The Charity Governance Code (smaller charities, from, sets out seven principles for striving towards good governance.

Advice on the impact of digital technology is covered by the UK’s first charity specific Digital Code of Practice.

NCVO’s Code of Ethics (August 2022), lays out four principles which aim to provide “an overarching framework for good decision making, judgement and conduct” and reinforce what charities already do.

There is no legal requirement to adhere to any of these documents. Nonetheless we think it important for trustees not just to be aware of the concepts but also to understand how to apply them on a practical level, particularly given governance failings and weaknesses in the charity sector.

The guides are principle based, so share a number of key themes:

Beneficiaries come first

Ultimately, charities exist for their beneficiaries – the Governance Code notes that aiding beneficiaries “is at the heart of everything [a] charity does.” While this seems obvious, there are two key ways in which the codes can be practically applied:

Firstly, all trustees should undertake training so they are made aware of the organisation’s objects and how these are carried out for the public benefit.

This might involve sitting in on trustees’ meetings prior to appointment, meeting staff or visiting beneficiaries to see the charity’s work in action.

Trustees should have read the Charity Commission’s publications on trustees’ responsibilities, notably the Trustee Welcome Pack.

Secondly, trustees should regularly review the impact of these approaches to ensure that they are delivering the maximum benefit possible.

A short discussion around impact once per year before each AGM with a more in-depth strategic review every three years should meet these requirements.


Each of the codes cite integrity as a key principle of good governance.
Maintaining high levels of personal conduct, acting in the charity’s interests over personal concerns and adhering to the law seem like common sense, but it is important to put structures in place to ensure these standards are upheld at all times.
Formalising an overall code of conduct for trustees, employees and volunteers, supported by policy statements on key areas of legislation is the first step.
Trustees should design internal checks and systems of review by management to put these policies into practice – for example, holding training sessions for employees on whistleblowing procedures and when to apply them.


As public benefit entities, charities must not only report clearly and honestly to the public, but be open to scrutiny at all times.
The policies discussed above should be available on request and there should be a strategy in place for regular communication with the key stakeholders. The Digital Code of Practice (For smaller charities, 20Dec 2018 from suggests charities are ambitious in the use of technology to disseminate information.

Regular updates to supporters by charities about “how they work, spend their funds and deal with issues and problems” are an effective use of digital technology in promoting transparency.
In practice, it is also important to consult with all stakeholders on proposed changes to the charity’s structure, operations or management. Transparency within an organisation is equally important.
It is best practice for declarations of interest to be made at the beginning of all trustees’ meetings and for an open register of trustees’ interests to be maintained by management and updated annually via a formal written declaration of interests.
Complaints procedures should be transparent, with regular reports about complaints made to the trustees.

Board effectiveness and the balance of trustees’ skills

Trustees are required to “act with reasonable care and skill”.
In order to do so, they must function as an effective team with a suitable balance of skills. The Digital Code of Practice specifically recommends that boards should appoint a trustee with specialism in digital technology as this is increasingly a specialist area. Trustees should formally review their skills mix at least annually in order to identify gaps.
Where such skill gaps do arise, a formal recruitment process is often a useful way to enable the charity to attract those with the relevant skills and also those with an appreciation for the work of the charity. Trustees should do their utmost to reduce any obstacles to becoming a trustee for those with interest and skills – changing the timing and location of meetings, paying expenses and advertising vacant trusteeships more broadly can help to recruit a diverse group of trustees who may be able to bring new ideas into the charity.
Trustees should increase their activity in encouraging diverse candidates to apply and publish their work in this area, enhancing the charity’s transparency.

Leadership, risk and control

Trustees are advised by the Governance Code to devote sufficient time to their role and lead their organisation by example and be at the forefront of developing strategy. Practically, this means being willing to adapt to changing environments.
Regular consideration of whether the charity is serving its beneficiaries in the most effective way may lead to better approaches, for example by employing digital channels to activities and communication. Creating an environment in which staff feel able to have an open dialogue with the trustees and discuss concerns and conflicting viewpoints is also important.
Leadership, however, involves treading the fine line between innovation and caution – the codes are equally clear on the importance of effectively managing risk.
Best practice is for the trustees to conduct a short review of risk at each meeting but conduct a detailed risk assessment at least once a year.
In practice, this assessment, along with mitigation and management can be delegated to a series of sub-committees. These regular reviews should include consideration of the policies discussed above to ensure that they remain suitable as the regulatory landscape shifts, as well as regular consideration of the control frameworks applied to uphold those policies.
Involving staff in the risk assessment is an effective way of creating links between the day-to-day operational risks and the broader, strategic considerations of the trustees. The Digital Code of Practice also recommends that the susceptibility of organisations to fraud and cybercrime are included in the risk assessment, including data security as well as digital fraud prevention. These risk assessments can also be used as a practical method to help create an appropriate digital and operational ethos within a charity. The requirements of the new codes of practice build on what has (or should have been) best practice for many years and interpret it in the context of a rapidly changing environment. The key to successful practical application is for trustees to regularly review their activities against the codes and address any areas where the charity falls short.

Here is an assessment tool.