KCHC Annual Report and Accounts 2024-25 Spreads - Flipbook - Page 38
Governance
Risk management
The Charity’s risk register includes the significant risks
to which the Charity is exposed. The Board is provided
with the Charity’s risk register at every meeting, and
updates on risks are supplied through various agenda
items. The FAIRC is responsible for a quarterly detailed
risk register review, including a deep-dive review of a
specific risk at each meeting. It is also responsible for
reviewing the effectiveness of the risk management
process.
The risk register is structured along best practice
lines, identifying the risks, the Board’s risk appetite,
existing mitigating controls, and proposed control
improvements, and allocating a calculated current and
residual risk exposure score based on the impact and
likelihood of each risk causing a loss to the Charity. The
details contained in the risk register are then grouped
and summarised into a risk map, identifying whether
each risk is rising, stable, or falling, allowing the Board
to focus its attention on the high and rising risks.
The Board and the Committee monitored the top
risks below during the year. This included how risk
mitigation plans needed to be adapted to address the
changing influences on the risks arising from external
changes.
Risk 1: NHS Restructuring
The ongoing restructuring within the NHS presents
its risks to the Trusts. We closely follow these changes
to ensure our operations remain aligned with the
evolving Foundation Trust’s healthcare landscape. By
maintaining open communication with Foundation
Trust, our key stakeholder, and adapting our activities
as necessary, we aim to mitigate potential disruptions
and continue delivering impactful services for our
beneficiaries.
Risk 2: Local Economic and Geopolitical Uncertainty
The current local economic and geopolitical landscape
presents several challenges, including economic
instability and an ongoing cost of living crisis. The
departure of high net worth individuals from the UK is
further compounding these issues, adversely affecting
our growth and fundraising efforts. These factors,
along with significant geopolitical events such as the
“Liberation Day” impact, have introduced substantial
uncertainty in both local and global markets, leading
to a decline in investment values, with capital values
falling below their initial costs.
38
S U P P O R T K I N G S .O R G .U K
To mitigate these risks, we are actively stewarding
our donors, and with our investment advisers to
manage our investment portfolios effectively. We
are committed to continuously monitoring both
local economic and geopolitical developments. This
vigilance allows us to swiftly adapt our strategies,
ensuring resilience in the face of these challenges.
Risk 3: Cybersecurity Risk
Cybersecurity risk has been elevated due to increasing
threats from cyber attacks in the marketplace, which
can lead to data breaches, financial loss, and damage
to the Charity’s reputation. To mitigate this risk, we
will appoint a Data Protection Officer during the early
part of 2026 to oversee data protection strategies and
implement the internal audit recommendations to
reduce our cybersecurity risk.
The Board is satisfied that systems are in place and
control improvements are underway to mitigate
the Charity’s exposure to risk. Furthermore, it
is committed to keeping the identification and
mitigation of risk under continual review.
Audit
The Trustees are responsible for the appointment of
the independent auditors. Moore Kingston Smith was
re-appointed during the year for the 2025 audit.
Internal audit
Four internal audits were undertaken during the year,
covering Procurement controls and GDPR. Planning
for one review and follow up reviews in 2026 was
approved.
