All not for profit organisations need to manage risk, from small local associations through to national peak bodies. While the risks vary across operational sectors, the processes and concepts involved in risk management are similar. Once you understand the basic principles, it’s not as complex as it sounds – but it’s certainly important to undertake the process. An organisation that fails to manage risk is a business waiting to fail. At its most basic, risk management is the process of identifying and understanding risks and deciding what to do about them. It’s often discussed in the context of insurance – but the concept is much broader than that. You take a risk with almost every decision you make – whether that decision is to hire additional staff, diversify your grant programs, or to take out a loan. Seizing any business opportunity carries risk and it’s important to look at all risk scenarios and have a process in place for dealing with them.
Initial stages of the process can be further broken down:
* Establishing context * Analysing the risks
* Identifying risks * Evaluating the risks
Let’s ‘identify’ a common risk scenario for a simple example: property damage. There are numerous events that could bring about damage – from fire, natural disaster and vandalism, to accidental damage or an act of terrorism. The context may include business function, level of security and current circumstances or events that contribute to the context. The process of managing risk is an excellent way to explicitly engage with a range of stakeholder perspectives on achieving mutual business goals.
There are four basic ways that we treat risks. We:
* decide to accept the risk
* take steps to avoid the risk
* do what we can to reduce the risk – either at source, with detective controls, or in terms of mitigating consequences
* transfer the risk to someone else
Often we’ll opt for a combination of these. We might take out insurance (transfer the risk), but we’ll also look at steps we can take to reduce the chance of an unfortunate event occurring or to handle the consequences if it does happen.
Benefits of Good Risk Management
A business that manages risk well has a number of advantages. Good risk management:
* Increases the chances of success in achieving business goals.
* improves communications and working in together with others
* targets resources, protects assets and avoids costly surprises, and
* assists governance, assurance, accountability and managing downside.
Failing to identify, assess and treat risks can have serious consequences for a business. A single event – such as a death or serious injury for which an organisation is found liable – can result in a loss of funding or community support.