Login

Governance360 logo
Volunteer-run Boards

Charities, Sports, Housing Associations and more

Small & Medium businesses

Perfect for any size and type

Partners & Resellers

Find out more about our partnership options

Our Platform

Explore our range of features

Board Meeting Portal

Risk Register Tool

Board Accountability Tools

Board Compliance Tools

Director Academy

Trial Governance360

Start a free trial in less than 12 minutes

More about Governance360

Pricing Plans

Find a Partner

Board Meeting Portal

Run better board meetings

Risk Register

Manage and mitigate risk

Action Register

Build board accountability

Director Academy

Upskilling Directors

All Features

Platform overview

Trial Governance360

Start your free trial today

About Governance360

Pricing Plans

Start Free Trial
Governance360 logo

Resources / Insights

Improve Your Risk Register: Tips for Trustees

Improve Your Risk Register: Tips for Trustees

Improve Your Risk Register: Tips for Trustees

Practical Tips for Charity Trustees, Housing Association Boards and Voluntary Sector Leaders

Introduction

If you are a charity trustee or sit on a housing association or voluntary sector board, chances are you have seen a risk register that nobody quite trusts. It is either too long, too technical, or last updated before the pandemic. According to the Charity Commission, risk management is one of the most common areas of weakness identified during regulatory reviews — yet the fix does not have to be complicated.

In this post, we will share straightforward, practical steps to improve your risk register quickly. No consultants required. Whether you are starting from scratch or rescuing a spreadsheet that has grown out of control, these tips will help you produce something your whole board can use with confidence.

Governance360 is built specifically for boards like yours, and we will show you where the platform can support each step — without turning this into a sales pitc

1. Why Most Risk Registers Fail

Risk registers are supposed to help boards make better decisions. In practice, many become a compliance exercise — completed to satisfy an auditor or funder, then filed away until next year.

The most common problems are:

  • Too much detail: Registers with 50+ risks in tiny spreadsheet columns that nobody reads
  • Poor ownership: Risks listed without a named person responsible for managing them
  • Stale information: Scores and notes that have not been revisited in months or years
  • Board exclusion: Only the CEO or clerk has access to the live document

These are not signs of a bad organisation. They are signs of a process that was set up without the board’s day-to-day reality in mind. The good news is that each one is fixable.

2. Make It Simple

The single biggest improvement most boards can make is to shorten their risk register.

A register with 8–15 well-described, actively managed risks is far more useful than one with 60 vague entries. Here is how to simplify:

Start with a clear risk appetite statement

Before cutting anything, agree as a board what level of risk you are willing to accept. This gives you a filter. If a risk sits well within your appetite and has solid controls in place, it probably does not need to be on the main register at all.

Use plain language

Avoid language like “reputational exposure arising from stakeholder sentiment misalignment.” Say instead: “Negative press coverage affects our ability to recruit volunteers.” Your board will engage far better with language they actually use.

Keep each entry short

For each risk, you need:

  • A clear description (one or two sentences)
  • A likelihood score
  • An impact score
  • Who owns it
  • What controls are in place
  • When it was last reviewed

That is it. Anything else is optional.

Pro Tip: If a trustee cannot read and understand a risk entry in under 30 seconds, it needs rewriting.

3. Make It Visible

A risk register only works if board members can see it, understand it, and refer to it between meetings. If it lives in a folder on the CEO’s laptop or buried in a SharePoint site nobody can navigate, it is not doing its job.

Shared access matters

Every board member should be able to view the current risk register at any time — not just at the point when it appears as a paper in the board pack. This is particularly important for housing associations, where board members may be drawn from the local community and may not have frequent contact with the executive team between formal meetings.

Bring it into board meetings properly

Rather than attaching the full register as a PDF appendix, consider presenting a “heat map” summary at the start of each board meeting — a simple grid showing which risks are high, medium, and low. This takes two minutes and immediately focuses attention where it is needed.

Visual formats help

Colour-coded heat maps, simple traffic light summaries, and dashboards make risk information far easier to absorb than rows of data in a spreadsheet. You do not need expensive software to do this — but having the right tool does make it significantly easier.

Governance360 includes a built-in risk register with live dashboards that every board member can access from any device. Risks are displayed visually, with clear ownership and review dates, so nothing gets lost between meetings.

4. Use Structured Guidance

One of the most common problems with risk registers is inconsistency. One trustee rates a risk as “high likelihood” while another would call the same risk “medium.” Without a shared framework, your register becomes a collection of personal opinions rather than a useful governance tool.

Agree a scoring system

A simple 3×3 or 5×5 matrix works well for most voluntary sector boards. The key is that everyone uses it the same way. Define what “high impact” means for your organisation specifically — financial loss over a certain threshold, loss of a key service, regulatory action, and so on.

Categorise risks consistently

Group risks into clear categories such as:

  • Financial
  • Operational
  • People and safeguarding
  • Reputational
  • Regulatory and legal
  • Strategic

This makes it much easier to spot where your risk exposure is concentrated and whether certain categories are being neglected.

Use prompts and guidance notes

Not every trustee will have a risk management background, and that is fine. What helps is having simple prompts built into the process — questions like “What could stop us achieving this objective?” or “What would we do if this happened tomorrow?” These draw out real risks rather than theoretical ones.

Pro Tip: The Charity Commission’s guidance document Charities and Risk Management (CC26) is a practical starting point for developing your scoring framework.

Governance360 provides structured templates and guidance built into the risk register, so trustees are walked through the process consistently. This is particularly helpful for newer board members who may not be familiar with risk management terminology.

5. Iterate — Don’t Overhaul

Many boards treat the risk register as a once-a-year project. A subcommittee spends an afternoon reworking the whole thing, it gets approved at the next full board meeting, and then it sits untouched for another 12 months. This approach misses the point entirely.

Review risks regularly — and briefly

A standing agenda item of 10–15 minutes at each board meeting to review the top 3–5 risks is far more effective than an annual deep-dive. Ask: Has anything changed? Are the controls still working? Is there a new risk we have not captured yet?

Assign ownership and review dates

Every risk should have a named owner — typically a trustee or senior member of staff — and a review date. Without these, nothing gets updated. With them, accountability is clear.

Let the register evolve

Your risk register at the end of year one should look different from when you started. New risks emerge, old ones reduce, your organisation’s context changes. A register that never changes is probably not being genuinely reviewed.

Small updates are fine

You do not need to rewrite the whole document to update a risk. Changing a score, adding a note about a control that has been strengthened, or recording that a risk has been downgraded — these are all valid and valuable updates. Encourage trustees to flag updates as they arise, not just at formal meetings.

With Governance360, board members can update risks, add notes, and flag concerns directly in the platform between meetings. The audit trail captures every change, so the board always has a clear picture of how the risk landscape has evolved over time.

6. How Governance360 helps Improve Your Risk Register: Tips for Trustees

Governance360 is a governance platform designed for boards in the charity, housing, and wider voluntary sector. The risk module brings together everything described in this post into a single, straightforward tool:

  • Live risk register accessible to all board members, on any device
  • Visual dashboards showing your risk heat map at a glance
  • Structured templates with scoring guidance built in
  • Ownership and review date tracking so nothing slips through
  • Audit trail showing who reviewed or updated each risk and when
  • A key part of the main dashboard alongside board papers and meeting management so risk is always part of the conversation, not an afterthought

The platform is used by charities, housing associations, and other voluntary sector organisations across the UK. It is designed to be accessible to non-executive trustees, not just governance professionals.

If you are spending more time managing the risk register than actually discussing the risks, Governance360 can help you reclaim that time and focus your board on the conversations that matter.

🎯 Key Takeaways

  1. Simplicity beats comprehensiveness: A short, well-maintained register of genuine risks is always more useful than an exhaustive one nobody reads.
  2. Visibility is non-negotiable: Every trustee should be able to access and understand the risk register at any time, not just a sub committee or at a strategy day each year
  3. Consistency requires structure: Agree your scoring framework as a board and write down what each score means for your organisation (or use the one provided by Governance360)
  4. Regular small reviews beat annual overhauls: 10–15 minutes at each board meeting keeps your register current and your board engaged.
  5. Ownership drives action: Every risk needs a named owner and a review date, or it will not be managed.

The bottom line: A good risk register is not a document you complete — it is a conversation you have, regularly, with the right tools to support it.

See how Governance360 supports your risk register

If you would like to see how the platform works in practice, you can request a short demonstration — no commitment required. We work with charities, housing associations, and voluntary sector boards of all sizes across the UK.

Ask for a demo here.

📚 Additional Resources

Recommended reading:

External resources:

About the Author

Governance360 Editorial Team

Governance360 supports charity trustees, housing association boards, and voluntary sector leaders with practical tools and guidance for effective governance. Our platform is used by organisations across the UK to manage board meetings, risk, compliance, and assurance in one place.

 

Last Updated: May 2025 Reading Time: 8 minutes

 

 

 

 

Governance360 is a trading name of Board Secure Ltd (Co No 11363367). Registered in England and Wales. Registered office: Cardiff. Board Secure Ltd is the 100% parent company of Governance360 Limited, which is a separate, dormant company acquired for brand protection reasons.