A risk register is a structured document that identifies the key risks facing your organisation, assesses how likely and serious each risk is, records the controls you already have in place, and sets out the actions needed to manage each risk further. For charities and nonprofits, it is one of the most important governance tools you can have.
In the UK, the Charity Commission's guidance CC26 makes clear that managing risk is a core trustee duty. The Charity SORP requires the Trustees' Annual Report to include a statement on principal risks and how they are managed — and a risk register is the evidence behind that statement. For US nonprofits, IRS Form 990 Part VI asks boards directly about risk oversight, and major funders increasingly expect organisations to demonstrate active risk management as part of due diligence.
Our free AI generator produces two documents at once: a scored risk register table with likelihood, impact, controls, and recommended actions; and a complete risk management policy that can be adopted by your board. Both adapt automatically to UK, US, and global contexts.