Risk management in a nonprofit organization is a critical part of the overall risk management process. However, not all non profits perform a risk management program. Risk management non profits should be encouraged. Below is a brief assessment of risk management procedures.
Goals of Risk Assessment
One needs to identify, analyze legal and ethical risks. Provide training and monitoring strategies.
Who Should Undertake Risk Assessment?
Risk assessment can be done by competent staff or by a specialist company dealing with risk management issues. One needs to weigh the benefits of using your own staff that might be better deployed elsewhere or to hire someone for the job.
In-House Risk Assessment
A risk assessment should identify all risks within certain categories, analyzing the impact. These steps require assessment based on good knowledge of the organization. This process is as much science as it is an art.
Consider the different types of risks faced by your organization. Don’t limit yourself to solely legal risks. Risks fall into two broad categories: risks to avoid, and risk of failure. These risks can result in financial loss, legal, liabilities, penalties and fines. Failure risks are objectives you have failed to meet which have an impact on the organization.
Internal or external fraud
This could be misuse use of assets and inadequate understanding of investments. Badly reported or unreliable information and damaged to the organizations reputation. Other factors include infringement of legal requirements and investigations as a result of audits. Not all the above risks will apply to every nonprofit organization.
Risk assessment should include discussions with staff at all levels of the organization. Staff members interviewed should be asked what are areas of risk, how are the risk is currently addressed and ideas for addressing the risks. Attention should be paid to those risks that have the greatest occurrence and the most impact.
Likelihood and Severity of Impact
In assessing the likelihood of a particular risk occurring, the following might be taken into account: your organization’s ethics and culture, compliance, policies, employee’s intent, internal controls and history.
The best run organizations need to avoid complacency. No matter how big the organization, risk assessments are one way for boards to avoid unnecessary complications, expense due to complacency.