Foundations and Risk: Lloyd’s Register Foundation
In this series, we are taking a closer look at foundations’ attitudes to risk. We will include perspectives from across the UK and from funders with a number of specialisms and approaches.
The first article in this series comes from Professor Richard Clegg, Chief Executive of Lloyd’s Register Foundation.
This series first appeared in April 2017’s Trust & Foundation News. Read the magazine here.
Risk for us comes in two main categories – the strategic, outward-facing and environmental risk, and the operational risk. The distinction is very important, because strategic risks are ‘rewarded’. When we give a grant, of potentially millions of pounds, we are taking a risk that the grantee does what they agreed, and that what they have set out to do will achieve the impact we all hope and expect. But we are prepared to take that risk because of the opportunity, the potential for huge upside – a research project might unlock a vital piece of knowledge, a next step, for example.
The foundation is a business, a business doing charity, and has the standard operational risks of any company – legal, compliance, governance and regulatory risk, business continuity, cyber attacks, litigation, processes not working properly, fraud, changes in the external environment, and so on. These risks are very important but there is no upside, no opportunity, they are ‘unrewarded’. They may be different but the approach and principles are the same as for the Lloyd’s Register operating business, so there is a lot of overlap at that operational level, and like any well run risk management system, we have countermeasures, governance and a risk register.
The register is very important, and certainly not a box-ticking exercise. If we mismanage things very badly we could break charity law and lose our charitable status. We wouldn’t want to lose money due to fraud or embezzlement. We don’t always know the credibility of applicants until we have finished the due diligence and ‘red flag reviews’, especially when making international grants, so when dealing with applicants from abroad we have mechanisms to investigate the organisation and individuals on the ground.
But risk registers are only as good as your imagination. You have to imagine the risks and combination of events, and the consequences. The unimagined can happen and can catch you out. So we also think in terms of resilience, making sure we have a strong and well-run organisation so that if something unanticipated happens, we will be able to absorb it and recover. To use a domestic example, there are many things that can go wrong at home – the central heating or the car can break down, we can get poorly – but we know as long as we are all healthy and solvent, we can probably overcome whatever might happen. The same principle applies at work – we look at what a resilient organisation looks like, and look after those features as well as having the risk register.
All this is set within the governance framework that oversees our risk management framework – the committee structures within the grant-making side evaluating applications, conducting due diligence and so on, and the broader governance including the Audit, Risk and Investment Committee and ultimately the foundation board, which provides oversight on these risks. These are the checks and balances that challenge us on what we are doing, the mitigating controls, and ultimately on our resilience to risk.
Lloyd’s Register is a strong brand, built on independence, integrity and trust, so we strongly avoid reputational damage or anything that could lead to it. But reputation is not a separate risk on our register – we view it as a consequence or impact of other risks.
Our risk appetite statement is agreed by the board. Essentially it says that in some areas we have no appetite for risk – damaging our reputation, poor management practices or losing our charitable status. Conversely, there are some areas where we do have an appetite for risk. Risk can be positive and unlocks opportunities and value. A lot of our scientific research entails risk – you don’t know what the results are going to be until the work is finished but it also has the potential to achieve great things and further knowledge. We put in place all manner of controls to minimise or manage that risk, but things can go wrong. If we fund research work that doesn’t lead to the expected results but it was still quality work and well run, that might be unsuccessful but it isn’t a failure, lessons can be learned from it.
Managing risk also needs buy-in from the foundation leadership team. We ran a risk register workshop to brainstorm these areas with the whole team. Dealing with risk properly can make the difference between us surviving, prospering and being resilient, or tripping up and ultimately failing.
Professor Richard Clegg
Lloyd’s Register Foundation
Other articles in this series:
Foundations and Risk: The RS Macdonald Charitable Trust
Foundations and Risk: The Wolfson Foundation
Foundations and Risk: Spirit of 2012
Foundations and Risk: The Sylvia Adams Charitable Trust
Foundations and Risk: CriSeren Foundation
Foundations and Risk: Webb Memorial Trust