Risk Register/2012
Public Risk Register
Part of our duty as a charity is to publish a risk register with explanations of how we would tackle identified risks.
We are happy to share most of these but some must remain confidential for commercial or other purposes.
This is a draft, yet to be approved by the board but here in the interest of full transparency.
1. Fundraiser risks:
Infrastructure Issues
- Debit integration
- Actions:
- Work with key developer to ensure implementation within timescale.
- Contingency planning to manage without integration, but with improved donation workflow and manual data imports to ensure good stewardship
- Payment processor problems
- Actions:
- Meet with our supplier to discuss any likely service disruption and contingencies should such occur
- Fundraising Manager to work with WMF to negotiate issues around any PayPal service disruption
- Fundraising Manager to oversee a checking/testing schedule when fundraiser is live to identify problems when they occur, avoiding prolonged outage without notice
- Fundraising Manager to work with WMF contractor to ensure through infrastructure testing prior to launch of fundraiser to identify any errors
Data storage and access
- The CRM 'workload' issues
- Actions:
- Extensive testing pre-November of data import and export mechanisms and processes
- Preparation for time-heavy processing of large data sets
- Have considered option of increasing time-out length of server in extreme circumstances on advisement
- Data protection issues
- Actions:
- Have valid data protection insurance
- Have valid and sufficient SSL certification in place
- Fundraising Manager to have oversight of those with differing access to different areas of managing the fundraiser, and ensure appropriate agreements are signed and access in line with | Calidicott principles
- Freedom of Information issues
- Actions
- Fundraising Manager to draw up process to responding to Subject access or freedom of information requests.
- Fundraising Manager work with Chief Exec to manage responses to any FoI or Subject Access requests to ensure compliance.
- Fundraising Manager to seek to pre-empt requests by timely sharing of anonymised data and results through public wiki whenever appropriate and in a planned fashion (testing pages, fundraiser specific blog etc)
- Advertising Standards Agency compliance
- Actions:
- Fundraising Manager to working with ASA's Copy Advice service to check appeals text for banners and landing pages, and linked pages with further info.
- Poor donor stewardship
- Actions:
- Fundraising Manager to plan how staff and volunteer resources to manage queries
- Fundraising Manager to organise refreshed templates for thanking donors and trial bulk mailings
- Fundraising Manager to schedule communications are timely and relevant to avoid 'spamming' audiences
2. Broader reputational risk -
Wikipedia and sister sites become unpopular and usage declines.
Action:
Build support through consistent outreach and partnership work
Financial risk - we run out of the funds needed to support our plans.
Action:
Create and adhere to good practice financial systems and protocols.
Build in contingency planning to budget
Create reserves to ensure at least one year of continuing activities.
Financial risk - we are subject to fraudulent activity from within or outside.
Action: Maintain exemplary financial systems and ensure they are adhered to through regular monitoring and professional external audit.
3. Organisational risk - the UK community fractures with disagreements between its members and constituent parts.
Action:
Continue open and transparant systems to allow open debate whilst encouraging a presumption of good faith
4. Collapsing editor base means a decrease in quality.
Action:
Build WMUK programme with editor retention and development a core objective.
Monitor effectiveness of activities.
Develop Train the Trainers to build new capacity
5. Decrease in diversity of editor and volunteer base.
Action:
Build programmes to address these concerns. Pay especial attention to developing, supporting and retaining volunteer base. Target hitherto underrepresented groups.
Monitor effectiveness of activities.