Helping NGOs and Charities Navigate Risk and Strengthen Governance

Our Work

At Candour Risk, we specialize in providing strategic advisory services in governance, risk management, and compliance solutions. Our case studies showcase our expertise across various sectors and challenges. Each project demonstrates our commitment to delivering practical, actionable recommendations that, when implemented by our clients, enhance operational effectiveness and build organizational resilience.

Navigating Complex Sanctions Compliance Challenges

Following the introduction of UK sanctions related to the Russia-Ukraine conflict, an organization had to urgently halt all payments to a key partner while ensuring compliance with strict legal requirements. Candour Risk provided strategic compliance advisory by facilitating legal review with external counsel and conducting a detailed mapping of risk exposure. We recommended a due diligence process including monthly Bridger checks for suppliers and board members, advised on payment verification protocols against approved transaction records, and suggested alternative payment routes through non-sanctioned financial institutions. Following the implementation of these recommendations by the organization, they achieved full compliance with UK sanctions, improved transparency in payment flows and supply chain screening, and strengthened legal risk management across international partnerships. Our advisory enabled the organization to protect its operational continuity while demonstrating a high standard of sanctions compliance—preserving relationships and stakeholder trust in a volatile context.

Transforming Conservation Programme Governance

When a flagship conservation programme faced fundamental governance issues after four years without leadership, Candour Risk provided comprehensive advisory services. We conducted a thorough governance review, recommended the appointment of a Country Manager, and advised on implementing a formal partner selection framework with centralized lifecycle management. After the organization implemented our strategic recommendations, they strengthened internal controls, improved decision-making through clearer reporting lines, and significantly reduced compliance and reputational risks through enhanced partner vetting. The client now operates with the leadership, structure, and systems needed to confidently deliver conservation outcomes, attract donor funding, and scale future operations.

Embedding Resilience in International Delivery Models

A global audit revealed a lack of formally documented resilience processes, undefined roles for resilience planning, and inconsistent risk assessments across offices. Candour Risk advised on embedding resilience protocols into existing risk and programme management frameworks, recommended defining resilience roles, and suggested making annual country risk assessments a standard part of due diligence. We proposed scenario planning exercises, recommended a formal lessons-learned review based on prior crises, and advised on cross-functional workshops to integrate resilience thinking into programme exit strategies and advocacy planning. Following the organization's implementation of these recommendations, they created greater organizational readiness for global disruptions, shared understanding of key dependencies and risk triggers, and institutional learning embedded into planning processes. The organization is now better equipped to anticipate, adapt to, and recover from external shocks—enhancing continuity, credibility, and long-term impact.

Transforming Expense Management Through Data Analytics

A data-driven review of employee expenses submitted through the Concur system revealed systemic non-compliance with global Travel & Expense policies, with approximately £2.6m (27%) of the £8m expenses reviewed potentially non-compliant. Candour Risk advised on deploying advanced data analytics to quantify and categorize non-compliant transactions, recommended collaboration with the Concur project team, Counter Fraud, and Internal Audit to validate findings, suggested actionable themes for further targeted testing, and provided recommendations for the design of future controls to enhance policy adherence and audit readiness. After implementing these recommendations, the organization was able to quantify compliance risks for the first time, enabling management to develop targeted interventions, improve policy enforcement, and justify further automation within expense processes.

Strengthening Financial and Safeguarding Governance in Brazil

An internal audit revealed that project-level grievance mechanisms were absent in areas with vulnerable Indigenous communities, unrestricted reserves were critically low, and safeguarding training had not been completed by all staff. Candour Risk advised on developing local-level safeguarding protocols and grievance channels, recommended a reserves-building strategy to finance teams, suggested a comprehensive safeguarding training program for all staff, and provided guidance on establishing safeguarding-aligned policies with partners. Following the organization's implementation of these recommendations, they improved stakeholder protection through visible and trusted grievance mechanisms, increased financial resilience with a reserve-building plan targeting sustainability, and strengthened safeguarding practices across internal teams and implementing partners. The organization enhanced both its social accountability and financial robustness—positioning it as a credible, responsible actor in one of the world's most sensitive ecosystems.

Legal and Governance Reform for Cross-Border Conservation

A regional conservation partnership lacked legal clarity around liability and decision-making, resulting in suspended operations in one country. Candour Risk provided advisory services on legal entity registration across multiple jurisdictions, recommended establishing a safeguarding framework and whistleblowing mechanism, advised on organization-wide training needs, suggested structured reporting schedules, and recommended security protocols for consultants using organizational devices. After implementing these recommendations, the organization restored legal and operational continuity across all partner countries, increased staff and community trust in safeguarding procedures, and improved timeliness and security of financial data handling. The coalition is now better protected legally, governed more transparently, and trusted by field teams and funding bodies alike.

Building Resilient IT Infrastructure and Data Security

A comprehensive review of an organization's IT function revealed significant vulnerabilities: outdated hardware, no lifecycle management, poor network monitoring, and missing disaster recovery protocols. Candour Risk advised on developing an IT infrastructure lifecycle plan, recommended establishing sustainable asset budgeting, suggested strengthening network security controls, proposed account deactivation protocols, and provided guidance on revising the organization's Business Continuity and Disaster Recovery Plan. We also recommended internet service upgrades across offices. Following the organization's implementation of these recommendations, they achieved reliable IT infrastructure that improved user productivity, reduced cybersecurity vulnerabilities, and enhanced operational resilience. The organization now has the tools and frameworks to support secure, scalable IT operations aligned with donor expectations and internal risk thresholds.

Restoring Financial Control and Compliance in Uganda

Audit findings revealed significant financial control issues, with over CHF 130K in unaccounted advances outstanding beyond policy thresholds. Candour Risk advised on enforcing the advance policy through digital payments, recommended implementing the Beyonic system for improved stakeholder disbursements, proposed a new cost recovery policy, suggested tracking tools for Ministry of Foreign Affairs notifications, recommended creating a local Health, Safety, and Security policy, and provided guidance on developing Business Continuity and Disaster Recovery Plans. After the organization implemented these recommendations, they significantly reduced outstanding advances through tighter controls, increased compliance with national legal agreements and safety standards, and improved staff and asset protection through documented HSS protocols. The organization is now operating under tighter governance controls, with enhanced financial visibility and better preparation for operational disruptions.

Strategic Workforce Planning for Sustainable Growth

An audit revealed weak workforce planning, poor data quality, and disjointed coordination between HR, finance, and leadership. Candour Risk advised on establishing a central workforce planning group and defining cross-functional responsibilities, recommended implementing a new HR Information System to ensure accurate people data, and proposed introducing People Plans to support forecasting and decision-making. We also provided guidance for regular workforce reviews, aligning staff capacity with programme and financial pipelines. Following the organization's implementation of these recommendations, they improved accuracy in workforce data and reporting, better aligned staffing needs with strategic priorities, and enhanced collaboration between departments on workforce strategy. The organization is now strategically resourced to meet future challenges and scale delivery effectively—with improved insight into skills, costs, and team shape.

Establishing Ethical Governance Through Conflict of Interest Reform

Internal audit revealed inconsistent application of conflict of interest policies, missing declarations, and no formal processes for identifying or managing conflicts. Candour Risk advised on standardizing the organization's COI framework, recommended developing a central Conflict of Interest Register, and proposed a declaration protocol for all staff, board members, and partners. We suggested a training programme to embed awareness and ensure consistent understanding of ethical obligations, and recommended a gap analysis across programmes to identify historical non-compliance. After implementing these recommendations, the organization improved transparency and auditability of decisions, increased staff accountability and ethical awareness, and reduced legal and reputational exposure. The organization now demonstrates ethical leadership through robust COI governance—a key differentiator for donors, regulators, and stakeholders.

Revitalizing Corporate Partnership Programmes

A flagship corporate partnership programme faced major delays due to COVID-19, under-resourced teams, and unclear governance arrangements. Candour Risk provided rapid diagnostic advisory to assess programme bottlenecks, recommended revised budget monitoring tools for granular visibility of underspend, and advised on the development of mitigation plans including a mid-term external review and targeted recruitment. We also provided guidance to delivery teams on redesigning monitoring plans and aligning them with impact milestones. Following the organization's implementation of these recommendations, they improved reporting transparency with donor partners, recovered delivery timelines through targeted staffing and planning, and created greater alignment of programme design with on-the-ground realities. The organization protected a high-value corporate relationship and restored momentum on strategic pillars, enabling long-term delivery and reputational trust.

Enhancing Security Risk Management Across Global Operations

A global audit identified inconsistencies in security policy implementation, with offices lacking contingency planning guidance, underfunded equipment needs, and outdated contact records. Candour Risk advised on developing global guidelines for contingency planning, recommended establishing a continuous monitoring system for risk assessments, suggested documenting funding needs and adjusting resource allocations, proposed standardizing security focal point contact details across offices, and recommended creating a reporting cadence to maintain up-to-date risk awareness. After implementing these recommendations, the organization strengthened organizational readiness in high-risk environments, improved accuracy and accessibility of security protocols, and reduced vulnerability through updated plans and faster response capabilities. The organization is now operating with a cohesive, proactive approach to security—enabling safe programme delivery, protecting staff, and reassuring funders.

Reforming Advertising Operations Governance

An audit of an advertising programme revealed critical governance gaps: outdated policies, inconsistent implementation, and lack of oversight in vendor selection. Candour Risk advised on a governance reset, recommending updated advertising policies and standardized procedures across departments. We proposed implementing a centralized vendor management system with built-in controls for procurement and contracting, and suggested developing a performance-based Monitoring & Evaluation framework tailored to advertising KPIs. Our team also recommended workshops with marketing leads to embed risk awareness and improve compliance. Following the organization's implementation of these recommendations, they increased transparency in vendor management, enabled data-driven decisions through clearer reporting of campaign effectiveness, and reduced reputational and financial risks linked to procurement practices. The organization now manages advertising spend with greater control, maximizes impact through data-led insights, and operates with improved regulatory and reputational assurance.

Elevating Programme Quality and Effectiveness

Despite strong strategic ambition, an organization lacked a consistent M&E framework, with programme outcomes not systematically evaluated and resource allocation based on forecasts rather than actual utilization. Candour Risk advised on introducing a comprehensive Monitoring, Evaluation, and Learning plan aligned with the FY25-27 strategy, recommended developing reporting tools, learning capture mechanisms, and project time-tracking systems, and suggested implementing a field visit documentation standard. After the organization implemented these recommendations, they improved decision-making through structured outcome evaluation, increased programme efficiency through realistic staff workload planning, and strengthened accountability and transparency to funders. The client is now equipped with robust tools to measure and improve impact, align staff capacity to programme needs, and report consistently to donors.

Rebuilding Health and Safety Compliance Systems

An internal audit found fragmented implementation of health and safety policies, inconsistent reporting, and weak investigation procedures that created high risks to staff safety and legal non-compliance. Candour Risk advised on reviewing and streamlining H&S policies, recommending a standardized framework across all operations. We proposed introducing a centralized incident management system along with protocols for investigations and root cause analysis, and suggested targeted training to ensure staff understood responsibilities and reporting requirements. Following the organization's implementation of these recommendations, they achieved consistent application of H&S standards across locations, increased speed and accuracy of incident reporting and follow-up, and enhanced legal and regulatory compliance. The client now provides a safer working environment, demonstrating a proactive duty of care and improved ability to respond to safety risks—critical for insurance, staff wellbeing, and funder confidence.

Strengthening Organizational Safeguarding Frameworks

The absence of a regional safeguarding officer, weak staff training, and inconsistent policy implementation left a safeguarding programme vulnerable to significant risks. Candour Risk advised on establishing a regional safeguarding leadership role and recommended designing a comprehensive training curriculum for all staff levels. Using best practices from humanitarian and conservation sectors, we proposed developing reporting protocols, suggested embedding formal monitoring processes, and recommended awareness sessions to promote a speak-up culture. After implementing these recommendations, the organization significantly increased staff confidence in safeguarding protocols, improved visibility of safeguarding performance, and reduced incident escalation through proactive reporting. The organization now operates in a demonstrably safer environment with clear accountability and improved donor and stakeholder assurance.

Transforming Strategic Talent Management

Despite previous investments, the People & Culture function lacked a clear, updated talent strategy, with the 2019 People Plan not reviewed and performance review completion rates below targets. Candour Risk advised on developing a new Monitoring, Evaluation, and Learning framework linked to the FY25-27 People Strategy, recommended introducing People Plans to map organizational shape, proposed implementing a reporting system to track learning spend effectiveness, suggested establishing escalation protocols for non-compliance, and advised on training line managers in quality performance conversations. Following the organization's implementation of these recommendations, they strengthened alignment between talent management and strategic objectives, increased accountability for staff development and performance, and improved oversight of L&D investment and return. The organization now has a forward-looking, data-informed talent strategy—improving workforce engagement, leadership development, and operational effectiveness.

Advancing Organizational Travel Safety Protocols

An audit of the travel safety framework revealed critical gaps in policy enforcement, risk assessment procedures, and technology compatibility. Candour Risk advised on a comprehensive review and update of the travel safety policy, recommended introducing mandatory training modules for both staff and guests. We proposed implementing a compatibility testing protocol for travel safety apps and suggested developing clear criteria for vetting hotels through the travel provider. We also recommended realigning training and travel planning processes with risk management best practices. After implementing these recommendations, the organization increased preparedness and risk awareness for travelers, reduced liability and reputational exposure through improved documentation, and strengthened control over third-party travel vendors. The organization now provides a safer, more accountable travel experience—ensuring legal compliance, enhancing staff confidence, and supporting operational continuity across regions.

Enhancing Safeguarding and IT Resilience in Southeast Asia

An audit of national operations revealed inadequate communication of safeguarding and grievance policies to local communities, no business continuity planning, and expired MoUs with partners. Candour Risk advised on developing and disseminating updated safeguarding protocols, including stakeholder-focused communication materials. We recommended developing and implementing a comprehensive Business Continuity and IT Disaster Recovery Plan, suggested reviewing partner relationships, and advised on updating all expired MoUs. We also proposed reintroducing a performance appraisal system to support staff development and governance consistency. Following the organization's implementation of these recommendations, they improved organizational resilience and preparedness, strengthened safeguarding assurance with local communities, and re-established formal governance mechanisms with partners. With clear protocols, recovery plans, and stronger community engagement, the organization is now more resilient, donor-ready, and aligned with global best practices in safeguarding and partnership management.

Strengthening Governance and Safeguards in Pakistan

Audit findings revealed that safeguarding policies were not being communicated to communities, and critical governance gaps existed including the absence of a Business Continuity Plan and outdated partner agreements. Candour Risk advised on co-designing a safeguarding communication plan targeting community-level engagement, recommended introducing a comprehensive Business Continuity and Disaster Recovery Plan, and suggested reviewing and renewing all MoUs with partners. We proposed reinstating performance management tools and recommended developing a central Conflicts of Interest and Gifts and Hospitality Register. After implementing these recommendations, the organization enhanced stakeholder protection through proactive safeguarding measures, improved governance maturity and operational readiness, and strengthened HR compliance and ethical oversight. The organization now meets donor and community expectations for safeguarding and is equipped to manage operational risk and staff accountability at scale.

Optimizing Governance and Delivery in Singapore Operations

An internal audit uncovered inconsistencies in financial controls, weak partner due diligence, and gaps in programme monitoring and evaluation. Candour Risk advised on updating and standardizing core governance and financial policies across teams, recommended introducing a centralized partner management system with formal due diligence protocols, and proposed building a fit-for-purpose Monitoring & Evaluation framework linked to strategic KPIs. We suggested workshops to train programme and finance teams in risk-based thinking and documentation standards. Following the organization's implementation of these recommendations, they improved financial integrity and control, enhanced oversight of partner relationships and contractual obligations, and enabled real-time course correction in programme delivery through M&E insights. The organization now operates with improved governance maturity, positioning it for stronger stakeholder engagement, donor compliance, and programme effectiveness.

Strategic Realignment of Income Generation Activities

Income generation activities lacked strategic coordination, resulting in inefficiencies, underperformance, and missed opportunities. Candour Risk advised on redesigning the income generation strategy to align with organizational goals, recommended introducing structured evaluation criteria, performance KPIs, and regular tracking of revenue performance. We proposed implementing a central income generation management system to oversee opportunities and measure ROI, and suggested working with senior leadership to integrate resource allocation into broader financial planning. After implementing these recommendations, the organization improved forecasting and pipeline visibility, enabled strategic prioritization of high-value revenue channels, and created better alignment between income targets and operational delivery. The organization is now better equipped to grow sustainable funding sources, measure performance, and adapt strategy in real-time—boosting resilience and long-term viability.

Governance Reform in UK Grant Programme Delivery

The UK Grant Programmes audit identified leadership gaps, poor monitoring of programme outcomes, and a lack of strategic financial oversight. Candour Risk advised on rolling out a Monitoring, Evaluation, and Learning plan linked to strategic outcomes, recommended updating MoUs, and proposed introducing income generation tools to identify and manage funding gaps. We also suggested developing a new Business Continuity Plan and reintroducing digital performance tracking. Following the organization's implementation of these recommendations, they improved programme performance and funding visibility, re-established governance controls and partner oversight, and strengthened operational resilience through continuity planning. The organization is now better positioned to manage and grow its UK programme portfolio with strategic insight, improved leadership alignment, and greater compliance maturity.

Improving Field Conditions and Partner Oversight in East Africa

An audit of a conservation initiative revealed unsafe scout living conditions and significant delays in project implementation due to weak partner oversight and grant management processes. Candour Risk advised on urgent mitigation planning, including budgeting for improved scout housing, water, and sanitation. We recommended implementing structured partner monitoring processes and suggested adding financial and operational capacity via targeted recruitment. After implementing these recommendations, the organization created safer and more dignified conditions for field staff, improved oversight of implementation partners, and accelerated project delivery through strengthened operations. The client restored credibility with frontline staff and communities, mitigated operational and reputational risks, and now benefits from stronger, data-driven partner accountability.