Process and steps

The simplest risk management process that’s applicable to most organisational sizes:

  1. Risk Identification
  2. Risk Assessment
  3. Risk Management (Avoid, Mitigate, or Accept)

 

Step 1: Identify Risks

at board level: Board members must understand the following:

The organisation’s mission, values, and context:

  • Who is our community?
  • How have we promised to serve them?
  • How do we do our work?

To develop the detail, questions to answer:

  1. The context, especially in relation to other players: what are funder expectations?  What is the organisation’s capacity to meet those expectations?  Who are our partners?  Our champions?  What are they doing?
  2. The challenges being faced at the operations level and, sometimes, at the programming and service delivery level.
  3. Good practices around audits (financial and otherwise).
  4. How other organisations function and adapt to their contexts, the risks and consequences they have faced; comparison can be useful tool to identify and assess risks.

at staff team level: Conduct risk assessment and make note of anything that appears unsafe or could pose a threat to clients, volunteers, staff.

  • Are there processes in place if there is an incident? (fire exits, first aid kits, …)
  • Are staff and volunteers properly trained on internal procedures related to safety incidents? (incident reports, reporting structures, …)

To develop the detail, actions to perform:

  1. Keep good records of what happens at the organisation and share them with the board
  2. Maintain an up to date risk register and record response strategy specific to risks.
  3. What are some of the challenges that staff and volunteers face?
  • With the space?
  • With meeting funding requirements
  • and deadlines?

 

Step 2: Assess Risks

Assessment vs. Management: It’s impossible to avoid risk so instead we have to develop methods to assess and manage risk: make sure that we take all necessary steps to increase our chances of having positive (not negative) outcomes.

To manage risks: There are three key elements to managing risk:

  1. Avoid/transfer it
  2. Mitigate/lessen it
  3. Accept it

 

How risks are measured (RAG) rated: Likelihood vs. Impact, or could it happen, and would it hurt

 

Step 3: Manage Risks

Avoid/Transfer Risk: Create Risk Minimisation Policies:

  • Addresses your policies and procedures to avoid such risk. Consideration for termination of services, projects, and/or activities that have a high likelihood and high impact on the organisation’s objectives.
  • Reject engagement in high risk projects/services.

Insurance and Risk: the concept of liability Insurance related to the transference of risk; i.e. you share the risk with an insurance company.  Libaility insurance:

  • Protects your organization, board and staff
  • Purchase charity insurance coverage from most insurance companies
  • Get quotes from a number of different companies

Mitigate Risks: Create Risk Tolerance Policies:

  • Addresses your appetite for risk (willingness) vs. your capacity for risk (ability to handle.
  • Develop and test processes for assessing risk in your work: what do they look like? Who’s involved? How long do they take? What if it’s a crisis?

Tolerance for risk is dependent upon:

  • Finances: do you have reserves? How much money do you usually bring in? Spend? How much can you lose/forego and still operate?
  • Donor support, reputation, credibility
  • Experience and competence of staff and volunteers
  • Limits of Chief Executive Officers and/or Executive Director authority, information board should receive before making decisions
  • Consider potential risk vs. Opportunity: what’s the worst thing that could happen and the best thing that could happen? How likely are each of these scenarios?
  • Consider alternatives!
Previous Previous Lesson
Back Back to Course
Back to Course