What is Resilience?
Organisational resilience has been defined as “the ability of an organization to anticipate, prepare for, and respond and adapt to everything from minor everyday events to acute shocks and chronic or incremental changes”. (British Standard 65000: 2014 Guidance on organizational resilience).
The concept of resilience also carries with it the sense of being adaptive and agile, including being proactive and flexible in the face of a changing context or operating environment. This enables you to become stronger and better able as a charity to manage incidents or crises in a more effective way than might otherwise be the case. Increased resilience can be beneficial in helping you to prevent or reduce potential loss and damage to your charity, including financially, reputationally or in terms of improved business continuity.
For example, the Covid-19 health pandemic is impacting significantly upon many aspects of routine business for many organisations, including charities. This is taking many different forms, such as changes in legislation and statutory regulations, reduced available funding, staff sickness, reduced input by volunteers, or having to implement different working practices. Such changes can also create associated unplanned for threats, risks, and potential vulnerabilities for your charity which need to be considered. For instance, how to mitigate additional cyber security risks, or manage staff well-being remotely with the associated legal and insurance implications of lone/home working. These all require you as an organisation to be adaptive and innovative in your planning and responses in order to continue operating effectively or, in some instances, to even survive in the current challenging and uncertain context.
The R4C Resilience Journey
At R4C, we have developed our own unique risk and resilience matrix tools. Not only do these seek to identify the principal threats, risks, gaps and vulnerabilities facing your charity and its ability to deliver on its charitable mission, but they do this in a comprehensive, integrated and practical way.
Though we consider compliance related issues as part of your audit, increased compliance is not our primary destination; rather, it is only one of the stepping-stones on your journey towards increased organisational resilience. We are concerned also with identifying other forms of potential threat, risk, and vulnerability which could impact significantly upon your charitable objectives and operations if not addressed. These include identifying the relationship between different areas of risk and compliance which may not be immediately apparent, but which may nonetheless create important vulnerabilities for your organisation if not addressed.
Common Charitable Threats, Risks, and Vulnerabilities
An essential part of the journey towards increased resilience, which is commonly overlooked or insufficiently understood by many organisations, is to identify all principal sources of potential threat and risk to your charitable objectives and operations, including related vulnerabilities. Without this initial assessment, you cannot effectively plan or prepare for or respond to issues or incidents which may impact negatively upon your charity.
The primary areas of risk facing a charity typically fall into the categories of governance, finance, human resources, compliance, IT/cyber and business continuity management. These risks and related vulnerabilities will commonly manifest in the following forms:
- Inadequate financial controls and due diligence, resulting in a regulatory breach or fraudulent conduct;
- A safeguarding incident involving children or an adult with care and support needs, without having the correct systems and procedures in place;
- A church worker or volunteer listed on the sex offender’s register being involved in the provision of pastoral care because correct Disclosure and Barring Services checks were not carried out, posing a risk to more vulnerable members of your congregation or community;
- A failure to take reasonable precautions in response to a foreseeable health and safety risk, resulting in a serious accident;
- An employee disciplinary or grievance issue, made worse by having insufficient mechanisms in place to ensure procedural transparency and fairness which may provide grounds for further complaint or legal proceedings;
- An employee or contractor dispute caused by having no or inadequate contracts in place, resulting in significant loss and / or disruption to your organisation;
- A significant personal data breach caused by a cyber incident involving your organisation’s database, without having the necessary insurance policy in place to cover the cost of potentially significant liabilities under data protection legislation (GDPR);
- Not having the correct policies, systems or training in place to demonstrate the necessary level of due diligence expected or required by insurance underwriters, which may impact upon if / what may be claimed under your insurance policy in the event of a claim; and
- Insufficient planning or preparation for disruptive events to business continuity, impacting negatively upon the ability of your charity to respond to or recover from incidents in the most effective way to minimise resultant loss and damage.
I cannot recommend Resilience for Charities highly enough. I have received extraordinary personalised service, bespoke to the needs of our Charity, which was delivered with utter professionalism. All recommendations were extremely insightful and transformational, making us more resilient and confident going forwards.
Director, Flame International
R4C really helped us to navigate safely through deep waters of complexity during a period of difficult growing pains. With professional ease and pragmatism, they helped us to restructure the charity, achieve CIO status and put new systems in place, leaving us confident and resilient. We are forever grateful for their excellence and help.
Chris and Tracey Wickland
Living Word Church Network