Cookies on Knowhow Nonprofit

We use cookies in order for parts of Knowhow Nonprofit to work properly, and also to collect information about how you use the site. We use this information to improve the site and tailor our services to you. For more, see our page on privacy and data protection.


Skip to content. | Skip to navigation

Community-made content which you can improve Case study from our community


This page is free to all
Risk management is a vital (and legal) responsibility for charity trustees. This page covers an introduction to the risk management process and the role insurance plays in protecting your organisation.

Charities need to manage risk like any other business. While some risks they face may be like those of traditional businesses, there are differences and risk management is a key tool for protecting your organisation, volunteers and service-users. Insurance is one way of managing or transferring risk alongside other strategies like outsourcing, avoiding or minimising risk; insurance is just one stage in the risk management process and irrespective of insurance, risks still require careful and considered management.

Insurance basics

There many types of insurance for charities that may be relevant, dependant on your organisation’s size, complexity and activities.

NCVO’s Trusted Supplier Zurich Insurance has various guides for charities to explore what types of insurance might be relevant to them. Included is a document answering 10 questions to make buying insurance simple, including considering when your organisation needs public liability insurance, what cover you need to think about if you have employees, insurance for your vehicles and protection for your trustees.

It is also important to regularly review your charity insurance, especially when renewing.

Risk management basics

The fundamental questions when assessing and managing risk are what you may lose or suffer (the event), how likely it is that the event could materialise (the frequency) and the extent to which you can afford that event occurring (the impact).

The risk management process involves identifying, registering and assessing risk, contingency planning and developing a robust Charity Business Continuity Plan (BCP), purchasing appropriate insurance, and regularly reviewing risk at board level. You can read a series of risk guides by Zurich Insurance or NVCO’s Managing risk page.

When identifying and assessing risks, you may find a brainstorming exercise useful. Consider each department, service and activity and work out the risks from there; don’t forget to include a range of people from across the organisation to maximise the risks you identify. Some areas you may wish to consider include:

  • preventing fraud in charities
  • charity risk assessments
  • running safe events
  • safe charity collections
  • data security
  • young volunteers
  • overseas travel
  • trustees’ liabilities
  • risk management policies and procedures.

The Charity Commission’s guidance Charities and Risk Management (CC26) suggest categorising your identified risks into the following:

  • governance
  • external
  • regulatory & compliance
  • financial
  • operational. 

Further support

Zurich Insurance is the NCVO Trusted Supplier for insurance. It provides insurance to charities, social enterprises and other not-for-profit organisations. Find out more about the insurance Zurich can provide for public liability, employers’ liability, motor and much more.

NCVO’s Knowhow Nonprofit Managing risk page with a risk register template for NCVO members.

Page last edited Jan 14, 2019

Help us to improve this page – give us feedback.

1 star 2 stars 3 stars 4 stars 5 stars 2.8/5 from 308 ratings

Find out how-to…

How-tos are written by our users to share practical knowledge.

And if there isn't one already you can write it yourself, or request someone else write it.

See all how-tos