The answer will depend on your particular organization. What is most important to you may be relatively insignificant to another organization. As a result, don’t be swayed by daily headlines. Instead, take a measured approach, which we call “lean risk management.”
- Make a Commitment. Adopting a risk management process should be a decision. No doubt, your nonprofit performs elements of a risk process right now. It likely has insurance, and employee handbook, and other core risk management basics – what we call Fundamental Risk Management Elements, or FRaMEs. But without a defined commitment to a regular cadence of risk management, those FRaMEs will not alone suffice.
The nonprofit risk management commitment can initially come from staff, who can take basic steps to start up and test a risk management strategy. Ultimately, however, your Board of Directors should affirm and specify your nonprofit’s commitment to risk management.
- Identify, Prioritize, Respond, and Assess and Improve – Then Do It “Regularly.” Risk management is not an event; instead, it’s a process. An organization inventories risks, prioritizes them, responds to the most important ones, checks the results, then does this over and over, as a matter of routine. The regularity – or cadence – of the process will vary depending on whether you’re just getting started and whether you have lots of issues, or relatively few.
- Don’t try to do everything at once. Part of effective, lean risk management is focusing only on the relatively few issues that must be addressed now.
- Balance urgency and importance. Of course, if you begin risk management, your first risk inventory may identify some truly urgent, “hair on fire” issues. While it is fine to address those (indeed, it may be critical to do so), don’t ignore the broader issues that are more important for your organization, but less urgent. You can use the well-known Eisenhower decision-making model to help balance your efforts.
- Recognize that most potential risks are internal. It is tempting to think of risk management as looking for things outside your nonprofit that could impact your operations or mission. Most risk management issues, however, are internal: operational errors or inefficiencies, employment and talent management challenges, poor internal financial controls, and the like. The great thing is that unlike vast outside forces, these challenges are within your control.
- Don’t ignore positive risks – opportunities. Far too often, risk assessment focuses only on things that could go wrong – negative risks, or threats. That ignores opportunities: uncertainties that could benefit the organization. Identifying and managing such opportunities is critical to long-term success. Opportunities need research, reflection, piloting, and nurturing.
While nonprofit risk management requires a commitment, it reaps substantial benefits over time. You gain organizational clarity as team members identify threats and opportunities. You gain consensus as you discuss how to prioritize and address the most important risks. You gain peace of mind as you focus on what’s most important, in addition to what’s urgent. Team members feel a greater sense of engagement and ownership because their voices – what worries them and what intrigues them – are being heard.
In short, there is no better time than now to begin adopting lean risk management.
If you would like to schedule a complimentary strategy session with the Risk Alternatives team, please email firstname.lastname@example.org!
Nonprofits Build Strength Together (BeST)
Risk Alternatives sponsors and curates an online group for nonprofit leaders who want to build resilient organizations.
To stay informed about this group, called Nonprofits Build Strength Together (BeST), click the button below.