This guidance discusses charities and the regulatory environment within which they operate, as well the prominent risks and issues facing charities in today’s world.
A charity in England and Wales is defined, by law, as an organisation which has an exclusively charitable purposes, and is regulated by the High Court’s charity law jurisdiction. As part of this, charities must prove they exist for the public benefit. Charities are governed by a range of laws and regulations no differently to most organisations. For example, the GDPR, Employee and Health and Safety legislation, but charities have their own legislation which they must adhere to. Namely the Charities Act 2011.
Specifically, the Charities Act 2011 defines a charity as an institution which:
(a) is established for charitable purposes only, and
(b) falls to be subject to the control of the High Court in the exercise of its jurisdiction with respect to charities.
Charities of all sizes exist and exist for a range of different purposes. Many of the largest charities in the United Kingdom generate hundreds of millions of pounds of income per year with some generating over £1bn of income per year (for example, the British Council earned £1.25bn income in its 2018/19 financial year).
The objectives of a charity can range from providing humanitarian relief to being a professional membership organisation. Others include a focus on technology, health, animals, medical and social research and a wide range of other topics.
The Charities Act lists 13 ‘descriptions of purposes’
The ‘descriptions of purposes’ are a list of broad headings that a purpose must fall under to be a charitable purpose (legal requirement). Each description serves as a general heading under which a range of different charitable purposes fall. The list of descriptions of purposes, taken with the range of purposes that fall under each description, covers everything recognised, or which may be recognised, as charitable in England and Wales.
The 13 descriptions of purposes listed in the Charities Act are:
(a) the prevention or relief of poverty
(b) the advancement of education
(c) the advancement of religion
(d) the advancement of health or the saving of lives
(e) the advancement of citizenship or community development
(f) the advancement of the arts, culture, heritage, or science
(g) the advancement of amateur sport
(h) the advancement of human rights, conflict resolution or reconciliation or the promotion of religious or racial harmony or equality and diversity
(i) the advancement of environmental protection or improvement
(j) the relief of those in need, by reason of youth, age, ill-health, disability, financial hardship or other disadvantage
(k) the advancement of animal welfare
(l) the promotion of the efficiency of the armed forces of the Crown, or of the efficiency of the police, fire and rescue services or ambulance services
(m) any other purposes currently recognised as charitable or which can be recognised as charitable by analogy to, or within the spirit of, purposes falling within (a) to (l) or any other purpose recognised as charitable under the law of England and Wales.
Every charity must have a governing document. A charity’s governing document is a legal document which sets out:
Trustees have overall control of a charity and are responsible for making sure it’s doing what it was set up to do. They may be known by other titles, such as:
Trustees are the people who lead the charity and decide how it is run. In additional to the board of trustees, there is typically an executive or management team (chief executive, finance director, IT director, etc.) who run the organisation and report into the board of trustees.
The need for effective governance arrangements within charities is at its highest due to the complex nature of many charities’ operations, and the risks attached to those operations. Heightened media and public scrutiny are also resulting in charities ensuring that their governance arrangements are robust, with a particular focus on transparency.
There is a range of best practice available to an organisation on effective corporate governance.
For charities, there is the Charity Governance Code, which was created through collaboration between a range of charity focused organisations and the creation of a steering group.
The Charity Commission was an observer on the group which developed the Code.
This Code is considered to be best practice within the sector.
Charities are subject to a range of regulatory oversight, including the Information Commissioners Office, the Health and Safety Executive, etc. But the key regulator is the Charity Commission for England and Wales (“CCEW” or “the Commission”). The Commission is an independent, non-ministerial government department accountable to parliament.
The Commission is the regulator of charities in England and Wales and maintains the charity register. As the regulator, it is responsible for maintaining an accurate and up-to-date register of charities. This includes deciding whether organisations are charitable and should be registered. They also remove charities that are not considered to be charitable, no longer exist or do not operate or have been considered to have acted inappropriately and the Commission considers them no longer fit to act as a charity.
Any member of the public can access the register to determine whether an organisation is a bona-fide, registered charity.
Similarly, there is a charity regulator in Scotland, the OSCR, where the same principles apply. Most of the charities that operate in England, Wales and Scotland are registered with OSCR and with the Commission. These are known as ‘cross-border’ charities.
Under a Memorandum of Understanding, OSCR and CCEW operate effective information sharing and joint working arrangements.
OSCR and CCEW work on a ‘lead regulator’ basis for cross-border charities to reduce the regulatory burden. This means that CCEW will be the lead regulator for cross-border charities and in general will take responsibility for dealing with concerns about cross-border charities, unless the concern relates to a Scottish specific matter that OSCR would be best placed to look at. There may be some circumstances where a joint inquiry is appropriate.
This does not mean that cross-border charities must only report to CCEW. All charities registered in Scotland must fully comply with the requirements of Scottish charity law.
Both regulators have similar regimes in terms of when charities should report certain events and incidents to them. CCEW calls this ‘serious incident’ reporting (refer below for further information), while OSCR refers to it as ‘notifiable events’. Cross border charities are required to report to CCEW, but do not need to also report the incident/event to OSCR.
The Charity Commission requires charities to report serious incidents. If a serious incident takes place within a charity, it is important that there is prompt, full and frank disclosure to the Commission. The Charity is required to report what happened and, importantly, let the Commission know how the charity is dealing with it, even if they have also reported it to the police, donors, or another regulator.
A serious incident is an adverse event, whether actual or alleged, which results in or risks significant:
For the purposes of the guidance by the Commission, ’significant’ means significant in the context of a charity, taking account of its staff, operations, finances and/or reputation.
Charities should have a serious incident reporting policy and procedure in place which details when and how a report should be made, and the internal escalation and approval processes which should be followed prior to the report being made.
The responsibility for reporting serious incidents rests with the charity’s trustees. In practice, this may be delegated to someone else within the charity, such as an employee or the charity’s professional advisers.
However, all trustees bear ultimate responsibility for ensuring their charity makes a report and does so in a timely manner.
If they decide not to make a report about something serious that has happened in a charity and the Commission later becomes involved, the trustees will need to be able to explain why they decided not to report it at the time.
Charities are facing unprecedented regulatory requirements. Equally, charity operations are as complex and diverse as they have ever been.
Charities face a number of complex risks, including in areas such as:
Charities are facing a number of complex risk areas, and therefore need robust polices, processes, procedures, and controls. In addition to the areas discussed above, other areas of risk include legacies, granting giving and receiving and the need for effective governance (which is discussed above).
The Charity Commission heavily recommends that charities have an internal audit activity in place, but do not make it mandatory. There is, therefore, a need for boards and their sub-committees (in particular an audit committee, or equivalent) to see the considerable benefit that internal audit assurance can provide over these risk areas.
In all areas of a charity’s activities, it is the responsibility of the trustees and management to identify and manage the risks.
Internal audit’s primary role is to provide objective and independent assurance that risks are being identified, assessed, responded to, and reported especially if they are potentially outside the risk appetite set by the trustees/board of the organisation.
In many organisations it is likely that internal audit will form part of an integrated assurance framework for monitoring or reviewing key risks. This is typically more prevalent in larger charities, those with complex operations and those who have international operations. Internal audit will therefore be one source of assurance within the three lines of defence.
It’s imperative that risk-based internal audit practices are followed, in order to focus the internal audit resource available on the key risk areas.
A key consideration when performing both risk-based annual audit planning, and the planning for the individual internal audit engagements, is what subject matter expertise is required in order to deliver the review. Where risks are complex within the charity, it is important that the internal audit team utilises subject matter expertise in the delivery of the audit, and that the individuals are competent to perform the work. This is particularly relevant in areas such as safeguarding, health and safety and complex IT risks.
Internal audit may play an advisory role where, providing it has the relevant capability and expertise, it can both challenge and work with management on its approach to managing specific risks, assist in workshops, etc.; providing that it remains independent and this role does not result in a potential conflict of interest in the future.
Other areas where internal audit could work with management could include:
Much of the content included above will be relevant to various jurisdictions, however some areas may differ, in particular in relation to legislation and regulatory responsibilities.
Scottish Charity Regulator - OSCR
The Charity Governance Code Steering Group - Charity Governance Code
Gov.uk - Setting up a charity
Gov.uk - Charities and risk management