It is best practice for all PCCs to consider the risks to which they are exposed and to take appropriate steps to minimise them.
Whilst risk management is the responsibility of the PCC it is often easier for a small group to work through the risk management process and then present the results to the PCC for discussion and adoption.
Firstly you will need to identify, categorise and review (decide what to do about) the risks which affect your church. Click here for notes on how to do this.
Having identified risks, categorised them and decided what to do about them you need to put the details into a register (the Risk Register) as a record of what has been decided. All PCC members need to be aware of the contents of the register. The register should also be reviewed at least annually and, if major risks are identified in the meanwhile, they will need to be added.
Recognising Risk Management in the Annual Report and Accounts
All PCCs with income or expenditure over £250,000 are required to have a policy with regard to the management of risks. There must be a statement in the Annual Report and Accounts stating that the PCC have considered the major risks they may be subject to and have put in place appropriate systems to mitigate those risks.
In addition to the above information you may want to visit our page on financial controls and look at the Charity Commission’s guidance on risk management (CC26) which can be found here.