High-Stakes Decisions: Reputation and Risk Management for Non-Profits

The COVID-19 pandemic has led to every business needing to review the way their company operates currently and how it may be required to work in the future. Not-For-Profit organisations need to manage risk or risk their reputation. Not-For-Profits are particularly vulnerable to reputation damage if they mismanage funds they receive from donations and grants.   

To ride the wave of uncertainty that has been created by the global pandemic, Not-For-Profit organisations need to understand what risk management is and how it can protect their organisations reputation.

What is Risk Management?

It’s common to think about risk as what might go wrong in your organisation. But it’s more than that. It’s the effect that uncertainty has on an organisation’s objectives. Risks and opportunities come and go as an organisation’s internal dynamics change, so keeping an eye on the risks that may affect your Not-For-Profit organisation is vital.

Risk management aims to anticipate risk. It aims to prevent threats from eventuating or minimise the impact if they do. Risk management is an integral action for strategic planning, decision-making, and resource allocation. 

Types of risk:

  • Compliance

Compliance risks are probably the most common in the Not-For-Profit sector, and they occur when an organisation fails its corporate and legal obligations. There is a low tolerance for compliance risks, but with risk management controls in place, they can be better managed and lower the impact felt by the organisation.

  • Organisational

Organisational risks occur when the organisation fails to achieve a level of service delivery or meet stakeholder expectations. The consequences of organisational risk can be a loss of reputation or high staff turnover, both of which can make it difficult for a Not-For-Profit to operate successfully.

  • Opportunity

Opportunity risks arise in the pursuit of opportunities that may enhance the Not-For-Profit organisation or allow it to achieve its objectives more efficiently. For these types of risk, organisations should consider the potential gains as well as the resources needed to pursue the opportunity.

Why do Not for Profit Organisations Need to Manage Risk?

Risk management is just good business, but it’s more important than ever with the ravaging effects of the global pandemic still being felt. Thorough risk management strategies support the organisation to meet a range of compliance, statutory, organisational and governance requirements.

Compliance and Statutory Requirements

Compliance and statutory requirements can be tricky as they vary depending on whether the Not-For-Profit is:

  • Registered as a company under the Corporations Act 2001, as an incorporated association, or an unincorporated association or cooperative
  • Whether or not the organisation is registered as a charity with the recently established Australian Charities and Not-for-profits Commission.

It is essential that executive directors, senior managers, and other relevant stakeholders of Not-For-Profit organisations are aware of the specific details surrounding the creation of their organisation and can manage them appropriately to meet related statutory requirements.

Organisational and Governance Requirements

Risk management is vital for good governance and legal compliance. By effectively managing risks, Not-For-Profit organisations can guard against poor-decision making, complacency, and inadvertent exposure to potentially debilitating consequences of their actions. 

Principles of good governance require those responsible for the management of an organisation to protect the interests of its stakeholders. Many stakeholders expect not-for-profits to manage risks following sound governance principles and practices.

It’s for these reasons that risk management policies and processes need to be aligned with the other systems and processes in a Not-For-Profit organisation. By aligning risk management policies to other organisational policies and procedures, Not-For-Profit organisations can identify gaps that could pose a risk to their organisation.

Benefits of Risk Management

Effective risk management can contribute to strategic business planning and general running of a Not-For-Profit organisation. To manage individual risks, like government and regulatory compliance, organisations are implementing innovative technology to manage their activities and reduce the risk to their business. Not-For-Profit organisations upgrading from manual to automated processes creates confidence that an organisation can deliver the desired outcomes, manage threats and make informed decisions.

Some of the significant benefits of effective risk management are:

  • Improves the quality of decision-making
  • Enables effective execution of decisions
  • When embedded within day-to-day operations, it’s ‘business as usual’ rather than an additional task or burden
  • When integrated with business strategy, ensures that strategic decisions are informed and based on up-to-date information
  • Improves planning processes by enabling the critical focus to remain on core activities
  • Reduces the likelihood of potentially costly ‘surprises.’
  • Prepares for challenging events and improves overall resilience

Building a Sustainable Risk Management System

How a Not-For-Profit organisation manages risks can mean the difference between its survival and demise. Mismanaging risks when they arise, can cause irreversible damage to the reputation of a Not-For-Profit organisation, so having a robust risk management system in place is essential. 

Establish Accountabilities

To make risk management work, Not-For-Profits need accountability for integrating it into the organisation and for managing specific risks. To achieve accountability for risks, assigning them to nominated risk owners can make everyone accountable for their management.

Risk owners are senior leaders who can allocate resources to develop risk response actions and can plan how to manage them to acceptable or tolerable levels. Not-For-Profit organisations need to provide the tools for risk owners to address their specific risks as efficiently as possible. By automating manual tasks, it can reduce the chance that a risk will cause a significant impact. 

Integrate risk management into your organisation’s process, culture and values

Not-For-Profit organisations need to align how risk management is carried out with how their organisation is managed and operated. Aligning these three activities will establish a greater level of engagement from management and staff when it comes to specific risk management activities.

Not-For-Profit organisations should also consider how they can best leverage their organisation’s governance and culture to facilitate the integration and adoption of risk management. New technology can be daunting, but by eliminating inefficiencies, risk management activities can be quickly reported on by those responsible for specific risks.

Establish Internal and External Reporting and Communication Mechanisms

Risk management activities need to be communicated and reported to relevant internal and external stakeholders. Not-For-Profit organisations need to be able to monitor performance indicators to communicate potential risks while there is still an opportunity to manage them. 

Many Not-For-Profit organisations will find they need additional support to capture all the required information necessary to manage risks and protect their reputation successfully. Not-For-Profits should identify gaps in their reporting mechanisms and implement a solution that covers the hole and helps provide early warning of an approaching risk.

Download Resource

The 7 Actions Whitepaper with Checklists will help you understand what actions you can take now to minimise risks and protect your business.

2 thoughts on “High-Stakes Decisions: Reputation and Risk Management for Non-Profits

  1. Alex Low
    February 15, 2021 at 9:43 am

    I think transparency is so important when deciding which charity to go with. What you write about reputation is true, and as with any business, risk management is so important. What are some examples of well known NFPs leading in terms of not only managing their risks really well, but clearly communicating it to their stakeholders?

  2. Rose Firth
    February 16, 2021 at 9:12 am

    I think it’s wonderful that you mention the importance of establishing accountability for integrating risk management work. So many organizations neglect to consider who will be ultimately responsible for the ongoing management for potential risks in an ever changing climate. I’d love to see some stories for organizations that have done this to find out more about how it helped them to establish a sustainable risk management model.

Leave a Reply

Your email address will not be published. Required fields are marked *