HOW SHOULD WE EVALUATE THE RISKS?
Some risks are going to be more signi cant than others. In order to decide which ones require strategic input and potential resources, you need to be able to classify them in some way. To evaluate each risk, you need to have some form of scoring mechanism that enables you to identify which risks are more signi cant than others.
It is important to understand that it is not always the most catastrophic
events that are of most signi cant. For example, if you own a care home, the impact of a  re in that home is likely to be signi cant and do lasting damage
to the charity. But the chances of this happening are probably very small with modern  re alarm systems and people being aware of the potential causes
of  re. On the other hand, if you had a member of staff who was routinely claiming an extra hour of overtime that they have not done, this could be viewed on an individual basis as insigni cant. However, if that same member
of staff was doing it 365 days a year, every year, the sums involved might add up considerably over the years and in reality it may be better to put in place systems to stop this type of fraud as opposed to installing your own on-site  re men and  re engine.
The way in which you evaluate the risks you have identi ed therefore needs to give a measure that ensures that repeated moderate risks are, perhaps, as signi cant as the one-off natural disasters.
One way to measure risk, as outlined in the Charity Commission guidance, is to score it using the following approach:
Score = (Impact x Likelihood) + (Impact)
You take each risk and allocate it a score for the potential impact and a score for the likelihood of it actually happening, using one –  ve as your scoring range. By adding back in the score for the impact, this gives a weighted score that accurately re ects the risk.
Chapter 10 195