High-Stakes Decisions: Reputation and Risk Management for Non-Profits
The COVID-19 pandemic has led to every business needing to review the way their company operates currently and how it may be required to work in the future. Not-For-Profit organisations need to manage risk or risk their reputation. Not-For-Profits are particularly vulnerable to reputation damage if they mismanage funds they receive from donations and grants.
To ride the wave of uncertainty that has been created by the global pandemic, Not-For-Profit organisations need to understand what risk management is and how it can protect their organisations reputation.
What is Risk Management?
It’s common to think about risk as what might go wrong in your organisation. But it’s more than that. It’s the effect that uncertainty has on an organisation’s objectives. Risks and opportunities come and go as an organisation’s internal dynamics change, so keeping an eye on the risks that may affect your Not-For-Profit organisation is vital.
Risk management aims to anticipate risk. It aims to prevent threats from eventuating or minimise the impact if they do. Risk management is an integral action for strategic planning, decision-making, and resource allocation.
Types of risk:
Compliance risks are probably the most common in the Not-For-Profit sector, and they occur when an organisation fails its corporate and legal obligations. There is a low tolerance for compliance risks, but with risk management controls in place, they can be better managed and lower the impact felt by the organisation.
Organisational risks occur when the organisation fails to achieve a level of service delivery or meet stakeholder expectations. The consequences of organisational risk can be a loss of reputation or high staff turnover, both of which can make it difficult for a Not-For-Profit to operate successfully.
Opportunity risks arise in the pursuit of opportunities that may enhance the Not-For-Profit organisation or allow it to achieve its objectives more efficiently. For these types of risk, organisations should consider the potential gains as well as the resources needed to pursue the opportunity.
Why do Not for Profit Organisations Need to Manage Risk?
Risk management is just good business, but it’s more important than ever with the ravaging effects of the global pandemic still being felt. Thorough risk management strategies support the organisation to meet a range of compliance, statutory, organisational and governance requirements.
Compliance and Statutory Requirements
Compliance and statutory requirements can be tricky as they vary depending on whether the Not-For-Profit is:
- Registered as a company under the Corporations Act 2001, as an incorporated association, or an unincorporated association or cooperative
- Whether or not the organisation is registered as a charity with the recently established Australian Charities and Not-for-profits Commission.
It is essential that executive directors, senior managers, and other relevant stakeholders of Not-For-Profit organisations are aware of the specific details surrounding the creation of their organisation and can manage them appropriately to meet related statutory requirements.
Organisational and Governance Requirements
Risk management is vital for good governance and legal compliance. By effectively managing risks, Not-For-Profit organisations can guard against poor-decision making, complacency, and inadvertent exposure to potentially debilitating consequences of their actions.
Principles of good governance require those responsible for the management of an organisation to protect the interests of its stakeholders. Many stakeholders expect not-for-profits to manage risks following sound governance principles and practices.
It’s for these reasons that risk management policies and processes need to be aligned with the other systems and processes in a Not-For-Profit organisation. By aligning risk management policies to other organisational policies and procedures, Not-For-Profit organisations can identify gaps that could pose a risk to their organisation.
Benefits of Risk Management
Effective risk management can contribute to strategic business planning and general running of a Not-For-Profit organisation. To manage individual risks, like government and regulatory compliance, organisations are implementing innovative technology to manage their activities and reduce the risk to their business. Not-For-Profit organisations upgrading from manual to automated processes creates confidence that an organisation can deliver the desired outcomes, manage threats and make informed decisions.
Some of the significant benefits of effective risk management are:
- Improves the quality of decision-making
- Enables effective execution of decisions
- When embedded within day-to-day operations, it’s ‘business as usual’ rather than an additional task or burden
- When integrated with business strategy, ensures that strategic decisions are informed and based on up-to-date information
- Improves planning processes by enabling the critical focus to remain on core activities
- Reduces the likelihood of potentially costly ‘surprises.’
- Prepares for challenging events and improves overall resilience
Building a Sustainable Risk Management System
How a Not-For-Profit organisation manages risks can mean the difference between its survival and demise. Mismanaging risks when they arise, can cause irreversible damage to the reputation of a Not-For-Profit organisation, so having a robust risk management system in place is essential.
To make risk management work, Not-For-Profits need accountability for integrating it into the organisation and for managing specific risks. To achieve accountability for risks, assigning them to nominated risk owners can make everyone accountable for their management.
Risk owners are senior leaders who can allocate resources to develop risk response actions and can plan how to manage them to acceptable or tolerable levels. Not-For-Profit organisations need to provide the tools for risk owners to address their specific risks as efficiently as possible. By automating manual tasks, it can reduce the chance that a risk will cause a significant impact.
Integrate risk management into your organisation’s process, culture and values
Not-For-Profit organisations need to align how risk management is carried out with how their organisation is managed and operated. Aligning these three activities will establish a greater level of engagement from management and staff when it comes to specific risk management activities.
Not-For-Profit organisations should also consider how they can best leverage their organisation’s governance and culture to facilitate the integration and adoption of risk management. New technology can be daunting, but by eliminating inefficiencies, risk management activities can be quickly reported on by those responsible for specific risks.
Establish Internal and External Reporting and Communication Mechanisms
Risk management activities need to be communicated and reported to relevant internal and external stakeholders. Not-For-Profit organisations need to be able to monitor performance indicators to communicate potential risks while there is still an opportunity to manage them.
Many Not-For-Profit organisations will find they need additional support to capture all the required information necessary to manage risks and protect their reputation successfully. Not-For-Profits should identify gaps in their reporting mechanisms and implement a solution that covers the hole and helps provide early warning of an approaching risk.
The 7 Actions Whitepaper with Checklists will help you understand what actions you can take now to minimise risks and protect your business.