Responsible Risk Management for NFPs


As a charity or not-for-profit entity there are plenty of opportunities to take, and tough decisions to make, but with the changing economic and regulatory landscape it can be hard to know where your organisation is vulnerable. Risk management is key to addressing these vulnerabilities and needs to be as much of a priority for charities as it is for for-profit businesses in these turbulent times.

What is Risk Management?

The basic concept is anything that threatens or limits your organisation to achieve its mission can be looked at as risk.

The Alliance for Non-profit Management defines Risk Management as the discipline for dealing with the possibility that some future event will cause harm. It provides strategies, procedures and an approach to recognising and confronting any threat faced by an organisation. This can mean a whole range of different things.

For example, it may mean assessing finances, screening volunteers, reducing liability, training employees, or increasing cybersecurity.

Why have a risk management framework?

Changes to policy, legislation, economic upheaval, and government allocation of funding all have the potential to negatively impact your organisation’s success if not responsibly managed. As the ACNC expands its commitment to investment impact, organisations that are not applying a risk management framework may find themselves overlooked for funding and may be perceived as a poor investment.

But it isn't just all about the financial or legislative points. The safe keeping of your people and the people you help should be fundamental to the way you manage your workforce and clients.

Who is responsible?

A common issue in NFP governance is defining who is responsible for risk management.

Responsibility for establishing a risk management framework that can identify, assess, and manage potential threats to operations belongs to the board.  The actual identification, assessment, and establishment of risks and their management strategies can be assigned to one person to drive or if part of larger NFP, a risk committee can be established, with the chosen entity reporting to the board.

Next week we look at Risk Management 101 where we define and unpack the identification of standard and unique risks, assess risks with respect to impact and probability of occurring and look at risk management strategies.

Follow the next part of our Risk Management Series here.