How charities support governance and policy management with limited resources
Robust governance is critical for every charity. Like other regulated sectors, charities have various governance requirements and compliance steps that they must follow. While the actual details of these differ across the US, UK and Europe, charity governance and compliance focus on many of the same areas:
- Regulatory oversight with unique requirements for charities with related reporting.
- Financial and tax filings that are also particular to charities.
- Appropriate approaches to fundraising.
- Duties of trustees, board members, directors and other charity leaders.
- Stipulations, requirements and reporting as set by donors, including government bodies, institutions and corporates, and more!
While these themes are consistent, the specific regulatory frameworks differ significantly by market. In the UK, charities are regulated by the Charity Commission for England and Wales (or OSCR in Scotland) and must comply with the Charities Act 2011, submit annual accounts under Charity SORP (FRS 102), and adhere to Gift Aid rules. In the US, 501(c)(3) organisations must file annual IRS Form 990 returns and meet state-level charity registration requirements. Across the EU and UK, GDPR governs the handling of donor, volunteer and beneficiary personal data, with significant penalties for non-compliance.
On top of this, charities also must focus on the critical areas of governance and compliance that all organisations must follow – employment recruitment, data privacy, security and so on.
Governance challenges for charities
Rigorous governance and compliance can be challenging, particularly for smaller charities. There can be issues down to:
- Limited staff with very little time to provide effective oversight for all areas of governance.
- Limited budgets to invest in the kind of software and tools that can support better governance and help automate compliance.
- An overreliance on manual methods for reporting and evidence – for example, tracking who has read a policy – which is inefficient, time-consuming and leads to errors.
- A lack of specialist internal know-how and a reliance on external specialist help.
- A reliance on volunteers with limited time and potentially little knowledge of what might be critical procedural steps.
- A general propensity to prioritise time, effort and investment to directly benefit those that the charity is set up for, sometimes at the expense of important but less pressing internal activities.
Policy management in charities
These challenges are often reflected in charity policy management, an area critical for compliance. Limited investment and resourcing can impact the effective distribution and management of policies through their lifecycle. This represents a risk, because having the right policies in place and providing easy access to them is critical for charities. Charity policies:
- Help ensure there are smooth day-to-day operations across the charity.
- Support the watertight governance that is critical for all charities and fundraising activities.
- Demonstrate compliance in terms of any regulatory audits and investigations, as well as financial and other reporting.
- Help establish and maintain credibility with major donors.
- Follow all the right procedures relating to any federal or government funding that might be provided.
- Ensure the right policies and procedures are consistently followed by volunteers who might not necessarily know standard or required approaches.
- Provide guidance to staff on everyday decision-making on more specialist matters when there isn’t a full-time staff member.
- Help charities execute their duty of care to volunteers and fulfil commitments to donors.
- Ensures everything possible is done to ensure robust data privacy and cybersecurity approaches are in place, and more!
How charities struggle with policy management
Unfortunately, the reality is that many charities struggle with effective policy management. Updating and distributing a policy is rarely top of the “to-do list” for employees with very limited budgets and tight resourcing, and where employees might be “maxxed out” with their day-to-day activities. Often, there has also been little to no investment in solutions that can support effective policy management, meaning that:
- Policies and procedures may be out of date.
- Policies that are being used have not been reviewed by all the people who need to review them.
- There are informal or differing procedures rather than watertight and standardised policies that are adhered to across the charity.
- Policy documents are often lost in shared drives, so they are hard to find or impossible to access.
- Multiple versions of the same policy are in circulation.
- Manual tracking using email and spreadsheets is used to confirm that employees, volunteers and even trustees have read or confirm policies, something which is highly inefficient and time-consuming.
The risks for charities when policies aren’t in place
Without up-to-date or easily findable policies, charities leave themselves vulnerable to risk areas which, at a high level, can result in reputational damage. A single incident can lead to a ripple effect, which can have a significant impact on donations and fundraising.
All charities have reporting they need to complete and procedures that they must follow. Failing on these can lead to a formal investigation that can cause reputational damage and impact donations, put leadership and trustees into a difficult position, and so on.
Many charities have a significant number of volunteers, some of whom may be interacting with the public or may be involved in contact with vulnerable members of society. Volunteers are not employees, and they will not have the same level of training or professional background. They need to be able to have access to the right policies and procedures to reduce the chance of an incident and provide better safeguarding for themselves, employees, other volunteers and the public. In the UK, charities working with vulnerable adults or children must comply with safeguarding frameworks established under the Care Act 2014 and relevant statutory guidance. In the US, applicable state mandatory reporting laws impose legal obligations on organisations working with minors or vulnerable populations.
Data privacy and security
According to a survey from give.org (a US-based study), 68.8% of donors are either “very” or “somewhat” concerned about their data being hacked or stolen. Similarly, 62% also report they are concerned about a charity sharing their data beyond the organisation.
Serious data breaches or data compliance issues among charities are often caused inadvertently by employees or volunteers. It is essential to have policies and procedures in place to reduce the chance of this happening – a data breach can be an existential threat to a charity.
For charities operating in the UK and EU, GDPR (the UK GDPR and EU GDPR respectively) imposes strict legal obligations around how donor, volunteer and beneficiary data is collected, stored and processed. Non-compliance can result in significant fines from the ICO (UK) or national supervisory authorities (EU), as well as serious reputational damage. Having clear, up-to-date data protection policies and being able to evidence that staff and volunteers have read and understood them is, therefore, a critical compliance requirement.
Some funding organisations and corporate owners have special considerations and reporting requirements, some of which can be project-specific. Government-funded charities (including, in the US, those receiving federal funding) also have to follow specific reporting requirements. Without the right policies in place to support funder compliance, there is a risk of impacting future funding from these institutions, which are a substantial source of income.
Effective charity policy management on a budget
Achieving effective policy management is possible, even on a budget and with limited resourcing. It takes a little initial outlay and effort, but once in place, it can even pay for itself through saved time, and – most importantly – reduce your risk exposure. It involves two main steps:
- Investing in a low-cost and easy-to-use policy management solution that integrates into your existing digital workplace, usually Microsoft 365
- Ensuring your key policies are up to date and have named owners.
From there, you can maintain a policy management system where policies are up to date, easy to access for employees and volunteers, and ultimately support governance, compliance and operations.
What does effective charity policy management look like?
Using the right solution makes it possible for charities to deliver policy management on a budget. Here’s what it looks like:
| Element | Notes | Benefit |
|---|---|---|
| A solution that is easy to use & requires no training | Ultimately, any solution should be very easy for admins, policy owners, employees and volunteers from the get-go, with no training required for users. Solutions using familiar Microsoft 365 interfaces reduce any associated learning curve. | Good levels of adoption. No additional resources are required for managing the change. Quick and straightforward implementation with minimum disruption. |
| A single, personalised policy library that everyone can access | A single policy library that is easy to access with strong search and custom navigation to find policies, which is also personalised to different roles and individuals. Potentially different versions of this policy library can be presented to different audiences, with policies even presented externally on a website for volunteers or the public. | Everyone can find and access the policies at the point of need, reducing risk and ensuring better compliance with policies. Ticks the boxes for the main different groups: employees, volunteers, trustees, public and more. Personalisation ensures people can only see the policies that are relevant to them. |
| Simple & transparent review workflows | Any policy management solution should offer clear ownership of every policy, with the ability to establish custom workflows for the creation, review and approval of both new and existing policies, while delivering notifications to keep everyone on track. Version control should also be built in. This should also provide transparency, with the opportunity to review the status of each policy. | Supports policy owners to keep their policies up to date, while also ensuring policies are watertight in terms of their content and review protocol. Ensures only the latest version of policies is in place and avoids multiple versions in circulation. Supports transparency and accountability, while also increasing trust in policies. Overall supports effective policy management, reducing risk. |
| Automation replacing manual effort | Where possible, a solution should leverage automation across tracking, reporting, approval workflow, version control, employee attestation and more. Massively reduces the manual effort required. | It makes policy management far more efficient and cost-effective, and saves considerable time and effort, freeing up busy team members. Makes policy management scalable for small charities and tightly resourced teams. |
| Central control & stewardship over policies | Provides central and effective controls to allow administrators to have oversight of the status of all policies, ideally with additional capabilities to provide templates for different policy types, set custom metadata for searching, and more. | Provides effective controls to ensure there is an efficient and effective policy management programme with the required standards. Leads to good adoption, strong compliance and effective risk management. |
| Compliance & audit reporting targeted to different roles | Includes effective and granular reporting around all different aspects of policy management, including policy creation, employee attestation, access to policies and more. Also includes built-in audit trails and logs. | Effective oversight of policy management for administrators, managers, trustees and other roles. Helpful support for audits and reviews, with evidence-based tracking, audit trails and more. |
| Employee & volunteer attestation | Provides a simple digital method for employees and volunteers to confirm they have read and agreed to a policy, or an update of a policy. Granular reporting and automated reminders help drive high success rates, while also providing evidence for compliance and reporting. | Saves huge amounts of time and resources, eliminating manual efforts (email, spreadsheets) involved in tracking. Provides robust evidence to support any audit or review. Helps drive compliance with policies across employees and volunteers, reducing risk and improving operations. |
| Easy & quick implementation, building on what you already have | Any solution should be simple to implement, requiring minimum effort and technical know-how, especially for charities with limited resources. Microsoft 365-powered solutions can be much easier to implement from a technical perspective, particularly a solution like Xoralia that can incorporate existing SharePoint libraries. Assistance from your tech vendor is also important. | A smoother implementation which does not cause disruption or require additional resources or access to technical expertise. Reduces the risk of additional costs. Quicker to get the solution fully operational to unlock benefits earlier. |
| Cost-effective solution affordable for charities with stretched budgets | Overall, a solution which is competitively priced, limits the need for additional costs or resources for implementation, and overall reduces time and manual effort required through automation and core features. | A solution that is a good fit and feasible for budget-challenged charities. |
How Xoralia supports charity policy management
Xoralia delivers all of the above capabilities for charities. It is a very affordable solution that fits like a glove into your existing Microsoft 365 and SharePoint environment, is easy to use and implement, and punches above its weight in terms of features. It is highly scalable and is as valuable for larger organisations as it is for smaller charities, and delivers real value for money. It will also release your team from wasting time on tedious manual administration.
Want to experience Xoralia? Then book a free demo.
About the author
Dan Hawtrey
Dan Hawtrey
How policy management software can help
We think the best place to store your policies is inside SharePoint. Most companies already have SharePoint as part of their Microsoft 365 subscription. Using SharePoint means you have full control of your policies, and many best practices can be achieved right out of the box. However, there are gaps and certain best practices are hard to achieve.
To fill these gaps, and for best results we recommend using purpose-built policy management software for SharePoint and Microsoft 365.
We’ve developed a dedicated solution called Xoralia (pronounced Zor-ra-lee-a) that will ensure you have the best overall approach to policy management, supporting your users, policy owners and administrators.
We learned all about policy management from many years of building custom solutions for our clients on SharePoint. But we kept coming up against the same challenges, mostly caused by feature gaps in SharePoint. One day, a client asked us to build a policy management tool that filled these gaps. The trouble was, they didn’t have a lot of budget. But we had a good relationship with them and so we decided to collaborate on it provided we got to keep the code. Looking back, it was a pretty simple tool but over the years we have added more features and relaunched it. We’re now on version 3 and our original customer is still using it!
3 benefits you can expect from Xoralia
Make it easy to find policies
Centralised policy library with powerful search and filtering
Reduce administrative burden
Automations and notifications so that all policy tasks are carried out on time
Demonstrate compliance and best practice
Sophisticated tracking and dashboards to drive and measure compliance.
And lots more!
What our clients say
A great time saver and tool for document management
We have found Xoralia to be very beneficial to us as it has allowed us to focus on other area’s as Xoralia will take care of who has read the documents and notify them if they have not. A great time saver and tool for document management all together.
Tim Galer
IT Coordinator
Hughes
Ideal partner for our regulated environment
LifeArc operates in a strictly regulated sector where compliance and information security are critical. It is essential that LifeArc’s workforce have easy and effortless access to the latest up-to-date policies and procedures, which is the structure Xoralia gave us.
Adam Lythgoe
IT Manager
LifeArc
How to get started with Xoralia
Step 1: Explore or request a demo
Start a free trial for instant, hands-on access, or fill out our form to book a personalised demo at a time that suits you.
Step 2: Get a price proposal
If Xoralia looks right for your organisation, ask us for a tailored quote. We’ll outline any options and packages to fit your needs.
Step 3: Install and launch
Set up Xoralia in your environment with our support. We’ll provide onboarding, training, and full assistance to get your team up and running quickly.
Here's what you'll get
-
Central policy library
-
Search and filter tools
-
Mandatory read policies with attestations
-
Quizzes
-
Notifications and alerts
-
Employee dashboard
-
Line manager dashboard
-
Works on mobile, in Teams and SharePoint
-
New policy creation workflows
-
Policy update workflows
-
Review and approval gates
-
Policy version history
-
Compliance dashboard
-
Audit trail
-
Full reporting
And last but not least:
-
Professional implementation service and support
-
Evergreen software – frequent updates and improvements
-
Comes with our "it just works" support warranty – we’ll fix any bugs, often before you even notice
Ready to get started?
Connect with us to streamline your policy management and ensure effortless compliance.
Improved compliance and policy knowledge
It allows for easy document management and attestation of policies. It improved compliance with policies and helped with internal policy management.
Karolina
Administration & Facilities Manager
Client Earth
Uniting excellence in integration and features for seamless policy management
As the newly appointed IT Manager at our company, I was tasked with implementing the Xoralia policy management tool, and the experience has been nothing short of impressive.
Rian Stuart
IT Manager
TwinStream
