Providing assurance on risk management and controls Jonathan

Providing assurance on risk management and controls Jonathan Orchard 16 September 2016

Who’d be a charity trustee? 2

Basic legal context The trustees are collectively responsible for Everything the charity does How it does it Exercise duty of care & duty of prudence Compliance with law & regulation Trustees must make sure the charity Pursues its aims Uses its assets exclusively to achieve the charity’s aims Acts in the interest of its beneficiaries Delivers public benefit 3

But they are volunteers…. . • available time is limited • commitment is to the cause not compliance • their role is governance not management And expectations on trustees are only set to increase 4

The challenge is…. . How to give trustees the confidence they rightly need in the effectiveness of underlying risk management without… …interfering with management 5

Case study • Consider the scenario described • Discuss in groups • What would you expect to see on the charity’s risk register? 6

How can trustees meet the challenge? • Organisation culture • Focus on issues that matter • Set financial strategy/ parameters • Get regular assurance from management • Seek independent review when needed 7

Organisation culture • • • Tone from the top Risk appetite Delegation of authority Policies & procedures Compliance Transparency 8

Strategic risks – the Big 5 Are you making the desired impact in support of your beneficiaries and can you evidence it? Are you managing the finances to ensure you Financial continue to make an impact in the medium to long sustainability term? Are you meeting your regulatory, legal and donor Compliance compliance requirements and expectations? Impact Reputation Specific to your charity Are you able to respond effectively to any incident that could result in damage to your reputation? Specific to the nature of the charity and may be a risk that is at the heart of what the charity stands for. For example, for a children’s charity it might be child protection. 9

Impact Are you making the desired impact in support of your beneficiaries and can you evidence it? Expect to see: • Strategy • Board monitoring progress • Impact reporting 10

Financial sustainability Are you managing the finances to ensure you continue to make an impact in the medium to long term? Expect to see: • Viable business model • Reserves policy • Long term financial plan • Cash flow 11

Compliance Are you meeting your regulatory, legal and donor compliance requirements and expectations? Expect to see: • Clear understanding of requirements • Appropriate culture 12

Reputation Are you able to respond effectively to any incident that could result in damage to your reputation? Expect to see: • Response plans • Clear, decisive communications 13

Charity specific risks: Choose one (or more) from: • Governance • Founder CEO • Child safeguarding • Staff • Grant-making 14

Understanding assurance picture 15

Three lines of defence First line Second line Third line Operations Oversight Independent assurance • Frontline staff • Line managers • • Support and compliance functions Senior management Assurance • Internal and external audit • Regulatory assessment 16

‘Independent’ review Internal review of internal controls (eg CC 8) Regular internal review of high risk areas Extend external audit Develop tools for in-house internal audit Commission internal audits on one-off basis Recruit an internal auditor Outsource internal function Cost 17

Case study • Re-visit our risk register • How could the tools help provide assurance to the Board? • Would they work for you too? 18

Conclusion 19

Contact details Jonathan Orchard jonathan. orchard@sayervincent. co. uk 020 7841 6360 www. sayervincent. co. uk @orchardj @sayervincent 20