4. Decision making, risk and control

Principle

The board makes sure that its decision-making processes are informed, rigorous and timely, and that effective delegation, control and risk-assessment, and management systems are set up and monitored.

Rationale

The board is ultimately responsible for the decisions and actions of the charity but it cannot and should not do everything. The board may be required by statute or the charity’s governing document to make certain decisions but, beyond this, it needs to decide which other matters it will make decisions about and which it can and will delegate.

Trustees delegate authority but not ultimate responsibility, so the board needs to implement suitable financial and related controls and reporting arrangements to make sure it oversees these delegated matters. Trustees must also identify and assess risks and opportunities for the organisation and decide how best to deal with them, including assessing whether they are manageable or worth taking.

Key outcomes

  1. The board is clear that its main focus is on strategy, performance and assurance, rather than operational matters, and reflects this in what it delegates.
  2. The board has a sound decision-making and monitoring framework which helps the organisation deliver its charitable purposes. It is aware of the range of financial and non-financial risks it needs to monitor and manage.
  3. The board promotes a culture of sound management of resources but also understands that being over-cautious and risk averse can itself be a risk and hinder innovation.
  4. Where aspects of the board’s role are delegated to committees, staff, volunteers or contractors, the board keeps responsibility and oversight.

Recommended practice

  1. Delegation and control
    1. The board regularly reviews which matters are reserved to the board and which can be delegated. It collectively exercises the powers of delegation to senior managers, committees or individual trustees, staff or volunteers.
    2. The board describes its ‘delegations’ framework in a document which provides sufficient detail and clear boundaries so that the delegations can be clearly understood and carried out. Systems are in place to monitor and oversee how delegations are exercised.
    3. The board makes sure that its committees have suitable terms of reference and membership and that:
      1. the terms of reference are reviewed regularly
      2. the committee membership is refreshed regularly and does not rely too much on particular people.
    4. Where a charity uses third party suppliers or services – for example for fundraising, data management or other purposes – the board assures itself that this work is carried out in the interests of the charity and in line with its values and the agreement between the charity and supplier. The board makes sure that such agreements are regularly reviewed so that they remain appropriate.
    5. The board regularly reviews the charity’s key policies and procedures to ensure that they continue to support, and are adequate for, the delivery of the charity’s aims. This includes policies and procedures dealing with board strategies, functions and responsibilities, finances (including reserves), service or quality standards, good employment practices, and encouraging and using volunteers, as well as key areas of activity such as fundraising and data protection.
  2. Managing and monitoring organisational performance
    1. Working with senior management, the board ensures that operational plans and budgets are in line with the charity’s purposes, agreed strategic aims and available resources.
    2. The board regularly monitors performance using a consistent framework and checks performance against delivery of the charity’s strategic aims, operational plans and budgets. It has structures in place to hold staff to account and support them in meeting these goals.
    3. The board agrees with senior management what information is needed to assess delivery against agreed plans, outcomes and timescales. Information should be timely, relevant, accurate and provided in an easy to understand format.
    4. The board regularly considers information from other similar organisations to compare or benchmark the organisation’s performance.
  3. Actively managing risks
    1. The board retains overall responsibility for risk management and discusses and decides the level of risk it is prepared to accept for specific and combined risks.
    2. The board regularly reviews the charity’s specific significant risks and the cumulative effect of these risks. It makes plans to mitigate and manage these risks appropriately.
    3. The board puts in place and regularly reviews the charity’s process for identifying, prioritising, escalating and managing risks and, where applicable, the charity’s system of internal controls to manage these risks. The board reviews the effectiveness of the charity’s approach to risk at least every year.
    4. The board describes the charity’s approach to risk in its annual report and in line with regulatory requirements.
  4. Appointing auditors and audits
    1. The board agrees and oversees an effective process for appointing and reviewing auditors, taking advice from an audit committee if one exists.
    2. Where the charity has an audit committee, its chair has recent and relevant financial experience and the committee includes at least two trustees.
    3. The board, or audit committee, has the opportunity to meet the auditors without paid staff present at least once a year.
    4. Arrangements are in place for a body, such as the audit committee, to consider concerns raised in confidence about alleged improprieties, misconduct or wrongdoing. This includes concerns raised by ‘whistle blowing’. Arrangements are also in place for appropriate and independent investigation and follow-up action.
  1. Delegation and control
    1. The board regularly reviews which matters are reserved to the board and which can be delegated. It collectively exercises the powers of delegation to committees or individual trustees, or staff and volunteers if the charity has them.
    2. The board describes its ‘delegations’ framework in a document which provides sufficient detail and clear boundaries that the delegations can be clearly understood and carried out.
    3. The board makes sure that its committees have suitable terms of reference and membership and that:
      1. the terms of reference are reviewed regularly
      2. the committee membership is refreshed regularly and does not rely too much on particular people
      3. committee members recognise that the board has ultimate responsibility.
    4. Where a charity uses third party suppliers or services – for example for fundraising, data management or other purposes – the board assures itself that this work is carried out in the interests of the charity and in line with its values and the agreement between the charity and supplier. The board makes sure that such agreements are regularly reviewed to make sure they are still appropriate.
    5. The board regularly checks the charity’s key policies and procedures to ensure make sure that they still support, and are adequate for, the delivery of the charity’s aims. This includes: policies and procedures dealing with board strategies, functions and responsibilities, finances (including reserves), service or quality standards; where needed, good employment practices and encouraging and using volunteers; key areas of activity such as fundraising and data protection.
  2. Managing and monitoring organisational performance
    1. The board makes sure that operational plans and budgets are in line with the charity’s purposes, strategic aims and resources.
    2. The board regularly monitors performance using a consistent framework and checks performance against the charity’s strategic aims, operational plans and budgets.
    3. The board agrees what information is needed to assess delivery against agreed plans, outcomes and timescales. Trustees share timely, relevant and accurate information in an easy to understand format.
    4. The board regularly considers information from other similar organisations to compare or benchmark the organisation’s performance.
  3. Actively managing risks
    1. The board retains overall responsibility for risk management and discusses and decides the level of risk it is prepared to accept for specific and combined risks.
    2. The board regularly reviews the charity’s specific significant risks and the effect of these risks added together. It makes plans to mitigate and manage these risks appropriately. Trustees consider risk that relates to their situation and where they work, for example charities working with children or vulnerable adults will probably look at risks relating to safeguarding.  
    3. The board puts in place and regularly checks the charity’s process for identifying, prioritising, escalating and managing risks and, where applicable, the charity’s system of internal controls to manage these risks. The board reviews the effectiveness of the charity’s approach to risk at least every year. The board describes the charity’s approach to risk in its annual report and in line with regulatory requirements.
  4. Appointing external examiners or auditors
    1. The board agrees and oversees an effective process for appointing and reviewing its external examiners or auditors if they are required.