Associate Director for Risk and Assurance for a charity

[RosieLeaLovesTea]

• Hi all I saw this role role advertised an Associate Director of Assurance for a charity. These are the key skills from the job desciption
• Strategic Leadership: Guide teams to deliver results efficiently and collaboratively, ensuring the Society achieves its strategic goals while maintaining control, resilience, and compliance. Champion a culture of risk assurance and compliance.
• Line Management: Oversee Assurance, Risk, Legal, and Governance teams, managing their leaders directly.
• Strategic Impact & Risk Management: Ensure the Society meets legal and regulatory obligations while managing risks effectively. Oversee the assurance framework and reporting systems, ensuring compliance and best practices, with input from those living with dementia shaping decisions.
• Service Delivery: Collaborate with the Executive and Senior Leadership Teams to provide risk oversight and management, reporting regularly on risk status and compliance with Charity Commission regulations.
• People & Leadership: Lead on risk and assurance, fostering accountability and empowering teams to manage their risks. Promote inclusion and high performance through clear goals, coaching, and feedback, embodying the Society's values and leadership competencies.

in a role like this what would you actually do? what would you diary look lke?

Why do you want to know? It's a high level job within the Alzheimer's society is it?

The job description gives much more details

If you had qualifications and experience in risk and assurance, you’d know what the job would entail on a day-to-day basis. It’s not the sort of thing you can just have a go at.

Pretty bog standard risk and governance role.

Updating the risk register.
Writing board reports.
Completing submissions on whatever charity sector regulatory frameworks, including any monthly or annual assurance reports.
Corporate governance stuff which would probably include things managing the team who run and support board and sub committee meetings.
Would probably be essential to have knowledge and experience of company secretary, corporate gov, legal, etc.

Do you have experience of this at all? If not it won't be worth applying.

You'd do what you've just listed there.Line management, strategic planning, high level quality assurance processes. Probably a lot of liaising with partners, funders, the board, and internal leadership, governance.

Lots of meetings, you would be expected to chair and lead things like Risk committee and management reviews if the overall compliance programme.

You would need to prepare and present presentations to the board of the Critical Risks identified within the organisation, guide them on determining appropriate measures to reduce, transfer, accept or treat those risks.

You would be working with proposals and grants teams to make sure applications for funding or new business have the relevant information related to compliance to be successful,

Part of the broader exec team planning how the budget can be reduced and revenue increased, looking at alternative resourcing solutions to meet the need at the lowest cost and in the most efficient manner.

Accountable for ensuring that people in your team are conducting all activities they need to do in order to ensure compliance to all statutory and regulatory frameworks applicable, that where non compliance is identified it's being addressed, reported to regulatory bodies when needed in accordance with company posture so engaging with PR for example to work through potential reputational risks and come up with a plan to address them.

Attending regular training, industry and networking events to keep up to date on new legislations and frameworks, how they apply to this organisation, where similar organisations have fallen down, what grant/funding/clients are looking for with regard compliance/certification, eg UK Gov moving to CAF framework and increased importance in CyberEssentials Plus certification, or NIS2 European legislation amendments for European public organisations.

Research impacts of new technologies like Gen AI and determine the threats they pose, the requirements for future compliance activity, training needs across the whole organisation, how that training will be delivered,d costs it will introduce, costs it could reduce, impact to people in the org and how that may change your internal and external company stakeholders.

You will also basically be available 24/7 for an emergency. Security incident, negative press etc and you'd be expected to join a call to triage and make plans at the drop of a hat. You would be one of the decision makers so wil need to be comfortable and accept the responsibility of being able to quickly assess the available information, make a choice and stick by it. You may need to change your mind, and explain why you were wrong first time, but you will have to be make snap judgement calls using your knowledge and experience.