The guidance and downloads on this page are currently under review. The information is still useful to get your PCC started with thinking about risk management, check back for updates and see regulator guidance as linked below.
Charity Commission: Charities and risk management (CC26)
This page provides some simple guidance. This guidance, together with a worked example and checklist is available in pdf form— This document provides an illustrative example of a church‑based risk assessment approach. PCCs should ensure their own risk management reflects current Charity Commission guidance and Church of England safeguarding requirements.
Good practice
As good practice, all parishes should try to manage the risks to which they are exposed. For some parishes there will be a legal requirement to include their approach to risk management in the Annual Report— this is usually PCCs who have to have their accounts audited at year end.
Identify risks
The first step is to identify the types of risks that may occur. The following headings may help you to organise your approach.
Governance risks – the skills, competence & organisation of the PCC etc
Operational risks – health & safety, employment, child protection etc
Financial risks – reserves, cashflow, investments, income stability, fraud etc
External risks – demographic & employment changes, public reputation etc
Regulatory risks – fundraising, disability discrimination, Inland Revenue
Measuring probability
Next measure the likelihood of each risk occurring. It is generally sufficient to assign most risks to either “high probability” (ie likely to occur in the next 5 to 10 years) or “low probability” (ie not very likely to happen in the next decade). Assign the “high” risks a numeric value of 2, and the “low” risks 1.
Measuring impact
Next try and assess the likely impact of each risk in terms of cost and inconvenience. Again use “high” — say an impact of more than £1,000 — and “low” categories, valued at 2 and 1 respectively.
Assigning a score
Conceptually, you can now assign each risk to one of the 4 boxes in the following table. The probability and impact ratings have been multiplied together to give an assessment of the relative scale of risks involved. Those activities in the “4” box in the SE corner of the table need to be stopped, or alternative (less risky) ways of achieving the same objectives developed. The PCC needs to spend most of it time working on the activities in the two boxes labelled “2”, containing an element of either high probability or high impact.
| Probability of risk occurring | |||
| Low = 1 | High = 2 | ||
| Impact on church if risk occurs | Low = 1 | 1 Accept risk. | 2 Establishpreventative and detection measures. |
| High = 2 | 2 Insure against risk and establish a contingency plan. | 4 Abandon activities. | |
Adding detail
Concentrating on the highest risks, you can then develop a more detailed analysis on similar lines to this table:
| Risk | Keys stolen or lost | Loss of generous members through death, moving away, arguments | Risk C |
| Likelihood of occurrence | Low to medium1 — 1.5 | Low 1 | |
| Severity of impact | High 2 | High 2 | |
| Overall risk score | 2 – 3 | 2 | |
| Control procedures | Restrict keys to very few people. Theft insurance. | Pastoral sensitivity.Thank you letters. | |
| Residual risk (££ estimate) | £500 excess | £4,000 pa | |
| Monitoring processes | Key register | Review donors. | |
| Responsibility | Warden AB | Planned Giving Secretary | |
| Further actions required | Ensure local locksmith only makes authorised copies of keys. | Promote legacies. Ask movers to join Friends. Annual stewardship renewal | |
| Review frequency | Annual | Annual | |
| Review dates | September 04 etc | November 04 etc |
The following lists may help you to identify some of the key risks to consider. The lists are not comprehensive, and are simply meant to help get you started. There will always be local factors and issues to consider.
Governance
- Activities outside ecclesiastical objectives
- Lack of key skills (eg treasurer, organist)
- Lack of budgets and forward plans
- Conflicts of interest
- Confidentiality issues
- Lack or loss of records
Operational risks
- Fire & lightning, flood, storm etc
- Volunteer competencies
- Health & safety
- Theft of valuables
- Vandalism
- Employment issues
- Computer failure
- Failure of phone, gas/oil or electricity supplies
Financial risks
- Fraud
- Budget cost over-runs
- Income tax and VAT on trading activities
- Cashflow sensitivity
- Large increase in parish share required
- Loss of regular income from members
- Misuse of restricted or endowment funds
- Loss of fees, rents etc
External risks
- Upsetting local residents
- Scandal at Church school
- Economic recession affects income
- Misinformed press comment
- Local demographic changes
- Competition from other local churches
Regulatory
- Child protection
- Data protection
- Disability discrimination
- Charity Commission
- Ecclesiastical canon law
- Unfair discrimination, equal opportunities . . .
Updated: April 2026 (Content under review)