Managing risk in your county

Risk assessments and more

Part of a commissioner's role is to spot and manage risk for their area.

You need to be regularly reviewing and planning for risk across all parts of your county or area, as trustees do for charities. The Charity Commission provide lots of information on this.

Your role in risk assessments 

Risk assessments help you find any potential risks and the impact they might have. In it, you’ll: 

  • Name any risks that could affect your area.  
  • Decide how best to respond to these risks to minimise any negative outcome. 

As a county commissioner, you need to: 

  • Follow our standard risk assessment process to create a risk assessment for your area. This needs to be reviewed regularly - every six months, when a new risk appears, or where risk has significantly increased. 
  • Have oversight of county events and properties. The relevant committee should manage a risk log and share this with you. You might want to add high-risk items to your own county risk assessment. 
  • Have a continuity plan

Thinking about and writing it all down now will help you manage issues when they occur. It can be hard to know what to do when you’re in the middle of a situation, so having the steps ready to follow will help.   

You should also make a suitable statement in the annual report about risks.

Kinds of risk

Risks might include issues that disrupt services to members, damage reputation or cause a change in income. For example:

  • Governance risks – such as an ineffective structure, conflicts of interest or a lack of skills among trustees or other key members. 
  • Operational risks – such as risks relating to events or property, safe from harm issues, or data protection issues. 
  • Financial risks – such as not enough insurance cover, reducing income or cash flow issues. 
  • External risks – such as reputational risk, image risk, and changes in government policy. 
  • Compliance risks – such as poor knowledge of the responsibilities of an employer or other regulatory requirements, or breach of trust. 

Continuity planning

A continuity plan has all the information that your county team needs to keep running the county when something unexpected happens, even if you’re not around. 

The county commissioner remains responsible for the county continuing in unusual or unpredicted circumstances. But you can work with your team to develop this plan and delegate the job of taking the continuity plan forward.  

Make sure you: 

  • Give access to a copy of the plan to key team members. An online file sharing service is a great way to make sure everyone who needs to can view the latest version of the plan at any time.  
  • Review your plan regularly, making sure it stays relevant to the needs of the county.  
  • Choose one team member to be responsible for updating the plan. The whole team should be involved in making decisions about updates.  
  • Add the date that changes were made to your plan, so it's clear which is the most up-to-date version. 

Creating a continuity plan

Before starting your continuity plan, you'll need to do an impact analysis and a risk assessment for your area. This will determine the likely risks and how long things can continue without key services.  

Read our advice for commissioners on impact analysis and risk assessments

Then follow these steps to create your plan: 

  • Plan how long it you think it should take for each service to be recovered after an incident or disruption. Use the information in your impact analysis that explains the effects of the services being unavailable to help you decide how long you can be without it. 
  • List the everything you'd need to bring back or recover a service.  
  • Consider your county team, including the roles currently held, any other areas of expertise in the team, when roles are due to end and whereabouts the roles are based. 

It's important to also include: 

  • The purpose of the plan in the document.
  • Any other relevant documents, like your county’s constitution. This could be as links or attached copies. 
  • The name of the person responsible for the document. 
  • All members of the team with responsibilities within the continuity plan and explain what their roles are. 
  • How the plan will be carried out, will you contact everyone through a phone tree, for example? 
  • Whether key team members have the right GO access to contact people. If not, identify how this would be done. 
  • How guiding members across the county will be contacted and kept up-to-date. 

It's a good idea to test your plan before you need to use it in a real situation. It's rarely possible to test everything included in the plan, but you should try out the contact and communication plans to make sure that your continuity plan will be effective it should be tested in advance. It won't be possible to test all parts of the plan, but try out the communication strategy to make sure that all members of the team can be contacted. 

Other scenarios can be tested through discussion, where each member of the team describes what their actions would be. Make sure that scenarios are relevant to your county; your risk assessment can help with this. 

Make sure you review your continuity plan regularly, to check that: 

  • All members have kept their contact details up to date on GO. 
  • People listed in the plan are still members of the team and still able to do what they need to do. 
  • New risks to the county have been included.
  • All members of the team know about the plan and how to use it.