In all but the largest and most sophisticated nonprofits, risk management and lean management should function as two sides of the same coin. Risk management concentrates on identifying and responding to threats and opportunities. Lean management emphasizes providing customers the greatest amount of value with the least amount of “waste” possible by using continuous process improvement. Risk management identifies high-value targets, and lean provides a philosophy and methodology for dealing with them. Having introduced the concepts of risk and risk management in our last post, here we will introduce “lean” management and explain why “lean risk management” is an effective approach for nonprofits.

About Lean

As mentioned before, the concept of “lean management” originated with Toyota Motor Company. During its rise to international prominence, Toyota adopted a series of manufacturing practices that differed dramatically from the prevailing automotive model. Rather than thinking of human capital as essentially instrumental and fungible, Toyota committed to its employees over the long term – to their education, development, training, and security. Rather than valuing gross production efficiency – that is, keeping large machines fully occupied all the time, and stockpiling substantial inventory to feed those machines – Toyota emphasized moving each unit from start to finish with a minimum of waste. Instead of making enormous capital investments, Toyota focused on making small, continuous improvements in each element of its production process to squeeze waste out of the system.

James Womack, Daniel Jones, and Daniel Roos popularized lean manufacturing in their 1990 book, The Machine That Changed the World. (Womack et al. 1990.) Over the quarter of a century since then, “lean” has spread to many service contexts, as well. (Liker et al. 2017.) Across different business contexts, the “lean” label has stuck because the approach emphasizes the methodical reduction of operational waste.

From the lean perspective, “waste” takes many forms. (Ptacek, et al., 2013). Later posts will catalog types of waste and explain how to identify and eliminate them. For now, it is important merely to understand that waste exists in every process. Peter Drucker famously asserted that up to 90% of effort in even the best run organizations is nothing but waste. (Drucker 1977.) Contemporary “lean” practitioners confirm that Drucker was, if anything, underestimating the amount of waste in most organizations. (George 2003; Venegas 2007.) Waste results from both the context in which choices are made and the choices themselves. Space, staffing, resources, and other contextual conditions place constraints on available choices for performing tasks. A given choice for performing a task may itself be flawed either in concept or execution. We may make choices based on incomplete information. We may make a sound choice, but circumstances later change. We may make compromises because of differences of opinion over the best way to perform a task. Our initial choice may result in theoretically optimal processes, but we may fail to train workers, or that training may not stick. Workers may begin strong, but then fall back on former habits or introduce new, counterproductive shortcuts. Waste is a fact of business life.

What Is Lean Risk Management?

Traditional risk management may be criticized on many grounds. Risk management can tend to bloat, since one can always identify something new to worry about. Risk management that focuses solely on negative potential uncertainties can inhibit creativity and innovation. Risk management can also impose a false precision on uncertain outcomes.

Lean risk management (LRM) addresses those concerns. LRM seeks to demand no more effort than is required to do the job. LRM recognizes that risk can be positive as well as negative, and therefore emphasizes identifying both opportunities (positive risks) as well has threats (negative risks) in order to provide a reasonable context for charting a path forward. LRM makes no claim to predict the future, but instead focuses on what can practically be done now given the uncertainties of a situation.

As advocated in these posts, the “lean” in “lean risk management” emphasizes four core values: (1) provide maximum “value” to a customer with the minimum amount of “waste,” measuring both value and waste from the customer’s perspective; (2) seek radical awareness of current circumstances, both positive and negative; (3) focus on small continuous improvements generated and applied at the lowest level of the organization; and (4) care for the organization as a whole, emphasizing a long-term approach.


1. Provide customers with the maximum value with the minimum of waste.

LRM advocates thinking about processes from the perspective of the customer. A nonprofit provides one or more forms of value (goods, services, etc.) to its end-user populations. LRM emphasizes first identifying the “value streams” by that value is created and conveyed, then examining the underlying processes within those value streams to make each process repeatable, scalable, and optimized.


2) Seek radical awareness of current circumstances.

Like other organizations, nonprofits may engage in substantial self-delusion. As noted above, lasting perfection is unattainable, waste is inevitable, thus improvement is always possible. To identify waste and make progress, LRM emphasizes that an organization cannot focus on how senior management or existing documentation say processes work, but instead must identify how its processes actually work. LRM seeks to make processes visible, so that threats and opportunities become obvious and available action. It also emphasizes using measurement wherever possible, to provide data upon which sound decisions may be made.


3) Make continuous operational improvements.

RM emphasizes what the Japanese call “kaizen,” (KY’ zen), which means “change for better.” Ultimately, kaizen is the heart of “lean” and thus the heart of LRM. Kaizen includes looking for ways to improve, being open to improvement, fostering a culture of improvement, thinking about processes in systemic terms, and having the humility to change. When applying kaizen philosophy, teams and individuals challenge systems, processes, and controls that have previously been viewed as permanent fixtures of operations. “The way things have always been done” becomes the subject of continuous scrutiny.

Kaizen fosters a continuous flow of small ideas. Because kaizen promotes daily small changes, improvements happen incrementally, leading to more effective and efficient processes at lower cost.

Kaizen emphasizes evolution over revolution because, as Robert Pryor notes, revolution can be dangerous and counterproductive:

“Incremental approaches to problem solving and product development . . . have been shown to yield superior results on every quality and productivity measure. This is true for several reasons: When problems are complex, we can only see so far ahead in terms of crafting solutions; everything else is guesswork and decreasingly likely to be accurate. If we wait until we believe we have every possible improvement mapped out, we may never get started on improving anything. There is a high likelihood of overdesign in attempting a “complete” solution. The problems that we see after initial implementation may not even be visible today. The problems that we think we should solve today may no longer be the highest priority problems – or problems at all – after an initial improvement initiative is completed.”

(Pryor 2014.) Revolution may be intimidating, may take too long, and may change more than is necessary. LRM favors the tortoise over the hare.


4) Focus holistically on the organization, pursuing long-term goals despite short-term pressures.

LRM emphasizes making necessary infrastructure investments in a nonprofit to improve long-term sustainability, rather than overextending the nonprofit by serving current clients at the cost of future resilience or expanding service offerings in an opportunistic pursuit of potential new revenues. LRM also emphasizes the value of a nonprofit’s human capital. Staff members are not “fungible,” but are instead integral components of the organization as a whole. LRM seeks to treat people on the front line as surgeons whose work and practical knowledge should be facilitated, rather than as drones who should simply do as they are told. LRM seeks, over time, to encourage everyone in an organization to think like owners.


Who Is the “Customer” in Lean Risk Management?

As noted above, customer focus is a foundational component of “lean.” Thus, in discussing “lean risk management,” we must identify LRM’s customers and the value they may expect from the process. In fact, LRM promises to provide distinct forms of value to both internal and external customers.


Internal Customers – Decision-Makers and Employees

LRM’s “internal customers” include the organization’s decision-makers — for a nonprofit, the board of directors and chief executive. The board of directors is responsible for setting strategic objectives for the organization and making critical decisions about nonprofit governance. The board needs confidence that staff is taking reasonable steps to identify threats and opportunities and must weigh in on the most significant risks facing the organization. The board delegates operational control of the organization to a chief executive officer or executive director, who needs to know that the nonprofit is actively identifying and addressing risks.

Employees, as well, are distinct internal customers of risk management. Employees want to have safe, healthy work environments. They want to have a say in how to organization performs its tasks. They want their organization to be around for the long haul.

Ultimately, if LRM is performing effectively, the process conveys five different forms of the value to these internal customers:

Clarity. Senior management and the board of directors gain substantial insight into the threats and opportunities facing the organization in every functional area of the nonprofit. They gain a growing understanding of the organization’s current and future capacities, so that they can make sound decisions in the present to increase sustainability and resilience in the face of uncertainty and achieve organizational objectives. Employees gain insight into organizational challenges and gain a voice in solving those challenges. As a result, risk management provides clarity.

Peace of Mind. LRM also provides peace of mind. Senior management and the board know that the organization is designed from the ground up to be aware of risk, prioritize new risks, address those risks as a matter of regular business, and evaluate those responses over time. By addressing risks, the organization experiences less volatility. With effective LRM, there is less drama in the world.

Improvement. If LRM is effective, the board, senior management, and other employees know that the process actively seeks to perform better each day. They know that the organization is trying to take meaningful, regular steps to maximize the value of the risk management process by eliminating waste within the process itself. LRM is not static, or one-and-done. Instead, LRM aims for improvement.

Proportionality. A nonprofit does not engage in LRM to simply check a box or wave the flag of “best practice.” It performs LRM because it helps, and only to the extent it helps. A small to medium size human services nonprofit does not need to engage in complex financial stress testing or detailed scenario planning. The risk management activities should be proportional to the size and complexity of the organization and its social and legal context.

Reasonable Safety and Sustainability. There are no guarantees in this world, least of all in the risky business of nonprofit management. Nonprofits take risks every day in order to serve their constituent populations. If a nonprofit sought to eliminate risk — to create a risk-free environment for itself, its staff, and its customers — it would grind to a halt. Instead, LRM promotes reasonable safety and sustainability in uncertain environments. Resources are limited. Perfection is impossible. Tradeoffs must occur at the margins. Mistakes will be made. But LRM can always strive to make things better.


External Customers – End-User Populations

LRM also serves external customers — end users of the goods and services provided by the nonprofit. For these customers, the organization uses risk management to provide a reasonably safe, healthy, sustainable chain of goods and services. In a LRM approach, the organization seeks to do this while imposing a minimum of “waste” on the system. By doing so, the nonprofit conserves its current and future resources so that it will be around for future beneficiaries. The organization performs reasonable, proportional risk management, seeking to improve its safety and effectiveness over time. LRM thus plays an important role in nonprofit stewardship.

* * *

In sum, lean risk management focuses on the customer, seeks radical awareness of current circumstances, identifies both threats and opportunities as worthy subjects of risk analysis, emphasizes continuous improvement, and favors a long-term perspective on operations. Lean tools and philosophy inform and enrich traditional risk management principles, leading to greater resilience and sustainability. In our next post, we will explore why a lean risk management process helps overcome some of our human shortcomings.