is integral to decision-making and governance.
Proportionality: Risk processes will be light-touch but effective.
Risk ownership is shared – Trustees and key staff share responsibility for identifying and managing risks.
Risk is not always negative — taking well-managed risks may be essential to innovation and impact.

Roles and responsibilities

Role	Responsibility
Trustees	Oversight, risk appetite, final decisions
Executive Director	Coordinates risk activities, reports to Board
Programme Leads/ Network Leads	Manage operational/project-level risks
Communications	Manages reputational risk, government/public engagement
Contractors	Flag operational and safety concerns, follow protocols

Process

Risks are recorded in a central risk register.
Risks are assessed using a simple matrix: Likelihood (Low/Med/High) × Impact (Low/Med/High).
Key risks and controls are reviewed regularly by the trustees or at each major project phase.

Risk Categories

Strategic Risks
- Lack of influence on policy
- Misalignment with government agendas
- Failure to represent stakeholders effectively
Operational Risks
- Inadequate fire safety content or training
- Low-quality stakeholder engagement
- Event safety failures
Reputational Risks
- Public misperception (e.g., political bias)
- Failure in advocacy leading to backlash
- Partner conflicts damaging credibility
Compliance & Legal Risks
- GDPR and safeguarding breaches
- Non-compliance with lobbying regulations
- Inaccurate technical claims (liability)
Financial Risks
- Reliance on few funders
- Insufficient reserves for advocacy or emergencies
External Risks
- Policy changes reducing fire safety standards
- Political instability disrupting engagement plans
- Technological failures in data/simulation tools

Risk Assessment process

Step 1: Identify risks across programmes and functions
Step 2: Score each risk (1–5 for Likelihood & Impact)
Step 3: Rank:
– Low (1–6)
– Moderate (8–12)
– High (15–25)
Step 4: Assign owner & develop controls
Step 5: Monitor regularly, escalate if needed

Reporting and review

Regular updates to leadership/ Management Team
Regular reviews by trustees
Annual workshop to reassess key risks
Incident reviews for any major safety, data, or reputational breach

Risk Register ‘Snapshot’

Risk	Impact	Likelihood	Mitigation/Control	Owner	Review Date
Loss of key contractors	High	Medium	Succession plan, appropriate renumeration policy	Chair/ Treasurer/ Trustees	April 2026
Funding shortfall	High	Medium	Diversified funding strategy, membership growth strategy, modified reserves policy	Exec Director/Treasurer	April 2026
Reputational damage due to misinformation	Medium	Medium	Clear comms policy, social media guidelines	Comms Lead	April 2026
Failure to comply with charity regulations	High	Low	Annual compliance checklist, trustee training	Chair/ Exec Director	April 2026
Poor data handling (e.g. sign-ups, donations)	High	Low	GDPR-compliant systems, regular reviews	Exec Director	April 2026

Risk Management Policy & Risk Register