How to manage risks
Risk is everywhere: it is inevitable in business of all kinds, at all levels. And so risk management – or risk minimalization – is both a critical, but also a common task. Not-for-profits (NFP’s) face many of the same challenges as ‘for-profit’ organisations but they also face an additional layer of risk due to their public exposure. This invariably leads to greater risk of both scrutiny (such as an audit) and reputational harm.
Areas of risk
Sources of risk for NFPs vary, particularly in regard to type of NFP and how well they have been established. The most important risks include but are not limited to:
- Financial management
- Legal and regulatory compliance
- Growth and sustainability
- Reputation and public perception
- The calibre of key personnel
- Working within the guidelines of the mission statement or charter
- Technology
- Safety and well-being of employees, volunteers and those members of the community the organisation is helping/and or working with
A robust risk management framework and risk register will identify and assess each category of risk outlined above and guide the development of appropriate risk treatment strategies to mitigate risks to an acceptable level.
Management responsibilities in NFPs
Each member of an NFP Board must follow guidelines pertaining to their responsibilities. These responsibilities vary depending on the type of entity and the legal and regulatory environment they operate in.
Royal Commission findings into family violence, disability and aged care have increased the focus on NFP’s carrying out their duties of care and accountability to their stakeholders, who primarily include the community at large.
One of the areas highlighted by the Royal Commission as an area of focus is the service providers’ governance models, and the requirement of directors and those charged with governance to understand and carry out their responsibilities under various laws and regulations. A significant portion of the entities in these sectors are NFP’s. As such, it is important for NFP’s to revisit their governance structure and risk management processes and frameworks.
Who is in control of risk management in your NFP?
One of the challenges NFP’s face is determining who is in charge of risk management within an organisation. Employment of a full time resource to manage risk within an organisation is critical, but competing needs for available funds can make this difficult. This is often due to budgetary constraints and pressures from donors to maximise the use of funds towards service delivery. Consequently, this often leads to the management of risk being borne by the voluntary Board and delegated to the Chief Financial Officer (CFO). While the CFO and the Board may have the expertise to actively manage risk and develop the right systems, processes and frameworks for risk management, they are often tasked with other demands on their time and feel they can only dedicate a small portion of their available time towards this process. This too often does not work and the consequences that follow make this a decision that is often regretted.