You’ve thought things through, but you may still be setting yourself up for disaster.
Most of the nonprofit organizations I have encountered have a good idea of what they are doing, why they are doing it, and with whom they are doing it. I find this to be especially true in organizations that have a humanitarian mission through which people in need are served. It isn’t that nonprofit organizations don’t know what they are doing (mission); it is that they don’t know what they are doing (program execution). And herein lies the risk to the organization.
“Risk comes from not knowing what you are doing.” – Warren Buffet
I have seen some of the most well-intentioned and otherwise capable leaders stand in stunned shock when something really bad happens to the organization. A client is abused, money is stolen by a manager, a program runs into licensing problems, a union attempts to organize employees, the data-base is hacked. Nobody saw it coming and so nobody was prepared to respond.
Risk management is the process of making sure that potential risks are identified, monitored, managed and mitigated. It includes the development of policies and procedures for dealing with the unexpected. The process of developing an effective risk management program requires the honest analysis of internal and external forces that can pose a threat to the organization. Generally, such programs consist of at least the following elements and processes:
- Systematically identify possible threats to the organization.
- Chart risk factors in terms of probability and impact to the organization.
- Make sure that every risk factor can be measured.
- Attach minimum acceptable performance levels to each variable
- Monitor trends in the metrics for each potential threat.
- Assign responsibility to individuals to develop and manage systems, policies, and procedures to either reduce the likelihood or the potential impact of each threat.
- Make reporting on risk and compliance a regular agenda item for executive team and board meetings.
If you think your organization is vulnerable in one or more areas and you would like to discuss ways in which those risks can be reduced and managed, I’d welcome the opportunity to share with you my experience in developing and implementing a comprehensive risk management program.
Do You Have All Your Bases Covered?