Risk Management 101 - Identify Risks


Following on our Risk Management series, where last week we looked at what is risk management, this week we take a look at the 3 key steps to managing your charity or not-for-profit’s risks.

Step 1 -Identify Risks

How do I identify risks?

No matter what your organisation does – whether running mental health programs, an op shop, educating children, or doing medical research - It is your board or leadership team’s role to identify and ultimately manage the risks your organisation faces.

Every organisation is different and faces its own unique circumstances and stakeholders. Many organisations for instance have had to revisit their funding models as the NDIS created structural change in disability care support.

Time for a Risk Register

 The first point is to create a risk register. This is a matter for your board or senior leadership to;

·       run brainstorming sessions,

·       complete interviews with frontline staff and stakeholders, and

·       SWOT analyses and a review of historical data and previous experiences.

In the identify phase it is important to focus on the risks the organisation can influence, because you cannot influence everything.

What types of risk are there?

Apart from the obvious physical risks such as fire or burglary and injury to people (occupational; health and safety), a detailed risk assessment will consider financial or funding risks, declining volunteers, and reputational risks.

- Funding risks result from changes in income flows from donors, gifts, and government sources. The ACNC’s figures show about eight per cent of charities’ revenue comes from gifts and bequests, and yet 40 per cent comes from government funding. So it is vital NFP’s monitor trends in funding sources and keep abreast of changes of government, policies, and community trends.  Just like keeping on step ahead of major changes like NDIS funding arrangements or planning for low interest rates in corpuses.

- Key Person risk also presents itself in charities. A number of charities are founded because of something happening to a family member; like disability, cancer, or a life changing trip to India. However in a number of cases, if the purpose is clear and the “band” (leadership team)is well regarded, the risk is manageable. Founder risk builds when the organisation’s original benefactor does not have the required business and financial skills to run the charity appropriately.

- Reputational Risks are closely linked to keyperson. It may surprise you that charities are more vulnerable to reputational risks than large, listed companies because they rely on donations, volunteers, and community goodwill. Here boards are required to step-in to support and manage the risks to mitigate the impact on their public and government perceptions and donations.  This is why as part of The Impact Suite’s Social Impact Rating for charities and NFPs, we look at Purpose, People and Processes in the first instance. You can find out more on the Social Impact Rating here.

Finally, it may help to create categories of risk or group similar risks together for evaluation.

The following is a high level example of what may work for you:

Next week we look at assessing risks