ABCDEFGHIJKLMNOPQRSTUVWXYZAAABAC
1
2
3
4
5
6
Elmbridge CAN Risk Register
7
Updated July 2024
8
NB columns EFG (likelihood / impact / gross risk) should reflect risk level BEFORE control procedure. Colour-coding (green/amber/red) reflects level of risk after control procedure.
9
Risk no.RiskRisk typeLikelihood = x, impact = y. Gross risk = xy+y. (scale =1-5, max score 30)Control procedureActionsDate risk ceased
10
LikelihoodImpactGross risk
11
1.Data breach may lead to loss of privacy, damage and/or regulatory consequencescompliance5530Follow Data Protection Policy
12
2.Global or national events, leading to inability to plan for the future, too much/too little demand for our servicesenvironmental / external5530Core team members stay informed about world events, particularly those which impact on our area of work. Maintain financial flexibility, in terms of commitments and reserves. Regular trustee meetings at which strategy and direction are discussed
13
3.Loss of key staff or volunteers - with loss of skills and experience, operational impact on key projects and priorities. Loss of contact basegovernance5530Succession planning, training. CRM system to record key contact details and interactions. Annual review of rates of pay, training, working conditions, job satisfaction. Regular check-ins with staff and volunteers
14
4.Volunteers lack competence or suitability leading to errors which could cause physical or psychological harm/distress to themselves, colleagues, beneficiaries or the reputation and aims of the organisationoperational4525Volunteers apply through an application form and interview. Two written references are taken and minimum basic DBS check (renewed every 3 years). All recorded in Beacon. Volunteering can be ended if the terms of the code of conduct are breached.
15
5.Signs of child abuse/mistreatment are not noticed by staff/volunteers or concerns are not raised in a timely manner with the appropriate agencies leading to further harmsafeguarding4525Safeguarding policy, safeguarding training. New volunteers are not allowed to start unless safeguarding training has been completed. Beacon records safeguarding training completion date.
16
6.Children are harmed participating in an event/events organised by Elmbridge CANsafeguarding4525Each individual event or venue is separately risk assessed, covering the specific risks to children. Consider requesting consent forms for each activity/event, to include emergency contact details and relevant medical details. Will never be finished as there are always more events
17
7.Staff/volunteers fail to notice indications that an adult is at risk or to take appropriate action resulting in further harmsafeguarding4525Safeguarding policy, safeguarding training, code of conduct. Staff go through report on safeguarding training compliance (from training provider) on a quarterly basis at Ops meeting and chase volunteers who haven't done it. Discuss training compliance quarterly at trustee meetings, including any cases of persistent non-compliance. Beacon CRM records safeguarding training including completion date.
18
8.Lack of awareness of procedures and policies, actions taken without proper authoritycompliance4525Properly documented policies and procedures, these are on linktree and sent to all new volunteers (who sign volunteers agreement to show they've read them). In-person inductions for new volunteers are run on a twice-annually basis. Regular audit and review of policies, procedures and systemsSet and schedule review dates for all policies. There is a plan to run live safeguarding training sessions
19
9.Photo/videos used without consent risking personal safety and/or legal liability compliance4525Website photos are stock images or ECAN images in which the people are either unidentifiable (eg from behind) or consent of adult is obtained prior to use. At events - one nominated and authorised photographer, others do not take photos. Internet uploads go via website administrator or staff member. Discussion on this needed - who can take pictures, storing pics etc
20
10.Children are abused/exploited by E-CAN staff or volunteers (including physical abuse, grooming for sexual or material gain, radicalisation)safeguarding3520Safeguarding policy, safeguarding training, recruitment checks, supervision. Children are not left alone with ECAN volunteers. Any concerns must be recorded, reported and escalated as per safeguarding policy.
21
11.Risk of radicalisation leading to harm including damage to reputationsafeguarding, compliance3520The induction process militates against this, especially the code of conduct and anti-terrorism policy. All staff and volunteers complete Prevent Awareness Course every 2 years (and Referrals Course as specified in policy). The complaints policy is on our website. Regular supervision of volunteers by staff manager. Complaints policy to be added to ECAN leaflets? Check what is our duty re Prevent training. Review whatsapp
22
12.Non-compliance with legislation or regulations leading to reputational damage, fines or penaltiescompliance3520Key legal and regulatory requirements are identified. Policies are in place in all key areas and are communicated to staff and volunteers. Annual report and accounts are audited and submitted by 31 October deadline annually. Trustee meetings approx. every 6 weeks Allocate responsibility for key compliance areas?
23
13.Physical/psychological harm caused by driving accident/unsafe drivingoperational2515Children are in suitable car seats in the back seat at all times, seatbelts must be worn. Children of any age should not be driven alone by a volunteer - a parent should be present.update driving policy - Florendia has done, to be ratified by trustees
24
14.Individuals/groups use Elmbridge CAN name, resources, networks or communication channels to promote racist, extremist or other harmful views/contentworking online2515Anti-terrorism policy deals with this. Co-directors moderate ECAN Whatsapp chat. Only staff or trustees are admins of group chats. Breach of code of conduct can lead to dismissal/termination of volunteering
25
15.Risk of injury to staff/volunteers/beneficiaries from unsafe premisesoperational1510Separate, detailed risk assessment for each venue/event. Appropriate insurance is in place.
26
16.Risk of child coming to harm whilst being supervised by a volunteer operational1510Volunteers/staff are not to supervise primary school aged children without their parents being present, and it is made clear that such children remain the responsibility of their parents at all times. In cases where secondary school aged children are supervised by volunteers or staff, emergency contact details and relevant medical details are provided and written consent is obtained.
27
17.Staff/volunteers are accused of abuse/exploitation/groomingoperational1510Children are not left alone with ECAN volunteers. Any concerns must be recorded, reported and escalated as per safeguarding policy. Avoid personal whatsapp contact with minors - go through a group or parent. Volunteers/staff do not take photos of children. Refer to boundaries policy.
28
18.Risk of physical harm to staff/volunteers through their work/volunteering eg meeting in client's home, being followed, chance meetingoperational1510Volunteers/staff should meet beneficiaries and others in a public place eg a hub where possible, certainly for the 1st meeting. Do not meet in client's home until/unless you feel comfortable based on knowing the individual/family well. Discuss any concerns with volunteer manager, check in regularly with volunteer manager especially if you are meeting anyone alone. Volunteers do not meet clients in their own home, as per boundaries policy. Carry out risk assessment when matching staff/volunteers to beneficiaries and clearly flag any known risks in Beacon. Staff should have work phones for work use and we should move to business whatsapp. Priority - those whose numbers are publicly available eg through safeguarding policy. Eventually roll out ECAN phones to volunteers who have direct contact with beneficiaries
29
19.Lack of control over expenditure so that spending exceeds available income.financial3520Constant oversight by Treasurer with full report to Trustees at each meeting to show reconciliation to bank balance and expenditure/income in comparison to budget. Authorisation Matrix ensures Directors, Trustees and Treasurer are aware of significant spending commitments before approval. Minutes of meetings include full list of items of expenditure since previous meeting for all Trustees to approve. Regular review of reserves policy and reserves level. Periodic review of Authorisation Matrix and Reserves Policy and level of reserve.
30
20.Protest or other activity by the Far Right causes physical/psychological harm to beneficiaries/staff/volunteersoperational4420Keep publicity around events / venues under review. Individual venue / event risk assessment covers what to do in an incident. Consider sign-ups / guest list for events depending on risk. Positive engagement with and informing the community about ECAN's work. ESOL and other classes educate beneficiaries on the cultural context. Staff/volunteers consider security planning with beneficiaries as needed. Trauma-informed training supports staff/volunteers
31
21.Lack of direction, strategy and forward planning governance3416Regular trustee meetings every 6 weeks, annual strategy session in Januaryput numbers in for the remaining ones
32
22.Inadequate organisational structure, information flow and/or reporting from staff to trusteesgovernance3416Report from treasurer, fundraising trustee and co-directors at every trustee meeting
33
23.Breaching Charity Commission guidelines, or our constitutiongovernance3416Trustee meetings and reports as above. Awareness of and follow Charity Commission guidance
34
24.Maintaining an appropriate number of trustees with the right balance of skills; officer roles filled ie chair, deputy chair and treasurergovernance3416Succession planning. We have been lucky enough to attract enough candidates of the right calibre for trustee and officer rolesGradual handover to new Chair and Treasurer
35
25.Risks associated with manual handlingoperational148Projects are overseen by project lead - an experienced volunteer or staff member. A staff member checks all aspects of home set-up before handing over to ensure safety. Health and Safety policy to include a checklist to go through re home set-up? Set up an incident log
36
26.Poor relationship with fundersenvironmental / external148Ensure regular contact and reports to funders, meet funders' t&cs. Report on fundraising at every trustee meeting.
37
27.Long-term spending commitments undertaken without secure long-term funding to match.financial2412No long-term spending commitments agreed. Employee contracts restricted to one-year duration only if funded by E-CAN. If funded by another funder, then employment agreement will match the duration of the funding agreement.
38
28.Lack of available funds / liquidity to respond to unexpected needs and requirements.financial4420Maintain adequate reserves to provide contingency resources for unexpected events.Periodic review of Reserves Policy and level of reserves.
39
29.Over-reliance on major funders - e.g. Elmbridge BC, Walton Charities - who subsequently cease to provide previous levels of support.financial4420Identify major dependencies and be open to diversification opportunities. Actively pursue fresh sources of funding for the charity. Adequate reserves policy. Implement annual budget and regularly review expenditure against budgetContinue to actively pursue fresh sources of funding for the charity.
40
30.Compliance with donor imposed restrictions - possible reputational and relationship damage leading to a complaint to Charity Commission, asking for money back or not donating againfinancial3416Treasurer maintains spreadsheet system to identify restricted receipts and spending against them. Also BEACON system used to keep track of relevant details. Arrangements should be agreed by Trustees and reporting requirements diarised
41
31.Fraud or error leading to financial loss, reputational risk, risk of legal actionfinancial3416All items of expenditure through the bank account are separately "dual authorised" by two from the Treasurer, Directors and Chairman. Authorisation Matrix ensures spending intentions are appropriately authorised. Regular reporting by Treasurer to Trustee Meetings including list of all expenditure since last meeting. Annual accounts are independently inspected.Key Treasurer's documents are uploaded to shared drive. Gradual handover from Phil to Barby
42
32.Staff/volunteers suffer psychological harm and/or burnout as a result of their work with Elmbridge CANoperational5318Volunteers / staff carefully manage expectations and set personal boundaries e.g. not available at weekends except in emergencies, no WhatsApp on Sundays. Therapy and further training encouraged for key staff and volunteers, 121 or group sessions. Regular supervision sessions for staff with co-director/s. All volunteers have been allocated a staff manager who will check in with them regularly. Organise training sessions and/or check-ins with specialist volunteer. Wellbeing group has regular meetings scheduled and will discuss how to improve provision
43
33.Trustees involved in service delivery leading to lack of impartiality in spending decisionsgovernance4315Directors give plenty of detail in expenditure requests so trustees can consider them fully. Follow authorisation matrix. Rely on precendents to ensure fairness and parity. Trustees and directors hold each other to account on spending.
44
34.ECAN staff/volunteers breach confidentiality by sharing personal information online - leading to harm such as racism, violence, abuse working online, compliance5212Volunteer agreement with provisions on confidentiality, data protection policy and associated security measures document all deal with this. Staff should continually remind volunteers of the need for confidentiality - don't reference ECAN work on personal social media or website. Use of ECAN email addressesReview whatsapp use, and start using ECAN phones - see also 12
45
35.Volunteers not sufficiently trained or supported leading to errors which could cause physical or psychological harm/distress to themselves, colleagues, beneficiaries or the reputation and aims of the organisationoperational4210Volunteers are provided with all policies via linktree and sign volunteer agreement to show they have read them. Appropriate training is delivered including mandatory online adult and child safeguarding training (renewed every 2 years). Each volunteer is assigned a staff manager who is responsible for regular check-ins. Volunteers are encouraged to attend in-person induction and regular get-togethers. Safeguarding training compliance is reviewed at regular operations meetings and volunteers are chased individually. Individual/persistent cases of non-compliance are brought before trustee board. Offer 2-3 zoom safeguarding sessions for existing volunteers and ask all volunteers with safeguarding training outstanding or who need to repeat the training, to attend one of the sessions. To record as an activity in Beacon. Liz to provide this training, Jeannie to organise it with Liz
46
36.Loss of management time and stress relating to staffing issuesoperational4210Grievance policy and code of conduct deal with this. Where a staff member/contractor is hired based on professional qualifications, evidence of these should be routinely sought and checked to avoid problems later. Two job sharing directors, strong trustee board
47
37.Website or Shared Drives may crash and contents unretrievable, website may be hackedoperational226Beacon contains all personal data and case history, maintained and run on a separate server by Beacon. Check what is happening about backing up the website (and any other data back up). Add to code of conduct and disciplinary policies that absence for any reason leads to Beacon access being removed
48
38.Adverse publicity leading to loss of donor/beneficiary confidence, loss of influence, loss of volunteers, impact on staff moraleenvironmental / external226Complaints and whistleblowing procedures in place. Good quality reporting of charity activities.Impact Report December 2023 is being prepared for release in January 2024, website review to follow. We are actively seeking to recruit a lead comms volunteer
49
39.Harm from unsafe/unsuitable equipment/materials (which may have been donated)operational124White goods and car seats provided new. Mattresses and bedding generally provided new or in excellent condition (cot mattresses always new). Bikes checked by specialist volunteer and only new helmets provided. Any second hand electrical items PAT tested. All soft furnishings have fire safety labels. A staff member checks all aspects of home set-up before handing over to ensure safety. Create a Health and Safety policy
50
40.Staff/volunteers are bullied/harassed by colleagues/beneficiairiesoperational, safeguarding124This is dealt with by the bullying and harassment policy. Breach of the code of conduct may result in dismissal/termination. Concerns about bullying of an adult/child should be dealt with via the safeguarding policy. Concerns about how the charity is being run may be reported via the whistleblowing policy. Also dealt with by Disciplinary and Grievance policies. Create a Health and Safety policy, revist the code of conduct and send it out to volunteers. Staff to use work phones (see also 12)
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100