Risk Management

Technology Books for Children (TBC) is committed to identifying, assessing, and managing the risks that may impact our mission of promoting digital literacy and technology-themed books to children, their families and educators. Effective risk management is essential to protect our beneficiaries, volunteers, assets, reputation, and the long-term sustainability of our charity.

This policy outlines our approach to risk management and is informed by best practice guidance from the Charity Commission, specifically its publication Charities and Risk Management (CC26), available at:
https://www.gov.uk/government/publications/charities-and-risk-management-cc26

It also sets out how we use our internal Risk Register as a live tool to review, monitor and mitigate risks across our operations.

Policy Objectives

This policy aims to:

  • Ensure that TBC trustees and staff understand the nature of risk in the charity’s activities.
  • Promote a culture of proactive risk identification and management.
  • Provide a framework for consistent risk evaluation and control measures.
  • Use our Risk Register to record, assess, monitor, and report risks on a regular basis.
  • Support compliance with legal, financial, and operational responsibilities.
  • Safeguard our beneficiaries, particularly children and volunteers, from harm.

Responsibilities

  • Trustees are ultimately responsible for the oversight and management of risk. They ensure that TBC has appropriate systems in place and that the Risk Register is regularly reviewed.
  • Staff and Volunteers are responsible for identifying and reporting emerging risks in their areas of work.
  • Risk Lead (if in post) or the Chair of Trustees will coordinate the update of the Risk Register and flag key risks at trustee meetings.

The Risk Management Process

TBC follows the four-step risk management cycle recommended by the Charity Commission:

  1. Identify risks: Considering internal and external factors that may impact TBC’s work.
  2. Assess risks: Scoring risks based on likelihood and impact using our Risk Register template.
  3. Manage risks: Taking steps to avoid, mitigate, transfer, or accept each risk.
  4. Monitor and review: Risks are reviewed quarterly, and key risks are reported at every trustee meeting.

Risk Categories and Examples

The following table outlines typical risks relevant to TBC, structured around Charity Commission guidance:

Risk Category

Examples

Governance

– Inappropriate organisational structure
– Trustee body lacks relevant skills or commitment
– Conflicts of interest between personal, financial, or organisational interests

Operational

– Inadequate safeguarding practices for child beneficiaries
– Failure to recruit and train volunteers properly
– Cybersecurity threats or data breaches

Financial

– Limited funding streams leading to financial instability
– Inaccurate or insufficient financial reporting
– Cash flow issues due to lack of grant funding or sales delays
– Lack of appropriate insurance cover (e.g. for events)

External

– Reputational harm through misinformation or negative publicity
– Economic downturn affecting donor or sponsor contributions
– Changes in educational policy impacting demand or funding
– Environmental factors disrupting events (e.g. severe weather)

Compliance with law and regulation

– Breach of safeguarding or data protection legislation (e.g. GDPR)
– Inadequate knowledge of fundraising or charity law
– Failure to file statutory returns or comply with financial regulations

The Risk Register

Technology Books for Children maintains a Risk Register that captures:

What are the hazards?

Who might be harmed and how?

Risk grading

What controls can be put in place to mitigate the risks?

Risk Grading after controls put in place

Who is responsible

This register is a live document and is reviewed:

  • Immediately if a serious incident or new high-risk activity occurs.
  • Annually in line with strategic planning and budget cycles.

Training and Awareness

All new trustees and volunteers will receive an introduction to risk management during their induction, including a basic overview of safeguarding, data protection, and financial controls.

Where relevant, trustees and staff will be supported in undertaking further training (e.g. safeguarding Level 1/2, GDPR, or finance).

Reporting and Escalation

  • Serious incidents will be reported to the Charity Commission in line with their guidance.
  • Emerging risks that could pose a high-level threat must be escalated to the Board of Trustees.
  • Trustees will assess and decide on further actions or acceptance of residual risk.

Contact and Further Information

For queries relating to risk management or to report a concern, contact the Chair of Trustees Rebecca Franks – Rebecca@technologybooksforchildren.org via the contact form on our website: technologybooksforchildren.org

Version Control and Review

This policy will be reviewed annually and as needed to ensure effectiveness and compliance.

Version No

Approved By

Approval Date

Main Changes

Review Period

1.0

Board

July 2025

Initial draft approved

Annually

     
     
Facebook Instagram Linkedin X-twitter
Copyright ©2026 Charity number: 1206202
Technology Books for Children Registered Office: 61 Bridge Street, Kington, Herefordshire, HR5 3DJ
Get in touch      Volunteer with Us      Privacy Policy      Donate       Ts&Cs 

Keep in touch. Join our mailing list