St Andrew's

Psalter Lane


Risk Management Policy and Procedure

St Andrew’s Psalter Lane Church

Risk Management Policy and Procedure


1. Purpose of this document

The policy supports the Church’s arrangements for risk management and organisation, including an explanation of the approach to minimising risks to its operations and well being.  A definition of risk and how it is assessed are provided, along with a description of the risk assessment process.


2. Definition of risk

Risk is the uncertainty surrounding events and their outcomes that may have a significant effect on Church activities.  All activities are liable to entail risk of damaging impacts arising either from potential threats and unexpected consequences or because an action which would have removed or reduced a threat was not taken. Risks are evaluated by carrying out a qualitative and quantitative assessment of the risk to St Andrew’s Psalter Lane Church (SAPLC) objectives.  This is based upon estimates of the importance of issues or events to SAPLC aims and functions as well as the likelihood of the event or outcome occurring. 


Having identified the presence of risks to SAPLC operations and well-being, the intention is to minimise these risks to ensure they are reduced to acceptable levels. Risk management is inclusive of the risk assessment process, and uses the results of risk assessments to make decisions on the acceptance of risks or on actions to reduce any risks.


3. Risk appetite

The level of risk associated with the attainment of SAPLC objectives and operations is reviewed by the Property and Finance Committee.  Tolerable risk varies across the range of activities undertaken in and by SAPLC, so for instance a greater level of risk may be acceptable in a single act of kindness, for example a loan that might not be repaid, than would be attached to an issue that would cause the ethical standing of the Church to be questioned.  Low tolerable risk would apply to threats to the safety of users of, or visitors to, the Church, particularly children and other vulnerable persons and to issues that threaten the Church's continued existence, such as unsustainable financial losses.      


Risks are categorised as being Governance, Operational, Financial, Environmental and External, and Compliance based.  Low tolerance applies to Operational and Financial risks, whereas the others are regarded as moderate tolerance, where it is accepted that a degree of risk must be tolerated for the church to fulfil its mission.


It is important to appreciate that risk management is a continuous process involving risk identification, risk assessment, identification of measures to reduce risk and consideration of the residual risks after controls have been implemented.  Tolerance of risk level may also change, depending on circumstances and experience, as well as external factors such as  the extent to which insurance  cover cushions the impact of a risk.   As noted below, the Risk Assessment will be reviewed annually but, where necessary, changes may be made immediately the need for change is identified.


4. Risk Assessment Procedure

Significant risks to the operations and well-being of SAPLC will be identified and quantified on the The Risk Assessment Table.  The Property and Finance Committee is responsible for doing this in consultation with others, as necessary.  Risks are categorised according to their potential impact if left unmitigated and likelihood of occurrence using the scoring system below.  


The Ecumenical Church Council (ECC) has ultimate responsibility for Risk Management, including risk appetite and mitigation.  The ECC should satisfy itself that risks are being actively managed with the appropriate controls in place and that they are working effectively.


5. Risk scoring and categorisation

The following scoring system will be used:


Likelihood (x)

  • 1  Very unlikely  May only occur in exceptional circumstances
  • 2  Unlikely  Could occur at some time but unlikely
  • 3  Possible  May occur at some time
  • 4  Likely  Will probably occur/re-occur at some point
  • 5  Very likely  Almost certain to occur/re-occur



Impact (y)

  • 1 Insignificant  No financial loss; disruption to day to day work manageable within existing systems
  • 2 Minor  Minor financial loss / disruption to systems; procedures require review but manageable; limited slippage in work activity
  • 3 Moderate  Disruption to financial systems and losses; significant slippage in activities and delays to operations 
  • 4 Major  Major financial loss; large scale disruption to activities; objectives and ethos severely undermined; poor quality guidance leading to loss of confidence in SAPLC
  • 5 Catastrophic  Huge financial loss; significant threat to viability of SAPLC in total or in part; huge disruption to activities; almost total lack of confidence in SAPLC



Risk Factor

The “Factor” is derived by multiplying the value for Risk (x) against Impact (y) and then adding the value for Impact i.e. xy+y.


Risks are then categorised, as follows

Risk Factor



4 to 6


Activity managed by existing procedures

8 to 12


Action required to reduce risk

15 to 30


Immediate intervention required to reduce risk



6. Review

The Risk Management Policy and Procedure and the associated Risk Assessment will be reviewed annually. The next review is due in July 2024.


This version agreed and accepted by the Ecumenical Church Council, 25th July 2023.

Powered by Church Edit