Key Points

  • Risk is part of life and organisations need to regularly think ahead to anticipate and manage risks that might arise.
  • Compliance is about having good checks in place to make sure your plans to manage risks and to meet other obligations are being followed.
  • Most organisations need to report on how they are complying with their plans … either internally to the Board or externally to regulators.

All activities involve risks – around safety, fraud, and the well-being of others.  Good governance processes help boards take risks seriously and be aware of and manage the risks associated with their activities.  Risks are usually considered in two dimensions:  the likelihood of the risk event occurring and the severity of the impact it would have if it did occur.   Risk management plans consider ways of reducing risk on both these dimensions.

Compliance is about ensuring your organisation’s obligations are being met – around managing risk or around complying with the rules or regulations that apply.   Compliance requirements will differ for each organisation depending on the type of activities it undertakes.  For example, if the organisation works with children, is involved in aged care, or is involved in raising funds or food handling, there are specific rules relating to each of these activities that the organisation needs to follow and be compliant with.  For organisations that are registered charities, the ACNC oversees the organisation’s compliance with the regulations it must meet to maintain its registration as a charity.  Compliance usually involves documenting the actions you have taken to comply with your organisation’s obligations and then reporting to an authority … either internally to your Board or externally to regulators … or both.  There are also some important financial regulations and obligations all organisations need to comply with – such as ensuring that the organisation isn’t spending money it hasn’t got (trading while insolvent).  

If your organisation is a structured legal entity Board members will have some legal protections against personal liability if they can demonstrate reasonable care and diligence in acquitting their duties.  Risk and compliance processes are an important way of demonstrating that diligence and care. If your organisation is an unincorporated association risk and compliance processes will be an especially important way of guarding against events for which you may be found to be personally liable as a Committee member involved with the organisation.

Some organisations may consider seeking external advice in areas of compliance and risk, particularly if the activities of the organisations are inherently risky.

Top Tip

Check whether your organisation has a document or process that identifies the major risks associated with its core activities and the procedures and processes it has in place to deal with them. This will often be known as a “Risk Management Plan”.

Make sure you understand the regulatory bodies to which your organisation must report. This will be determined by the kinds of activities it undertakes.

Want more? ... check out these resources

Online article – Institute of Community Directors – 5 minute read


The Institute for Community Directors has so much wonderful advice and this article gives you a really clear framework for setting up a risk management process.

Online toolkit - QCOSS - Over 10 minute read


Another good summary of Risk Management basics with links to all the main related legislation.

Online article – Institute of Community Directors – 5 minute read


Here’s a ten-step guide to thinking about and managing risk in your organisation.  It’s a really good starting point to get your head around risk issues and gives you a helpful list of things you should look out for or make sure are in place.

Online toolkit – Australian Charities and Not-for-profits Commission – 10 minute browse


Not all organisations are registered as charities, but if yours is you’ll need to know the compliance requirements of the ACNC.  This toolkit answers all the questions you will have about ACNC requirements

Online article – Australian Securities and Investments Commission – Over 10 minute read


As we said in the “What about the financials” topic, trading insolvent – or spending money when you don’t really have it – is a very big deal and one of the major responsibilities of governance members is to avoid it.  So we’ve added this resource on insolvency here under “Risk and Compliance” topic as well.  This package on the ASIC website gives you all the basics on Insolvency.  Click on the “what to do if you suspect financial difficulty” link to go to the section about how to take action if you are worried about insolvency.

Skip to content