Chapter 2 Tool 4: Risk matrix
Published 3 January 2011
Applies to England and Wales
© Crown copyright 2011
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/charities-due-diligence-checks-and-monitoring-end-use-of-funds/chapter-2-tool-4-risk-matrix
A Risk matrix is another common method for assessing risk, which can be used in conjunction with the SWOT and PESTLE analyses. Trustees may find this method useful when assessing areas of risk, for example when planning a new project to be carried out with a new partner organisation. The identification of appropriate risks may be best undertaken by involving those with a detailed understanding of the charity’s operations and work and/or detailed knowledge of the particular operating environment or the nature of particular projects.
The level of risk should be measured by both the likelihood of something occurring and the severity of impact if it were to happen. The risk matrix can subsequently be used as a risk register for ongoing monitoring and review of risk throughout the life of a project. The following is an example of a section of a risk matrix.
Risk matrix
Reputation
| Risks | Likelihood | Impact |
|---|---|---|
| A real of perceived link or association between the charity and terrorist activity damages the charity’s reputation | LOW | HIGH |
Controls
- draw up detailed partnership agreements
- review partner’s governance structures
- review project audit and monitoring, including field visits
- include an impact and risk assessment for all projects
- take references and contact other affiliates of the partner for recommendations
- request standard documentation and invoices
- check the consolidated list of designated individuals and entities (see chapter 1 of toolkit)
Financial/Criminal
| Risks | Likelihood | Impact |
|---|---|---|
| Financial loss, fraud, money laundering. terrorist financing | MEDIUM | HIGH |
| Failure to comply with UK, International or local regulations | HIGH | MEDIUM |
| Exchange rate losses or gains | MEDIUM | MEDIUM |
| Funds or assets provided are not used for the intended project or misappropriated | LOW | MEDIUM |
Controls
- clear responsibilities and segregation of duties
- scheme of delegation
- developing and implementing a fraud policy
- purchases and tender controls, reconciliations of cash book to petty cash and bank, expenses procedures and authorisation limits
- monitor exchange rate losses or gains and review impact on expenditure and income
- use appropriate bank accounts and procedures
- quarterly project financial reviews and project reports
- documented financial procedures
- regular budget monitoring and forecasting and grant management
Security
| Risks | Likelihood | Impact |
|---|---|---|
| Risk to staff and/or beneficiaries | HIGH | HIGH |
| Obstacles to the effective delivery of services | HIGH | HIGH |
| Areas of conflict, political instability, hostile government | HIGH | HIGH |
Controls
- country specific security risk assessment
- crisis management policy and procedures
- health & safety and security training