by Maria Lahiffe
“Not-for-profit organizations face unique risk management challenges. They are often held to the same standards as for-profit organizations but do not have the same resources and knowledge to understand their risks and how to mitigate them.” [1, p. 191]
Risk management is “the process of identifying your legal, financial, and reputational risks and taking steps to avoid exposure to them.” [1, p. 191] Risk management does not have to be complicated; it can be as simple as answering three questions: 
Risk management has numerous benefits for an organization. Having an up-to-date risk management plan will save resources by reducing the time and money required to solve problems and settle claims. Risk management protects your organizational reputation, protects people from harm, and stabilizes your operations.
Risk management is not the same as insurance. Proper insurance covers your legal fees and settlement costs in the event that your organization is sued; it helps AFTER a problem has occurred. Risk management helps to prevent problems from occurring in the first place.
A good risk management plan will probably help you reduce your insurance premiums. In addition, no amount of insurance can compensate for reputational damage which comes along with harm to people or property associated with your organization.
Risk management should not be an afterthought. It takes time and dedication to develop a risk management policy. In addition, risks should be reviewed annually, to make sure that new risks are accounted for and that mitigation strategies are still valid.
Some risks are present in any organization, such as the possibility of a visitor slipping on a wet floor or of an employee or volunteer embezzling funds. Others will be unique to your operations. If it could happen within your organization, then you should list it at this point.
List your organization’s operational objectives, activities, assets, and key stakeholders. For each, identify the associated risks. Other sources of information to help you identify risks include: 
For each risk, evaluate it based on potential severity and also potential likelihood. You can use this to create a risk map, which will help you prioritize your efforts. This downloadable form can help you.
Risks in the upper right portion of your risk map are the ones which need the greatest amount of attention and resources. Your plan for low risks can be simply to monitor, or possibly even ignore some of them.
Your risk prevention plan should address each risk separately, offering strategies to reduce or eliminate the risk, through some combination of reducing its likelihood and/or its impact to your organization.
Speaking theoretically, there are five major risk management techniques: avoidance, prevention, mitigation, acceptance, and transference. These are explained in more detail in this blog post. More specifically, some mitigation strategies could include: 
No matter how well you plan, some undesirable things will happen from time to time. You need to have a plan in place to respond. You should outline a response strategy for each risk you have analyzed in step 3, above.
Common risk response information includes: 
Risk management is an essential part of running an organization which serves a social good. To learn more, come to our upcoming course.
Click here to register Thursday, June 13, 2019. 9:00 a.m. to 11:30 a.m.
Like what you've read? Subscribe to our RSS feed so you never miss a post! We have a general RSS Feed for all VOices blog posts, as well as a Board Governance RSS Feed, which will focus on topics related to governance.
Related blog posts: