top of page

Risk and Governance Maturity Assessment for Non-Profit Organisations & Charities

Key Features


35 questions about governance and risk


9 to 10 minutes to complete


For charity trustees and management 


An immediate assessment score


A detailed report within five days

Assess and score the strength of your organisation's governance and risk arrangements

The success of your mission and your ability to support the community you serve are highly dependent on your organisation's resilience, regulatory compliance, and governance arrangements. As a trustee, you may face personal liability.

Take the assessment (about 9 minutes and 35 questions), get your score, and determine which areas across 4 categories (Governance & Risk Management, Risk Culture, Cybersecurity & Data, and Strategic Risk Planning) you need to improve in order to stay safe and ensure your endeavour's long-term sustainability. To gain a complete picture, management and trustees should undergo this assessment.

Case Study: UK Charity

This case study is a reminder that risk management is, by its very nature, a pro-active, people-centric mindset. Many charities find staying on top of governance and risk management difficult. Often, they lack the resources and expertise to assess themselves on their own. And sourcing external assistance can be beyond their financial reach.

Read our risk and governance assessment case study!

Why should you assess your organisation?

The assessment will tell you where you need to improve your governance to ensure compliance with the Charity Commission's requirements and ultimately stay safe. Our scorecard methodology provides you with a score that allows you to track your progress over time.

Need some Advice?

Let us know what you are looking for. We will be in touch soon to discuss how we can help you.

Thanks for submitting!

In the United Kingdom, charities and non-profit organisations must comply with many regulatory requirements, starting with the Charity Commissions.

As a trustee, you bear personal responsibility for the financial performance of the organisation you manage. You are also responsible for your management account's risk management statement:


“...charities that are required by law to have their accounts audited must make a risk management statement in their trustees’ annual report confirming that ‘…the charity trustees have given consideration to the major risks to which the charity is exposed and satisfied themselves that systems or procedures are established in order to manage those risks...”

And finally, “...The responsibility for the management and control of a charity rests with the trustee body and therefore their involvement in the key aspects of the risk management process is essential, particularly in setting the parameters of the process and reviewing and considering the results...”


The Risk profile

You have spent a lot of time on your funding strategy. However, you remain uncertain about the storage location of your data, its accessibility, and its web accessibility. You have never talked about your recovery strategy, business continuity, or safeguarding. 


Regulatory compliance

You have limited bandwidth to manage evolving legal obligations, potentially inadequate governance structures, and cybersecurity weaknesses that could result in data breaches.


Outdated policies

When was the last time you reviewed your policies? Well, you don't know. When the board last reviewed any of these documents, none of the current board trustees or directors were present.



You only hear from the same person. No one else from the management team ever attends any board meetings or sub-committee. 

Three steps to assess governance maturity with Aevitium Governance Assessment Scorecard

How does the governance maturity assessment work?

You will answer 35 questions (about 9 minutes) that will help us benchmark your charity against the governance standards across 4 categories (Governance & Risk Management, Risk Culture, Cybersecurity & Data, and Strategic Risk Planning) defined by the Institute of Risk Management and the National Cyber Security Centre (NCSC).​


Ideally, Ideally, both management and the trustees would take this assessment to get a more rounded view. 

You'll receive an immediate overall maturity score, as well as an assessment.​


You can also request a personalised report with practical steps that you can start taking immediately to improve your score and increase the effectiveness of your governance arrangements. Ideally, you can ask colleagues to complete the assessment; we will then prepare an overall view. The more, the merrier!

Next Steps

Congratulations! You have completed the assessment, and you know how protected you really are. What's next?

You need an intervention and fast!

You were very concerned about the assessment's results. This confirmed the uneasy feeling you had been experiencing for some time. You need our assistance immediately to transition into a better place.

You need help and need to learn more! 

As expected, the results of the assessment showed your organisation had some room for improvements. But you feel you have some time in front of you and you would like to explore more. You can find more information about potential options here. 

Leave your findings for another day!

You have a top score, or you don't feel this warrants any more of your time. If so, thank you for completing the assessment, and we are here to help whenever you might need some support in the future. In the meantime, feel free to read our additional resources on our blog.


We only provide the Charity Maturity Assessment Scorecard for informational purposes. This assessment generates results and recommendations based on user-provided information, aiming to offer general guidance on governance and risk management practices. Please read our Terms of Use for more information and confidentiality.

bottom of page