Sector Insight

Getting Familiar with Risk Management

Not-for-profit (NFP) and charity organisations have a critically important and multifaceted role to play in Australia, providing essential services to the community in a variety of areas, including healthcare, education, environmental conservation, and social services. Nevertheless, despite the noble nature of their mission, like any organisation, NFPs and charities are not immune to a diverse array of risks that have the potential to derail their operations and undermine their ability to serve the community effectively. Consequently, it is imperative for these organisations to develop and implement robust risk management frameworks that can identify, assess, and mitigate risks effectively.

This article seeks to provide an overview of the multifaceted aspects of risk assessment, risk mitigation, and Enterprise Risk Management (ERM) in the NFP and charity sector in Australia, with the aim of enhancing readers' understanding of the complex nature of these critical activities.

 Risk Assessment, as the initial stage in effective risk management, is a complex and challenging process that involves identifying and evaluating a broad range of potential risks that could undermine an organisation's ability to achieve its objectives. In the NFP and charity sector, risks can stem from various sources, including financial, operational, legal, regulatory, and reputational risks.

To undertake a comprehensive risk assessment process, NFPs and charities should utilise a range of methods, including risk workshops, surveys, and interviews, to identify all possible risks that could impact their operations. Following the identification of these risks, they should evaluate them to determine their likelihood of occurrence and the potential impact on the organisation. Based on these assessments, NFPs and charities should then prioritise risks according to their likelihood and impact, allowing them to focus on the most significant risks first. Finally, NFPs and charities should develop risk management plans that outline the actions needed to reduce or eliminate the risks, assign responsibilities, and establish timelines for completion.

Effective Risk Mitigation, on the other hand, requires a structured approach and a range of risk management strategies to reduce or eliminate risks. To mitigate risks in the NFP and charity sector, organisations can use a variety of strategies, including insurance, policies and procedures, training and education, internal controls, and contractual protections. While insurance is one of the most common risk mitigation strategies, NFPs and charities should also establish and enforce policies and procedures to reduce risks. These policies and procedures should be regularly reviewed and updated to ensure they remain relevant and effective.

Providing training and education to staff and volunteers can also help reduce the likelihood of risks occurring, while implementing internal controls such as segregation of duties, authorisation and approval procedures, and regular monitoring and reporting can help prevent and detect errors and fraud. Additionally, NFPs and charities should ensure that they have appropriate contractual protections in place when dealing with suppliers, contractors, and other third parties.

Enterprise Risk Management (ERM) is a more comprehensive approach to managing risks across an organisation that considers risks across the entire organisation, rather than just individual departments or functions. It involves identifying risks across all aspects of an organisation's operations and developing strategies to manage them effectively. The ERM process typically involves identifying risks, assessing risks, developing risk management strategies, implementing risk management strategies, and regularly monitoring and reviewing the effectiveness of these strategies. Implementing an ERM framework can bring several benefits to NFPs and charities, including better risk management, improved decision-making, greater resilience, and improved stakeholder confidence.

Effective risk management is a vital component of NFPs and charities' ability to deliver essential services to the community. Developing and implementing a comprehensive risk assessment process, effective risk mitigation strategies, and an ERM framework can help NFPs and charities manage their risks more effectively, build greater resilience, and demonstrate to their stakeholders that they are taking risks seriously and have effective strategies in place to manage any and all occurrences.